Home Privacy Policy

Privacy Policy

Last updated: May 15, 2026

This Privacy Policy explains how AISearchStackHub ("we," "our," or "us") collects, uses, shares, and protects information when you use our website at aisearchstackhub.ai and our LLM visibility scanning and AEO intelligence services (collectively, the "Service").

By using the Service, you agree to the collection and use of information as described in this policy. If you do not agree, do not use the Service.

Contents

  1. Information We Collect
  2. How We Use Your Information
  3. How We Share Your Information
  4. Cookies and Tracking Technologies
  5. Data Retention
  6. Data Security
  7. GDPR Rights (EEA Residents)
  8. CCPA Rights (California Residents)
  9. Children's Privacy
  10. Changes to This Policy
  11. Contact Us

1. Information We Collect

Information you provide directly

  • Email address: Collected when you enter your email to receive scan results, sign up for a paid plan, purchase a report, complete the AEO assessment email gate, or submit a lead magnet form. Email is required to deliver your results and for account management.
  • Domain name: Collected when you submit a scan. Used solely to run the LLM visibility scan and return results.
  • Survey/assessment answers: If you complete the AEO Readiness Assessment, your answers are stored to generate your score and allow you to return to your results.
  • Payment information: Payment is processed by Stripe. We do not receive or store your credit card number, billing address, or other payment credentials. We receive only a Stripe customer identifier and subscription status.

Information collected automatically

  • Usage events: We log funnel events (scan started, scan completed, email captured, upgrade viewed, checkout clicked) using an internal analytics system. These events include a random visitor identifier generated in your browser's localStorage — it is not linked to personally identifiable information unless you subsequently provide your email.
  • Log data: Our servers automatically record IP addresses, browser type, referring URL, and request timestamps for security and operational purposes.
  • Cookies: See the Cookies section below for details.

Scan result data

When you scan a domain, we store the scan results (AIS Index score, per-engine scores, mention context, citation gaps) associated with your domain and email address. This data is used to display your results, generate follow-up emails, and — in anonymized, aggregated form — to compute industry benchmark statistics.

2. How We Use Your Information

We use the information we collect to:

  • Run LLM visibility scans and return results to you
  • Deliver scan reports, assessment results, and purchased reports via email
  • Manage paid subscriptions and process billing through Stripe
  • Send scheduled briefings and alert notifications to Intelligence subscribers
  • Send a sequence of follow-up emails to free scan users (nurture sequence, maximum 3 emails) — you may unsubscribe at any time via the link in any email
  • Compute aggregate, anonymized industry benchmarks (individual data is never attributable in published stats)
  • Detect and prevent fraud, abuse, and security incidents
  • Improve the Service — understanding which features are used and where users encounter friction
  • Comply with legal obligations

We do not use your information to train AI models. We do not sell your data.

3. How We Share Your Information

We do not sell, rent, or trade personal information. We share data only in the following circumstances:

Service providers

  • Stripe: Payment processing. Stripe's privacy policy governs payment data. See stripe.com/privacy.
  • SendGrid (Twilio): Transactional email delivery. Email addresses are shared with SendGrid solely to deliver emails you've requested.
  • Neon / PostgreSQL: Database hosting. Scan results and account data are stored in a Neon-hosted PostgreSQL instance in the US.
  • Render: Application hosting. Our Express server runs on Render's US-based infrastructure. Render does not have access to your application data beyond what is necessary to host the service.
  • Polsia AI proxy: AI inference (used to generate scan analysis, citation gap recommendations, and asset drafts). Prompts may include your domain name. No personal contact information is included in AI prompts.

Legal requirements

We may disclose information if required by law, court order, or government authority, or if we believe disclosure is necessary to protect the rights, property, or safety of AISearchStackHub, our users, or the public.

Business transfers

In the event of a merger, acquisition, or sale of all or substantially all of our assets, user data may be transferred as part of that transaction. We will notify affected users via email before data is transferred and subject to a different privacy policy.

4. Cookies and Tracking Technologies

We use the following types of cookies and local storage:

  • Visitor ID (localStorage): A randomly generated identifier stored in your browser to associate funnel events across a session. Not linked to personal data unless you provide your email.
  • Scan session state (sessionStorage/localStorage): Temporary storage of scan progress and results for display purposes. Cleared when you close the tab or browser.
  • Assessment results (localStorage): Your AEO assessment progress is stored locally so you can return to it. Cleared when you clear browser storage.
  • Polsia analytics beacon: A 1×1 pixel image request to the Polsia platform for aggregate usage analytics. This is a first-party analytics system — no third-party ad networks or tracking pixels are used.

We do not use Google Analytics, Facebook Pixel, or any third-party advertising trackers. You can disable cookies in your browser settings; this may affect site functionality.

5. Data Retention

We retain data for as long as necessary to provide the Service and comply with legal obligations:

  • Scan results: Retained indefinitely to support trend tracking and benchmark calculations. You may request deletion by emailing us.
  • Email/account data: Retained while your account is active. Deleted within 30 days of a verified account deletion request.
  • Payment records: Retained as required by financial regulations (typically 7 years for tax records).
  • Server logs: Retained for 90 days for security and operational purposes.

6. Data Security

We implement reasonable technical and organizational measures to protect your data against unauthorized access, alteration, disclosure, or destruction. These include:

  • HTTPS encryption for all data in transit
  • Parameterized database queries (no SQL injection vectors)
  • Stripe for payment processing (PCI-compliant — card data never touches our servers)
  • Environment variable isolation for credentials and API keys

No method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security.

7. GDPR Rights (EEA Residents)

If you are located in the European Economic Area, you have the following rights under the General Data Protection Regulation (GDPR):

  • Right of access: Request a copy of the personal data we hold about you.
  • Right to rectification: Request correction of inaccurate data.
  • Right to erasure ("right to be forgotten"): Request deletion of your personal data, subject to legal retention requirements.
  • Right to restrict processing: Request that we limit how we use your data.
  • Right to data portability: Request your data in a machine-readable format.
  • Right to object: Object to our processing of your data for direct marketing or legitimate interest purposes.
  • Right to withdraw consent: Where processing is based on consent, withdraw consent at any time. This does not affect the lawfulness of processing before withdrawal.

Our legal basis for processing personal data is: (a) contract performance — processing necessary to deliver the Service you've requested; (b) legitimate interests — internal analytics and fraud prevention; (c) consent — marketing emails (opt-in, with unsubscribe in every email).

To exercise your GDPR rights, email support@aisearchstackhub.ai with "Privacy Request" in the subject. We will respond within 30 days.

8. CCPA Rights (California Residents)

If you are a California resident, the California Consumer Privacy Act (CCPA) grants you the following rights:

  • Right to know: Request disclosure of the categories and specific pieces of personal information we collect, use, disclose, and sell.
  • Right to delete: Request deletion of personal information we have collected, subject to exceptions.
  • Right to opt-out of sale: We do not sell personal information. No opt-out is required.
  • Right to non-discrimination: We will not discriminate against you for exercising your CCPA rights.

To submit a CCPA request, email support@aisearchstackhub.ai.

9. Children's Privacy

The Service is not directed to children under 13. We do not knowingly collect personal information from children under 13. If you believe we have inadvertently collected such information, contact us and we will delete it promptly.

10. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will update the "Last updated" date at the top of this page. For material changes, we will send an email notice to users with active accounts at least 14 days before the change takes effect. Continued use of the Service after the effective date constitutes acceptance of the updated policy.

11. Contact Us

For privacy questions, data requests, or to exercise your rights:

Email: support@aisearchstackhub.ai
Please include "Privacy Request" in the subject line for data rights requests.