AIEO

AIEO / LEGAL

Privacy Policy

Effective date: April 14, 2026 · Version 1.0

AIEO ("we", "us") is a service owned and operated by BdeB, S.A., a company organized under the laws of the Argentine Republic. This Privacy Policy explains what personal data AIEO collects, why we collect it, who we share it with, how long we keep it, and what rights you have over your data. Questions: support@aieo.ai.

1. Who we are

AIEO is owned and operated by BdeB, S.A., a company organized under the laws of the Argentine Republic. The service measures what major AI assistants say about people and businesses and helps users correct the record, and runs at aieo.ai. For privacy questions or data requests, email support@aieo.ai.

2. What data we collect

We collect three categories of data:

Account data. When you sign up, we store your email address, an optional name, your timezone and locale if you provide them, your plan tier, and a Stripe customer identifier we use to reference your billing record. If you sign in with Google, Google sends us your email address and profile name; we do not receive your Google password. If you are invited to a team, we store the invitation email and a one-time acceptance token.

Identity data. When you create an identity inside AIEO, you submit facts about yourself or a business you operate — name, role, employer, headline, biography, social links, location, and similar structured information. You choose which facts to submit. These facts are used to generate the correction kit AIEO delivers and, if you publish the profile, become visible on aieo.ai/you/[slug].

Scan and usage data. When you run a scan, we send the subject's name (usually your own or your business's) to six AI models and store the responses they return. We record the models used, per-response classification, latency, and cost. For anonymous free-tier scans, we hash your IP address with a daily salt (SHA-256) to rate-limit abuse; we do not store the raw IP. We also log standard request metadata (IP, user agent, URL) through our hosting provider for a rolling window — see section 5.

3. How we use it

We use your data to: operate your AIEO account; run the scans you request; generate correction kits; process billing; send transactional email (email verification, password reset, team invitations); detect and block abuse; measure costs; respond to support requests; and comply with legal obligations.

We do not sell your personal data. We do not share your personal data with advertisers. We do not perform cross-context behavioral advertising.

4. Who we share it with

To operate AIEO we send data to the following third parties. Each recipient receives only what is necessary for the listed purpose.

Supabase (database and authentication host, based in the United States): stores all account, identity, and scan data described above. Supabase acts as our primary data processor.

Stripe (payment processor, based in the United States): when you start a paid trial or subscribe, Stripe collects your payment method directly through its checkout interface. We receive a customer identifier and subscription status. We never see your full card number.

Google (OAuth identity provider, based in the United States): if you choose to sign in with Google, Google receives our authentication request and returns your email address and profile name via Supabase. Google's handling is governed by its own privacy policy.

Resend (email delivery, based in the United States): receives your email address and the text of transactional and operational emails we send you (account welcome, email verification, password reset, team invitations, scan completion alerts, and submission status reminders).

Six AI model providers: OpenAI (via Azure), Anthropic, Google (Gemini), Perplexity, xAI, and Groq. When you run a scan, we send each provider the subject's name embedded in a structured question. Providers process this query under their own privacy policies; we do not send them your account email, billing information, or data about other users.

Google Places API (part of Google Maps Platform): when the Google Business Profile channel runs, we query Google Places with the business name and location you submitted to verify the listing's existence and status.

Wikidata, Google Business Profile, and Perplexity Merchant Center: when you opt to submit corrections through these channels, we send the structured public claims you have approved. This information becomes public.

IndexNow: when a public AIEO profile is created or updated, we notify the IndexNow protocol (used by Bing and Yandex) by submitting only the profile URL. No personal data is sent.

Sentry (error monitoring, based in the United States): receives application error reports. Error reports may incidentally include your email address or identity data if an error occurs in a code path that handles those values.

Vercel (hosting, operates globally): processes every request to aieo.ai. Vercel records standard server logs including IP address, user agent, URL path, timestamp, and response status for operational purposes.

We may disclose personal data when required by law, a valid legal process, or to protect the rights, property, or safety of AIEO, our users, or others.

5. Where data is stored and international transfers

AIEO's primary data store (Supabase) is located in the United States. Vercel operates globally with edge locations worldwide. If you are in the European Economic Area, the United Kingdom, Argentina, or another country with data protection rules, your personal data will be transferred to and processed in the United States. We rely on standard contractual clauses or equivalent mechanisms to legitimize these transfers.

6. How long we keep it

Active account data is retained for as long as your account is open. If you delete your account, we soft-delete immediately and purge all personal data within 30 days, except where law requires longer retention.

Identity and scan data follows your account. Published public profiles remain visible until you unpublish or delete them.

Billing records are retained by Stripe under its own policies for as long as required by tax and financial regulations (typically seven years in most jurisdictions). We retain your Stripe customer identifier and subscription history for the same period.

Anonymous scan IP hashes are stored as part of the scan record. The salt used to produce each hash rotates daily, so hashes older than 24 hours cannot be linked back to the originating IP address even by us. The hash row itself is retained as long as the scan record. Team invitation rate-limit hashes are retained for one hour.

Request logs held by Vercel follow Vercel's retention schedule. Error reports held by Sentry follow Sentry's retention schedule.

7. Your rights

You have the right to access, correct, and delete the personal data we hold about you, the right to object to or restrict processing in certain cases, and the right to receive a copy of your data in a portable format. These rights are recognized under Argentine Personal Data Protection Law (Ley 25.326), the European Union General Data Protection Regulation (GDPR), and the California Consumer Privacy Act (CCPA), as applicable to you.

You can exercise most of these rights directly inside AIEO — edit your profile in Settings, download your kit, or delete your account — or by emailing support@aieo.ai. We respond to requests within 30 days.

We do not sell personal data, so California users have no opt-out of sale to exercise. We also do not share personal data for cross-context behavioral advertising under CCPA definitions. California users exercising CCPA rights will not face discrimination in service quality, price, or access.

If you are in Argentina and believe we have not handled your data correctly, you may lodge a complaint with the Agencia de Acceso a la Información Pública (AAIP). If you are in the EU or UK, you may lodge a complaint with your national data protection authority.

8. Cookies

AIEO sets only the cookies that are strictly necessary to operate the service — specifically, the authentication cookies set by our auth provider when you log in. We do not use cookies for analytics, advertising, tracking, or personalization. Because we use only strictly-necessary cookies, AIEO does not display a cookie consent banner.

If we add non-essential cookies in the future, we will update this policy and add consent controls before doing so.

9. Children

AIEO is not directed at children under 16 and we do not knowingly collect personal data from them. If you believe a child has provided us with personal data, email support@aieo.ai and we will delete it.

10. Security

We encrypt data in transit using TLS. Passwords are stored by our auth provider using industry-standard hashing. API keys generated inside AIEO are stored as scrypt hashes; the plaintext is shown only once at creation. Database access is restricted by row-level security policies. No system is perfectly secure; if you believe your account has been compromised, email support@aieo.ai immediately.

11. Changes to this policy

When we change this policy, we update the effective date at the top. For material changes, we notify registered users by email at least 30 days before the change takes effect. Continued use of AIEO after a change takes effect constitutes acceptance of the updated policy.

12. Contact

Questions, requests, complaints: support@aieo.ai.

Last updated April 14, 2026 · Version 1.0