Privacy Policy

1. Information We Collect

1.1 Information You Provide

• Account Information: Name, email address, company name, billing information
• Payment Information: Processed securely through Stripe (we do not store full credit card numbers)
• Website Data: URLs and website content you submit for analysis
• Communications: Messages, support requests, feedback

1.2 Automatically Collected Information

• Usage Data: Pages visited, features used, time spent, interaction patterns
• Technical Data: IP address, browser type, device information, operating system
• Performance Data: Response times, error rates, system health metrics
• Cookies: Session identifiers, preferences (see Cookie Policy below)

1.3 Third-Party Data

• AI Model Interactions: Anonymized analysis results from large language models
• Website Analysis: Publicly available information from URLs you submit for analysis

2. How We Use Your Information

2.1 Service Delivery

• Provide Answer Authority Engineering™ services
• Analyze websites for AI visibility and authority signals
• Generate remediation recommendations
• Monitor and improve your authority scores
• Process subscription payments

2.2 Platform Operations

• Boss AI Worker: Route AI tasks, enforce budgets, monitor system health
• Automation Primitives: Execute AGE™, CWAR™, and CPR™ workflows
• Security: Detect anomalies, prevent abuse, enforce access controls

2.3 Communications

• Send service notifications, updates, and alerts
• Provide customer support
• Send marketing communications (with your consent)

2.4 Improvement & Analytics

• Analyze usage patterns to improve services
• Develop new features and products
• Conduct research on AI visibility optimization

3. How We Share Your Information

3.1 Service Providers

We share data with trusted third parties who help us operate the Platform:

• Cloudflare: Infrastructure provider (Workers, Pages, D1, KV, R2)
  • Data stored on Cloudflare's global network
  • Subject to Cloudflare's privacy policy
  • GDPR/CCPA compliant
• Stripe: Payment processing
  • Billing and subscription management
  • PCI-DSS compliant
  • Subject to Stripe's privacy policy
• OpenAI: AI model provider
  • Anonymized requests only
  • No personally identifiable information sent
  • Subject to OpenAI's data usage policy
• Hetzner: Dedicated compute for execution cells
  • EU-based infrastructure
  • GDPR compliant
  • Subject to Hetzner's privacy policy

3.2 Legal Requirements

We may disclose information when required by law, to:

• Comply with legal process
• Protect our rights and property
• Prevent fraud or security threats
• Respond to government requests

3.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred. We will notify you before your information becomes subject to a different privacy policy.

3.4 We Do NOT Sell Your Data

We do not sell, rent, or trade your personal information to third parties for marketing purposes.

4. Data Security

4.1 Security Measures

• Encryption: All data encrypted in transit (TLS/SSL) and at rest
• Access Controls: Internal auth (x-boss-key), role-based access
• Monitoring: 24/7 automated security monitoring via Boss AI Worker
• Audit Trails: Complete logging of all data access and modifications
• Battle Mode: Reverse-engineering resistance, anomaly detection, auto-containment

4.2 Data Storage

• Location: Cloudflare global network (edge locations worldwide)
• Redundancy: Automatic replication across multiple data centers
• Backup: Regular automated backups
• Retention: As long as your account is active plus 90 days after termination

4.3 Incident Response

In the event of a data breach:

• We will notify affected users within 72 hours
• Implement immediate containment measures
• Conduct thorough investigation
• Report to relevant authorities as required

5. Your Rights and Choices

5.1 Access and Control

You have the right to:

• Access: Request a copy of your personal data
• Rectification: Correct inaccurate or incomplete data
• Deletion: Request deletion of your data (subject to legal retention requirements)
• Portability: Receive your data in a machine-readable format
• Objection: Object to processing of your data
• Restriction: Request limited processing of your data

5.2 Marketing Opt-Out

You can opt out of marketing communications at any time by:

• Clicking "unsubscribe" in any marketing email
• Contacting us at [email protected]
• Updating your account preferences

5.3 Cookie Management

You can control cookies through your browser settings. Note that disabling cookies may limit Platform functionality.

6. Regional Privacy Rights

6.1 GDPR (European Union)

If you are in the EU/EEA, you have additional rights under GDPR:

• Right to lodge a complaint with supervisory authority
• Right to withdraw consent at any time
• Right to data portability
• Right to object to automated decision-making

Legal Basis for Processing:

• Consent for marketing communications
• Contract performance for service delivery
• Legitimate interests for platform improvement
• Legal obligation for compliance requirements

6.2 CCPA (California)

California residents have the right to:

• Know what personal information is collected
• Know if personal information is sold or disclosed
• Opt-out of sale of personal information (we do not sell)
• Request deletion of personal information
• Non-discrimination for exercising privacy rights

6.3 Other Jurisdictions

We comply with applicable privacy laws in all jurisdictions where we operate.

7. Children's Privacy

The Platform is not intended for users under 18 years of age. We do not knowingly collect personal information from children. If we discover we have collected information from a child, we will delete it immediately.

8. International Data Transfers

Your information may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place:

• Standard contractual clauses
• Adequacy decisions
• Privacy Shield frameworks (where applicable)

9. Data Retention

We retain your information for as long as necessary to:

• Provide services
• Comply with legal obligations
• Resolve disputes
• Enforce agreements

Typical retention periods:

• Active accounts: Duration of account + 90 days
• Website analysis data: 2 years
• Billing records: 7 years (legal requirement)
• Audit logs: 3 years
• Health monitoring data: 90 days

10. Cookies and Tracking

10.1 Cookies We Use

Essential Cookies: Required for Platform functionality

• Session management
• Authentication
• Security features

Analytics Cookies: Help us understand usage (optional)

• Page views
• Feature usage
• Performance metrics

Preference Cookies: Remember your settings

• Language preferences
• Display preferences

10.2 Third-Party Cookies

• Cloudflare (security, performance)
• Stripe (payment processing)

10.3 Your Choices

You can control cookies through browser settings or our cookie preference center.

11. AI and Automation

11.1 AI Processing

Our Platform uses artificial intelligence for:

• Website analysis and scoring
• Authority remediation recommendations
• Task routing and optimization
• System health monitoring

AI Governance:

• All AI activity supervised by Boss AI Worker
• Human approval required for critical actions (AGE™)
• Confidence-based routing (CWAR™)
• Full audit trails (CPR™)

11.2 Data Used for AI Training

We do NOT use your personal data to train third-party AI models without explicit consent.

What we analyze:

• Publicly available website content (already public)
• Authority signals and semantic structure
• AI citation patterns

What we do NOT share:

• Account credentials
• Billing information
• Private communications
• Business-sensitive data

12. Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of material changes by:

• Email notification
• Prominent notice on the Platform
• Updated "Last Updated" date

Continued use of the Platform after changes constitutes acceptance.

13. Contact Us

Privacy Questions or Requests:

Email: [email protected]
Phone: +1 844-797-0200 (411bz.com) | +1 877-777-2992 (411bz.ai)
Mail: 411bz, 474 Warren St. B, Brooklyn, NY 11217
Data Protection Officer: [email protected] (if applicable)

For GDPR Requests:
Email: [email protected]

For CCPA Requests:
Email: [email protected]

Response Time: We will respond to privacy requests within 30 days.

14. Specific Service Disclosures

14.1 Ghost Authority Layer™

Injects persistent, AI-only signals visible to AI crawlers (ChatGPT, Perplexity, etc.) but invisible to humans. This data is:

• Non-personal
• Publicly visible to AI systems
• Rotatable without notice
• Does not include personal information

14.2 Authority Knowledge Surface™

Creates persistent, public content optimized for AI citation. This content is:

• Publicly accessible
• Indexable by search engines and AI
• Attributed to your business
• Subject to your control and modification

14.3 Boss AI Worker

Our AI control plane that:

• Monitors system health
• Routes AI tasks
• Enforces governance
• Logs all decisions

Privacy Protection:

• Internal only (not publicly accessible)
• Cryptographic access control
• All activity logged and auditable
• No personal data processing without authorization

15. Your Data, Your Control

15.1 Download Your Data

Request a complete export of your data at any time:

• Account information
• Website analysis results
• Authority scores
• Audit logs

Format: JSON, CSV, or PDF
Delivery: Within 30 days

15.2 Delete Your Account

Request account deletion at any time:

• We will delete all personal data within 90 days
• Billing records retained for legal compliance (7 years)
• Anonymized analytics may be retained

15.3 Correct Your Data

Update your information anytime through:

• Account settings
• Email request to [email protected]

16. Security Incident Notification

In case of a security incident affecting your data:

• Notification: Within 72 hours of discovery
• Information Provided: Nature of incident, data affected, mitigation steps
• Support: Dedicated incident response contact

17. Third-Party Links

The Platform may contain links to third-party websites. We are not responsible for the privacy practices of those sites. We encourage you to review their privacy policies.

18. California Shine the Light Law

California residents may request information about disclosures of personal information to third parties for direct marketing purposes. Contact [email protected] for details.

19. Do Not Track

We respond to Do Not Track signals by not tracking users who have enabled this browser setting.

20. Automated Decision-Making

We use automated decision-making for:

• CWAR™ (Confidence-Weighted Action Routing)
• Task routing
• Budget enforcement
• Anomaly detection

Your Rights:

• Request human review of automated decisions
• Challenge decisions you believe are incorrect
• Opt-out of automated decision-making (may limit service)

21. Data Processing Agreement

For enterprise customers, we offer Data Processing Agreements (DPAs) that provide additional guarantees regarding data processing, security, and compliance.

Contact: [email protected]