Privacy Policy
Effective date: July 7, 2026
Last updated: July 13, 2026
This Privacy Policy explains how Afluo LLC (“Afluo,” “we,” “us,” or “our”) collects, uses, shares, and protects personal information in connection with Visibly AI (the “Service”) — including our marketing website at getvisibly.ai, our web dashboard at visiblyai.app, and our Visibly AI application distributed through the Shopify App Store.
Visibly AI helps brands measure and improve how visible they are in answers generated by AI assistants and AI-powered search (a practice known as Generative Engine Optimization, or “GEO”). To do this, the Service analyzes your website and brand information, runs brand-relevant prompts against third-party AI models, and reports on how your brand appears in the results.
By creating an account, installing our Shopify app, or otherwise using the Service, you acknowledge that you have read and understood this Privacy Policy.
1. Who we are
Data controller: Afluo LLC Address: 418 Broadway, Ste N, Albany, NY 12207, United States Contact: support@getvisibly.ai
Afluo LLC is the entity that creates, owns, and operates Visibly AI. For users in the European Economic Area (“EEA”) and the United Kingdom (“UK”), Afluo LLC is the “controller” of your personal data for the purposes of the EU and UK General Data Protection Regulation (“GDPR”).
2. Scope of this policy
This policy applies to all of the ways you interact with Visibly AI:
| Surface | Who uses it | Authentication |
|---|---|---|
| getvisibly.ai | Anyone visiting our marketing site | None required |
| visiblyai.app | Registered web users | Email + password (Supabase Auth) |
| Visibly AI for Shopify | Merchants who install our app from the Shopify App Store | Shopify (via your Shopify admin) |
Where the treatment of your data differs between the standalone web app and the Shopify app, we call that out below. Section 8 is specific to Shopify merchants and the data we access from Shopify.
This policy does not cover the practices of third parties we do not control, including Shopify, Stripe, or the AI providers described in Section 6. Please review their privacy policies separately.
3. Information we collect
3.1 Information you provide to us
- Account information. When you sign up for the web app, we collect your full name, email address, and a password. Passwords are never stored in plain text — authentication is handled by Supabase Auth, which stores a securely hashed credential.
- Organization information. The name of your organization/workspace and the owner email address associated with it.
- Brand and business information. The brand name, description, and industry you provide; the website URL(s) you ask us to analyze; and the names and URLs of competitors you choose to track.
- Support and communications. If you contact us (for example, at support@getvisibly.ai), we keep the content of your messages and our correspondence.
3.2 Information generated by the Service
To provide the core product, we create and store analytical data associated with your brand, including:
- Prompts generated for your brand and the responses returned by AI models;
- Brand-mention analyses extracted from those responses;
- Your AI Visibility Score (AIVS) and its component sub-scores over time;
- Point-in-time “snapshots” of how AI models describe your brand;
- Recommendations, sentiment analysis, and related insights.
3.3 Information we collect automatically
- Cookies and similar technologies. See Section 9 for the specific cookies we use.
- Usage and log data. Standard server and application logs, which may include IP address, browser and device type, pages or features accessed, and timestamps.
- Analytics. On our marketing site and web app we use Google Analytics to understand aggregate usage. This may set analytics cookies and share usage data with Google as described in Section 6.
3.4 Information we receive from third parties
- From Shopify (for merchants who install our app) — see Section 8.
- From payment providers. When you subscribe to a paid plan, we receive confirmation of payment and limited billing metadata (such as plan, status, and the last four digits or brand of a card) from Stripe or Shopify. We do not receive or store full payment card numbers.
- From public and licensed data sources. To calculate your scores we retrieve publicly available signals about your brand and website — for example, domain authority metrics (via Moz) and the volume of web search results that mention your brand (via Google Custom Search).
3.5 What we do not collect
Visibly AI is a business-to-business analytics tool. We do not knowingly collect the personal data of your customers or website visitors, and our Shopify app does not request access to your customers’ personal information (see Section 8).
4. How we use your information
We use personal information to:
- Provide and operate the Service — create and manage your account, analyze your website and brand, run prompts against AI models, and compute and display your visibility metrics.
- Process payments and manage subscriptions — including plans, credits, promotional codes, renewals, and cancellations.
- Communicate with you — send service, security, billing, and transactional messages, respond to support requests, and (where permitted) send product updates you can opt out of.
- Maintain security and integrity — authenticate users, prevent fraud and abuse, and protect the Service and our users.
- Improve the Service — understand how the Service is used, diagnose problems, and develop new features, using aggregated or de-identified data where practical.
- Comply with law — meet our legal, tax, accounting, and regulatory obligations, and enforce our Terms of Service.
We do not sell your personal information, and we do not use your brand data to train our own or third parties’ foundation models.
5. Legal bases for processing (EEA / UK users)
If you are in the EEA or UK, we rely on the following legal bases under the GDPR:
- Performance of a contract — to provide the Service you signed up for and to bill you for it.
- Legitimate interests — to secure, maintain, and improve the Service, and to communicate with you about it, balanced against your rights and freedoms.
- Consent — for non-essential cookies and analytics, and for optional marketing communications, where required. You may withdraw consent at any time.
- Legal obligation — to comply with applicable laws and regulatory requirements.
6. AI processing and third-party AI providers
The core function of Visibly AI is to evaluate how your brand appears in AI-generated answers. To do this, we send prompts to third-party AI model providers. These prompts and related requests may include your brand name, brand description, website content, and the names of competitors you track — the information needed to measure your visibility. We do not send your account password, payment details, or your customers’ personal data to these providers.
The AI and data providers we use as sub-processors currently include:
- OpenAI — AI model processing (the models we label “ChatGPT” in the product);
- Google — AI model processing (the models we label “Gemini”), Google Custom Search, and Google Analytics;
- Moz — domain authority and link metrics.
As the Service evolves we may add coverage of additional AI assistants (for example, Perplexity or Anthropic’s Claude); when we do, we will update this policy and the sub-processor list in Section 7.1 before those providers process your data.
Some of these providers perform live web searches as part of answering a prompt. Each provider processes data under its own terms and privacy policy. We select providers that offer business/API terms and do not use API-submitted content to train their models by default.
Please don’t submit sensitive data. The Service is designed for brand and website analytics, not for sensitive personal data. Do not submit special-category data (such as health, biometric, or government-ID information) through prompts, brand descriptions, or other inputs.
Automated processing. Your AI Visibility Score and related recommendations are produced through automated analysis. They are estimates and informational outputs, not guarantees, and do not produce legal or similarly significant effects. Where required by law, you have rights regarding solely automated decision-making; contact us at support@getvisibly.ai to exercise them.
7. How we share your information
We share personal information only as described here. We do not sell it.
7.1 Service providers (sub-processors)
We use trusted vendors to run the Service. Each is bound by contract to process data only on our instructions and to protect it:
| Sub-processor | Purpose | Data location |
|---|---|---|
| Supabase | Authentication and primary database hosting | United States (us-east-2) |
| Railway | Application and API hosting | United States |
| OpenAI | AI model processing | United States |
| AI model processing (Gemini), web search, analytics | United States | |
| Moz | Domain authority / link data | United States |
| Stripe | Payment processing (web subscriptions) | United States |
| Shopify | App distribution, billing, and merchant store data | United States / global |
We may update this list as our vendors change. Material changes will be reflected in this policy.
7.2 Legal and safety
We may disclose information if required to do so by law, subpoena, or legal process, or where we believe in good faith that disclosure is necessary to protect our rights, your safety or the safety of others, investigate fraud, or respond to a government request.
7.3 Business transfers
If Afluo LLC is involved in a merger, acquisition, financing, or sale of assets, personal information may be transferred as part of that transaction. We will notify you of any change in ownership or use of your personal information.
8. Shopify merchants — data we access and how we handle it
This section applies if you install Visibly AI from the Shopify App Store.
8.1 What we access
When you install the app, you authorize it with the following Shopify scopes: read_products, write_products, read_reports, write_reports, and read_content. Using these, and Shopify’s APIs, we access and store:
- Shop information — your shop’s domain, shop name, and the store owner’s email address;
- Store content and products — product and content data used to generate brand-relevant and product-level insights;
- Report/analytics data — store analytics we use to estimate traffic your store receives from AI sources;
- Shopify access tokens — the API credentials that let the app talk to your store on your behalf, stored securely.
8.2 What we do not access
Visibly AI does not request or store your customers’ personal information (buyer names, email addresses, phone numbers, addresses, or order details). Our app is not granted customer-data scopes.
Because of this, Shopify’s mandatory privacy webhooks are handled as follows:
customers/data_request— we store no customer data, so there is nothing to compile or provide.customers/redact— we store no customer data, so there is nothing to erase.shop/redact— approximately 48 hours after you uninstall the app, we permanently erase the data we hold for your shop (see Section 8.4).
8.3 How we use Shopify data
We use Shopify data solely to provide the Service to you — to analyze your brand and products, compute your visibility metrics, estimate AI-driven traffic, and manage your subscription through Shopify billing. We do not use it for advertising and we do not sell it.
8.4 Uninstalling and deletion
When you uninstall the app, we immediately invalidate and scrub the stored Shopify access tokens. Shopify then sends a shop/redact request (typically 48 hours later), at which point we permanently delete the remaining data provisioned for your shop, including the brand data and any account that was automatically created for the installation and is not linked to another organization. You may also request erasure sooner by contacting support@getvisibly.ai.
9. Cookies and similar technologies
We use a small number of cookies and similar technologies:
| Cookie / technology | Purpose | Type |
|---|---|---|
Supabase auth cookies (sb-*) |
Keep you signed in to the web app and refresh your session | Strictly necessary |
visibly_shopify_embedded |
Mark that the app is running inside Shopify admin | Strictly necessary |
visibly_shopify_shop |
Identify your shop within the embedded context | Strictly necessary |
Google Analytics (_ga, _ga_*) |
Understand aggregate site and app usage | Analytics |
Strictly necessary cookies are required for the Service to function and cannot be switched off. You can control analytics and non-essential cookies through your browser settings or, where offered, our cookie controls. Blocking strictly necessary cookies may prevent you from signing in.
Our websites do not currently respond to “Do Not Track” browser signals. Because we do not sell or share personal information as those terms are defined under applicable law, opt-out preference signals such as the Global Privacy Control do not change how we process your data.
10. Data retention
We retain personal information for as long as your account is active and as needed to provide the Service. After you close your account or uninstall the Shopify app, we delete or de-identify your personal data within a commercially reasonable period (target: 90 days), except where we must retain certain records to:
- comply with legal, tax, or accounting obligations (for example, billing records are kept as required by law, disassociated from your shop where possible);
- resolve disputes and enforce our agreements; or
- maintain security and prevent abuse.
For Shopify merchants, shop data is erased following the shop/redact flow described in Section 8.4.
11. Data security
We take reasonable and appropriate technical and organizational measures to protect personal information, including encryption in transit (HTTPS), hashed passwords, scoped and hashed API credentials, access controls, and infrastructure operated by reputable cloud providers. Shopify access tokens are stored securely and invalidated on uninstall. No method of transmission or storage is completely secure, however, and we cannot guarantee absolute security.
12. International data transfers
Visibly AI is operated from, and stores data in, the United States. If you access the Service from outside the United States — including from the EEA or UK — your personal information will be transferred to and processed in the United States and other countries where our sub-processors operate. These countries may have data-protection laws that differ from those in your country.
Where we transfer personal data out of the EEA or UK, we rely on appropriate safeguards such as the European Commission’s Standard Contractual Clauses (and the UK Addendum) with our sub-processors. You may request more information about these safeguards using the contact details in Section 17.
13. Your privacy rights
13.1 EEA / UK (GDPR)
Subject to applicable law, you have the right to: access your personal data; request correction of inaccurate data; request erasure; restrict or object to certain processing; request data portability; and withdraw consent where processing is based on consent. You also have the right to lodge a complaint with your local supervisory authority.
13.2 California (CCPA / CPRA)
If you are a California resident, you have the right to: know what personal information we collect and how we use and disclose it; access and delete your personal information; correct inaccurate information; and opt out of the “sale” or “sharing” of personal information and of certain targeted advertising. We do not sell or share personal information as those terms are defined under the CPRA. We will not discriminate against you for exercising your rights.
13.3 Other jurisdictions
Residents of other U.S. states and countries may have similar rights under applicable law. We honor valid requests regardless of where you live, to the extent required.
14. How to exercise your rights
To exercise any of the rights above, or to request that we access, correct, export, or delete your personal information, email us at support@getvisibly.ai. You can also delete most of your data directly by closing your account or, for Shopify merchants, by uninstalling the app (see Section 8.4).
We will respond within the timeframe required by applicable law. To protect your privacy, we may need to verify your identity before acting on a request. You may use an authorized agent to submit a request where the law permits.
15. Children’s privacy
The Service is intended for businesses and is not directed to children. We do not knowingly collect personal information from anyone under 16. If you believe a child has provided us personal information, contact us and we will delete it.
16. Changes to this policy
We may update this Privacy Policy from time to time. When we make material changes, we will update the “Last updated” date above and, where appropriate, notify you by email or through the Service. Your continued use of the Service after an update means you accept the revised policy.
17. Contact us
If you have questions, concerns, or requests regarding this Privacy Policy or your personal information, contact us at:
Afluo LLC 418 Broadway, Ste N Albany, NY 12207, United States Email: support@getvisibly.ai
Visibly AI is a service created, owned, and operated by Afluo LLC. This Privacy Policy is provided for general informational purposes and does not constitute legal advice.
