Privacy Policy

Last Updated: March 29, 2026

This Privacy Policy explains how Blockfactory Sp. z o.o., operating under the brand name "aeoh" ("we," "us," or "our"), collects, uses, stores, shares, and otherwise processes personal data in connection with the aeoh website, Audit purchases and delivery, contact messages, analytics, payment flow, and related services.

In this Policy, "Audit" means the digital audit output generated through the Service for a submitted website and location, even if some internal fields, URLs, or legacy labels still use the word "report".

1. Controller

Blockfactory Sp. z o.o.

ul. Stablewskiego 13/2

60-213 Poznan, Poland

Contact: hello@aeoh.ai

KRS: 0000987962 | NIP: 7792543090

2. Where We Get Data From

We collect data from several sources:

directly from you, for example when you submit a website, location, locale, payment, or contact message;
automatically from your device, browser, and network when you use the website;
from the website and public web content you ask us to analyze for an Audit;
from payment and infrastructure providers involved in checkout, hosting, storage, security, rate limiting, and analytics; and
from event and attribution technologies used on or through the website.

3. Categories of Data We Process

A. Audit request data

submitted website URL;
submitted location and locale or language preference;
derived entity or business name; and
access identifiers such as Audit IDs and access tokens.

B. Audit generation and delivery data

captured website content, rendered HTML, metadata, structured data, robots.txt, sitemap data, screenshots, and public business information found on the analyzed website;
AI-generated outputs, research sources, summaries, scores, and processing metadata;
transaction status and timestamps connected to the Audit; and
supporting logs needed to operate, secure, troubleshoot, and defend the Service.

C. Payment and transaction data

checkout session IDs, payment status, price, currency, and timestamps;
billing or contact data provided to payment processors; and
limited payment-related metadata returned to us by payment processors.

We do not store full card numbers, CVC codes, or full payment credentials.

D. Contact and support data

email address and message content sent through our contact form or by email;
associated IP address and user-agent data collected with a contact submission; and
any follow-up correspondence or support records.

E. Technical, usage, and device data

IP address or proxy IP, request headers, browser and device information, locale, referrer, and timestamps;
page views, navigation events, and website interaction data;
rate-limiting and abuse-prevention identifiers; and
approximate location or regional information derived by us or our providers from network data.

F. Device-side storage data

locale preferences and similar browser state; and
Audit history stored in your browser local storage on your device so you can reopen previously viewed Audits from that browser.

4. Public and Third-Party Data Included in Audits

Because aeoh analyzes websites and public business presence, the data processed for an Audit may include publicly available business information and publicly available personal data appearing on the submitted website or cited public sources, such as business contact details, staff names, addresses, opening hours, reviews, citations, or other public factual statements.

If you ask us to analyze a website or public business presence, you acknowledge that this may require us and our processors to capture, store, and analyze such public information in order to generate the Audit.

5. Why We Process Data and Our Legal Bases

Purpose	Main legal basis
Provide the website, process requests, create and deliver an Audit, and handle related access links or tokens	Performance of a contract or steps at your request before entering a contract
Process payments, accounting, tax, invoicing, fraud checks, and transaction records	Performance of a contract and compliance with legal obligations
Operate, secure, monitor, troubleshoot, rate-limit, and defend the Service	Legitimate interests and, where applicable, legal obligations
Respond to contact requests, support issues, disputes, claims, or enforcement matters	Legitimate interests, performance of a contract, and legal obligations where applicable
Measure traffic, events, attribution, conversion, and product usage	Legitimate interests and, where required by law, consent
Create anonymized or aggregated analytics, benchmarks, and service improvements	Legitimate interests

6. Processors and Recipients

We share data with processors and infrastructure providers to the extent reasonably necessary to operate the Service. Depending on the feature used, this may include:

Stripe for checkout and payment processing;
Supabase for database and storage;
OpenAI for Audit generation and related AI processing;
Google, including Google GenAI for certain optional or supplemental analysis features and Google Tag Manager for tag management;
Vercel for hosting, edge delivery, and web analytics;
Upstash for rate limiting and related infrastructure; and
other vendors configured through our tag-management, infrastructure, security, or analytics stack from time to time.

We may also disclose data where required by law, to protect rights or safety, in connection with disputes or claims, or as part of a merger, financing, restructuring, sale, or other corporate transaction.

7. Cookies, Local Storage, Analytics, and Attribution

The website uses cookies, local storage, and similar technologies. These technologies may be used for functionality, checkout, abuse prevention, tag management, analytics, attribution, and conversion measurement.

We currently use browser local storage for Audit history on your device, Google Tag Manager to load and manage measurement tags, and Vercel Analytics. Depending on the current configuration of our tag stack, third-party tags may collect page-view, browser, device, referrer, and interaction or attribution data.

Browser settings may allow you to block or delete certain cookies or stored data, but doing so may break parts of the Service.

8. International Transfers

Some processors are located outside your country, including outside the EEA or UK. Where required, we rely on recognized transfer mechanisms such as adequacy decisions, standard contractual clauses, or equivalent safeguards made available by us or our processors.

9. Retention

We keep data for as long as reasonably necessary for the purposes described above.

Audit records and associated generation data may be retained for as long as needed to operate the Service, provide access, handle disputes, enforce rights, maintain backups, and improve the product.
Payment and accounting records may be retained for the periods required by tax, accounting, anti-fraud, and similar legal obligations.
Contact records may be retained as long as reasonably needed to answer the message, manage the relationship, or address legal and operational issues.
Technical logs, rate-limit records, and security data may be retained as long as reasonably necessary for fraud prevention, abuse detection, troubleshooting, and defense of the Service.
Device-side local storage remains on your device until cleared by you or your browser.

10. Your Rights

Depending on your jurisdiction, you may have rights to access, correct, delete, restrict, object to, or port certain personal data, and to complain to a competent supervisory authority.

If GDPR applies, you may in particular have rights under Articles 15, 16, 17, 18, 20, 21, and 77 GDPR, subject to applicable exceptions and limitations. You can exercise requests by contacting us at hello@aeoh.ai. We may request information needed to verify your identity and the scope of your request.

If you are a California resident, you may also have rights under California privacy law. We do not sell personal data for money. To the extent California law treats any data use as "sharing" or similar regulated disclosure, you may contact us to make a request.

11. Children

The Service is not intended for persons under 18 years of age. We do not knowingly offer the Service to minors. If you believe a minor has provided personal data to us, contact us at hello@aeoh.ai.

12. Security

We use reasonable technical and organizational measures intended to protect personal data. No system is completely secure, and we cannot guarantee absolute security of any network, device, processor, or transmission.

13. Changes to This Policy

We may update this Privacy Policy from time to time. The updated version becomes effective when posted on this page unless stated otherwise.

14. Contact

Blockfactory Sp. z o.o.

ul. Stablewskiego 13/2

60-213 Poznan, Poland

Email: hello@aeoh.ai

Privacy Policy

Last Updated: March 29, 2026

1. Controller

Blockfactory Sp. z o.o.

ul. Stablewskiego 13/2

60-213 Poznan, Poland

Contact: hello@aeoh.ai

KRS: 0000987962 | NIP: 7792543090

2. Where We Get Data From

We collect data from several sources:

directly from you, for example when you submit a website, location, locale, payment, or contact message;
automatically from your device, browser, and network when you use the website;
from the website and public web content you ask us to analyze for an Audit;
from payment and infrastructure providers involved in checkout, hosting, storage, security, rate limiting, and analytics; and
from event and attribution technologies used on or through the website.

3. Categories of Data We Process

A. Audit request data

submitted website URL;
submitted location and locale or language preference;
derived entity or business name; and
access identifiers such as Audit IDs and access tokens.

B. Audit generation and delivery data

captured website content, rendered HTML, metadata, structured data, robots.txt, sitemap data, screenshots, and public business information found on the analyzed website;
AI-generated outputs, research sources, summaries, scores, and processing metadata;
transaction status and timestamps connected to the Audit; and
supporting logs needed to operate, secure, troubleshoot, and defend the Service.

C. Payment and transaction data

checkout session IDs, payment status, price, currency, and timestamps;
billing or contact data provided to payment processors; and
limited payment-related metadata returned to us by payment processors.

We do not store full card numbers, CVC codes, or full payment credentials.

D. Contact and support data

email address and message content sent through our contact form or by email;
associated IP address and user-agent data collected with a contact submission; and
any follow-up correspondence or support records.

E. Technical, usage, and device data

IP address or proxy IP, request headers, browser and device information, locale, referrer, and timestamps;
page views, navigation events, and website interaction data;
rate-limiting and abuse-prevention identifiers; and
approximate location or regional information derived by us or our providers from network data.

F. Device-side storage data

locale preferences and similar browser state; and
Audit history stored in your browser local storage on your device so you can reopen previously viewed Audits from that browser.

4. Public and Third-Party Data Included in Audits

5. Why We Process Data and Our Legal Bases

Purpose	Main legal basis
Provide the website, process requests, create and deliver an Audit, and handle related access links or tokens	Performance of a contract or steps at your request before entering a contract
Process payments, accounting, tax, invoicing, fraud checks, and transaction records	Performance of a contract and compliance with legal obligations
Operate, secure, monitor, troubleshoot, rate-limit, and defend the Service	Legitimate interests and, where applicable, legal obligations
Respond to contact requests, support issues, disputes, claims, or enforcement matters	Legitimate interests, performance of a contract, and legal obligations where applicable
Measure traffic, events, attribution, conversion, and product usage	Legitimate interests and, where required by law, consent
Create anonymized or aggregated analytics, benchmarks, and service improvements	Legitimate interests

6. Processors and Recipients

We share data with processors and infrastructure providers to the extent reasonably necessary to operate the Service. Depending on the feature used, this may include:

Stripe for checkout and payment processing;
Supabase for database and storage;
OpenAI for Audit generation and related AI processing;
Google, including Google GenAI for certain optional or supplemental analysis features and Google Tag Manager for tag management;
Vercel for hosting, edge delivery, and web analytics;
Upstash for rate limiting and related infrastructure; and
other vendors configured through our tag-management, infrastructure, security, or analytics stack from time to time.

7. Cookies, Local Storage, Analytics, and Attribution

Browser settings may allow you to block or delete certain cookies or stored data, but doing so may break parts of the Service.

8. International Transfers

9. Retention

We keep data for as long as reasonably necessary for the purposes described above.

Audit records and associated generation data may be retained for as long as needed to operate the Service, provide access, handle disputes, enforce rights, maintain backups, and improve the product.
Payment and accounting records may be retained for the periods required by tax, accounting, anti-fraud, and similar legal obligations.
Contact records may be retained as long as reasonably needed to answer the message, manage the relationship, or address legal and operational issues.
Technical logs, rate-limit records, and security data may be retained as long as reasonably necessary for fraud prevention, abuse detection, troubleshooting, and defense of the Service.
Device-side local storage remains on your device until cleared by you or your browser.

10. Your Rights

Depending on your jurisdiction, you may have rights to access, correct, delete, restrict, object to, or port certain personal data, and to complain to a competent supervisory authority.

11. Children

The Service is not intended for persons under 18 years of age. We do not knowingly offer the Service to minors. If you believe a minor has provided personal data to us, contact us at hello@aeoh.ai.

12. Security

13. Changes to This Policy

We may update this Privacy Policy from time to time. The updated version becomes effective when posted on this page unless stated otherwise.

14. Contact

Blockfactory Sp. z o.o.

ul. Stablewskiego 13/2

60-213 Poznan, Poland

Email: hello@aeoh.ai