Legal

Privacy Policy

Last updated: 3 March 2026

This Privacy Policy describes how AI:nstein Apps, owned by Robert Vintervind ("we," "us," or "our"), collects, uses, and protects information when you use AEO Crawler at aeocrawler.com ("the Service"). We are committed to being transparent about our data practices and to respecting your privacy under the General Data Protection Regulation (GDPR) and applicable Swedish law.

1What Data We Collect

We collect the following categories of data:

Account information
Name, email address, and hashed password when you register. This is used to identify your account and communicate with you.
URLs you analyze
The URLs you submit for crawling. These are stored and associated with your account to display your crawl history and results.
AEO scores and results
The scoring results, sub-scores by dimension, and recommendations generated for each page you analyze. These form your crawl history in the dashboard.
IP address
Used for rate limiting API requests, preventing abuse, and basic security logging. Not used for tracking or advertising.
Usage data
Basic analytics such as which features are used, crawl frequency, and error rates. This data is used in aggregate to improve the Service.
Payment data
Payment is processed entirely by Stripe. We receive only confirmation of payment status (success/failure) and your subscription plan. We do not store card numbers or payment credentials.

We do not store the full HTML content or body text of pages you crawl. We process page content in memory to generate scores and then discard it. Only the URL, scores, and recommendations are persisted.

2How We Use Your Data

We use the data we collect for the following purposes:

  • Providing and operating the AEO Crawler Service (crawling, scoring, analysis)
  • Managing your account, authentication, and subscription
  • Sending transactional emails (account confirmation, password reset, billing notifications)
  • Responding to support requests and inquiries
  • Improving the Service through aggregated, anonymized analytics
  • Detecting and preventing abuse, fraud, and security incidents
  • Complying with legal obligations

We do not use your data for advertising, profiling, or selling to third parties. We do not send unsolicited marketing emails.

3Legal Basis for Processing

Under GDPR, we rely on the following legal bases for processing your data:

  • Contract performance: Processing necessary to provide the Service you have signed up for
  • Legitimate interests: Security monitoring, abuse prevention, and aggregate analytics to improve the Service
  • Legal obligation: Retaining certain records as required by applicable law
  • Consent: Where you have provided explicit consent, such as receiving optional communications

4Data Storage and Security

The Service is hosted by Inleed, a Swedish hosting provider, with servers located in Sweden and the European Union. Your data is stored within the EU and subject to EU data protection standards.

We implement appropriate technical and organizational measures to protect your data, including:

  • HTTPS encryption for all data in transit
  • Hashed (bcrypt) storage of passwords — we never store passwords in plain text
  • Database access restricted to authorized services only
  • Regular security reviews and dependency updates

No system is completely secure. While we take data security seriously, we cannot guarantee absolute security and are not liable for breaches beyond our reasonable control.

5Third Parties

We share data with the following third-party services where necessary to operate the Service:

Stripe
Payment processing. Stripe receives your payment details and billing information directly. Stripe is PCI DSS compliant. See Stripe's Privacy Policy at stripe.com/privacy.
AI:nstein Apps Central API
Authentication and subscription management are handled by our central API hub (api.ainstein-apps.com), which is also operated by AI:nstein Apps under the same privacy standards as this policy.
Inleed
Swedish hosting provider providing server infrastructure. Inleed processes data as a data processor on our behalf, with servers in Sweden.

We do not sell, rent, or trade your personal data with any other third parties.

6Cookies and Local Storage

AEO Crawler uses minimal client-side storage:

  • Authentication token: Your login token is stored in your browser's localStorage to keep you signed in. This is not a tracking cookie and contains no personal data beyond an encrypted session identifier.
  • Preference data: Any UI preferences (such as theme or display settings) may be stored in localStorage. No personal data is involved.

We use Google Analytics 4 to collect anonymized, aggregated usage data (pages visited, session duration, general location by country). No personally identifiable information is shared with Google. You can opt out at any time via browser settings or the Google Analytics Opt-out Browser Add-on. We do not use advertising cookies or tracking pixels.

7Data Retention

We retain your personal data for as long as your account is active. If you delete your account, your personal data will be deleted or anonymized within 30 days, except where we are required to retain it for legal or financial compliance reasons (typically up to 7 years for billing records under Swedish accounting law).

Crawl results and analysis data are retained for the lifetime of your account. You can delete individual crawl results at any time from your dashboard.

8Your Rights

Under GDPR, you have the following rights regarding your personal data:

  • Access: Request a copy of the personal data we hold about you
  • Rectification: Correct inaccurate or incomplete data in your account settings or by contacting us
  • Erasure: Request deletion of your account and associated personal data
  • Portability: Request an export of your data in a machine-readable format
  • Restriction: Request that we restrict processing of your data in certain circumstances
  • Objection: Object to processing based on our legitimate interests

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days. You also have the right to lodge a complaint with the Swedish Authority for Privacy Protection (Integritetsskyddsmyndigheten, IMY) at imy.se.

9Children's Privacy

The Service is not directed at children under the age of 16. We do not knowingly collect personal data from children under 16. If you become aware that a child has provided us with personal data, please contact us so we can take appropriate action.

10Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. We will notify you of material changes by email or by displaying a notice in the Service. The date at the top of this page indicates when the policy was last updated. Continued use of the Service after changes take effect constitutes acceptance of the revised policy.

11Contact

If you have questions, concerns, or requests relating to this Privacy Policy or your personal data, please contact us:

AI:nstein Apps — Robert Vintervind, Sweden
Swedish DPA: Integritetsskyddsmyndigheten (imy.se)
v1.0.0