Aēolo
← Back to Home

Privacy Policy

Last updated: April 15, 2026

1. Introduction

Aeolo ("we," "our," or "us") operates a Generative Engine Optimization (GEO) platform that helps businesses optimize their visibility in AI search engines. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our services.

By using Aeolo, you agree to the collection and use of information in accordance with this policy.

2. Information We Collect

2.1 Information You Provide

  • Account Information: Email address, name, and password (stored as a secure hash)
  • Domain Data: Domain URLs and keywords you submit for GEO analysis
  • Payment Information: Processed securely by our payment provider (Polar.sh); we do not store your payment details

2.2 Information Collected Automatically

  • Usage Data: Pages visited, features used, and interactions with our platform
  • Device Information: Browser type, operating system, and IP address
  • Cookies: Session management and analytics (see Section 7)
  • Error Logs: Technical errors for debugging and improvement

2.3 Third-Party Integrations (With Your Consent)

  • Google Search Console: SEO performance data for your domains
  • Google Analytics: Website traffic data for your domains

3. How We Use Your Information

  • Service Delivery: Providing GEO analysis, visibility reports, and AI-powered insights
  • Account Management: Authentication, session management, and user support
  • Service Improvement: Analyzing usage patterns to enhance features and user experience
  • Security: Detecting and preventing fraud, abuse, and security incidents
  • Communication: Sending service updates, alerts, and (with consent) marketing materials

4. Third-Party Service Providers

We share data with the following third-party providers to operate our services:

Infrastructure & Hosting

  • Vercel: Website hosting (US/Global)
  • Railway: API and backend hosting (US)
  • Supabase: Database, authentication, and storage (US)

AI & Analysis

  • OpenAI: AI-powered analysis and content generation
  • Google AI (Gemini): AI analysis capabilities

Analytics & Monitoring

  • Google Analytics: Anonymized website traffic analysis
  • Sentry: Error tracking and performance monitoring

Payments

  • Polar.sh: Secure payment processing

5. Google User Data — Limited Use Compliance

Aeolo's use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

5.1 Scopes We Request

When you connect your Google account to Aeolo, we request the following OAuth scopes, all read-only:

  • userinfo.email— to display which Google account is currently connected inside your Aeolo dashboard.
  • userinfo.profile— to display the connected user's name and avatar so your team can identify which teammate linked the account.
  • analytics.readonly(Google Analytics 4) — to read traffic, source/medium, landing-page, and conversion metrics for the GA4 properties you explicitly connect to your Aeolo domain. Used to render the Pipeline → Traffic dashboards (sessions, AI-referral traffic, GEO impact, content performance).
  • webmasters.readonly(Google Search Console) — to read Search Analytics data (queries, impressions, clicks, position) and indexing status for the Search Console properties you explicitly connect to your Aeolo domain. Used to render the Pipeline → Visibility dashboards and the top-queries panels.

5.2 How We Use Google User Data

  • User-facing features only. Google data is used solely to render metrics and recommendations in your Aeolo dashboard. It is never used for any background purpose unrelated to features you can see.
  • Read-only. We do not write to, delete, or modify any Google Analytics or Search Console data, settings, or properties.
  • Your own properties only. Aeolo only queries GA4 and Search Console properties that the same authenticated Google user already has access to, for the domain you have connected to your Aeolo account.
  • No advertising. We do not use Google user data for serving advertisements, including retargeting, personalized, or interest-based advertising.
  • No human access. We do not allow humans to read your Google user data, except: (a) with your affirmative consent for a specific support request, (b) where necessary for security purposes such as investigating abuse, (c) to comply with applicable law, or (d) where the data has been aggregated and anonymized for internal operations.
  • No transfer. We do not transfer Google user data to third parties except as necessary to provide or improve user-facing features, to comply with applicable law, or as part of a merger, acquisition, or sale of assets with notice to users.

5.3 Storage and Revocation

  • OAuth tokens are stored encrypted at rest in our database and scoped to a single user account.
  • You can disconnect your Google account at any time from Settings → Integrations → Disconnect Google. This action revokes the OAuth refresh token with Google and immediately deletes the cached integration data.
  • When you delete your Aeolo account, all Google integration data is purged and the refresh token is revoked.

6. Data Retention

We retain your data for the maximum period permitted by applicable law:

  • Account Data: Retained until you delete your account or request deletion
  • Analysis Results: Retained for the duration of your account
  • Usage Logs: Retained as permitted by law
  • Error Logs: 90 days (Sentry policy)
  • Analytics Data: 26 months (Google Analytics default)

7. Your Rights

Depending on your location, you may have the following rights:

  • Access: Request a copy of your personal data
  • Rectification: Correct inaccurate or incomplete data
  • Erasure: Request deletion of your personal data
  • Portability: Receive your data in a structured, machine-readable format
  • Objection: Object to processing of your data for certain purposes
  • Marketing Opt-out: Unsubscribe from marketing communications at any time

To exercise these rights, contact us at contact@tryaeolo.com.

8. Cookies

We use cookies and similar technologies for:

  • Essential Cookies: Required for authentication and core functionality
  • Analytics Cookies: Help us understand how you use our service

You can control cookies through your browser settings. Disabling essential cookies may affect your ability to use certain features.

9. International Data Transfers

Your data may be transferred to and processed in the United States, where our service providers are located. We ensure appropriate safeguards are in place to protect your data in accordance with applicable law.

10. Security

We implement industry-standard security measures including encryption, secure authentication, and regular security audits. However, no method of transmission over the Internet is 100% secure.

11. Children's Privacy

Our service is not directed to individuals under 16. We do not knowingly collect personal information from children. If we become aware of such collection, we will delete the data promptly.

12. Regional Provisions

For EU/EEA Users (GDPR)

We process your data based on: (a) your consent, (b) performance of our contract with you, (c) our legitimate business interests, or (d) legal obligations. You have the right to lodge a complaint with your local data protection authority.

For California Residents (CCPA)

You have the right to know what personal information we collect, request deletion, and opt out of the sale of your information. We do not sell your personal information.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last updated" date.

14. Contact Us

If you have questions about this Privacy Policy, please contact us at: contact@tryaeolo.com