AIVIS Tracker — Privacy Policy

Last updated: 2026-06-18
Version: 1.0
Contact: hello@aivis.space

1. Introduction

This Privacy Policy describes how AIVIS Tracker ("AIVIS," "the Service," "we," "us," or "our") collects, uses, stores, and shares information when you use our AI visibility monitoring platform. We are committed to protecting your privacy and being transparent about our data practices.

This policy applies to all users of the Service, including visitors to our website (aivis.space), registered users, and anyone who connects Google Analytics 4 or Google Search Console accounts.

2. Information We Collect

2.1 Account Information

When you register for an account, we collect:

Email address (required for account creation and authentication)

Display name (optional)

Password (if using email/password authentication)

Google profile information (if registering via Google OAuth, including email and profile picture)

2.2 Brand and Campaign Data

You provide brand information to the Service, including:

Brand name, description, and category

Known facts about your brand (pricing, features, policies, locations, leadership)

Competitor information

Campaign configurations (keywords, queries, scan frequency)

Target audience information

This data is stored in your Brand Truth Snapshot and campaign settings.

2.3 Google Analytics 4 (GA4) Data

When you connect a Google Analytics 4 account via OAuth, we access:

Property information (property ID, account name, property name)

Analytics metrics (sessions, users, pageviews, engagement metrics)

Traffic source data (organic, referral, direct, social, paid)

User acquisition data

Content performance data

We do not access: User-level data, personally identifiable information, or individual user behavior data from GA4.

2.4 Google Search Console (GSC) Data

When you connect a Google Search Console account via OAuth, we access:

Property information (site URL, permission level)

Search performance data (queries, impressions, clicks, CTR, position)

Page-level performance data

Index coverage information

Mobile usability data

We do not access: User-level search data, personally identifiable information, or individual search behavior data from GSC.

2.5 AI Model Response Data

The Service generates and stores:

AI model responses to brand-relevant queries

Verdicts (accurate, likely accurate, hallucinated)

Integrity scores and coverage scores

Citation data (URLs, domains, page titles)

Claim extractions and comparisons against your Truth Snapshot

Timestamps, model versions, and content hashes (for Audit Ledger)

2.6 Technical and Usage Data

We automatically collect:

IP address (for security and rate limiting)

Browser type and version

Device type and operating system

Usage patterns within the Service

Error logs and performance data

Authentication tokens (for OAuth integrations)

3. How We Use Your Information

3.1 To Provide the Service

Execute AI visibility scans across multiple AI models

Compare AI-generated claims against your Brand Truth Snapshot

Generate verdicts, integrity scores, and coverage scores

Store and display scan results, audit records, and analytics

Correlate GA4/GSC data with AI visibility metrics

Provide CSV export functionality for your data

3.2 To Improve the Service

Analyze usage patterns to improve user experience

Identify and fix technical issues

Develop new features and capabilities

Optimize scan accuracy and performance

3.3 To Communicate With You

Send account-related notifications (scan results, payment confirmations, security alerts)

Respond to support requests

Notify you of material changes to the Service or this Privacy Policy

3.4 For Security and Legal Compliance

Detect and prevent fraud, abuse, and security threats

Enforce our Terms of Service

Comply with legal obligations

4. Google OAuth Data Usage

4.1 Scope of Access

When you connect Google Analytics 4 or Google Search Console, we request read-only access:

GA4: `https://www.googleapis.com/auth/analytics.readonly`

GSC: `https://www.googleapis.com/auth/webmasters.readonly`

4.2 How We Use Google Data

Google Analytics and Search Console data is used solely to:

Correlate search and analytics metrics with AI visibility measurements

Display correlated data within your dashboard

Power AI Referral Lift analysis (measuring traffic from AI platforms vs. traditional search)

Provide insights on how AI visibility relates to your website traffic

4.3 Google Data Storage and Retention

Google-sourced data is stored in our Supabase database and retained according to your plan's data retention limits:

Plan	Data Retention Period
------	----------------------
Trial	7 days
Starter	30 days
Growth	12 months
Agency	24 months
Enterprise	Custom

When you delete your account, Google-sourced data is permanently deleted following the 24-hour grace period described in Section 7 — it is not retained for recovery beyond that grace period. After a plan downgrade, Google-sourced data that falls outside your new plan's retention window is removed.

4.4 Google Data Sharing

We do not:

Share Google user data with third parties

Sell Google user data

Use Google user data for advertising

Use Google user data to train AI models

Use Google user data for any purpose other than providing the Service to you

This disclosure is made in compliance with Google API Services User Data Policy.

4.5 Revoking Google Access

You may revoke Google OAuth access at any time:

Via your Google Account permissions page

By disconnecting the integration within AIVIS (Data Sources section)

Revocation will stop future data sync but will not affect data already imported.

5. Data Storage and Security

5.1 Infrastructure

The Service is built on:

Supabase: Database, authentication, and storage infrastructure (PostgreSQL with Row Level Security)

Netlify: Hosting and serverless functions

Vercel Analytics: Privacy-friendly, aggregate website usage analytics (no cross-site tracking, no sale of data)

Dodo Payments: Payment processing and subscription management

5.2 Security Measures

We implement industry-standard security measures:

Encryption in transit (TLS 1.2+)

Encryption at rest (AES-256)

Row Level Security (RLS) to ensure users can only access their own data

Secure password hashing (bcrypt)

CSRF protection for OAuth flows

Rate limiting and abuse prevention

5.3 Data Isolation

Each user's data is isolated through:

User-specific database queries

Row Level Security policies

Separate storage buckets for user-uploaded files

Isolated OAuth token storage per user

6. Data Retention

6.1 Account Data

Data Type	Retention Period
-----------	-----------------
Account information	Until account deletion
Brand Truth Snapshots	Until account deletion or plan downgrade (per retention limits)
Campaign configurations	Until account deletion or campaign archival
Scan results and audit records	Per plan retention limits (see Section 4.4)
GA4/GSC imported data	Per plan retention limits (see Section 4.4)
Payment and billing records	As required by law (typically 7 years)

6.2 Data Deletion

When you delete your account:

All personal data is permanently deleted from our production databases

Brand Truth Snapshots are deleted

Campaign configurations are deleted

Scan results and audit records are deleted

GA4/GSC imported data is deleted

Authentication tokens are revoked

Exception: We may retain certain information as required by law or for legitimate business purposes (e.g., fraud prevention, financial records).

7. Account Deletion

7.1 User-Initiated Deletion

You may delete your account at any time via Account Settings. The deletion process includes:

Deletion Request: You submit a deletion request through Account Settings

24-Hour Grace Period: You have 24 hours to cancel the deletion request via email link

Processing: After the grace period, your data is permanently deleted from production databases

Confirmation: You receive an email confirmation when deletion is complete

7.2 What Happens During Deletion

During the 24-hour grace period:

Your account remains active

You can cancel deletion via the email link

All data remains accessible

After the grace period:

Your authentication is revoked

All personal data is permanently deleted

Brand Truth Snapshots are deleted

Campaign configurations are deleted

Scan results and audit records are deleted

GA4/GSC imported data is deleted

OAuth tokens are revoked

7.3 Data Not Deleted

We may retain:

Aggregated, anonymized analytics data (cannot be linked back to you)

Financial records as required by law

Security logs for fraud prevention

8. Third-Party Services

8.1 Service Dependencies

The Service relies on third-party providers:

Provider	Purpose	Data Shared
----------	---------	-------------
Supabase	Database, authentication, storage	Account data, brand data, scan results
Dodo Payments	Payment processing	Payment information (card details handled by Dodo)
OpenAI, Anthropic, Google DeepMind, Perplexity	AI model APIs	Brand queries (no personal data)
Google APIs	GA4 and GSC data access	OAuth tokens, property IDs
Netlify	Hosting and serverless functions	Technical logs
Vercel Analytics	Aggregate website usage analytics	Anonymous usage data (page views, referrers); no personal or Google-sourced data

8.2 Third-Party Privacy Policies

We are not responsible for the privacy practices of third-party services. Your use of Google APIs is subject to Google's Privacy Policy. Your use of Dodo Payments is subject to their Privacy Policy.

9. Your Rights

9.1 Access and Portability

You have the right to:

Access your personal data

Export your data in CSV format (available within the Service)

Receive a copy of your data in a structured, machine-readable format

9.2 Correction and Deletion

You have the right to:

Correct inaccurate personal data

Delete your account and personal data

Request deletion of specific data points

9.3 Consent Withdrawal

You have the right to:

Revoke consent for Google OAuth access at any time

Opt out of non-essential data collection

Delete your account at any time

9.4 How to Exercise Your Rights

To exercise any of these rights, contact us at hello@aivis.space or use the account settings within the Service.

10. Children's Privacy

The Service is not intended for and may not be used by anyone under 18 years of age, consistent with the eligibility requirement in our Terms of Service. We do not knowingly collect personal information from individuals under 18. If you are a parent or guardian and believe a minor has provided us with personal information, please contact us at hello@aivis.space and we will delete it.

11. International Data Transfers

Your information may be transferred to and processed in countries other than your own. We ensure that such transfers comply with applicable data protection laws and that appropriate safeguards are in place.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email or through the Service. The "Last updated" date at the top of this policy indicates when it was last revised.

13. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us:

Email: hello@aivis.space
Response time: We aim to respond within 48 hours.

14. Google API Services Compliance

This application uses Google APIs to access Analytics and Search Console data. AIVIS Tracker's use and transfer to any other app of information received from Google APIs will adhere to the [Google API Services User Data Policy](https://developers.google.com/terms/api-services-user-data-policy), including the Limited Use requirements.

In compliance with that policy:

We only request read-only access to GA4 and GSC data

We do not transfer Google user data to third parties except as described in this policy

We do not use Google user data for advertising or AI model training

We do not sell Google user data

Users can revoke access at any time via their Google Account settings

For more information about Google's data policies, visit: https://developers.google.com/terms/api-services-user-data-policy