1. Who we are

AIExposureTool ("we", "us", "our") is a web service operated at aiexposuretool.com by aitoolexposure.com that helps website owners, founders, and startups audit their AI visibility, scan for security vulnerabilities, generate launch copy, and preview social sharing cards. Our tools include the AI Visibility Audit, Security Scanner, Launch Toolkit, and OG Image Preview Checker.

2. What data we collect

We collect the minimum data necessary to provide the Service:

Email address — when you sign up, unlock a report, or create an account via magic link authentication.
Website URLs — the URLs you submit for AI visibility audits, security scans, launch copy generation, or OG image checks.
Scan results — AI Exposure Scores (0–100), Security Grades (A–F), detailed findings, and generated assets (fix prompts, llms.txt, JSON-LD) for submitted URLs.
Generated content — launch copy and platform submissions generated through the Launch Toolkit, stored locally in your browser (localStorage).
Payment & billing information — handled entirely by Dodo Payments (our payment processor). We never store credit card numbers, bank details, or payment credentials on our servers.
Usage data — number of audits and scans used per month, linked to your account.
Analytics data — we use Google Analytics 4 to collect anonymized usage statistics such as page views, session duration, and device type. No personally identifiable information is sent to Google Analytics.

3. How we use your data

To run AI visibility audits and security scans on submitted URLs.
To generate launch copy, fix prompts, llms.txt files, and JSON-LD structured data.
To preview OG meta tags and social sharing cards for submitted URLs.
To send you scan results, magic login links, and account-related emails.
To manage your subscription and enforce plan usage limits.
To improve the quality and accuracy of our tools through aggregate, anonymized usage patterns.

We do NOT:

Sell, rent, or trade your personal data to third parties.
Use your data for advertising or ad targeting.
Share your scan results with other users or make them publicly accessible.
Use the content of your website scans to train AI models.

4. Scanning & passive analysis

Our AI Visibility Audit and Security Scanner perform passive, read-only HTTP requests on publicly accessible URLs you submit. We analyze the response data (HTML, headers, robots.txt, sitemap.xml, common file paths) without any intrusive, destructive, or unauthorized testing. We do not:

Attempt to exploit vulnerabilities or gain unauthorized access.
Submit forms, create accounts, or modify data on scanned websites.
Perform brute-force attacks, DDoS, or penetration testing.

Scan results are stored in our database to allow historical comparisons and re-scans. Results are accessible only to you via your authenticated account.

5. Payment data & Dodo Payments

Dodo Payments processes all purchases made on AIExposureTool. When you subscribe to a paid plan:

Dodo Payments collects and processes your payment information (card details, etc.) directly. This data never touches our servers.
Dodo Payments handles invoicing, sales tax, and regulatory compliance for your region.
We receive only a transaction reference, your email, subscription status, and plan details from Dodo Payments — no payment credentials.
Dodo Payments' handling of your payment data is subject to their Privacy Policy.

6. Third-party services

We use the following third-party services to operate AIExposureTool:

Dodo Payments — payment processing, invoicing, and tax compliance. Privacy Policy.
Supabase — PostgreSQL database hosted on AWS for storing account data, scan results, and usage records.
Resend — transactional email delivery (magic login links, scan results, account notifications).
Vercel — web application hosting and edge network.
Google Analytics 4 — anonymized website usage analytics. Privacy Policy.

Each service processes data according to their own privacy policies. We select services that meet industry-standard security and privacy requirements.

7. Cookies & local storage

Session cookie (aiet_session) — an HTTP-only, secure cookie used to keep you logged in. Contains a secure token, not personal data. Expires after 7 days.
Google Analytics cookies (_ga, _ga_*) — used for anonymized traffic analysis. You can opt out via your browser settings or the Google Analytics Opt-out Browser Add-on.
localStorage — the Launch Toolkit stores your generated copy, submission tracker, and checklist progress locally in your browser. This data never leaves your device unless you explicitly download or copy it.

We do not use third-party advertising or tracking cookies.

8. Data retention

Account data & scan results — retained for as long as your account is active.
Cancelled accounts — data is retained for 90 days after cancellation to allow re-activation, then permanently deleted.
Deletion requests — you may request deletion of your data at any time by emailing privacy@aiexposuretool.com. We will delete your data within 30 days of your request.
Payment records — transaction history is retained by Dodo Payments per their retention policies and applicable tax laws.

9. Your rights

You have the right to:

Access — request a copy of the personal data we hold about you.
Correct — request correction of any inaccurate personal data.
Delete — request deletion of your personal data and account.
Export — request your scan data in a portable format.
Object — object to processing of your data for specific purposes.

To exercise any of these rights, email privacy@aiexposuretool.com. We will respond within 30 days.

If you are located in the EU/EEA, you have additional rights under GDPR including the right to lodge a complaint with your local data protection authority. If you are a California resident, you have rights under the CCPA including the right to know what data we collect and the right to opt out of the sale of personal data (we do not sell your data).

10. Data security

We implement the following security measures to protect your data:

HTTPS/TLS encryption for all data in transit.
HTTP-only, secure cookies for session management.
Passwordless authentication (magic links) to eliminate password-related vulnerabilities.
Industry-standard database security with row-level access controls via Supabase.
Payment processing entirely delegated to PCI DSS-compliant Dodo Payments — no card data touches our servers.

11. Children's privacy

AIExposureTool is not intended for use by children under the age of 16. We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us at privacy@aiexposuretool.com and we will delete it promptly.

12. International data transfers

Your data may be processed and stored in data centers located in the United States and the European Union through our service providers (Supabase/AWS, Vercel, Dodo Payments). By using AIExposureTool, you consent to the transfer of your data to these locations. We ensure that all transfers comply with applicable data protection laws.

13. Changes to this policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email to active paying subscribers and by updating the date at the top of this page. Continued use of AIExposureTool after changes constitutes acceptance of the updated policy.

14. Contact

For any privacy-related questions or data requests, email us at privacy@aiexposuretool.com.