Privacy Policy

Last updated: July 10, 2026

The short version. AiCrony is a marketing autopilot with human approval. To do its job it stores your account and business details, the marketing contacts you bring, and — only when you connect them — data from your own tools (Google Analytics, Stripe, Microsoft Clarity, social accounts, your database). We use AI providers to generate drafts and insights from that data. We do not sell your data, we do not use it for advertising, and nothing publishes to your audiences without your approval. Questions: support@aicrony.com.

1. Who we are and what this covers

AiCrony is operated by EEKOTECH LLC, doing business as AI Crony ("AiCrony", "we", "us"). This policy covers aicrony.com, the AiCrony application, our free AI Visibility Scan, and emails we send. It explains what we collect, why, where it goes, and the choices you have. If we change how we handle your data — especially data from a connected account like Google — we will update this policy and ask for your consent before using the data in the new way.

2. Information you give us

  • Account: your email address and a password (never stored in plain text — authentication is handled by Supabase). We don't require your name to sign up.
  • Business profile: company name, industry, website, products and services, target audience, brand voice, and competitors — used to plan and draft your marketing.
  • Contacts you import: your subscribers' and leads' email addresses, names, and tags (via CSV or manual entry) so we can send email campaigns on your behalf. You are responsible for having permission to market to these contacts; we act as a processor of this data for you.
  • Billing: payments are handled by Stripe. We never see or store your card number — we keep your Stripe customer ID, subscription tier, and purchase history.
  • Team invitations: the email addresses of teammates you invite.

3. Information collected automatically

  • Site analytics: we use Google Analytics 4 on aicrony.com to understand how visitors use the site. It sets standard Google cookies (e.g. _ga).
  • Session cookies: secure cookies keep you signed in.
  • AI-referral attribution cookie: if you arrive from an AI engine (e.g. ChatGPT, Perplexity), we set a first-party ai_ref cookie for 30 days so we can attribute visits and purchases to AI citations. We record the referring engine, UTM parameters, and landing page — only when the referrer is an AI engine.
  • Security and audit logs: account actions (logins, exports, data connections) are logged with IP address for security and abuse prevention.
  • Local preferences: theme, sidebar state, and drafts-in-progress are stored in your browser's local storage, not on our servers.

We do not run Microsoft Clarity, session recording, advertising pixels, or any cross-site tracker on aicrony.com.

4. The free AI Visibility Scan

You can run a scan without an account. We collect the website domain you enter, your email address (optional — only needed to receive the full report), and your IP address (kept for rate limiting). To produce the scan we send buyer-intent questions about your market to AI engines (OpenAI, Perplexity, Google Gemini) — these queries contain your domain and niche, not your personal details. Every scan-report email includes a one-click unsubscribe; opting out adds you to a suppression list so we don't email you again.

5. Data from accounts you connect

AiCrony only accesses external accounts you explicitly connect, asks for the minimum permission needed for the feature, and uses the data solely to provide that feature to you. Credentials and tokens are encrypted at rest (AES-256-GCM). You can disconnect any source at any time in Settings, which deletes the stored credentials and cached data for that source.

Google user data (Google Analytics)

What we request: read-only access to your Google Analytics data — the single OAuth scope https://www.googleapis.com/auth/analytics.readonly. We do not use Google Sign-In and request no other Google scopes.

Why: to show your traffic, page views, and conversions inside AiCrony; to detect sessions referred by AI engines; and to give your marketing agent real performance context for the plans and insights it drafts for you.

How it's stored: your OAuth tokens are encrypted (AES-256-GCM) in our database. Fetched analytics summaries (about 30 days of sessions, page views, conversions, and traffic sources) are cached so your dashboard loads fast.

AI processing: summaries of your Google Analytics data are shared with our AI providers (Google Gemini and Anthropic) solely to generate the insights, answers, and marketing plans you see in the app — a user-facing feature you invoke. They are not shared with any other third party.

What we never do with Google user data: we do not sell it, transfer it to data brokers or advertising platforms, use it for ads (including retargeting or interest-based advertising), use it to determine credit-worthiness or for lending, or let humans read it except with your permission, for security reasons, or where required by law.

Disconnecting: remove the connection in Settings → Data Sources — this revokes AiCrony's access with Google and deletes your stored tokens, cached analytics data, and analytics-derived session records. You can also revoke access yourself at any time from your Google Account permissions page.

AiCrony's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

Other sources you can connect

  • Social accounts (Facebook, Instagram, X/Twitter, LinkedIn, Pinterest, TikTok): connected so AiCrony can publish posts you approve. Depending on the connection method, OAuth tokens are either held by Composio (our managed-connection provider — we store only a connection reference) or stored encrypted in our database. We send the platforms only the content you approved (caption, image or video, tracking tags).
  • Stripe (your own account, for revenue attribution): you provide a webhook signing secret and optionally a read-only restricted key. We receive payment events (amount, currency, a customer reference such as a Stripe customer ID or email, and campaign/UTM metadata) to connect marketing activity to revenue. We never receive card numbers.
  • Microsoft Clarity: your API token lets us read your Clarity UX metrics to include in insights.
  • Your database (Postgres or Google Cloud Datastore): read-only credentials you supply let us sample your data to power analytics. Credentials are encrypted; sampled data is cached and deleted when you disconnect.
  • HubSpot (optional, via Composio): closed-won deals and meetings are read to attribute revenue to marketing touches.

6. How we use your information

  • Provide the service: plan, draft, and (after your approval) publish marketing.
  • Show you analytics, attribution, and a daily approval digest.
  • Send transactional email (reports, billing and credit notices, digests).
  • Send email campaigns to your contacts on your instruction.
  • Secure the service, prevent abuse, and keep audit records.
  • Improve AiCrony using aggregate, de-identified usage patterns.

Nothing publishes without your approval. The agent drafts; you approve. Pausing the agent stops all drafting and publishing.

7. AI processing

AiCrony is built on AI. To provide its features, relevant data is sent to AI providers acting as processors for us: Anthropic (planning, insights, draft content), Google Gemini (insights chat, copy and image generation), fal.ai (image generation), and OpenAI and Perplexity (AI visibility scans). What's sent depends on the feature: your business profile, your prompts and conversation history, connected-source summaries (e.g. Google Analytics or Clarity metrics), and content being drafted. We use these providers via their commercial APIs; we do not permit them to use your data for advertising, and we do not use your data to train our own models.

8. Who we share data with

We never sell personal data and never share it for advertising. Data is shared only with the service providers below (to run AiCrony), with platforms you connect (to publish what you approved), and if required by law.

ProviderPurpose
SupabaseDatabase, authentication, and file storage
VercelApplication hosting and scheduled jobs
Google CloudBackground processing and internal metrics
StripePayments and subscription billing
SendGrid (Twilio)Email delivery
ComposioManaged connections to social platforms and HubSpot
AnthropicAI planning, insights, and drafting
Google (Gemini, Analytics)AI features; site analytics
OpenAI, PerplexityAI visibility scans
fal.aiAI image generation

9. Email you receive from us

We send transactional email (scan reports, billing notices, approval digests) and, if you asked for a scan report, follow-up about it. Marketing-style email always includes a one-click unsubscribe and our postal address. Campaign emails we send on your behalf to your contacts include open and click tracking so we can show you campaign performance; scan-report emails to non-customers are not tracked.

10. Data retention and deletion

  • While your account is active, we keep your data so the product works. Cached data from a connected source is deleted when you disconnect it.
  • Export: you can export your contacts and campaign data as CSV from the app.
  • Deletion: delete your account yourself in Settings → Danger zone. This immediately and permanently deletes your account and associated personal data, stops any future subscription billing, and revokes access to accounts you connected — except records we must keep for legal, billing, or security reasons. You can also email support@aicrony.com from your account address and we'll do it for you. Scan opt-out addresses stay on the suppression list so we honor your opt-out.
  • Scan data: free-scan leads and reports are kept to deliver and let you claim your report; you can request deletion at the same address.

11. Security

All traffic is encrypted in transit (TLS). OAuth tokens, API keys, and connection credentials are encrypted at rest with AES-256-GCM. Database access is scoped per user with row-level security, and sensitive account actions are audit-logged. No system is perfectly secure, but we treat your credentials and your customers' data as the most sensitive things we hold.

12. Your contacts' data (you as the sender)

For contact lists you import and campaigns you send, you are the data controller and AiCrony is your processor: we use that data only to provide the service to you. We record consent and unsubscribe events, honor suppression lists, and never use your contacts' data for our own purposes or share it with other customers.

13. Children

AiCrony is a business tool and is not directed at children. We do not knowingly collect data from anyone under 16. If you believe a child has provided us data, contact us and we will delete it.

14. Changes to this policy

When we change this policy we'll update the date at the top. If a change affects how we use data from an account you've connected (including Google user data), we'll notify you and ask for consent before applying the new use.

15. Contact

Privacy questions or requests: support@aicrony.com.
EEKOTECH LLC dba AI Crony.