AEO-REX Ltd ("we", "us", "our", "AEO-REX") is a limited company registered in England and Wales.
We are the "data controller" for the personal information you share with us through our website, tools, and services.
This policy explains how we collect, use, store, and protect your personal information when you:
| When | What we collect |
|---|---|
| Free AI scanner / assessment | Your name, business name, website URL, email address, phone number (optional), business type, revenue band, and stated concerns |
| Purchasing a service | Billing name, business name, billing address, email, and payment details (processed by Stripe, see section 6) |
| Contacting us | Any information you include in your message, including name, email, and message content |
| Using our dashboard tools | Business names, website URLs, competitor URLs, and search queries you enter |
When you use our website, we may collect limited technical information including your IP address, browser type, device type, referring website, pages viewed, and time spent on pages. This is used for security, diagnostics, and understanding how people use our site. We use analytics tools which set cookies on your device, see section 9.
To deliver AI Visibility Reports, we collect publicly available information about your business from sources including AI platforms (ChatGPT, Perplexity, Claude, Google AI Overviews, Microsoft Copilot), Google Search, directory listings, Wikidata, Crunchbase, Reddit, Trustpilot, and Google Business Profile. We do not access anything behind authentication without your explicit consent.
If you connect third-party accounts (Google Search Console, Google Analytics, Google Ads, YouTube) to our dashboard, we access only the data you authorise. We do not store credentials; these connections use OAuth via the providers' own authentication systems.
Under UK GDPR we must have a lawful basis for processing your data. Here is what we do and why:
| What we do | Why | Legal basis |
|---|---|---|
| Deliver your AI Visibility Report | To fulfil the service you requested or purchased | Contract / legitimate interest |
| Process payments | To take payment for our services | Contract |
| Reply to your enquiries | To answer your questions and provide support | Legitimate interest |
| Send service-related emails (report delivery, invoices, account updates) | To fulfil our contract with you | Contract |
| Improve our website and services | To make what we offer better | Legitimate interest |
| Comply with legal obligations (tax records, etc.) | Required by law | Legal obligation |
| Send marketing emails (if applicable) | To tell you about our services | Consent (you can withdraw at any time) |
We only share your data with trusted service providers who help us run our business. Each is contractually required to protect your data and use it only for the purposes we specify.
| Provider | Purpose | Location |
|---|---|---|
| Stripe | Payment processing and invoicing | Ireland / USA (UK-adequate) |
| Email service provider | Sending service and marketing emails | UK / EU / USA |
| Website hosting provider | Running our website and tools | UK / EU |
| Cloud storage providers | Securely storing reports and business records | UK / EU |
| Analytics providers | Understanding website usage | UK / EU / USA |
| AI platforms (read-only queries) | Checking your public AI visibility | USA / global |
| HMRC, accountants, professional advisors | Legal, tax, and compliance obligations | UK |
We may also disclose your information if required by law, court order, or to protect our legal rights.
Because we work with clients worldwide and use some service providers based outside the UK (for example, Stripe and some AI platforms), your data may be transferred outside the UK. When this happens, we rely on one or more of the following safeguards:
You can ask for a copy of the safeguards we use at any time by emailing us.
| Type of data | Retention period |
|---|---|
| Client records and reports | 7 years after the end of our business relationship (HMRC requirement) |
| Payment and transaction records | 7 years (HMRC requirement) |
| Free scanner submissions (non-clients) | 24 months, then deleted |
| Enquiries that don't become clients | 24 months, then deleted |
| Marketing email lists | Until you unsubscribe or 24 months of inactivity |
| Website analytics | Up to 26 months |
Our website uses cookies and similar technologies. We use three types:
You can manage your cookie preferences through the cookie banner on our website or by adjusting your browser settings. Blocking essential cookies may prevent parts of the site from working.
Under UK GDPR, you have the following rights regarding your personal data:
To exercise any of these rights, email shanazbegum@aeo-rex.com. We will respond within one month.
We use appropriate technical and organisational security measures including encrypted connections (HTTPS), secure password policies, access controls, regular backups, and reputable hosting and payment providers. No system is 100% secure, but we take your data seriously.
If we ever experience a data breach that affects your rights, we will notify the ICO within 72 hours and notify affected individuals where legally required.
Our services are intended for business owners aged 18 and over. We do not knowingly collect personal data from anyone under 18. If you believe we have collected data from a minor, please contact us and we will delete it.
If you have a concern about how we handle your personal data, please contact us first so we can try to resolve it. You also have the right to lodge a complaint with the UK supervisory authority:
We may update this policy from time to time. When we make significant changes, we will update the "last updated" date at the top and, where appropriate, notify clients by email. We recommend reviewing this page periodically.
For any privacy-related questions: