Privacy Policy

Account information.When you sign up we collect your email and name through Clerk, our authentication provider. If you join or create an organization, we store the organization’s identifier and display name. Clerk handles password storage and session security on our behalf.

Billing information. We do not store credit card numbers. Stripe processes all payments; we retain only your Stripe customer ID and a record of completed top-ups (amount, date, currency).

Audit data. When you run an audit we store the brand name, domain, and prompts you submit, plus the results we get back from the answer engines and basic metadata (timing, cost, which engine returned which result).

Anonymous abuse controls. When you use the free preview on the homepage without signing in, we briefly record your IP address to enforce rate limits (1 free preview per IP per 24 hours). This row is automatically deleted after 24 hours.

Operational data. We log API requests, errors, and webhook events for debugging and reliability.

• To run the audits you request and return results to you.
• To bill you for credits used and provide invoices via Stripe.
• To prevent abuse of the free homepage preview.
• To debug and improve the service.
• To communicate with you about your account or billing (transactional only).

We do not sell your data, share it with advertisers, or use it to train AI models.

To run audits, we forward the prompt you submit (along with our own provider API keys) to:

• OpenAI (ChatGPT)
• Anthropic (post-processing extraction)
• Perplexity AI (Sonar)
• Google (Gemini)
• SerpAPI (proxy for Google AI Overviews)

These providers receive only the prompt text required to fulfill your request. Their privacy policies govern how they handle queries we send. We also rely on Clerk (authentication), Supabase (database), Stripe (payments), and Vercel (hosting) as infrastructure providers.

Account, organization, and audit history are retained for the life of your account. Raw provider responses are kept for 30 days for debugging and then nulled out. Free-preview rows are deleted after 24 hours.

You can request deletion of your account and all associated data at any time by emailing us. We will process the deletion within 30 days.

Depending on where you live (EEA/UK GDPR, California CCPA, and others) you may have rights to access, export, correct, or delete your personal data, and to object to certain processing. To exercise any of these rights, email aaronkaltman@gmail.com. We will not discriminate against you for exercising your rights.

We use essential cookies via Clerk to keep you signed in. We do not use marketing or analytics cookies.

We use TLS in transit, role-scoped database access, and short-lived API keys. No system is fully secure; if we learn of a breach affecting your data we will notify you.

AuditAE is not directed to children under 13 and we do not knowingly collect data from children.

If we change this policy materially we will update the effective date above and notify signed-in users via email.

Questions or requests about this policy: aaronkaltman@gmail.com