Legal · § 01
Privacy policy
Last updated — 2 July 2026
GEO Tool is operated by AIVEYO(“we”, “us”). We are based in the United Kingdom and serve customers worldwide. This policy explains what personal data we collect, why, who we share it with, and the rights you have over it. It applies to geotool.aiveyo.com and every service we provide through it.
The short version: we collect the minimum we need to run audits, accounts and billing; we never sell personal data; the free anonymous audit publishes its results at a shareable link but never your identity; and you can reach us about any of it at hello@aiveyo.com.
1. Who is responsible for your data
AIVEYO is the data controller for the personal data described in this policy. Contact: hello@aiveyo.com. If you are in the UK you can also complain to the Information Commissioner’s Office (ico.org.uk); if you are in the EU/EEA, to your local supervisory authority.
2. What we collect, and why
Free audits (no account)
- The URL you submit and the public content of that page (plus its robots.txt, sitemap and llms.txt). We fetch only what any visitor or search crawler could fetch. Legal basis: legitimate interest in providing the audit you requested.
- Your IP address, used transiently for rate limiting and abuse prevention. Legal basis: legitimate interest in keeping the free tool available.
- Audit results are public by default. Each free audit gets a shareable link, and anonymised results feed our aggregate benchmarks(which never display domains, brands or any personal data, and only publish statistics once at least 20 audits exist). Don’t audit a URL you are not comfortable having scored at a public link.
Email capture on results pages
- If you choose to unlock a full fix list or report by email, we store the email address you give us and send you the report plus a short series of follow-up emails about your result and AI visibility. Every email has a working unsubscribe link, and one click stops the series. Legal basis: consent, which you can withdraw at any time.
Accounts
- Name, email address and profile image, handled by our authentication provider Clerk. We never see or store your password. Legal basis: performance of a contract.
- Your tracked sites, audit history, visibility checks and notification settings— the product’s working data, scoped to your workspace. Legal basis: performance of a contract.
- Transactional email (welcome, audit-complete, score-drop alerts, a weekly digest). Alerts and the digest can be switched off per site or per workspace in your settings.
Billing
- Payments are processed by Stripe. Card details go directly to Stripe and never touch our servers; we store only the Stripe customer/subscription identifiers and your plan state. Legal basis: performance of a contract; retention of invoices: legal obligation.
Operations
- Error reports (via Sentry) and structured server logs, used to keep the service working. We configure error reporting not to attach personal data by default.
- AI usage metering — token counts and costs per request, kept as an internal ledger. Raw rows are aggregated and pruned after roughly 90 days.
3. The AI engines we query on your behalf
The product’s job is to ask AI engines how visible a site is. To do that we send the public content of audited pages and the questions we generate about them to one or more of: OpenAI (ChatGPT), Anthropic (Claude), Google (Gemini) and Perplexity. We send the page and brand being audited — we do not send your account email, name or billing details to these providers. Their handling of API data is governed by their respective enterprise API terms, which exclude training on API inputs by default.
4. Who else we share data with (subprocessors)
| Provider | Purpose | Data involved |
|---|---|---|
| Clerk | Authentication | Name, email, profile image, sign-in metadata |
| Stripe | Payments & invoicing | Email, billing details, payment method (held by Stripe) |
| Resend | Sending email | Email address, message content |
| Sentry | Error monitoring | Technical error context |
| OpenAI / Anthropic / Google / Perplexity | Running visibility checks | Audited page content and generated questions |
| Our hosting infrastructure | Running the application and database | All of the above at rest, encrypted in transit |
We do not sell personal data, and we do not share it with advertisers or data brokers. Some providers process data outside the UK/EEA (principally in the United States); where they do, transfers rely on the UK International Data Transfer Agreement / EU Standard Contractual Clauses and each provider’s data processing agreement.
5. How long we keep things
- Account and workspace data — for as long as your account exists, then deleted or anonymised.
- Free-audit results — kept so shared links keep working; the underlying aggregate statistics are anonymous.
- Lead emails — until you unsubscribe or ask us to delete them.
- AI usage ledger — raw rows aggregated and pruned after ~90 days.
- Rate-limit counters — hours.
- Invoices and billing records — as long as tax law requires.
6. Your rights
Wherever you are, we extend the same rights: access to your data, a copy of it in a portable format, correction, deletion, restriction of or objection to processing, and withdrawal of consent (for example, unsubscribing). UK/EU residents have these rights under the UK GDPR and GDPR; California residents have equivalent rights under the CCPA/CPRA — including the right to know, delete, and opt out of sale (we do not sell data).
You can delete your account and its data from Settings, or email hello@aiveyo.com for any request. We respond within one month.
7. Security
All traffic is encrypted in transit (TLS, with HSTS). Authentication is delegated to Clerk; payment data to Stripe. Access to production data is limited to those who operate the service. Webhooks are signature-verified, tenant data is isolated per workspace, and sensitive administrative actions are audit-logged. If we ever suffer a breach that puts you at risk, we will notify you and the relevant authority as the law requires.
8. Cookies
We use only strictly-necessary and preference cookies — no advertising or cross-site tracking. The full list lives in the cookie policy.
9. Children
The service is for businesses and is not directed at children under 16. We do not knowingly collect their data.
10. Changes to this policy
When we change this policy we update the date at the top; for material changes affecting account holders we will also email you. Questions, requests, complaints: hello@aiveyo.com.