Legal

Privacy Policy

Last updated: 2026-05-05

infoThis page describes the practices in effect today as we build the service. We'll update it as the product evolves and as it's reviewed by legal counsel before general availability.

Who we are

AIsurface is operated by Cleardot Enterprises, incorporated in California, USA. You can reach us at support@aisurface.ai.

What we collect

  • Email address. Required for account creation, one-time-code authentication, and report delivery.
  • Domain you ask us to scan. Stored as part of the scan record so we can deliver and re-deliver your report.
  • Authentication metadata. One-time code hashes and session token hashes (we never store the plaintext); the IP address and user-agent of the request, kept for 30 days for fraud detection and rate limiting.
  • Organization and team data. If you invite colleagues, the email address you invited and the role you assigned.
  • Scan results. Outputs from third-party LLM providers about the public-facing presence of the domain you scanned, plus our derived scores and analysis.

We do not collect tracking cookies, advertising identifiers, or third-party analytics today.

How we use it

  • To run your scans and deliver the resulting reports.
  • To authenticate you and keep your account secure.
  • To send transactional email — verification codes, scan results, billing receipts, security notices. We do not send marketing emails without your explicit opt-in.
  • To investigate abuse and enforce our terms.
  • To improve the product — aggregate, de-identified usage metrics only.

Who we share it with

  • LLM providers (Anthropic, OpenAI, Google, Perplexity). To run a scan we send the domain plus our prompt templates to these providers. We do not send your email or any personally identifiable information.
  • Email delivery (SendGrid). Your email address and the message body — verification codes, report links, invitation links.
  • Hosting (AWS in us-east-1, Cloudflare for DNS and edge proxying). Account data, scan results, and session metadata are stored in AWS.
  • Payments (Stripe — when paid plans launch). Payment information is collected and stored by Stripe; we receive a customer ID, plan, and renewal status, but never your card number.

We do not sell or rent your data to advertisers or data brokers.

Where we store it

Account data and scan results live in AWS us-east-1 (Virginia, USA). Scan output files are stored in encrypted S3 buckets with a 90-day retention before transitioning to long-term archive. Session and authentication tables sit in our managed Postgres instance, also in us-east-1.

What you can do

You can ask us to correct, export, or delete the personal data we hold about you by emailing support@aisurface.ai. We'll respond within 30 days. Self-service controls (account-deletion button, data export download) are on the roadmap.

Children

AIsurface is intended for businesses and is not directed at children under 13. We do not knowingly collect personal data from children.

Changes

We may revise this policy. Material changes will be announced by email to active accounts at least 14 days before they take effect; the “Last updated” date above will reflect the most recent revision.

Contact

Questions about this policy or our data practices? support@aisurface.ai.