Privacy, in detail.

SEO Aesthetic is a product of Blind LLC, doing business as SEO Aesthetic (“we,” “our,” or “us”). When we say “the Services,” we mean our website at seoaesthetic.com, the owner dashboards at beta.seoaesthetic.com, the public business profile pages we generate, the review-collection and photo-upload tools we host on your behalf, and the integrations that connect those tools to Google and the other platforms listed below.

By using the Services, you accept the practices described in this policy. If you do not agree, please do not use the Services. We’ll always tell you when this document materially changes (see Section 14).

We use the information described in Section 2 to:

• Provide, operate, secure, and improve the Services.
• Compute Digital Scores and editorial summaries for every business listed on the public site.
• Deliver the SEO modules you have purchased — including drafting Google Business Profile posts, replying to reviews, building citations, and producing monthly reports.
• Process payments, manage subscriptions, and prevent fraud.
• Send transactional messages: phone verification codes, approval requests, billing receipts, weekly progress digests, and monthly reports.
• Respond to support requests and dispute resolution.
• Comply with legal obligations and enforce our Terms of Service.

We do not sell your personal information. We do not share it for cross-context behavioral advertising. We do not buy advertising profiles to target you.

SEO Aesthetic accesses your Google account data only with your explicit OAuth authorization and only for the purposes you sign up for. SEO Aesthetic’s use and transfer of information received from Google APIs to any other app will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

SEO Aesthetic uses large language models (OpenAI and Google Gemini, principally) to draft Google Business Profile posts, review replies, FAQ answers, monthly report narratives, and content suggestions. These drafts are generated against your business’s data, your selected brand voice, and your written brand rules.

Every AI-generated artifact that publishes to a public platform passes through an approval gate by default. You can pre-approve specific content types under Settings → Auto-Approve, in which case those drafts ship without per-item review — you remain fully responsible for the published output. We log every draft, every approval, and every publish so you can audit the chain end-to-end from your dashboard.

AI providers may briefly cache prompts and responses for safety and abuse-monitoring purposes per their published policies. We do not authorize providers to use your data for model training, and we use API tiers that contractually prohibit such use where available.

SEO Aesthetic uses a small number of essential cookies: a session cookie when you log in, a CSRF protection cookie, and a preference cookie for any dashboard layout choices you make. We do not use third-party advertising cookies, cross-site trackers, or session replay tools.

Where we use a third party to deliver part of the Services (a hosted Stripe Checkout page, for example), that third party may set its own cookies on its own domain; their cookie policies govern that use.

We rely on the sub-processors below to operate the Services. Each one receives only the data needed for its specific function, under a data-processing agreement that restricts re-use. You can request a current list at any time by contacting us.

Stripe

Payment processing, subscription billing, customer portal. We send Stripe your email, business name, and the modules you bought.

Twilio

Phone-number verification (SMS OTP) and outbound transactional SMS. We send Twilio your phone number and the message to deliver.

Resend

Transactional email (verification, approval requests, weekly digests, monthly reports). We send Resend recipient email addresses and message contents.

Google (Cloud, Places, Maps, PageSpeed, Business Profile)

Sign-in, location autocomplete, map rendering, site performance scoring, GBP read and write. Data flows are scoped per Section 4.

DataForSEO

Keyword ranking data, SERP screenshots, organic traffic estimates, backlink data, review ingestion, business listing data. We send DataForSEO public business identifiers (website, name, address, GBP placeId) and target keywords.

BrightLocal

Citation campaign management for paid customers on the Off-Page module. We send BrightLocal the business NAP (name, address, phone) and category data.

BestTime

Popular-times forecasting for business profile pages. We send BestTime the business’s Google Place ID.

OpenAI

AI-generated content drafting (posts, replies, summaries, reports). We send OpenAI sanitized prompts containing business context, brand voice notes, and content goals. We use API tiers that prohibit training use of submitted data.

Google Gemini

AI-generated content drafting and AI visibility checks. Same handling as OpenAI.

SerpZilla / SerpClix / Adsy / RedPress

Off-page module vendors used only for customers actively enrolled in those modules — backlinks, CTR campaigns, press release distribution.

DigitalOcean

Application hosting, managed Postgres, object storage (DO Spaces) for photos and report PDFs.

Cloudflare

CDN, DDoS protection, bot mitigation in front of public routes.

Sentry

Error monitoring. Sentry may capture stack traces and request metadata when our application encounters an error. We scrub personally identifying parameters before sending.

We disclose information only in these specific circumstances:

• To deliver the Services. The sub-processors in Section 7 receive what they need to do their job and nothing more.
• With your direction. If you connect Google, or instruct us to publish content, we transmit the corresponding data to those platforms on your behalf.
• To comply with law. We may disclose information when required by a valid subpoena, court order, or government request. We push back where the request is overbroad and notify you where we are legally permitted to do so.
• To protect rights and safety. Where necessary to investigate fraud, security incidents, or violations of our Terms of Service.
• Business transfer. If Blind LLC is acquired or merged, customer data transfers to the acquirer under the same protections.

We keep account data for as long as your account is active, plus a short tail to handle disputes, support, and legal obligations. Specifically:

• Account profile and business data: kept while the account is active; deleted within 30 days of account closure (or sooner on request).
• OAuth tokens (Google): deleted within 24 hours of revocation or account closure.
• Pageview hashes (Section 2): raw IP is never persisted; the salted hash is kept for 13 months for week-over-week trend reporting, then purged.
• Billing records: retained for 7 years to meet tax and accounting obligations.
• Application logs: 30 days, then purged.
• Public business profile pages we generate from the public web persist as long as the underlying business is operational. Owners can flag inaccurate data or request removal — see Section 11.

We protect data with industry-standard controls: TLS in transit, AES-256 at rest in managed Postgres and object storage, encrypted secrets, least-privilege access management, structured access logs, and continuous error monitoring. OAuth tokens are stored encrypted with separate key material. Production database access is restricted to a small set of authorized engineers and audited.

No system is impenetrable, so we maintain an incident-response plan and will notify affected users without undue delay if a breach occurs that materially affects their data.

You can:

• Access the personal information we hold about you by emailing the address in Section 15.
• Correct inaccurate information directly in your dashboard, or by writing to us.
• Delete your account and associated personal information at any time from Settings → Account, or by writing to us.
• Port your data: request a machine-readable export.
• Restrict or object to specific processing.
• Opt out of non-essential email communications via the unsubscribe link in any non-transactional email.
• Revoke OAuth access at any time through the third-party platform (Section 4).
• Flag inaccurate data on a public business profile we generated using the “Report inaccuracy” affordance on the page.

If you are in the United Kingdom or another jurisdiction with similar laws (GDPR, UK GDPR), you additionally have the right to lodge a complaint with your local supervisory authority. If you are a California resident, you have rights under the CCPA / CPRA including the right to know what we collect, the right to delete, the right to correct, and the right not to be discriminated against for exercising your rights. We honor all of these rights regardless of your jurisdiction.

SEO Aesthetic is operated from the United States, and our primary infrastructure is hosted in U.S. data centers. If you are accessing the Services from outside the United States (including the United Kingdom), your information will be transferred to and processed in the United States. We rely on Standard Contractual Clauses or equivalent mechanisms with our sub-processors where required.

The Services are intended for businesses and adults. We do not knowingly collect personal information from anyone under 13 (or under 16 in jurisdictions that apply a higher age). If we learn that we have inadvertently collected such information, we will delete it promptly.

We may revise this policy as our product evolves or as legal requirements change. When we make material changes, we will notify account holders by email and update the “Last revised” date at the top. Continued use of the Services after the effective date of a revised policy constitutes acceptance of the revisions.

Questions about this policy, data requests, or anything else — reach us:

Email

hello@seoaesthetic.com

Phone

(213) 928-2348

Mailing entity

Blind LLC, doing business as SEO Aesthetic