Privacy Policy
Last updated: June 30, 2026
This Privacy Policy explains how AIEmployees, a company registered in the State of Texas, United States ("AIEmployees", "we", "us", or "our"), collects, uses, shares, and protects personal data when you use SEOG, our AI local-SEO platform available at seog.ai. "You" or "Customer" means the account holder or business using SEOG. This Policy is effective as of June 30, 2026, and applies to our websites, the SEOG application, and the public GBP report tool. For details on how we use cookies and similar technologies, see our Cookies Policy; for the terms governing your use of the service, see our Terms of Service.
Information We Collect
We collect personal data that you provide directly, data we collect automatically as you use SEOG, and data we receive from third parties such as Google.
Provided by you
- Account information: name, email address, password (stored only as a bcrypt hash), your onboarding role and goals, referral source, and notification preferences.
- Business Profile data: the business information you enter or connect, including business name, address, phone, website, category, coordinates, hours, photos, and attributes.
- Lead information (public GBP report): when you request a free GBP report, your email and the target business name, address, and Google Place ID.
- Partner configuration (white-label partners only): partner CRM credentials, which we store encrypted.
- Payment information (only if you purchase a paid plan): handled by our third-party payment processor; we do not store full payment-card numbers.
Collected automatically
- First-touch attribution: UTM parameters (source, medium, campaign, term, content, id), gclid, fbclid, referrer, and landing page.
- Usage and diagnostic logs: provider and call type, token counts, timestamps, and related metadata.
- Coarse location: city-level geolocation derived from your IP address, used to bias local search results.
- Lead request IP: for public GBP report requests, we record the requesting IP address for abuse prevention.
From third parties (such as Google)
- Connected Google account (optional): if you connect your Google Business Profile (GBP), we receive OAuth tokens (stored encrypted) to read GBP performance data and, with your permission, update your profile.
- Business and review data: business ratings and Google reviews — including reviewer display name, photo URL, rating, and review text (public data from Google) — together with GBP performance metrics, Google Search Console metrics, and website/PageSpeed results.
How We Use Information
We use personal data to:
- Provide, operate, and maintain SEOG and its features, including GBP analysis and optimization, local map-pack and ranking tracking, review monitoring and AI-assisted review-reply drafts, competitor tracking, citation/listing (NAP) consistency, AI-visibility (AEO/GEO) checks, website and PageSpeed analysis, and keyword research.
- Create and manage your account, authenticate you, and keep you signed in.
- Generate your first free analysis and deliver the public GBP report PDF by email.
- Personalize results, including biasing local search to your approximate area.
- Forward leads and contact details to a CRM so our team (or, for white-label, the partner) can follow up.
- Communicate with you, including transactional and service messages.
- Monitor, secure, and improve the service, prevent abuse, and maintain diagnostic logs.
- Comply with legal obligations and enforce our terms.
Legal Bases for Processing
Where the EU/UK General Data Protection Regulation (GDPR) applies, we rely on the following legal bases:
- Performance of a contract: to provide the service you have requested, manage your account, and deliver features you use.
- Legitimate interests: to secure and improve the service, prevent fraud and abuse, maintain diagnostics, and follow up on leads — balanced against your rights and interests.
- Consent: for analytics cookies and similar technologies, and for marketing where required; you may withdraw consent at any time.
- Legal obligation: to comply with applicable laws, respond to lawful requests, and keep required records.
How We Share Information / Sub-processors
We do not sell personal information for money. We share personal data with service providers ("sub-processors") that process data on our behalf to deliver SEOG, and with your CRM or chosen partner where you use lead and white-label features. The following sub-processors may process personal data:
| Provider | Location | Purpose |
|---|---|---|
| Google LLC / Google Cloud | USA | Vertex AI / Gemini (AI analysis of reviews and content); Google Places API (business/place data); Google Business Profile API (with your OAuth consent); Google Ads API (keyword volume); Google Search Console API (search metrics); Google PageSpeed Insights (site performance); Google Tag Manager (tag management). |
| Microsoft Corporation | USA | Microsoft Clarity (product analytics; consent-gated). |
| OpenAI, L.L.C. | USA | AI-visibility (GEO) checks; only a search query and location are sent (used where enabled). |
| Anthropic, PBC | USA | AI-visibility (GEO) checks; only a search query and location are sent (used where enabled). |
| Amazon Web Services, Inc. | USA | Amazon SES (sending the GBP report and transactional email) and Amazon S3 (storing report PDFs and blog assets). |
| c10r (operated by PASV LLC) | USA | CRM — we forward lead/contact details (name, email, phone, company, the business details and goals you provide, and UTM attribution) so our team or partner can follow up. |
| geojs.io | USA | Coarse city-level IP geolocation to bias local results. |
| ip-api.com | USA | Coarse city-level IP geolocation to bias local results. |
| OVHcloud (OVH US, LLC) | USA | Infrastructure and hosting (compute, PostgreSQL database, Redis) via Coolify, in a US (Virginia) data center. |
We may also disclose personal data to comply with law, enforce our agreements, protect rights and safety, or in connection with a business transfer.
International Data Transfers
Our application, PostgreSQL database, and Redis are self-hosted on our own infrastructure via Coolify with OVHcloud in the United States (Virginia). Our other sub-processors (for example, Google Cloud and AWS) are also US-based, so your personal data is primarily processed in the United States. If you are in the European Economic Area, the United Kingdom, or Switzerland, your personal data is transferred to the United States; where required, such transfers are protected by appropriate safeguards, including the EU Standard Contractual Clauses (SCCs), the UK International Data Transfer Addendum, and the Swiss adaptations to the SCCs.
Cookies & Analytics
We use strictly necessary cookies to keep you signed in and to remember white-label branding, and functional storage to remember attribution and preferences. Analytics tools, including Microsoft Clarity and any tags fired through Google Tag Manager, are loaded only after you click "Accept" on the cookie banner. Our backend sets no tracking cookies, and signed-in app pages use strictly-necessary cookies only. For full details, see our Cookies Policy.
Data Retention
We keep account and business data while your account is active and for a reasonable period afterward for legal and operational needs, after which we delete or anonymize it. On account deletion, account and business records are deleted. Caches and diagnostics are short-lived. Specific retention periods include:
- Refresh-token / session: approximately 7 days.
- Keyword-volume cache: approximately 30 days.
- PageSpeed cache: approximately 7 days.
- IP-geolocation cache: approximately 24 hours.
Leads already shared to the CRM, and unclaimed report leads, may be retained for legitimate follow-up.
Data Security
We use technical and organizational measures designed to protect personal data, including:
- Passwords hashed with bcrypt.
- Sensitive OAuth tokens (Google and partner CRM) encrypted at rest with AES-256-GCM.
- TLS/HTTPS encryption in transit.
- Role-based access control, with admin actions audited.
- Authentication using short-lived JWT access tokens (approximately 15 minutes) and refresh tokens (approximately 7 days), with Redis-backed session revocation so that logging out invalidates the session server-side.
No method of transmission or storage is completely secure, but we work to protect your data using the safeguards above.
Your Privacy Rights
Depending on where you live, you may have the rights described below. See How to exercise your rights at the end of this section for how to make a request.
GDPR (EEA / UK)
If you are in the European Economic Area or the United Kingdom, you may:
- Access your personal data.
- Correct inaccurate or incomplete data.
- Request deletion ("right to be forgotten").
- Export or port your data.
- Object to or restrict certain processing.
- Withdraw consent at any time.
US State Privacy Rights
Many US states have enacted comprehensive consumer-privacy laws. If you are a resident of one of the states listed below, you may have the following rights, which vary by state:
- Know / access — confirm whether we process your personal data and access it. California residents may also request the specific pieces of personal information we have collected.
- Correct inaccuracies in your personal data. (Not provided under Iowa or Utah law.)
- Delete personal data we hold about you.
- Data portability — obtain a copy of your data in a portable, readily usable format.
- Opt out of "sale" or "sharing" of your personal data.
- Opt out of targeted advertising (cross-context behavioral advertising). (Not a standalone right under Iowa law.)
- Opt out of profiling used for decisions that produce legal or similarly significant effects. (Not provided under Iowa or Utah law.)
- Control your sensitive data — see Sensitive data, below.
- Appeal — if we decline your request, you may appeal; if we deny the appeal, we will give you a way to contact your state Attorney General.
- Non-discrimination — we will not discriminate against you for exercising these rights.
These rights come from the comprehensive privacy laws of California, Colorado, Connecticut, Delaware, Florida, Indiana, Iowa, Kentucky, Maryland, Minnesota, Montana, Nebraska, New Hampshire, New Jersey, Oregon, Rhode Island, Tennessee, Texas, Utah, and Virginia. Oklahoma residents gain similar rights when that state's law takes effect on January 1, 2027. The exact rights — and whether a given law applies to us — vary by state.
Some states add rights: Oregon and Minnesota residents may request a list of the specific third parties to which we have disclosed their personal data, and Minnesota residents may question the result of profiling and ask us to re-evaluate it.
Sensitive data. Where the law requires it, we obtain your consent before processing sensitive personal data, and we do not sell sensitive personal data. Where your state uses a notice-and-opt-out model instead (California, Utah, and Iowa), you may direct us to limit our use of your sensitive personal information; California residents have the "Right to Limit the Use of My Sensitive Personal Information."
Nevada. Under Nevada law (NRS Chapter 603A), Nevada residents may submit a verified request directing us not to sell their covered information. We do not sell personal information for money; email us at the address below to submit a Nevada opt-out request.
How to exercise your rights
We honor the Global Privacy Control (GPC) signal as an opt-out of "sale"/"sharing" and targeted advertising for the browser or device that sends it, and we do not sell personal information for money. To exercise any right above:
- Email hello@seog.ai with the subject "Attn: Privacy", telling us which right you want to exercise. You do not need an account to opt out of "sale"/"sharing".
- Use in-app controls — signed-in account owners can manage their information and delete their account directly in the app, which cascade-deletes their businesses, reviews, keywords, rankings, and related records.
We verify your identity before acting on a request to know, delete, or correct, and you may use an authorized agent. We respond within the timeframes required by applicable law — generally within one month for GDPR requests and within 45 days for US state requests (each extendable where the law permits). If we decline a US state request, you may appeal, and we respond to appeals within the period your state's law requires. Leads already shared to the CRM, and unclaimed report leads, may be retained for legitimate follow-up.
Do Not Sell or Share
We do not sell your personal information for money, and we honor the Global Privacy Control signal for opt-out preferences. To learn more or submit a request, see Do Not Sell or Share My Personal Information.
Children's Privacy
SEOG is not directed to children. You must be at least 18 years old (or the age of majority in your jurisdiction) and acting on behalf of a business to use the service. We do not knowingly collect personal data from children.
Third-Party Services & AI
SEOG uses third-party AI providers to analyze content and check AI visibility. For AI-visibility (GEO) checks, only a search query and location are sent to the relevant provider. AI outputs — including review replies, recommendations, summaries, and visibility checks — may be inaccurate or incomplete, and you should review them before relying on or publishing them. SEO outcomes are not guaranteed, as rankings depend on Google and other third parties we do not control. Please avoid submitting sensitive personal data into AI features. Your use of Google Business Profile and other Google data is subject to Google's terms; you must hold the rights to any business you connect or analyze and must not misuse Google data or violate platform terms.
Reviews & Other Public Data
To provide review monitoring and AI-assisted reply drafts, we process public Google review data, including the reviewer's display name, photo URL, rating, and review text, along with business ratings and related public information. This data originates from Google and is processed to deliver the features you use.
Changes to This Policy
We may update this Privacy Policy from time to time. When we make material changes, we will update the "Last updated" date shown on this page and, where appropriate, provide additional notice. Your continued use of SEOG after changes take effect constitutes acceptance of the updated Policy.
Contact
For privacy questions or to exercise your rights, contact us at hello@seog.ai with the subject "Attn: Privacy". You can also review our related policies: Terms of Service, Cookies Policy, Data Processing Addendum, Acceptable Use Policy, and Do Not Sell or Share.
