Legal

Privacy Policy

Effective 2026-05-10. Last updated 2026-06-05.

Notice. This document is plain-English, industry-standard SaaS language adapted for Aeoniti's product. It is binding once you sign up. It is not a substitute for independent legal advice. Enterprise customers signing contracts above $50K/yr should have their own counsel review this and may negotiate amendments — email [email protected].

1. The short version

We collect what we need to run the product (your email, your domains, your billing info) and what your browser sends (IP, user agent, page visits). We don't sell anything. We share only with the sub-processors listed in §6 — all named. You can export or delete your data at any time.

2. What we collect

From you, directly:

  • Your email address (used as your login; required for verification + transactional email)
  • Your password, hashed with Argon2id — we never see the plaintext
  • Your name and company name when you provide them
  • Domains you onboard for tracking — these become part of your account
  • Billing details: Card data is processed and stored by Dodo Payments (PCI-DSS Level 1, SOC 2 Type II). Aeoniti never sees full PAN or CVV — our backend receives only a tokenized customer reference and a last-4 marker for invoicing.
  • Data you upload when integrating Google Search Console, including OAuth refresh tokens (encrypted at rest with AES-256-GCM)
  • Anything you write in the in-product chat (we store it for 24 hours in Redis, then delete)

Automatically, when you use the product:

  • Server logs: IP address, user agent, request path, response status, latency. Retained for 30 days for debugging + abuse prevention.
  • Cookies: a session cookie (JWT, HttpOnly, Secure) and a CSRF cookie. We don't use third-party advertising or tracking cookies.
  • Marketing site analytics: we use Plausible (self-hosted, cookieless, no personal data) for page views. No GA, no Facebook Pixel, no Hotjar.

From third parties on your behalf:

  • Public web pages of domains you onboard (we scrape them — that's the product)
  • SERP data from Google for keywords you track (via DataForSEO, see §6)
  • Responses from ChatGPT, Claude, Perplexity probes asking about your brand (via OpenRouter, see §6)
  • Wikipedia/llms.txt/robots.txt of your domain (we GET these directly, no auth)

3. Legal bases (for EU/UK readers)

We rely on the following GDPR/UK GDPR legal bases:

  • Contract — to provide the service you signed up for (most processing falls here)
  • Legitimate interest — for security, fraud prevention, product improvement, and internal product intelligence (aggregated probe observations)
  • Consent — for the optional weekly digest email (you opt in; you can opt out from any digest with one click)
  • Legal obligation — when we have to comply with tax law, court orders, etc.

4. Why we collect it

To operate the product, bill you accurately, prevent abuse, debug incidents, communicate operational news (changelog, status, security advisories), and — only with consent — send marketing emails.

We do not use your data to train AI models. We do not profile you for advertising. We do not sell your data.

5. How we use aggregated probe data internally

We aggregate citation observations from all tenants into an internal knowledge graph that powers Aeoniti's product intelligence. The aggregation pipeline:

  1. Hashes brand names + URLs with a per-deployment pepper (SHA-256) before write
  2. Drops customer/agency identifiers entirely from the aggregated tables
  3. Used only by background jobs to generate recommendations, hallucination alerts, and engine-drift detection — never exposed via any API or rendered to any customer in raw form

The aggregated data never leaves our systems. We don't sell it, license it, share it with third parties, or expose it via any public surface. Customers benefit through smarter recommendations and alerts; the aggregation machinery itself is invisible to them. If you don't want your domains in the aggregation pool, email [email protected] and we'll exclude them.

6. Sub-processors (who we share with)

The full live list lives at /legal/subprocessors and is updated whenever we add or remove one. Today's sub-processors:

Provider Purpose Region Data shared
CloudflareEdge / DNS / TLS / WAFGlobalAll HTTPS traffic to *.aeoniti.com
Dodo PaymentsPayment processing for US/EU customersUnited States (Delaware)Name, billing address, card last4, transaction history
MailsetuTransactional email — operated by Networkers Home on our own infrastructure (no external sub-processor for email)Paris (EU)Email address + system notification body
OpenRouterLLM gateway for ChatGPT (GPT-5.4-nano), Gemini (3.5 Flash), and Google AI Overview (via Perplexity Sonar)United StatesBrand name + buyer-intent query only, no customer PII
DataForSEOSERP + Knowledge Graph + AI Overview fallback when primary path is unavailableUnited States / CyprusBrand name + buyer-intent query strings only, no customer PII
TavilyLive web grounding for chatUnited StatesYour chat questions (when they trigger live search)
Google (GSC OAuth)Read-only Search Console integrationGlobalOnly when YOU connect it; encrypted refresh token at rest
Networkers Home (parent company infra)VM hosting + Postgres + R2-compatible object storageParis + FrankfurtEverything that's stored on our servers

We give you 30 days' notice via the in-product changelog before adding a new material sub-processor.

7. Where your data lives

Today: primary in Paris (France), backup snapshots in Frankfurt (Germany). Both within the EU. Some sub-processors (Dodo Payments, OpenRouter, DataForSEO, Tavily) are based in the United States — when we send them data, we rely on Standard Contractual Clauses (SCCs) where applicable.

Q4 2026 roadmap: separate EU + US data residency regions, so you can pin your tenant to the region you choose. Until then, EU+UK customers should know their data may transit US sub-processors.

8. How long we keep it

  • Account data — for the lifetime of your account + 90 days after deletion (in backups)
  • Probe data — for the lifetime of your account (so you can see year-over-year trajectory)
  • Server logs — 30 days
  • Chat history — 24 hours in Redis, then auto-deleted
  • Billing records — 7 years (Indian tax law requirement)
  • Aggregated probe observations — indefinite (anonymized, internal-only, no PII)

9. Your rights

Whatever your jurisdiction, you can:

  • Access — log in and see all your data, or export via API
  • Correct — most fields are editable in-product; for the rest, email [email protected]
  • Delete — close your account from the dashboard; we delete in 30 days (excluding tax records, which we're legally required to keep)
  • Export — download your full dataset via API at any tier; we never charge for export
  • Object to processing — for legitimate-interest processing only; email [email protected]
  • Lodge a complaint — with your local data protection authority (for EU: any DPA in your country of residence; UK: ICO; India: DPB once it's operational)

We respond to rights requests within 30 days. Free.

10. Security

Highlights:

  • TLS everywhere (HTTPS-only; HSTS preload-listed)
  • Argon2id password hashing
  • JWT session cookies (HttpOnly, Secure, SameSite=Lax)
  • CSRF tokens on every state-changing request
  • Postgres row-level security (RLS) ensures no tenant can see another's data — verified at every query layer
  • Daily encrypted backups to a separate region
  • Secrets managed in environment files with restrictive filesystem permissions; never committed to git
  • Vendor minimum: every sub-processor we use has SOC 2 Type II or equivalent

Found a security issue? Email [email protected]. We respond within 1 business day. We won't pursue legal action against good-faith researchers who follow responsible disclosure.

SOC 2 Type II for Aeoniti itself is in progress; report expected Q1 2027. Until then, evidence packages are available on request to enterprise prospects via [email protected].

11. Children

The product is for businesses. We don't knowingly collect data from anyone under 16. If we discover an account is owned by someone under 16, we'll close it.

12. Cookies

We use the minimum necessary:

  • Session cookie (login) — HttpOnly, Secure, SameSite=Lax. Lifetime: until logout or 30 days idle.
  • CSRF token cookie — same lifetime as session.
  • Theme preference (light/dark) — stored in localStorage, not a cookie. No PII.

The marketing site (aeoniti.com) sets no cookies at all. Plausible analytics is cookieless.

13. Updates to this policy

We notify you 30 days before any material change, by email and via the in-product changelog. The "Last updated" date at the top of this page always reflects the current version. Old versions are archived at our marketing repo's git history — full diff for full transparency.

14. Contact

For questions about this policy or to exercise rights: