1. Introduction

AISO Studio ("we," "our," or "us") is an AI-powered content optimization and search optimization platform operated as a business-to-business (B2B) software-as-a-service (SaaS) product. This Privacy Policy describes how we collect, use, store, share, and protect information when you visit our website at aiso.studio or use our platform (collectively, the "Service").

By accessing or using the Service, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with our practices, please do not use the Service.

2. Information We Collect

2.1 Account Information

When you create an account, we collect:

Email address
Full name
Organization or agency name (if provided)

Account authentication is managed by Clerk, Inc., a third-party identity provider. Clerk processes your authentication credentials (passwords, session tokens, multi-factor authentication data) on our behalf. We do not directly store passwords.

2.2 Payment and Billing Information

All payment processing is handled by Stripe, Inc. We do not store, process, or have access to your full credit card number, CVV, or bank account details. Stripe provides us with limited billing information including the last four digits of your card number, card brand, expiration date, billing address, and subscription status. This information is used solely for account management and billing inquiries.

2.3 Content and Audit Data

When you use the Service, we store the following data in our database:

URLs submitted for auditing — website addresses you provide for content, accessibility, or SEO analysis
Content retrieved from submitted URLs — text, HTML, and page metadata extracted during audits
Audit results and scores — AISO scores, WCAG accessibility findings, SEO analysis results, and fact-check outputs
AI-generated and optimized content — articles, rewrites, strategies, and topics created through the Service
Project and client data — project names, scan history, notes, and remediation records
Lead discovery data — domain names and publicly available information about businesses discovered through the lead discovery feature
WordPress credentials — WordPress site URLs, usernames, and application passwords you provide for publishing integration, stored in encrypted form

Important: If you submit third-party URLs for auditing, we retrieve and store publicly accessible content from those websites solely to perform the requested analysis. You are responsible for ensuring you have appropriate authorization to audit content you submit, particularly content belonging to your clients.

2.4 Usage and Analytics Data

We collect usage data to understand how the Service is used and to improve it. This includes:

Pages visited and features used within the platform
Time spent on pages and time-on-page metrics
Browser type, screen resolution, and operating system
IP address
Referring URL
Error events and performance data

We collect this data through our own first-party analytics system. We do not use Google Analytics or any third-party behavioral analytics tools that track users across websites.

2.5 Communications Data

If you contact us for support or other inquiries, we retain the content of your messages, your email address, and our responses for customer service and quality purposes.

3. How We Use Your Information

We use the information we collect for the following purposes:

Providing the Service — processing audits, generating content, running scans, and delivering results
Account management — managing your subscription, authenticating access, and enforcing tier-based feature limits
Billing — processing payments, sending invoices, and managing subscription changes
Service improvement — analyzing usage patterns to improve features, fix bugs, and prioritize development
Service communications — sending account-related notifications such as subscription confirmations, password resets, and security alerts
Security and fraud prevention — detecting and preventing unauthorized access, abuse, or fraudulent activity
Legal compliance — meeting our legal obligations and responding to lawful requests

We do not sell your personal information. We do not use your content data to train AI models. We do not serve third-party advertising on the Service.

4. How We Share Your Information

We share your information only with the third-party service providers necessary to operate the Service. We do not sell, rent, or trade your personal information to third parties for their marketing purposes.

Provider	Purpose	Data Shared	Privacy Policy
Clerk	Authentication & identity	Email, name, session data	clerk.com/legal/privacy
Stripe	Payment processing	Payment method, billing address, transaction data	stripe.com/privacy
Anthropic	AI content processing	Content submitted for audit, generation, or optimization	anthropic.com/privacy
Neon	Database hosting	All application data (stored encrypted at rest)	neon.tech/privacy
Hetzner	Application hosting	Request logs, IP addresses	hetzner.com/legal/privacy-policy

Regarding Anthropic (AI processing): Content you submit for auditing, optimization, or generation is sent to Anthropic's Claude API for processing. Anthropic's API terms state that API inputs and outputs are not used to train their models. Content is processed in real time and is not retained by Anthropic beyond what is necessary to provide the API response.

We may also disclose your information if required to do so by law, regulation, legal process, or governmental request, or if we believe disclosure is necessary to protect the rights, property, or safety of AISO Studio, our users, or others.

5. Data Retention

We retain your data according to the following schedule:

Active accounts: All content data, audit results, generated articles, project data, and usage analytics are retained for the duration of your active subscription.
After cancellation: Your data is retained for 30 days following account cancellation to allow for reactivation. After 30 days, all content data, audit results, and project data are permanently deleted from our systems.
Account information: Basic account information (email, name) and billing records may be retained for up to 12 months after account deletion for legal, tax, and compliance purposes.
Usage analytics: Anonymized, aggregated usage data that cannot be linked to individual users may be retained indefinitely for product improvement purposes.

You may request deletion of your data at any time by contacting us at support@aiso.studio. We will process deletion requests within 30 days.

6. Data Security

We implement the following security measures to protect your information:

Encryption in transit: All data transmitted between your browser and our servers is encrypted using TLS/SSL (HTTPS). SSL certificates are automatically provisioned and renewed.
Encryption at rest: Database connections use SSL encryption. WordPress credentials are stored using application-level encryption.
Authentication security: User authentication is managed by Clerk, which provides enterprise-grade security including session management, brute-force protection, and optional multi-factor authentication.
Infrastructure security: Our application runs on dedicated server infrastructure with restricted access. Database access is limited to the application layer only.
Access controls: Administrative access to production systems is restricted and requires SSH key-based authentication.

While we implement commercially reasonable security measures, no method of electronic transmission or storage is completely secure. We cannot guarantee absolute security of your data.

7. Cookies and Tracking Technologies

The Service uses the following cookies and similar technologies:

Authentication cookies: Set by Clerk to maintain your login session. These are strictly necessary for the Service to function and cannot be disabled.
Session cookies: Used to maintain application state during your visit. These expire when you close your browser or after your session times out.

We do not use third-party advertising cookies, social media tracking pixels, or cross-site tracking technologies. Our first-party analytics system uses server-side event tracking and does not set analytics cookies in your browser.

8. Your Rights and Choices

You have the following rights regarding your personal information:

Access: You may request a copy of the personal information we hold about you.
Correction: You may update or correct your account information through your account settings or by contacting us.
Deletion: You may request deletion of your account and associated data. We will process deletion requests within 30 days, subject to retention requirements described in Section 5.
Data portability: You may request an export of your data in a machine-readable format.
Opt-out of communications: You may opt out of marketing communications at any time. You cannot opt out of transactional communications necessary for account management (e.g., billing notifications, security alerts).

To exercise any of these rights, contact us at support@aiso.studio.

8.1 California Residents (CCPA/CPRA)

If you are a California resident, the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA) provide you with additional rights regarding your personal information. You have the right to know what personal information we collect, the right to delete your personal information, and the right to opt out of the sale of your personal information. We do not sell personal information. To exercise your California privacy rights, contact us at support@aiso.studio.

8.2 European Economic Area Residents (GDPR)

If you are located in the European Economic Area (EEA), the General Data Protection Regulation (GDPR) provides you with additional rights. Our legal bases for processing your personal data include: performance of a contract (providing the Service), legitimate interests (improving the Service, preventing fraud), and your consent (where applicable). You have the right to lodge a complaint with your local data protection authority. AISO Studio's primary market is the United States, but we extend GDPR rights to all EEA users.

9. Children's Privacy

The Service is designed for business use and is not intended for individuals under the age of 18. We do not knowingly collect personal information from children under 18. If we learn that we have collected personal information from a child under 18, we will take steps to delete that information promptly. If you believe a child has provided us with personal information, please contact us at support@aiso.studio.

10. International Data Transfers

Our servers are located in the United States. If you access the Service from outside the United States, your information will be transferred to, stored, and processed in the United States. By using the Service, you consent to the transfer of your information to the United States. We ensure that all third-party service providers maintain appropriate data protection standards.

11. Third-Party Websites and Services

The Service may contain links to third-party websites or integrate with third-party services (such as WordPress sites you connect for publishing). This Privacy Policy does not apply to third-party websites or services. We encourage you to review the privacy policies of any third-party services you interact with through the Service.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will notify registered users by email and update the "Last updated" date at the top of this page. Your continued use of the Service after changes take effect constitutes acceptance of the updated Privacy Policy.

13. Governing Law

This Privacy Policy is governed by the laws of the State of Missouri, United States, without regard to its conflict of law provisions.

14. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Email: support@aiso.studio
Website: aiso.studio

We will respond to all privacy-related inquiries within 30 days.