Privacy Policy
Last updated: 3 March 2026
This Privacy Policy describes how AI:nstein Apps, owned by Robert Vintervind ("we," "us," or "our"), collects, uses, and protects information when you use AEO Crawler at aeocrawler.com ("the Service"). We are committed to being transparent about our data practices and to respecting your privacy under the General Data Protection Regulation (GDPR) and applicable Swedish law.
1What Data We Collect
We collect the following categories of data:
We do not store the full HTML content or body text of pages you crawl. We process page content in memory to generate scores and then discard it. Only the URL, scores, and recommendations are persisted.
2How We Use Your Data
We use the data we collect for the following purposes:
- Providing and operating the AEO Crawler Service (crawling, scoring, analysis)
- Managing your account, authentication, and subscription
- Sending transactional emails (account confirmation, password reset, billing notifications)
- Responding to support requests and inquiries
- Improving the Service through aggregated, anonymized analytics
- Detecting and preventing abuse, fraud, and security incidents
- Complying with legal obligations
We do not use your data for advertising, profiling, or selling to third parties. We do not send unsolicited marketing emails.
3Legal Basis for Processing
Under GDPR, we rely on the following legal bases for processing your data:
- Contract performance: Processing necessary to provide the Service you have signed up for
- Legitimate interests: Security monitoring, abuse prevention, and aggregate analytics to improve the Service
- Legal obligation: Retaining certain records as required by applicable law
- Consent: Where you have provided explicit consent, such as receiving optional communications
4Data Storage and Security
The Service is hosted by Inleed, a Swedish hosting provider, with servers located in Sweden and the European Union. Your data is stored within the EU and subject to EU data protection standards.
We implement appropriate technical and organizational measures to protect your data, including:
- HTTPS encryption for all data in transit
- Hashed (bcrypt) storage of passwords — we never store passwords in plain text
- Database access restricted to authorized services only
- Regular security reviews and dependency updates
No system is completely secure. While we take data security seriously, we cannot guarantee absolute security and are not liable for breaches beyond our reasonable control.
5Third Parties
We share data with the following third-party services where necessary to operate the Service:
We do not sell, rent, or trade your personal data with any other third parties.
6Cookies and Local Storage
AEO Crawler uses minimal client-side storage:
- Authentication token: Your login token is stored in your browser's localStorage to keep you signed in. This is not a tracking cookie and contains no personal data beyond an encrypted session identifier.
- Preference data: Any UI preferences (such as theme or display settings) may be stored in localStorage. No personal data is involved.
We use Google Analytics 4 to collect anonymized, aggregated usage data (pages visited, session duration, general location by country). No personally identifiable information is shared with Google. You can opt out at any time via browser settings or the Google Analytics Opt-out Browser Add-on. We do not use advertising cookies or tracking pixels.
7Data Retention
We retain your personal data for as long as your account is active. If you delete your account, your personal data will be deleted or anonymized within 30 days, except where we are required to retain it for legal or financial compliance reasons (typically up to 7 years for billing records under Swedish accounting law).
Crawl results and analysis data are retained for the lifetime of your account. You can delete individual crawl results at any time from your dashboard.
8Your Rights
Under GDPR, you have the following rights regarding your personal data:
- Access: Request a copy of the personal data we hold about you
- Rectification: Correct inaccurate or incomplete data in your account settings or by contacting us
- Erasure: Request deletion of your account and associated personal data
- Portability: Request an export of your data in a machine-readable format
- Restriction: Request that we restrict processing of your data in certain circumstances
- Objection: Object to processing based on our legitimate interests
To exercise any of these rights, contact us at [email protected]. We will respond within 30 days. You also have the right to lodge a complaint with the Swedish Authority for Privacy Protection (Integritetsskyddsmyndigheten, IMY) at imy.se.
9Children's Privacy
The Service is not directed at children under the age of 16. We do not knowingly collect personal data from children under 16. If you become aware that a child has provided us with personal data, please contact us so we can take appropriate action.
10Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. We will notify you of material changes by email or by displaying a notice in the Service. The date at the top of this page indicates when the policy was last updated. Continued use of the Service after changes take effect constitutes acceptance of the revised policy.
11Contact
If you have questions, concerns, or requests relating to this Privacy Policy or your personal data, please contact us: