1. Introduction & Overview
1.1 Policy Introduction
AIFindMyBusiness, Inc ("Company,""we,""us," or "our") is a limited liability company that operates the website located at https://aifindmybusiness.com (the "Site") and provides business-to-business artificial intelligence visibility audit and marketing assistance services (collectively, the "Services") to individuals and entities purchasing, receiving, or using the Services (collectively, the "Client,""you," or "your"). This Privacy Policy ("Policy") describes how the Company collects, uses, discloses, retains, and protects personal information in connection with the Site and the Services, and explains the rights available to individuals whose personal information we process.
By accessing the Site or using the Services, you acknowledge that you have read and understood this Policy and consent to the data practices described herein. If you do not agree with this Policy, you may not use the Site or the Services.
1.3 Scope of the Policy
This Policy applies to all personal information processed by the Company in connection with:
The Site located at https://aifindmybusiness.com and any subdomains or successor URLs;
The AI Visibility Audit services, Improvement Plan deliverables, and subscription monitoring and optimization engagements offered through the Site;
The authenticated Client dashboard through which Clients access audit reports, complete intake questionnaires, and manage subscriptions;
All transactional email communications initiated by or through the Services; and
All other interactions with the Company in which personal information is collected.
This Policy does not govern the privacy practices of any third-party websites, platforms, or services that may be linked from the Site.
2. Information We Collect
2.1 Information You Provide Directly
The Company collects personal information that you voluntarily provide when you:
Account Registration: When creating an authenticated Client dashboard account, we collect your name, business email address, business name, and password credentials.
Intake Forms and Audit Requests: When submitting a request for Services, we collect your name, business name, email address, website URL, telephone number (if provided; used to contact you about the Services and, only where you separately opt in, to send SMS text messages as described in Section 3.10), primary service area, services offered, competitor names, marketing channels, review platforms, and other business operational details you elect to provide.
Optional Access Credentials: You may choose to provide read-only access tokens, authorization links, or credentials for third-party tools such as Google Analytics, Google Search Console, Google Ads, or Google Business Profile. Provision of such access is voluntary and subject to the data handling terms described in Section 2.8 (Data Usage and Confidentiality Scope) below.
Customer Support Communications: When you contact us for support, we collect the content of your communications together with any associated contact information you provide.
Survey and Research Responses: If you participate in optional surveys or research activities, we collect your responses.
Payment Information: Payment card information is processed directly by Stripe, Inc. The Company does not collect or store full card numbers, CVV codes, or other sensitive payment credentials. We receive from Stripe limited payment confirmations, subscription status indicators, and the last four digits of the payment method used.
2.2 Automatically Collected Data
When you visit the Site, certain information is collected automatically through log files and similar technologies, including:
Log Data: Internet Protocol ("IP") address, browser type and version, operating system, referring URL, pages viewed, time spent on pages, click-stream data, and approximate geographic location at the city or regional level.
Device Data: Device type, screen resolution, and language preferences.
Browser Information: Browser type, version, and configuration settings relevant to Site compatibility and performance.
2.3 Cookies and Tracking Technologies
The Site uses cookies, web beacons, pixels, local storage, and similar tracking technologies to collect information about your interactions with the Site. For a full description of the types of cookies used, consent mechanisms, and opt-out options, see Section 5 (Cookies and Tracking Technologies).
2.4 Location Data
The Company collects approximate location information derived from your IP address (city and region level). The Site does not request or access GPS-level location data from your device. IP-derived location data is used for analytics, fraud prevention, and legal compliance purposes.
2.5 Communications Data
When you send emails, messages, or other communications to the Company through the Site or to Company email addresses, the content of those communications (including any personal information contained therein) is collected and retained as described in Section 7 (Data Retention).
2.6 Photos, Audio, and Media
The Services do not currently solicit or require submission of photographs, audio files, or other media from Clients. If you voluntarily attach files or media to intake forms or support communications, the content of those files will be collected and processed as described in this Policy.
2.7 Data Usage and Confidentiality Scope
2.7.1 Client-Provided System Access
In the course of delivering the Services, Clients may voluntarily grant the Company access to certain business systems and data, including, without limitation: website analytics platforms (e.g., Google Analytics); search performance consoles (e.g., Google Search Console); Client relationship management ("CRM") systems; advertising accounts; and business strategy information. All such access is provided at the Client's sole discretion.
2.7.2 Data Minimization and AI Sub-Processor Submissions
The Company takes reasonable steps to limit the information submitted to AI sub-processors and other third-party service providers to only that which is necessary to perform the requested Services. In particular:
Information We May Submit to AI Providers: Buyer-intent prompts, your business name, your public website URL, and publicly available competitor data.
Information We Do Not Submit to AI Providers: Confidential business information you provide during onboarding, including but not limited to financial data, internal strategy documents, Client lists, access tokens, or credentials.
2.7.3 Human Review of Deliverables
Audit deliverables (including PDF reports, slide presentations, and written improvement plans) are subject to human review by Company personnel prior to release to Clients where the Company determines such review is appropriate. Artificial intelligence is used to produce deliverables; however, a human reviewer may verify, supplement, or revise AI-generated content before delivery. AI is not used to make automated decisions about Site visitors, to profile them, to set prices, to determine eligibility, or to take any action that produces legal or similarly significant effects on any visitor or Client.
2.7.4 Internal Retention of Deliverables
The Company retains copies of audit deliverables and reports in its internal systems for business continuity, quality assurance, and legal compliance purposes. Retention periods are described in Section 7 (Data Retention).
2.7.5 Anonymized Benchmarking and Research
The Company may use aggregated and anonymized findings derived from audit engagements for internal benchmarking, methodology improvement, and research purposes. Such use will not involve the re-identification of individual Clients or the disclosure of Client-identifiable information to third parties.
Where a Client redeems a promotional, discount, partner, beta, referral, or other coupon code at checkout (a "Promotional Code"), the Client expressly consents — as additional consideration for the discount or other benefit conferred by the Promotional Code — to the Company's use of the Client's intake responses, audit findings, scores, Deliverables, and engagement outcomes, in anonymized and de-identified form, for both (a) the internal purposes described in the preceding paragraph and (b) the preparation and external publication of statistics, benchmarks, and case studies, including in marketing materials, white papers, blog posts, presentations, and similar collateral. Any externally distributed case study prepared under this consent shall describe only the Client's industry, geographic region, business size category, and the nature and magnitude of results, and shall not identify the Client by name, logo, website URL, or other directly identifying information without the Client's separate prior written consent. The full terms of this consent — including its perpetual and irrevocable scope with respect to materials already prepared in good-faith reliance on it — are set forth in Section 7.11 of the Terms of Service.
2.7.6 Security Limitations
The Company implements reasonable administrative, technical, and physical safeguards. However, no information security system is impenetrable, and the Company does not guarantee absolute security of information provided through system access credentials or otherwise. Customers assume responsibility for the security of any access credentials they choose to share with the Company.
2.7.7 AI Sub-Processor Disclaimer
The Company describes its intended data handling practices with respect to AI sub-processors in this Policy; however, the terms, product names, product configurations, and training controls of third-party AI providers may change without notice. This Policy reflects the Company's intentions and does not guarantee any particular AI provider's independent data practices. Users with specific concerns about which AI providers may receive their information are encouraged to contact the Company at [email protected] before submitting an intake form, and the engagement can be scoped accordingly.
2.8 AI Sub-Processor Information
To deliver the AI Visibility Audit and related Services, the Company submits certain limited information to the following third-party AI and search tool providers ("AI Sub-Processors"). The AI Sub-Processor list is a living document. Providers may be added, removed, or updated from time to time; material changes will be reflected in an updated version of this Policy or in a separately maintained AI Sub-Processor Schedule available upon request.
| AI / Search Provider | Products / Tools | Purpose | Categories of Data Submitted |
|---|---|---|---|
| OpenAI | ChatGPT, GPT Models, Codex | Prompt visibility testing; methodology assistance | Buyer-intent prompts; business name and public URL; public competitor data |
| Anthropic | Claude (Desktop, Web, Code, CLI) | Prompt visibility testing; methodology assistance | Same as above |
| Gemini; Google AI products; Gemini CLI | Prompt visibility testing | Same as above | |
| Perplexity AI | Perplexity | Prompt visibility testing | Same as above |
| Microsoft | Bing Copilot | Prompt visibility testing | Same as above |
| General web and search tools | Varies | Public content retrieval (website, listings, reviews) | Public URLs; publicly available business content only |
Each AI Sub-Processor operates under its own privacy policy, terms of service, and data use practices. The Company uses commercial, API, or paid endpoints where available and configures provider accounts and settings, to the extent the provider makes such controls available, with the intent of preventing Client-submitted data from being used to train the provider's foundation models. Because provider terms, product configurations, and training controls can change without notice, this Policy describes the Company's intended handling practices rather than guaranteeing any independent AI provider's independent data practices.
3. How We Use Your Information
3.1 To Provide and Operate the Services
The Company uses personal information to deliver and administer the Services you have requested or purchased, including processing intake forms, conducting AI visibility audits, generating Improvement Plans, maintaining the Client dashboard, and managing subscription engagements.
3.2 To Personalize Your Experience
Information collected during the intake process and through dashboard interactions may be used to tailor audit scope, methodology, and reporting to the specific characteristics of your business.
3.3 To Communicate with You
We use contact information to send transactional communications, including audit deliverables, billing receipts, subscription confirmations, scheduling notifications, and material updates to this Policy or our Terms of Service.
3.4 Marketing and Promotional Communications
With your consent or where otherwise permitted by applicable law, we may send you newsletters, service announcements, and promotional communications regarding our Services. You may opt out of marketing communications at any time by following the unsubscribe instructions in any such communication or by contacting us at [email protected]. Opting out of marketing communications does not affect your receipt of transactional communications necessary to deliver the Services.
3.5 Analytics and Performance Improvement
We use automatically collected data and aggregated analytics to understand how users interact with the Site and Services, to identify technical issues, to measure the effectiveness of our marketing campaigns, and to improve Site functionality and the quality of our Services.
3.6 Security and Fraud Prevention
We use personal information to detect, investigate, and prevent unauthorized access, fraudulent transactions, abuse, and other activities that may violate this Policy, our Terms of Service, or applicable law.
3.7 Legal Compliance and Obligations
We use personal information as necessary to comply with applicable laws and regulations, to respond to valid legal process (including subpoenas and court orders), to enforce our agreements, and to protect the rights, property, and safety of the Company, its Clients, and others.
3.8 No Automated Decision-Making About Site Visitors
AI is not used to make automated decisions about visitors to the Site, to profile them for eligibility determinations, to set individualized prices, or to take any action that produces legal or similarly significant effects on any individual. There is no chatbot, AI assistant, AI-driven recommendation widget, or automated AI-based decision-making system interacting with visitors on the Site itself.
3.9 Promotional Code Redemptions — Consent to Anonymized Statistics and Case Studies
Where a Client elects to redeem a promotional, discount, partner, beta, referral, or other coupon code at checkout, the Client's act of applying that code constitutes the Client's affirmative, electronic consent to the Company's use of the Client's intake responses, audit findings, scores, Deliverables, and engagement outcomes — in anonymized and de-identified form — to prepare and publish statistics, benchmarks, and case studies. Such use may include external publication in marketing materials, white papers, blog posts, presentations, and similar collateral.
Information used under this Section 3.9 is limited to information from which the Client's identity has been removed and that cannot reasonably be used, alone or in combination with other information available to the Company, to re-identify the Client. The Company will not use the Client's name, logo, trademarks, or other directly identifying business information in any publicly distributed material attributable to the Client by name without obtaining the Client's separate prior written consent.
Redemption of a Promotional Code is voluntary; any Service offered by the Company can be purchased at its standard published price without redeeming a Promotional Code. The full terms governing this consent, including its perpetual and irrevocable scope with respect to anonymized materials already prepared, published, or distributed in good-faith reliance on the consent, are set forth in Section 7.11 of the Terms of Service and Section 2.7.5 above.
3.10 SMS / Text Message Communications
If you provide your telephone number to the Company and affirmatively opt in to receive text messages — whether through an intake form, the Client dashboard, a checkbox, or by texting a designated keyword to the Company — you consent to receive SMS text messages from AIFindMyBusiness, Inc. relating to the Services, including transactional notifications, audit and account updates, scheduling messages, and, where you have separately consented, marketing or promotional messages. You are not required to provide consent to receive text messages as a condition of purchasing any goods or services.
By opting in, you acknowledge and agree to the following:
Consent. You are consenting to receive text messages from the Company at the mobile number you provided. Your consent is given voluntarily and may be revoked at any time as described below.
No Sharing for Third-Party Marketing. The Company will not share, sell, or otherwise disclose your mobile telephone number or your SMS opt-in consent to any third party for that third party's own marketing purposes. Mobile information collected in connection with text messaging is used solely to deliver the messages you have requested and to operate the messaging program, and is shared only with service providers that help us deliver those messages on our behalf (and only for that purpose).
Message Frequency. Message frequency varies. The number of messages you receive will depend on the nature of your engagement with the Services and the message categories to which you have consented. Messages may be recurring.
Opt-Out. You may opt out of receiving text messages at any time by replying STOP to any message you receive from the Company (or by texting STOP to the originating number or short code). After you send STOP, you will receive a single confirmation message acknowledging your opt-out, after which no further text messages will be sent unless you opt in again. You may also opt out by contacting us at the address in Section 14.6.
Help. For assistance or more information about the messaging program at any time, reply HELP to any message, or contact us at the email address set forth in Section 14.6 of this Policy.
Message and Data Rates. Message and data rates may apply to any text messages you send or receive. Such charges are determined by your mobile carrier and wireless plan, and the Company is not responsible for them. Please contact your wireless carrier for details about your messaging and data plan.
Carrier Liability. Carriers are not liable for delayed or undelivered messages. Message delivery is subject to the effective transmission by your wireless carrier and is not guaranteed.
4. How We Share Your Information
4.1 Service Providers and Vendors
We share personal information with third-party service providers and vendors that process data on our behalf as data processors, solely for the purposes described in this Policy. These providers are contractually obligated to protect your information and to use it only for the purposes for which it was disclosed. Current service providers include, without limitation:
| Provider | Service | Data Shared | Privacy Policy |
|---|---|---|---|
| Stripe, Inc. | Payment processing and subscription billing | Name; email; billing address; payment method details | stripe.com/privacy |
| Resend | Transactional email delivery | Email address; name; audit content | resend.com/legal/privacy-policy |
| Cloudflare, Inc. | Web hosting; CDN; security | IP addresses; log data; traffic patterns | cloudflare.com/privacypolicy |
| Zoho Mail | Inbound email handling | Content of emails sent to Company addresses | zoho.com/privacy.html |
| Google (Ads, Analytics) | Conversion measurement; ad performance analytics | Behavioral and conversion data; hashed identifiers for enhanced conversions | policies.google.com/privacy |
| Microsoft (Bing Webmaster) | Search visibility analytics | Aggregated traffic data | privacy.microsoft.com |
| AI Sub-Processors (see Section 2.9) | AI visibility testing; deliverable production | Buyer-intent prompts; business name and public URL; public competitor data only | See Section 2.9 |
4.2 Business Partners
We do not share personal information with business partners for their own independent marketing purposes without your explicit consent.
4.3 Advertising and Analytics Partners
The Company uses online advertising and analytics tools, including conversion tracking and measurement services. The use of such tools may result in the sharing of certain identifiers (including hashed email addresses and cookie-based identifiers) with advertising networks and analytics providers for the purpose of measuring campaign effectiveness and optimizing marketing spend. Under California law, such use may constitute "sharing" of personal information for cross-context behavioral advertising purposes. See Section 9 (CCPA / U.S. State Privacy Rights) for opt-out options.
4.4 Legal Disclosures
The Company may disclose personal information to courts, regulators, law enforcement agencies, or other government authorities when required to do so by applicable law, regulation, legal process (including subpoenas, court orders, and government requests), or when such disclosure is necessary to (a) comply with a legal obligation; (b) protect and defend the rights or property of the Company; (c) prevent or investigate possible wrongdoing in connection with the Services; or (d) protect the personal safety of users of the Services or the public.
4.5 Business Transfers
In the event of a merger, acquisition, reorganization, sale of substantially all assets, or other similar business transaction, personal information held by the Company may be transferred to the acquiring or successor entity. We will provide notice of any such transfer through the Site and, where required by applicable law, obtain consent prior to the transfer.
4.6 With Your Consent
We may share personal information with third parties not described in this Policy when we have obtained your prior, explicit consent to do so.
4.7 Aggregated and De-Identified Data
The Company may share aggregated or de-identified data that does not reasonably identify an individual with third parties for research, analytics, industry benchmarking, or other lawful purposes. Such data will not be re-identified or linked back to individual Clients.
4.8 No Sale of Personal Data
The Company does not sell personal information for monetary consideration. However, as described in Section 4.3, the Company's use of certain online advertising measurement tools may constitute "sharing" of personal information under California law. Individuals who wish to opt out of such sharing may do so as described in Section 9.4 (Do Not Sell or Share My Personal Information).
5. Cookies and Tracking Technologies
5.1 Types of Cookies Used
The Site uses the following categories of cookies and similar tracking technologies:
Strictly Necessary Cookies: Required for the basic operation of the Site, including session state management, authentication, and security. These cookies cannot be disabled through the Site's cookie preferences without impairing Site functionality.
Functional Cookies: Enable enhanced functionality and personalization, such as remembering user preferences. Disabling these cookies may affect the availability of certain features.
Analytics Cookies: Used to measure aggregate traffic patterns and understand how users interact with the Site. The Company currently uses Cloudflare Web Analytics, which is designed to measure aggregate traffic without the use of persistent personal identifiers.
Advertising and Conversion Tracking Cookies: Used to measure the effectiveness of advertising campaigns and to optimize bidding strategies for advertisements placed by the Company. These cookies may be set by advertising network providers and may constitute "sharing" of personal information under California law.
5.2 Cookie Consent and Preferences
Depending on your jurisdiction, when you first visit the Site you may be presented with a cookie consent banner or preference management interface allowing you to accept, reject, or customize non-essential cookies. You may also change your cookie preferences at any time by accessing the cookie settings available on the Site or by adjusting your browser settings as described in Section 5.6.
5.3 Third-Party Cookies
Certain cookies on the Site are set by third-party providers, including advertising networks and analytics services. The Company does not control the data collection practices of these third parties. We encourage you to review the privacy policies of applicable third-party providers for information about their use of cookies.
5.4 Do Not Track Signals
The Site does not currently respond to the legacy "Do Not Track" ("DNT") browser header signal because no consensus technical standard for honoring DNT requests has been established. However, where required by applicable law, the Site does recognize and honor the Global Privacy Control ("GPC") signal as a valid opt-out of cross-context behavioral advertising. When the Site detects a GPC signal, it treats that signal as a valid opt-out request for the device or browser session from which the signal originates.
5.5 Cookie Duration and Expiry
Cookies used on the Site may be either "session cookies," which are deleted when you close your browser, or "persistent cookies," which remain on your device for a specified period or until deleted. Advertising and conversion tracking cookies set by third-party advertising networks may persist for periods consistent with those providers' standard retention practices. The Company does not independently control the duration of third-party cookies.
5.6 How to Opt Out of Cookies
You may limit, block, or delete cookies through the following mechanisms:
Browser Settings: Most web browsers provide controls to manage cookie settings, including the ability to block or delete cookies. Refer to your browser's help documentation for instructions.
Opt-Out Tools: For advertising cookies, you may use industry opt-out tools such as the Network Advertising Initiative (NAI) opt-out tool at optout.networkadvertising.org or the Digital Advertising Alliance (DAA) opt-out tool at optout.aboutads.info.
Global Privacy Control: You may install a browser extension or use a browser that emits the GPC signal to opt out of cross-context behavioral advertising.
Please note that disabling certain cookies may affect your ability to use some features of the Site.
5.7 Cookie Table
The following table identifies the cookies and similar technologies that may be set when you use the Site. Please note that the cookies and similar technologies used on the Site may change over time; this table reflects the Company's current practices as of the effective date of this Policy.
| Cookie / Technology Name | Duration | Purpose and Category |
|---|---|---|
| _gcl_au | 90 days | Set by Google Ads (gtag.js) on every page load as a first-party conversion-linker cookie. Used to attribute conversions on the Site back to the ad click that brought the visitor in. Category: Advertising / Measurement. |
| _gcl_aw | 90 days | Set by Google Ads when a visitor arrives with a "gclid" parameter in the URL (i.e., from clicking a Google Ads ad). Stores the click identifier so a later conversion (audit purchase, audit request, intake submission) can be attributed to that specific ad click. Category: Advertising / Measurement. |
| _gcl_dc | 90 days | Set by Google Ads when a visitor arrives with a "dclid" parameter in the URL (Google Display Network click). Same purpose as _gcl_aw but for Display campaigns. Category: Advertising / Measurement. |
| _gcl_gb | 90 days | Set by Google Ads when a visitor arrives with a "gbraid" parameter (iOS app-to-web click identifier). Stores the click identifier for cross-device / iOS conversion attribution. Category: Advertising / Measurement. |
| NID | 6 months | Set on the google.com domain by Google when the gtag.js library loads. Stores visitor preferences and is used by Google to personalize ads on Google properties. Category: Advertising. |
| __cf_bm | 30 minutes | Set by Cloudflare on the aifindmybusiness.com domain to distinguish humans from bots, mitigate automated abuse, and protect the Site from malicious traffic. Category: Strictly Necessary / Security. |
| _cfuvid | Session | Set by Cloudflare to support per-session rate limiting and to identify trusted web traffic for security purposes. Category: Strictly Necessary / Security. |
| aifmb_attribution | Session (sessionStorage) | Set by the Site's own attribution script on first landing. Captures first-touch marketing parameters (utm_source, utm_medium, utm_campaign, utm_content, utm_term, gclid, gbraid, wbraid), the landing path, and timestamp to attribute later audit requests or checkout to the originating marketing channel. Category: Analytics / Advertising Attribution. |
| aifmb_claim_token | Session (sessionStorage) | Set by the Site during the audit-claim sign-up flow to temporarily hold a one-time claim token between the audit-claim landing URL and the account sign-up form so the new account is correctly linked to the purchased audit. Category: Strictly Necessary. |
| __stripe_mid | 1 year | Set by Stripe on the checkout.stripe.com domain. Stores a persistent machine identifier used by Stripe Radar for fraud detection and payment risk scoring. Category: Strictly Necessary / Fraud Prevention. (Set on Stripe's domain, not aifindmybusiness.com.) |
| __stripe_sid | 30 minutes | Set by Stripe on the checkout.stripe.com domain during Stripe Checkout. Stores a short-lived session identifier used together with __stripe_mid for fraud detection on the current checkout session. Category: Strictly Necessary / Fraud Prevention. (Set on Stripe's domain, not aifindmybusiness.com.) |
| m | 2 years | Set by Stripe on the m.stripe.com / checkout.stripe.com domain to support Stripe Radar device fingerprinting and to determine whether the visitor is using a desktop or mobile device for payment-fraud prevention. Category: Strictly Necessary / Fraud Prevention. (Set on Stripe's domain, not aifindmybusiness.com.) |
| __client_uat | 1 year (or until sign-out) | Set by Clerk (the Site's authentication provider) on aifindmybusiness.com once a user signs up or signs in to access the audit dashboard. Stores the user authentication timestamp so Clerk can determine whether the current session remains valid. Category: Strictly Necessary / Authentication. |
| __session | Session (up to 7 days, refreshed on activity) | Set by Clerk on aifindmybusiness.com after a user signs in. Holds the signed session JWT used to authenticate requests to the dashboard and authorized API endpoints (/api/dashboard/*). Category: Strictly Necessary / Authentication. |
| __clerk_db_jwt | Session | Set by Clerk on aifindmybusiness.com as part of its session-management flow. Used by Clerk to coordinate session state between the browser and Clerk's backend. Category: Strictly Necessary / Authentication. |
6. Data Retention
6.1 Retention Periods
The Company retains personal information for as long as necessary to fulfill the purposes for which it was collected, to comply with applicable legal obligations, to resolve disputes, and to enforce agreements. The following retention schedule applies to the principal categories of data processed by the Company:
| Data Category | Retention Period | Basis |
|---|---|---|
| Active engagement and audit records | Duration of engagement plus 3 years | Contract; legal obligation |
| Payment and billing records | 7 years from transaction date | Legal obligation (tax/accounting) |
| Email correspondence (prospects and clients) | Up to 7 years from last contact | Legitimate interest; legal obligation |
| Policy acceptance records (Terms; Privacy) | Duration of acceptance plus 10 years | Legal obligation; legitimate interest |
| Marketing analytics and ad-tracking data | Duration of campaign plus 26 months | Legitimate interest |
| Account data (inactive accounts) | 3 years after last activity or account closure | Legitimate interest; legal obligation |
6.2 Criteria for Determining Retention
In determining how long to retain particular categories of data, the Company considers: (a) the nature and sensitivity of the personal information; (b) the purposes for which the information was collected and whether those purposes have been fulfilled; (c) applicable legal, regulatory, or contractual retention requirements; (d) whether retention is necessary to establish, exercise, or defend legal claims; and (e) the risk of harm to individuals from unauthorized use or disclosure.
6.3 Data Deletion upon Account Closure
Upon account closure or upon receipt of a verified deletion request, the Company will delete or anonymize personal information within a commercially reasonable period, subject to the retention periods set forth in Section 6.1 and any applicable legal hold exceptions described in Section 6.5.
6.4 Backup and Archival Data
Personal information may persist in encrypted backup systems for up to ninety (90) days following a deletion request, after which it is overwritten in the ordinary course of backup rotation. The Company does not represent that backup copies are maintained on an indefinite basis.
6.5 Legal Hold Exceptions
Notwithstanding the retention periods described above, the Company may retain personal information for longer periods where required to comply with a legal obligation, judicial order, regulatory requirement, or active dispute, litigation, audit, or investigation (a "Legal Hold"). Data subject to a Legal Hold will be retained for the duration of the applicable proceeding or obligation and thereafter disposed of in accordance with the retention schedule.
7. Data Security
7.1 Security Measures Overview
The Company implements administrative, technical, and physical safeguards designed to protect personal information from unauthorized access, use, disclosure, alteration, or destruction. These measures include, without limitation: industry-standard encryption of data in transit; access controls limiting data access to authorized personnel; vendor security reviews for key third-party service providers; and ongoing evaluation of security practices.
7.2 Encryption in Transit and at Rest
All data transmitted between your browser and the Site is encrypted using Transport Layer Security ("TLS") / Secure Sockets Layer ("SSL") protocols. Personal information stored on Company systems is encrypted at rest where technically feasible and appropriate to the sensitivity of the data.
7.3 Access Controls and Authentication
Access to personal information is restricted on a role-based, need-to-know basis. Company personnel with access to personal information are subject to confidentiality obligations. Authenticated Client dashboard accounts are protected by password-based authentication controls. Where available, Clients are encouraged to enable additional authentication protections offered through the dashboard.
7.4 Data Breach Notification
In the event of a security incident involving unauthorized access to or disclosure of personal information, the Company will investigate the incident and notify affected individuals and applicable regulatory authorities as required by applicable law, including but not limited to applicable U.S. state data breach notification laws. The Company will provide notification within the timeframes required by applicable law.
7.5 No Absolute Security Disclaimer
No information security system is impenetrable, and no method of data transmission or storage can be guaranteed to be fully secure. The Company cannot guarantee that unauthorized parties will never be able to circumvent the Company's security measures or access your information. Your use of the Services is at your own risk, and you are encouraged to take appropriate measures to protect your own information, including using strong passwords and safeguarding any access credentials you provide to the Company.
8. Your Rights and Choices
Subject to applicable law and the Company's verification requirements, individuals may have the following rights with respect to their personal information:
8.1 Right to Access Your Data
You may request a copy of the personal information we hold about you. We will provide the information in a readily usable format, subject to applicable limitations.
8.2 Right to Correct or Rectify
You may request that we correct or update personal information that you believe to be inaccurate, incomplete, or out of date.
8.3 Right to Delete or Erasure
You may request the deletion of your personal information. We will honor verified deletion requests subject to our legal retention obligations described in Section 6. In some circumstances, we may be required or permitted by law to retain certain information notwithstanding your deletion request.
8.4 Right to Data Portability
Where technically feasible and required by applicable law, you may request that we provide your personal information in a structured, commonly used, machine-readable format.
8.5 Right to Restrict Processing
In certain circumstances recognized by applicable law (such as where you contest the accuracy of personal information or object to its use), you may request that we restrict our processing of your personal information while your request is under review.
8.6 Right to Object to Processing
You may object to the processing of your personal information where the Company relies on its legitimate interests as the legal basis for processing, or where your personal information is used for direct marketing purposes. Where you object to direct marketing, we will cease using your information for that purpose.
8.7 Right to Withdraw Consent
Where the Company processes personal information on the basis of your consent, you may withdraw that consent at any time by contacting us. Withdrawal of consent does not affect the lawfulness of processing that occurred prior to withdrawal.
8.8 Opt Out of Marketing Communications
You may unsubscribe from marketing emails and promotional communications at any time by clicking the "unsubscribe" link in any such communication or by contacting us at [email protected]. Opting out of marketing communications will not affect your receipt of transactional communications necessary for the performance of the Services.
8.9 Opt Out of Data Sharing (California CCPA)
California residents may opt out of cross-context behavioral advertising as described in Section 9.4 of this Policy.
8.10 How to Submit a Privacy Request
To exercise any of the rights described in this Section, please submit a written request to the Company at:
Email: [email protected]
Subject Line: "Privacy Rights Request – [Insert the Nature of Request]"
Your request should include sufficient information to identify you and to describe the nature of your request. We may require verification of your identity before processing your request to protect against unauthorized requests.
8.11 Response Timeframe
The Company will acknowledge receipt of a verifiable privacy request within ten (10) business days. For California residents making requests under CCPA/CPRA (other than opt-out of sale or sharing, which is subject to the 15-business-day response described in Section 9.4), we will respond within forty-five (45) calendar days of receipt. Where reasonably necessary, we may extend the response period by an additional forty-five (45) calendar days with notice to you. For requests under other applicable laws, we will respond within the timeframe required by that law or within forty-five (45) calendar days where no specific timeframe is specified.
9. CCPA / U.S. State Privacy Rights
9.1 CCPA/CPRA Rights Disclosure (California Residents)
If you are a California resident, you have the following rights under the California Consumer Privacy Act of 2018 (“CCPA”), as amended by the California Privacy Rights Act of 2020 (“CPRA”). To submit a request, contact us at [email protected]. We will verify your identity before processing any request and respond within 45 days.
Right to Know — Request disclosure of the categories and specific pieces of personal information we have collected about you, and the purposes for which it is used.
Right to Delete — Request deletion of personal information we have collected, subject to applicable legal exceptions.
Right to Correct — Request correction of inaccurate personal information we maintain about you.
Right to Opt Out — Opt out of the sale or sharing of your personal information for cross-context behavioral advertising. To opt out, visit https://aifindmybusiness.com/privacy-choices/.
Right to Limit — Limit our use and disclosure of sensitive personal information to purposes necessary to provide our services.
Right to Non-Discrimination — We will not discriminate against you for exercising any of these rights.
9.2 Categories of Personal Information Collected (Preceding 12 Months)
The following table identifies the categories of personal information we may collect, as defined under the CCPA/CPRA, and whether we have collected, sold, or shared each category. “Shared” means disclosed for cross-context behavioral advertising.
| Category & Examples | Collected | Sold | Shared | Purpose(s) |
|---|---|---|---|---|
| Identifiers Name, email, telephone number, IP address, account ID, online identifiers |
Yes | No | Yes | Account creation, service delivery, communications |
| Commercial Information Purchase records, subscription status, billing history |
Yes | No | Yes | Order fulfillment, billing, customer support |
| Financial Information (sensitive) Payment card data — processed by Stripe; not stored by us |
Yes | No | No | Payment processing |
| Internet / Network Activity Log data, browsing activity on our site, cookie IDs, device info |
Yes | No | Yes | Security, analytics, site performance |
| Geolocation Data Approximate location derived from IP (city/region only) |
Yes | No | Yes | Fraud prevention, localization |
| Professional / Business Information Business name, website URL, service area, intake form data |
Yes | No | No | Service delivery, onboarding |
| Inferences Profiles drawn from above data to analyze AI visibility or service fit |
Yes | No | No | Product improvement, personalization |
| Sensitive Personal Information Account login credentials (username + password) |
Yes | No | No | Account authentication and security |
| Communications Content Emails, support tickets, chat messages sent to us |
Yes | No | No | Customer support, service improvement |
While the Identifiers category as a whole is marked "Shared" because certain identifiers (such as hashed email addresses and cookie-based identifiers) are used for cross-context behavioral advertising measurement, the Company does not sell or share your telephone number, or your SMS opt-in consent, with any third party for that third party's own marketing purposes. Telephone numbers and mobile information collected in connection with text messaging are used solely as described in Section 3.10.
9.3 Business Purposes for Collection
The Company collects personal information for the business purposes described in Section 3 of this Policy, including: delivering the Services; communicating with Clients; measuring advertising effectiveness; maintaining the security of the Site; and complying with legal obligations.
9.4 Do Not Sell or Share My Personal Information
The Company does not sell personal information for monetary consideration. However, the Company's use of certain online advertising tools may constitute "sharing" of personal information for cross-context behavioral advertising purposes under CCPA/CPRA. California residents may opt out of such sharing by:
Privacy Choices Form: Submit a request at https://aifindmybusiness.com/privacy-choices/. The form sets a first-party opt-out cookie immediately and records your request for our internal log.
Email Request: Send an email to [email protected] with the subject line "Do Not Sell or Share – California Resident."
Global Privacy Control Signal: Use a browser or browser extension that emits the GPC signal (Sec-GPC: 1 header). The Site honors GPC signals as valid opt-out requests for the device or browser session from which the signal is received.
Where required by applicable law, the Site will display a "Do Not Sell or Share My Personal Information" or "Your Privacy Choices" link in a prominent location on the Site. Opt-out requests will be honored as soon as reasonably feasible and no later than fifteen (15) business days where required by applicable law.
9.5 Non-Discrimination
The Company does not discriminate against California residents who exercise their CCPA/CPRA rights. You will not receive different quality of service, be denied access to the Services, or be charged a different price as a result of exercising your privacy rights.
9.6 Virginia (VCDPA), Colorado (CPA), and Other U.S. State Privacy Laws
Residents of Virginia, Colorado, and certain other states that have enacted consumer privacy laws may have rights similar to those described above for California residents, including rights of access, correction, deletion, portability, and opt-out of targeted advertising. The Company will process requests from residents of such states in accordance with applicable law. Requests may be submitted using the contact information provided in Section 8.10.
9.7 Connecticut and Utah Privacy Rights
Residents of Connecticut and Utah may also have rights under their respective state privacy laws, including rights to access, delete, correct, and opt out of targeted advertising. The Company will process requests from residents of these states in accordance with applicable law. To the extent that the Company's processing activities fall within the scope of those laws, consumers may submit requests using the contact information in Section 8.10.
9.8 Nevada Privacy Rights
We do not sell consumers' covered Personal Information for monetary consideration as defined under Nevada Revised Statutes Chapter 603A. Nevada residents may nonetheless submit a request directing us not to sell their Personal Information. Requests may be submitted using the contact information provided in Section 8.10.
10. GDPR and International Compliance
10.1 Territorial Scope and Intended Audience
The Services are designed and marketed to businesses located in the United States. The Company does not actively target, market to, or direct the Services to residents of the European Union ("EU"), the European Economic Area ("EEA"), the United Kingdom ("UK"), or Switzerland. If you are an EU, EEA, UK, or Swiss resident and choose to access or use the Site or Services, you do so by your own initiative. By submitting personal information through the Site or Services, EU, EEA, UK, and Swiss residents consent to the transfer of their personal information to the United States and to its processing in the United States, which may have data protection laws that differ from those in your country of residence.
10.2 Legal Basis for Processing
To the extent that the General Data Protection Regulation (EU) 2016/679 ("GDPR") or the UK GDPR applies to the Company's processing of personal data from EEA, UK, or Swiss residents who choose to use the Services, the Company relies on the following legal bases:
Performance of a Contract: Processing necessary to provide the Services you have requested or to take pre-contractual steps at your request.
Legal Obligation: Processing necessary to comply with applicable legal obligations.
Legitimate Interests: Processing necessary for the Company's legitimate interests in operating, maintaining, and improving the Services and its marketing activities, where such interests are not overridden by your fundamental rights and freedoms. You have the right to object to such processing on grounds relating to your particular situation.
Consent: Where required by applicable law (such as for certain marketing communications or analytics cookies), processing will be based on your consent. You may withdraw consent at any time, as described in Section 8.7.
10.3 Data Controller Information
To the extent the GDPR applies, the Company acts as the data controller with respect to personal information collected through the Site and the Services. Controller contact information is set forth I Section 14.6.
10.4 Data Protection Officer
The Company has not appointed a Data Protection Officer ("DPO") as of the effective date of this Policy. The Company does not currently believe it is required to appoint a DPO on the basis that: (a) the Services are not marketed to or directed at EU/EEA/UK/Swiss residents; (b) any processing of EU residents' personal data by the Company is incidental and occasional; (c) the Company does not engage in large-scale processing of special-category data; and (d) the Company's processing activities are unlikely to result in a high risk to the rights and freedoms of natural persons. Inquiries that would otherwise be directed to a DPO may be sent to the privacy contact address set forth in Section 14.6.
10.5 Rights of EU, EEA, UK, and Swiss Data Subjects
EU, EEA, UK, and Swiss residents who choose to use the Services retain the rights recognized under the GDPR and UK GDPR, including: the right of access (Article 15 GDPR); the right to rectification (Article 16); the right to erasure (Article 17); the right to restriction of processing (Article 18); the right to data portability (Article 20); the right to object (Article 21); and the right to withdraw consent (Article 7(3)). To exercise any of these rights, please contact the Company at [email protected]. The Company will respond within the timeframes required by applicable law.
10.6 International Data Transfers
The Company is based in the United States. Personal information collected from EU, EEA, UK, and Swiss residents is transferred to and processed in the United States. Where the GDPR or UK GDPR applies to such transfers, the Company relies on Standard Contractual Clauses ("SCCs") approved by the European Commission, or equivalent safeguards recognized under applicable law, as the legal mechanism for such international transfers.
10.7 No EU Representative
The Company does not currently appoint an EU representative pursuant to Article 27 of the GDPR on the basis that: (a) the Company's processing of EU residents' personal data is occasional and not on a large scale; (b) such processing does not include special-category data within the meaning of Article 9 GDPR; and (c) such processing is unlikely to result in a risk to the rights and freedoms of natural persons, within the meaning of the Article 27(2)(a) exemption. Should the Company's processing activities materially change, this position will be reviewed.
10.8 Supervisory Authority Complaints
EU, EEA, UK, and Swiss residents who believe that the Company's processing of their personal data infringes applicable data protection law have the right to lodge a complaint with the relevant supervisory authority in their country of residence. The Company encourages individuals to contact the Company at [email protected] to seek to resolve any concerns before filing a complaint with a supervisory authority.
11. Third-Party Services and Links
11.1 Third-Party Links Disclaimer
The Site may contain links to third-party websites, platforms, or services that are not owned or controlled by the Company. The Company has no control over, and assumes no responsibility for, the content, privacy policies, or practices of any third-party websites or services. We encourage you to review the privacy policies of any third-party site or service before providing personal information to such third party.
11.2 Social Media Integrations
The Site does not currently offer social login or social media sharing integrations. Should such features be introduced, this Policy will be updated to describe the categories of information exchanged with social media platforms and the applicable data processing practices.
11.3 Analytics Providers
The Site uses two analytics services:
Cloudflare Web Analytics measures aggregate traffic patterns. Cloudflare's service is designed to provide traffic measurement without the use of persistent personal identifiers.
Google Analytics measures user-level behavior on the Site, supports Google Ads conversion attribution, and is integrated with our Google Ads account. Our use of Google Analytics may constitute "sharing" of personal information for cross-context behavioral advertising purposes under CCPA/CPRA. California residents may opt out as described in Section 9.4.
11.4 Advertising Networks
The Company currently uses, or may use, the following advertising networks for promotion of its Services and measurement of campaign effectiveness:
- Google Ads
- Facebook Ads
- Instagram Ads
- TikTok Ads
These services may use cookies, pixel tags, and similar technologies to collect information about your interactions with advertisements. The Company may add additional advertising networks from time to time and will update this Policy accordingly. California residents may opt out of cross-context behavioral advertising as described in Section 9.4.
11.5 Payment Processors
Payment processing services are provided by Stripe, Inc. Your payment information is transmitted directly to Stripe and is subject to Stripe's privacy policy, available at https://stripe.com/privacy. The Company does not receive or store full payment card numbers, CVV codes, or other sensitive payment credentials.
12. Children's Privacy
The Services are directed to businesses and are not intended for use by individuals under the age of eighteen (18). The Company does not knowingly collect personal information from minors. If we become aware that we have inadvertently collected personal information from a minor, we will take prompt steps to delete such information. If you believe that we may have collected information from a minor, please contact us at [email protected].
13. Policy Changes and Updates
13.1 Right to Update the Policy
The Company reserves the right to modify, update, or replace this Policy at any time in its sole discretion to reflect changes in applicable law, technology, business practices, or the nature of the Services. The most current version of this Policy will be posted on the Site and will reflect the most recent "Last Updated" date.
13.2 Notification of Material Changes
In the event of a material change to this Policy, the Company will provide notice by one or more of the following means: (a) posting a prominent notice on the Site prior to the change becoming effective; (b) sending an email notification to the email address associated with your account; or (c) displaying an in-application notice through the Client dashboard. Material changes include, without limitation, changes to the categories of personal information collected, the purposes for which it is used, or the third parties with whom it is shared.
13.3 Continued Use as Acceptance
Your continued use of the Site or Services after the effective date of any revised Policy constitutes your acceptance of the updated Policy. If you do not agree to any modification of this Policy, you must discontinue your use of the Site and Services and, if applicable, request deletion of your account and personal information as described in Section 8.
14. General Provisions
14.1 Entire Privacy Agreement
This Policy, together with the Company's Terms of Service and any applicable service order forms, constitutes the entire agreement between the Company and you with respect to the collection, use, disclosure, and protection of personal information, and supersedes all prior privacy statements, notices, or agreements relating to the same subject matter.
14.2 Conflict with Terms of Service
In the event of any conflict or inconsistency between this Policy and the Company's Terms of Service with respect to the collection, use, or disclosure of personal information, the provisions of this Policy shall control and govern.
14.3 Severability
If any provision of this Policy is held to be invalid, illegal, or unenforceable under applicable law, that provision shall be severed from this Policy to the minimum extent necessary, and the remaining provisions shall continue in full force and effect.
14.4 Governing Law
This Policy is governed by and construed in accordance with the laws of the State of Delaware, United States, without regard to its conflict of law principles. Any disputes arising under or in connection with this Policy shall be subject to the exclusive jurisdiction of the federal and state courts located in Delaware, except where applicable law requires otherwise or confers jurisdiction upon a different tribunal (such as a data protection supervisory authority).
14.5 Contact and Complaints Process
If you have questions, concerns, or complaints about this Policy or the Company's data handling practices, please contact us using the information set forth in Section 14.6. We will endeavor to respond to all inquiries in a timely manner.
14.6 How to Contact Us
Questions, complaints, or requests relating to this Policy or the Company's privacy practices should be directed to:
Company Name: AIFindMyBusiness, Inc
Privacy Contact: [email protected]
Telephone: +1 (386) 266-3983
Website: https://aifindmybusiness.com
The Company has not appointed a formal Data Protection Officer ("DPO") as of the effective date of this Policy. Inquiries that would otherwise be directed to a DPO should be sent to the privacy contact address set forth above.