Privacy Policy · AI Find My Business

This Privacy Policy explains how AIFindMyBusiness, LLC ("we", "us", "our", or the "Company") collects, uses, shares, and protects information when you use our website at https://aifindmybusiness.com (the "Site") and our services (the "Services").

By using the Site or Services, you agree to the practices described in this Policy.

1. Information We Collect

1.1 Information You Provide

When you submit an intake form, request an audit, or sign up for a subscription, we collect:

Contact information — your name, email address, phone number (if provided)
Business information — business name, website URL, primary location, service area, services offered, top competitors, marketing channels, review platforms, and other operational details you provide
Access information (optional) — read-only access tokens or links you choose to share for tools like Google Analytics, Google Search Console, Google Ads, or Google Business Profile
Communication content — emails or messages you send us
Payment information — handled by Stripe; we do not store full card numbers (see Section 3)

1.2 Information Collected Automatically

When you visit the Site, we automatically collect:

Log data — IP address, browser type and version, operating system, referring URL, pages visited, time spent on pages, and approximate location (city/region level)
Cookie and tracking data — small files placed in your browser that help us measure traffic, ad performance, and conversions (see Section 5)
Device data — device type, screen size, language preferences

1.3 Information from Third Parties

We may receive information about you from:

Stripe — payment confirmations, subscription status, payment method last-four digits
Google Ads / Analytics — aggregated and anonymized advertising performance data
Public sources — your business listings, reviews, and content from your own website (which we audit as part of the Services)

1.4 AI Service Providers Used in Our Audit Process

To deliver the AI Visibility Readiness Audit and related Services, we submit certain information to third-party generative-AI and search-tool providers. The information may include your business name, website URL, public-facing business listings, and the buyer-intent prompts we craft to evaluate AI visibility. We do not submit confidential information you provide privately during onboarding (such as financials, internal strategy, customer lists, or access tokens) to these providers.

AI / Search Provider	Why we use it	What we may submit
OpenAI (ChatGPT, GPT models)	Prompt visibility testing, methodology assistance	Buyer-intent prompts, your business name and public URL, public competitor data
Anthropic (Claude)	Prompt visibility testing, methodology assistance	Same as above
Google (Gemini, Google AI products)	Prompt visibility testing	Same as above
Perplexity	Prompt visibility testing	Same as above
Microsoft (Bing Copilot)	Prompt visibility testing	Same as above
General web-scraping and search tools	Pulling public content from your website, listings, reviews, and competitor sites	Public URLs

Each provider operates under its own privacy practices. We use commercial, API, or paid endpoints where available, and we configure provider accounts and settings, where the provider makes those controls available, to prevent customer-submitted data from being used to train the provider's models. Because provider terms, product names, and training controls can change, this Policy describes our intended handling of customer information rather than guaranteeing any provider's independent practices.

If you have specific concerns about which AI providers can or cannot receive your information, contact us at [email protected] before submitting an intake; we can scope the engagement accordingly.

2. How We Use Information

We use the information we collect to:

Deliver the Services you have purchased or requested
Run prompt visibility tests, competitor comparisons, and audits
Communicate with you about your engagement
Process payments and manage subscriptions
Send transactional emails (audit deliverables, billing receipts, scheduling)
Improve the Site, the Services, and our methodology
Measure advertising effectiveness and optimize our marketing
Comply with legal obligations and enforce our Terms of Service
Prevent fraud and protect the security of the Site and Services

We do not sell your personal information for monetary consideration. However, our use of advertising tools (including Google Ads conversion tracking and any cross-context behavioral advertising tools used in our marketing) may constitute "sharing" under the California Privacy Rights Act ("CPRA"). See Section 6.1 for your rights to opt out.

3. How We Share Information

We share information only as needed to deliver the Services or as required by law:

Recipient	Purpose	What we share
Stripe, Inc.	Payment processing and subscription billing	Name, email, billing address, payment method details
Resend	Transactional email delivery	Email address, name, audit content
Cloudflare	Web hosting, content delivery, security	IP addresses, log data, traffic patterns
Zoho Mail	Inbound email handling	Anything emailed to addresses on aifindmybusiness.com
Google (Ads, Analytics)	Conversion measurement and ad performance	Hashed email (for enhanced conversions), behavioral and conversion data
Microsoft (Bing Webmaster)	Search visibility analytics	Aggregated traffic data
OpenAI, Anthropic, Google Gemini, Perplexity, Microsoft Bing Copilot, and similar AI/search providers	AI visibility testing and methodology assistance	Only the categories described in Section 1.4 — buyer-intent prompts, your business name and public URL, and public competitor data. We do not submit confidential onboarding information (financials, internal strategy, customer lists, or access tokens) to these providers (scope per Section 1.4).
General web-scraping and search tools	Pulling public content from your website, listings, reviews, and competitor sites	Public URLs and publicly available business content only (scope per Section 1.4)

We may also disclose information:

To comply with applicable law, subpoena, court order, or government request
To enforce our Terms of Service or protect our legal rights
In connection with a merger, acquisition, financing, or sale of assets
With your prior consent

4. Data Retention

We retain information for as long as necessary to deliver the Services, comply with our legal obligations, defend against potential claims, and operate our business. Specifically:

Active engagement records — retained for the duration of the engagement and for at least three (3) years after termination
Payment records — retained for at least seven (7) years for tax and accounting purposes
Email correspondence with prospects and clients — retained for up to seven (7) years from the date of last contact, or longer where there is an ongoing legal or business need (e.g., active dispute, audit trail, regulatory inquiry)
Acceptance records (NDA, Terms, Privacy) — retained for the duration of the accepted agreement term and for up to ten (10) years thereafter as evidence of execution, or longer where reasonably necessary to preserve evidence in an active dispute, legal proceeding, regulatory inquiry, or other legal hold
Marketing analytics and ad-tracking data — retained for the duration of the relevant advertising campaign and for up to twenty-six (26) months thereafter (matching standard Google Ads default retention)
Backups — information may persist in encrypted backup systems for up to ninety (90) days after a deletion request, after which it is overwritten in the normal course

You may request deletion of your information at any time (see Section 6.3). We will honor verified deletion requests subject to the retention obligations described above.

5. Cookies and Tracking Technologies

The Site uses cookies and similar technologies for the following purposes:

Strictly necessary — required for basic Site function (e.g., session state, security)
Analytics — Cloudflare Web Analytics measures aggregate traffic without personal identifiers
Advertising / Conversion tracking — Google Ads sets cookies to measure conversions and optimize bidding for ads we run; this may constitute "sharing" under the California Privacy Rights Act (see Section 6.1)

Most browsers allow you to control or disable cookies. Disabling cookies may degrade some Site functionality.

Browser-level opt-out signals. We honor browser signals that indicate an opt-out preference where required by applicable law, including the Global Privacy Control (GPC) signal as discussed in Section 6.1. The Site does not currently honor the legacy "Do Not Track" header as no consensus standard has emerged for it.

6. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal information:

Access — request a copy of the personal information we hold about you
Correction — ask us to correct inaccurate information
Deletion — ask us to delete your personal information (subject to legal retention requirements)
Portability — receive a copy of your information in a machine-readable format
Objection — object to certain uses of your information, including for direct marketing
Withdrawal of consent — withdraw consent to processing where consent is the legal basis

6.1 California Residents (CCPA / CPRA)

California residents have specific rights under the California Consumer Privacy Act and the California Privacy Rights Act, including:

Right to know what personal information we collect, sell, or share
Right to delete personal information (subject to retention requirements above)
Right to correct inaccurate personal information
Right to opt out of sale or sharing for cross-context behavioral advertising
Right to limit use of sensitive personal information
Right to non-discrimination for exercising these rights

Do Not Sell or Share My Personal Information. While we do not sell your personal information for money, our use of online advertising tools may constitute "sharing" under California law. To opt out of cross-context behavioral advertising:

Email [email protected] with the subject line "Do Not Sell or Share — California resident"; or
Send a Global Privacy Control (GPC) signal from a browser that supports it (e.g., Brave, DuckDuckGo browser, or a privacy extension that emits the Sec-GPC: 1 header). When we detect a GPC signal we treat it as a valid opt-out request for the device or browser session that sent it.

Where required by applicable law, the Site will provide a clear "Do Not Sell or Share My Personal Information" or "Your Privacy Choices" link in the Site footer or another clearly visible location.

Opt-out requests are honored as soon as reasonably feasible and no later than fifteen (15) business days where required by applicable law.

6.2 European Economic Area, UK, and Switzerland (GDPR / UK GDPR)

The Services are designed and primarily marketed to businesses in the United States. We do not actively target EEA, UK, or Swiss residents. If you are located in the EEA, UK, or Switzerland and choose to use the Services anyway, the legal bases on which we process your information are: (a) performance of a contract; (b) compliance with a legal obligation; (c) our legitimate interest in operating and improving the Services and our marketing (and your right to object on grounds relating to your particular situation); and (d) your consent (where required, such as for marketing analytics).

If you are an EEA/UK/Swiss resident and would like to exercise rights under the GDPR or UK GDPR (access, correction, erasure, restriction, portability, objection, withdrawal of consent), contact us at [email protected]. International transfers of your information to the United States are made under Standard Contractual Clauses or equivalent safeguards where required.

6.3 Exercising Your Rights

To exercise any right, contact us at [email protected]. For California requests other than opt-out of sale or sharing (which is governed by Section 6.1), we will respond within forty-five (45) calendar days, and where reasonably necessary we may extend that period by an additional forty-five (45) calendar days with notice to you. For requests under other jurisdictions' laws, we will respond within the timeframe required by that law, or within forty-five (45) calendar days where no specific timeframe applies. We may need to verify your identity before processing the request.

7. Children's Privacy

The Services are not directed to anyone under the age of 18. We do not knowingly collect personal information from minors. If we learn we have collected such information, we will delete it. If you believe a minor has provided us with information, please contact [email protected].

8. Security

We use reasonable administrative, technical, and physical safeguards to protect your information, including encryption in transit (TLS/HTTPS), encryption at rest where appropriate, access controls limited to personnel with a business need, and security review of third-party processors.

No system is perfectly secure. We cannot guarantee that unauthorized parties will never access your information. In the event of a material data breach, we will notify affected users as required by applicable law.

9. International Data Transfers

The Company is based in the United States. By using the Site or Services, you consent to the transfer of your information to the United States, which may have different privacy laws than your country of residence. Where required by law (such as transfers from the EEA), we use Standard Contractual Clauses or equivalent safeguards.

10. Third-Party Links

The Site may contain links to third-party sites. We are not responsible for the privacy practices of those sites. We encourage you to review their privacy policies before sharing information with them.

11. Changes to This Policy

We may update this Policy from time to time. Material changes will be posted on the Site with a revised "Last updated" date. Continued use of the Site or Services after changes are posted constitutes acceptance of the revised Policy.

12. Contact

Questions, requests, or concerns about this Policy or your information?