> LEGAL_PROTOCOL_01

Privacy Policy.

Transparent data handling for the Agentic Web.

Last updated: February 4, 2026 | Effective date: February 4, 2026

1. Business Identity

This privacy policy applies to AEOfix, a professional services business providing Answer Engine Optimization (AEO) and Search Engine Optimization (SEO) services.

  • Business Name: AEOfix
  • Owner: William J Bouch
  • Address: 10 Richard St, Asheville, NC 28803, United States
  • Email: AEOfix.com@gmail.com
  • Phone: +1-469-278-5074
  • Website: https://aeofix.com

2. Information We Collect

We collect the following categories of information:

2.1 Information You Provide Directly

  • Contact Information: Name, email address, phone number, and company/website URL submitted through our contact forms.
  • Service Data: URLs, website content, and business information submitted for auditing and optimization services.
  • Payment Information: Payment details processed securely through Square. We do not store your full credit card numbers on our servers.

2.2 Information Collected Automatically

  • Analytics Data: Page views, session duration, and navigation patterns collected via Vercel Web Analytics. This data is anonymized and does not include personal identifiers.
  • Device Information: Browser type, operating system, and screen resolution for improving site experience.
  • AI Crawler Data: User-Agent strings and query patterns from AI engines accessing our public endpoints.

3. How We Use Your Information

We use collected information for the following purposes:

  • To deliver the AEO/SEO services you purchase (audits, reports, implementations).
  • To respond to your inquiries and provide customer support.
  • To process payments and send transaction confirmations.
  • To improve our website, services, and user experience.
  • To send service-related communications (delivery updates, verification reports).

We do not sell, rent, or trade your personal information to third parties for marketing purposes.

4. Cookies and Tracking Technologies

Our website uses the following cookies and tracking technologies:

  • Vercel Web Analytics: Anonymized, privacy-focused analytics to understand site usage. No personal data is collected. No cookies are set by Vercel Analytics.
  • Square (Payment Processing): When you make a purchase, Square may set cookies necessary for secure payment processing and fraud prevention.
  • Essential Cookies: Required for basic site functionality such as form submissions and modal interactions. These are session-based and expire when you close your browser.

We do not use advertising cookies, retargeting pixels, or third-party tracking for marketing purposes.

5. Third-Party Services

We use the following third-party services to operate our business. Each has its own privacy policy governing data handling:

  • Square (squareup.com) — Payment processing. Square handles all payment card data under PCI DSS Level 1 compliance.
  • Web3Forms (web3forms.com) — Contact form submissions. Receives your name, email, and message content.
  • Vercel (vercel.com) — Website hosting and anonymized analytics.
  • Google Gemini API (generativelanguage.googleapis.com) — AI processing for generating bot intelligence narratives and optimization recommendations. See §13 for details on what data is sent.

Important: We do not use your submitted data to train any public AI models. Data processed through AI APIs is used solely for generating the specific report or service you requested.

6. AI Agent Interactions

By using our .well-known endpoints or actions.json tools, you consent to programmatic analysis of your submitted URLs. Data processed by our AI agents is transient and used solely for generating the requested report. We do not retain AI-processed data beyond the delivery of your completed report unless you request otherwise.

7. Data Retention

We retain your information for the following periods:

  • Contact Form Submissions: Retained for up to 12 months to facilitate follow-up and customer service.
  • Service/Audit Data: Retained for 90 days after delivery to allow for revisions and verification. Deleted upon request.
  • Payment Records: Retained for 7 years as required by U.S. tax and accounting regulations.
  • Analytics Data: Anonymized and aggregated; no personal data is retained.
  • AI-Processed Data: Transient; deleted after report generation is complete.

You may request deletion of your data at any time by contacting us at AEOfix.com@gmail.com.

8. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

8.1 All Users

  • Access: Request a copy of the personal data we hold about you.
  • Correction: Request that we correct inaccurate or incomplete data.
  • Deletion: Request that we delete your personal data.
  • Opt-Out: Unsubscribe from service-related communications at any time.

8.2 California Residents (CCPA)

Under the California Consumer Privacy Act, you have the right to:

  • Know what personal information we collect and how it is used.
  • Request deletion of your personal information.
  • Opt-out of the sale of your personal information (we do not sell personal information).
  • Non-discrimination for exercising your privacy rights.

8.3 EU/EEA Residents (GDPR)

If you are located in the European Union or European Economic Area, you have additional rights including:

  • Right to data portability.
  • Right to restrict processing.
  • Right to object to processing.
  • Right to withdraw consent at any time.

To exercise any of these rights, contact us at AEOfix.com@gmail.com or call +1-469-278-5074. We will respond within 30 days.

9. Data Security

We implement appropriate technical and organizational measures to protect your personal data, including:

  • SSL/TLS encryption (HTTPS) for all data transmitted to and from our website.
  • Strict-Transport-Security (HSTS) headers enforced across all pages.
  • Content-Security-Policy (CSP) headers to prevent cross-site scripting attacks.
  • PCI DSS-compliant payment processing through Square.
  • Regular security reviews of our infrastructure and code.

While we take reasonable measures to protect your data, no method of electronic transmission or storage is 100% secure. If you believe your data has been compromised, please contact us immediately.

10. Children's Privacy

Our services are not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If you believe we have inadvertently collected data from a minor, please contact us and we will promptly delete it.

11. Changes to This Policy

We may update this privacy policy from time to time to reflect changes in our practices or applicable laws. When we make changes, we will update the "Last updated" date at the top of this page. We encourage you to review this policy periodically.

13. AI Processing Details

13.1 What We Process with AI

When you use AI-powered features of AEOfix (AEO audit recommendations, weekly bot intelligence digests, monthly intelligence briefs, page optimization suggestions), we send the following data to Google Gemini 2.0 Flash via the Google Generative Language API:

  • Aggregated bot visit statistics (counts, timestamps, page paths, user-agent strings, geographic region codes) for your registered site
  • Publicly accessible HTML content from your tracked pages (fetched via standard HTTP — the same content any browser visitor sees)
  • Structured prompt instructions authored by AEOfix

We do not send to Gemini: your name, email address, payment information, passwords, authentication tokens, or any information that personally identifies you.

13.2 Transient Processing

Data sent to Gemini is processed transiently for the purpose of generating your report or recommendation. AEOfix does not retain AI-processed data beyond report generation. Google's API terms prohibit use of API inputs to train their models without operator consent; AEOfix has not granted such consent.

13.3 Opting Out

You may disable AI-generated narratives and recommendations at any time by updating your Notification Preferences in the dashboard settings panel. Bot visit data will continue to be collected and displayed in tabular form without AI processing.

13.4 Google's Role

AI processing is performed by Google LLC via the Gemini API. Google's privacy policy and API data processing terms govern Google's handling of data at the model level. AEOfix operates as a deployer of the Gemini API, sending only the minimum data necessary to generate the requested output. Google LLC is independently responsible for developer-level AI regulatory obligations under applicable law.

12. Contact Us

If you have questions about this privacy policy or our data practices, contact us:

  • Email: AEOfix.com@gmail.com
  • Phone: +1-469-278-5074
  • Address: 10 Richard St, Asheville, NC 28803, United States
  • Contact Page: aeofix.com/contact