Privacy Policy

Account data

• Your email address (used for authentication and service emails).

Entity and prompt data

• The name, type, and category of entities you choose to track.
• The prompt panel (questions) generated and confirmed for each entity.

Run data and AI responses

• For each run: which model was queried, the prompt, and the raw AI response.
• Raw responses are automatically purged (nullified) after 90 days. The computed mention result (mentioned/not mentioned, confidence interval) is retained indefinitely so trend history is preserved.

Billing data

• Your subscription tier and payment status. We do not store full card details — those are held by Stripe.
• Spend ledger entries (cost per run, used for budget enforcement).

Usage and error data

• Anonymous product analytics events (e.g., “snapshot triggered”) via PostHog. No PII is included in these events.
• Error stack traces via Sentry. Email addresses and usernames are stripped before transmission.

• To run prompts against AI models and compute mention rates.
• To send you snapshot-ready notifications, weekly digests, and account emails.
• To enforce plan limits and process subscription billing.
• To detect anomalies (drift alerts) in your entity’s AI visibility.
• To improve the service through aggregate, anonymized analytics.

We do not sell your data to third parties. We do not use your entity data to train AI models.

• Raw AI responses: 90 days, then nullified. The run record (mention result, cost) is kept.
• Metric snapshots and trend data: kept for the lifetime of your account.
• Account deletion: all data is permanently deleted, including entity data, prompt panels, metrics, and alerts. Stripe subscriptions are cancelled immediately. An anonymized audit log (no PII) is retained for legal compliance.

• Session cookie: set by Supabase after sign-in. Required for authentication. Expires when you sign out or the session lapses.
• Analytics persistence: PostHog stores an anonymous identifier in localStorage to deduplicate events. Contains no PII.

We do not use advertising cookies or third-party tracking pixels.

We share data with the following processors, each under their own privacy terms:

• Supabase — database and authentication hosting. Your entity data and metric results are stored here.
• Stripe — payment processing. Receives your email and billing details when you subscribe.
• Resend — transactional email delivery. Receives your email address to deliver notifications.
• PostHog — product analytics. Receives anonymized event data (no email, no entity names).
• Sentry — error monitoring. Receives stack traces and request metadata; email/username stripped before transmission.
• OpenAI, Anthropic, Google, DeepSeek, xAI — AI model providers. Receive your prompts as inputs. Their responses are what AIRR measures.

You can, at any time:

• Export your data — download a JSON file of all entities, prompts, metrics, alerts, and spend records from account settings.
• Delete your account — permanently removes all data and cancels your subscription. Access this from account settings.
• Correct your information — contact us at hello@aireputationreview.com.

If you are in the European Economic Area (EEA), you have additional rights under the GDPR, including the right to lodge a complaint with a supervisory authority. Our legal basis for processing is performance of a contract (providing the service you signed up for) and legitimate interests (security, abuse prevention).

All data is encrypted in transit (TLS) and at rest. Access to raw data is restricted to the service role used by background workers; user-facing APIs use row-level security. We monitor for anomalies and respond to security incidents promptly.

No system is perfectly secure. If you discover a vulnerability, please email hello@aireputationreview.com.

AIRR is not directed at children under 13 (or 16 in the EEA). We do not knowingly collect data from children. If you believe a child has created an account, contact us and we will delete it.

We may update this policy. For material changes we will notify you by email at least 14 days before the new policy takes effect. The current version is always at aireputationreview.com/privacy.