Privacy Policy
Effective date: 5 May 2026
Last updated: 5 May 2026
DoesAIChooseYou? (“Service”) is operated by NativeFoundation, Inc. (“NativeFoundation,” “we,” “us,” or “our”), a Delaware corporation with its registered office at 131 Continental Drive, Suite 305, Newark, DE 19713, USA. This Privacy Policy explains what information we collect, how we use it, who we share it with, and the choices you have.
If you have questions, contact us at privacy@doesaichooseyou.com.
1. Who this policy applies to
This policy covers visitors to doesaichooseyou.com and customers who purchase an AI Visibility Audit report. If you are a resident of the EEA, UK, or California, you have additional rights described in Section 9.
2. Information we collect
Information you provide:
- Account and order details: name, email address, company name, website URL, and the brand and competitor terms you submit for auditing.
- Payment information: collected and processed by Stripe, Inc. We do not store full card numbers on our servers; we receive only a token, the last four digits, card brand, and billing country.
- Communications: anything you send us by email or support form.
Information collected automatically:
- Standard server logs: IP address, user agent, referrer, timestamps, and pages requested. Used for security, abuse prevention, and debugging.
- Product analytics events (page views, button clicks, conversion funnel) collected through Google Analytics.
- Cookies and similar technologies — see Section 7.
Information generated by the Service:
- Reports we produce for you: queries we sent to third-party AI models, the responses returned, derived scores, and the final report.
We do not knowingly collect information from anyone under 16. If you believe a child has provided us information, contact privacy@doesaichooseyou.com and we will delete it.
3. How we use information
- To deliver, maintain, and improve the Service.
- To run the audit you purchased — this requires sending your brand and competitor strings to third-party AI providers (see Section 5).
- To process payments, send receipts, and deliver the completed report.
- To respond to support requests.
- To detect, investigate, and prevent fraud, abuse, and security incidents.
- To comply with legal obligations.
- With your consent, to send product updates. You can unsubscribe at any time.
4. Legal bases (EEA / UK users)
We process personal information under the following GDPR / UK GDPR legal bases:
- Contract — to deliver the report you purchased.
- Legitimate interests — to secure the Service, prevent fraud, and improve our product, where those interests are not overridden by your rights.
- Consent — for non-essential cookies and marketing email, where required.
- Legal obligation — for tax records and lawful requests.
5. Subprocessors and third parties we share with
We use the following subprocessors. We share only the data each one needs to perform its role.
| Subprocessor | Purpose | Data shared |
|---|---|---|
| Stripe, Inc. (US) | Payment processing | Name, email, billing address, payment token |
| Google LLC (US) — Google Analytics | Product analytics | Anonymized event data, IP-derived region |
| Mailgun Technologies, Inc. (US) | Transactional email (receipts, report delivery, account email) | Name, email address, message contents |
| OpenAI, L.L.C. (US) | AI model audit (GPT family) | Brand and competitor strings, audit prompts |
| Anthropic, PBC (US) | AI model audit (Claude family) | Brand and competitor strings, audit prompts |
| Google LLC (US) | AI model audit (Gemini, Gemma) | Brand and competitor strings, audit prompts |
| Perplexity AI, Inc. (US) | AI model audit (Sonar) | Brand and competitor strings, audit prompts |
| DeepSeek (operator of the DeepSeek API) | AI model audit | Brand and competitor strings, audit prompts |
| Moonshot AI (operator of the Kimi API) | AI model audit | Brand and competitor strings, audit prompts |
Important note about AI providers. To produce your report, we send your audit queries — which include your brand name, competitor names, and category descriptors — to the AI model providers listed above. We operate a zero-trust posture toward third-party AI providers: where the provider offers an API tier or contractual commitment that disables training on submitted data, we use it. Each provider remains subject to its own privacy and data-handling terms, and we cannot guarantee the data-handling practices of every third-party provider.
We may also share information:
- With professional advisors (lawyers, accountants, auditors) under confidentiality.
- In connection with a merger, acquisition, financing, or asset sale, subject to the protections of this policy.
- When required by law, subpoena, or to protect our rights and the safety of others.
We do not sell personal information, and we do not share it for cross-context behavioral advertising as those terms are defined under the CCPA/CPRA.
6. Data retention
- Account and order records: kept while your account is active and for up to 7 years afterward for tax and accounting purposes.
- Generated reports and audit query data: retained for 12 months after delivery, then permanently purged from production systems. Encrypted, access-controlled backups may retain copies for up to a further 90 days before being overwritten.
- Server logs and analytics: retained for up to 13 months.
- Marketing email lists: retained until you unsubscribe.
You can request earlier deletion at any time (see Section 9).
7. Cookies
We use a small number of cookies and similar technologies:
- Strictly necessary — session, authentication, payment, and CSRF protection. Always on.
- Analytics — Google Analytics, used to understand product usage. Only set after you consent (where consent is required by law).
You can control cookies through our cookie banner and your browser settings. Disabling strictly-necessary cookies will break parts of the Service.
8. Security
We use industry-standard technical and organizational safeguards including TLS 1.2+ in transit, encryption at rest, least-privilege access controls, audit logging, and regular dependency and vulnerability review. Our practices are aligned with SOC 2 (Security) and GDPR principles. We are actively working toward formal SOC 2 Type II and ISO 27001 certification but do not currently hold either certification. No system is perfectly secure; if we ever experience a breach affecting your information, we will notify you and the relevant authorities as required by law.
9. Your rights
Depending on where you live, you may have the right to:
- Access the personal information we hold about you.
- Correct inaccurate information.
- Delete your information (“right to erasure”).
- Restrict or object to certain processing.
- Receive a portable copy of your information.
- Withdraw consent for processing based on consent.
- Lodge a complaint with your local data protection authority (EEA/UK) or the California Privacy Protection Agency.
To exercise any of these rights, email privacy@doesaichooseyou.com. We will respond within the timeframes required by applicable law (typically 30 days). We may need to verify your identity before fulfilling a request.
California residents: under the CCPA/CPRA you also have the right to know the categories of personal information we collected, the categories of sources, the business purposes, and the categories of third parties we share with — all of which are listed above. You have the right to opt out of any “sale” or “sharing” of personal information; we do neither.
10. International transfers
NativeFoundation, Inc. is based in the United States, and our subprocessors are primarily in the United States. If you are in the EEA, UK, or Switzerland, your information will be transferred to and processed in the US. We rely on Standard Contractual Clauses or other lawful transfer mechanisms with our subprocessors where required.
11. Changes to this policy
We may update this policy from time to time. The “Last updated” date at the top reflects the most recent change. If we make material changes, we will notify you by email or a prominent notice on the Service before the changes take effect.
12. Contact
NativeFoundation, Inc.
131 Continental Drive, Suite 305
Newark, DE 19713, USA
privacy@doesaichooseyou.com
See also our Terms of Service.