A
AEOprobe

Privacy Policy

Last Updated: March 13, 2026

1. Introduction

Welcome to AEOprobe ("we," "our," or "us"). We are committed to protecting your privacy and ensuring that your personal data is handled in compliance with the General Data Protection Regulation (GDPR) and applicable Estonian laws, including the Estonian Personal Data Protection Act (Isikuandmete kaitse seadus).

This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website at aeoprobe.com and use our SaaS platform for AI Engine Optimization (AEO) auditing.

2. Data Controller

The Data Controller responsible for your personal data is:

  • Company: J&L Serverid LTD
  • Registry Code: 11478495
  • Registered Address: Tartu, Estonia
  • Email: privacy@aeoprobe.com

3. Data We Collect and Purposes

We collect and process the following categories of personal data, each mapped to its specific legal basis under GDPR Article 6:

Account Information

Data: Email address, hashed password.

Purpose: Account creation, authentication, and customer support.

Legal basis: Contractual necessity (Art. 6(1)(b)) — required to provide the service.

Retention: Kept for the duration of your account. Deleted within 30 days of account deletion request.

Obligation: Providing your email is required to create an account. Without it, we cannot provide the service.

Usage Data

Data: IP address, browser type, pages visited, audit requests, interaction events.

Purpose: Platform improvement, security monitoring, and fraud prevention.

Legal basis: Legitimate interests (Art. 6(1)(f)) — maintaining platform security and improving user experience.

Retention: Aggregated after 90 days. Fully anonymized or deleted after 12 months.

Audit Data

Data: URLs submitted for audit, audit results, and scores.

Purpose: Performing the AEO audits you request and displaying results in your dashboard.

Legal basis: Contractual necessity (Art. 6(1)(b)).

Retention: Kept for the duration of your account. Deleted within 30 days of account deletion request.

Billing Information

Data: Payment method details, billing address, transaction history.

Purpose: Processing payments and managing subscriptions.

Legal basis: Contractual necessity (Art. 6(1)(b)) and legal obligation (Art. 6(1)(c)) for tax/accounting records.

Retention: Transaction records retained for 7 years as required by Estonian accounting law (Raamatupidamise seadus).

Payments are processed by our third-party payment processor (Stripe, Inc.). We do not store full credit card numbers on our servers. Stripe's privacy policy applies to payment data they process.

4. Automated Decision-Making

Our platform performs automated AEO audits that generate scores and recommendations for your web pages. These automated assessments:

  • Analyze publicly accessible web page content against AEO best practices;
  • Produce scores across categories such as structured data, content quality, and AI bot accessibility;
  • Do not produce legal or similarly significant effects on you as a person.

These audits evaluate web pages, not individuals, and do not constitute profiling under GDPR Article 22. No decisions with legal or similarly significant effects are made solely by automated means.

5. Recipients and Sub-Processors

We share your personal data with the following categories of recipients:

  • Hosting provider: Our infrastructure is hosted within the EU/EEA (Germany).
  • Payment processor: Stripe, Inc. (USA) — processes billing data under Standard Contractual Clauses (SCCs) and the EU-US Data Privacy Framework.
  • Email service: Transactional emails (account confirmation, password reset) are sent from our own mail server hosted within the EU.

We do not sell your personal data to third parties. We do not share data with advertisers.

6. International Data Transfers

Your data is primarily stored and processed within the European Economic Area (EEA). Where we use sub-processors located outside the EEA (such as Stripe in the USA), we ensure appropriate safeguards are in place:

  • EU-approved Standard Contractual Clauses (SCCs);
  • Adequacy decisions by the European Commission where applicable;
  • The EU-US Data Privacy Framework for certified US entities.

7. Your Data Protection Rights

Under the GDPR, you have the following rights regardless of where you reside:

  • Right of access (Art. 15) — obtain a copy of your personal data.
  • Right to rectification (Art. 16) — correct inaccurate or incomplete data.
  • Right to erasure (Art. 17) — request deletion of your personal data.
  • Right to restriction (Art. 18) — restrict processing in certain circumstances.
  • Right to data portability (Art. 20) — receive your data in a structured, machine-readable format.
  • Right to object (Art. 21) — object to processing based on legitimate interests.
  • Right to withdraw consent (Art. 7(3)) — where processing is based on consent, withdraw it at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, contact us at privacy@aeoprobe.com. We will respond within 30 days.

8. Right to Lodge a Complaint

If you believe that our processing of your personal data infringes the GDPR, you have the right to lodge a complaint with a supervisory authority. Our lead supervisory authority is the Estonian Data Protection Inspectorate:

  • Authority: Andmekaitse Inspektsioon
  • Address: Tatari 39, 10134 Tallinn, Estonia
  • Phone: +372 627 4135
  • Email: info@aki.ee
  • Website: www.aki.ee

You may also lodge a complaint with the supervisory authority in your EU/EEA country of residence.

9. Cookies

We use the following categories of cookies:

  • Strictly necessary cookies: Session authentication and CSRF protection. These are essential for the platform to function and do not require consent.

We do not use analytics, advertising, or tracking cookies. If we introduce non-essential cookies in the future, we will obtain your consent before setting them, in accordance with the Estonian Electronic Communications Act (Elektroonilise side seadus).

10. Security

We implement appropriate technical and organizational measures to protect your personal data, including encryption in transit (TLS), hashed passwords, access controls, and regular security reviews. However, no method of transmission or storage is 100% secure, and we cannot guarantee absolute security.

11. Changes to This Policy

We may update this Privacy Policy from time to time. For material changes, we will notify registered users by email at least 14 days before the changes take effect. We will also update the "Last Updated" date at the top of this page. Continued use of the Service after the effective date constitutes acceptance of the updated policy.