Privacy  & Cookie Policy

1. Data Controller & Contact

 

GoAimMySite is the data controller responsible for your personal data. If you have any questions about This Privacy Policy or how we handle your data, please contact us at support@goaimysite.com.

​

Last Updated: 17/11/2025

 

2. Data We Collect​

 

We collect and process several categories of personal data depending on how you interact with our Service.

 

2.1 Account & Registration Data

 

When you create an account or subscribe to our Service, we collect your name, email address, company name (if provided), and the URL of the website you wish to analyse. This information is necessary to create your account, deliver our Service, and communicate with you.

 

2.2 Billing Data

 

When you subscribe to a paid plan, we collect billing information necessary to process payments. Payment processing is handled by Stripe, which collects and processes payment card details, billing addresses, and transaction information on our behalf. We do not store complete payment card information on our servers. We receive and store limited payment information from Stripe, including the last four digits of your card, card type, expiration date, and transaction history, solely for account management and customer support purposes.

 

2.3 Website Content

 

When you submit your website URL for analysis, our Service automatically accesses and processes content from your website. This may include text content, HTML structure, metadata, images and media files, technical configuration, page load performance data, and publicly accessible information about your website. We process this content solely to generate your Analysis report. Website content is processed by our AI providers (ChatGPT, Gemini, Claude, and Perplexity) to generate recommendations and insights.

 

2.4 Communication Data

 

We collect the content of communications when you contact our support team, including emails, chat messages, and support tickets. We also collect email engagement data when you interact with our marketing and transactional emails, including email open rates, click-through rates, and email preferences.

 

2.5 Technical Data

 

We automatically collect certain technical information when you use our Service, including IP addresses, browser type and version, device information and operating system, referring URLs and pages visited, time spent on pages and features used, and cookies and similar tracking technologies. This data helps us operate our Service, diagnose technical issues, and improve user experience.

 

3. How We Use Data

​​

We use the personal data we collect for the following purposes.

 

3.1 Service Delivery

​

We use your data to provide and operate our Service, including analysing your website using AI technologies, generating Analysis reports with SEO recommendations and insights, delivering your Analysis to you via email notification, and providing customer support and responding to your inquiries. Your website content is processed by third-party AI providers (OpenAI, Google, Anthropic, and Perplexity) to generate the Analysis. These providers process website content in accordance with their respective privacy policies.

​

3.2 Payment Processing

​

We use billing information to process subscription payments, manage your account billing, handle refunds or billing disputes, and comply with tax and accounting requirements. Payment processing is conducted through Stripe in accordance with their privacy policy and PCI DSS compliance standards.

​

3.3 Communications

 

We send several types of emails to you as part of our Service. Transactional emails are sent via Wix and include account notifications (registration confirmation, password resets) and billing notifications (payment successful, payment failed, subscription cancelled). Marketing emails are sent via ActiveCampaign and include product updates and new features, tips for implementing recommendations, educational content about website optimisation, and promotional offers. You can opt out of marketing emails at any time using the unsubscribe link in each email. You cannot opt out of transactional emails, as they are necessary for the operation of our Service.

​

3.4 Service Improvement

​

We analyse usage data in aggregated and anonymised form to understand how our Service is used, identify areas for improvement, develop new features and enhance existing functionality, and optimise performance and user experience. We may use anonymised website analysis data to improve our AI models and algorithms. This data is stripped of identifying information and cannot be traced back to you or your website.

​

3.5 Security & Fraud Prevention

​

We use technical data to detect and prevent fraudulent activity, unauthorised access, and security threats, monitor for unusual patterns that may indicate abuse of our Service, and protect our systems and infrastructure.

​

3.6 Legal Compliance

​

We process data as necessary to comply with legal obligations, including tax reporting and audit requirements, responses to lawful requests from authorities, and enforcement of our Terms and Conditions.

 

4. Lawful Bases (UK/EU GDPR)

 

We process personal data under the following lawful bases as required by UK GDPR and EU GDPR.

 

Contract Performance: Processing is necessary to deliver the Service you have subscribed to, including account management, website analysis, report delivery, and customer support. Without this processing, we cannot provide our Service to you.

 

Legitimate Interests: We have legitimate interests in improving our Service through anonymised usage analytics, preventing fraud and ensuring security of our systems, conducting limited marketing to existing customers about relevant features and updates, and maintaining business records for accounting and audit purposes. We balance these interests against your rights and freedoms and ensure processing is proportionate and non-intrusive.

 

​Consent: For marketing emails (where consent is required by law) and for certain non-essential cookies and tracking technologies. You can withdraw consent at any time through unsubscribe links or cookie settings.

 

​Legal Obligations: Processing is necessary to comply with tax laws, audit requirements, and other legal obligations imposed on us as a business operating in the UK.

 

5. Data Sharing & Third-Party Services

 

We share personal data with trusted third-party service providers who help us operate our Service. These providers are carefully selected and are obligated to protect your data.

 

5.1 Website Hosting & Infrastructure

​

Our website is hosted on Wix, which processes technical data necessary to deliver our website, including IP addresses, browser information, and cookies. Wix also handles transactional email delivery on our behalf. Our application infrastructure is hosted on Vercel, which processes technical data necessary to deliver our Service, including IP addresses and request data. Both Wix and Vercel process data in accordance with their respective privacy policies and maintain appropriate security standards.

 

5.2 AI Processing

​

When we analyse your website, content from your website is processed by third-party AI providers to generate your Analysis. These providers include OpenAI (ChatGPT), which processes website content to generate recommendations and insights, Google (Gemini), which processes website content for analysis purposes, Anthropic (Claude), which processes website content for analysis purposes, and Perplexity, which may process website content for research and analysis. Each AI provider processes data in accordance with their respective privacy policies. We select providers that maintain appropriate data protection standards, but we do not control their data processing practices. Website content sent to AI providers may be processed in the United States or other countries outside the UK and EU.

 

5.3 Payment Processing

​

Payment processing is handled by Stripe, which collects and processes payment card information, billing addresses, and transaction data. Stripe is PCI DSS compliant and processes payment data in accordance with their privacy policy. We receive limited payment information from Stripe (last four card digits, card type, transaction history) solely for account management purposes.

​

5.4 Marketing & CRM

​

​We use ActiveCampaign to manage our marketing communications and customer relationships. ActiveCampaign processes your name, email address, and engagement data (email opens, clicks) to help us send relevant marketing messages and nurture communications. You can opt out of marketing emails at any time. ActiveCampaign processes data in accordance with their privacy policy and maintains appropriate security and data protection standards.

 

5.5 Analytics

​

We use Google Analytics and other analytics providers to measure website usage and understand user behaviour. These providers collect technical data including IP addresses (anonymised), browser information, pages visited, and time spent on pages. Analytics data is aggregated and anonymised. You can opt out of analytics cookies using our cookie banner.

​

5.6 Legal & Corporate Events

​

We may disclose personal data if required by law, court order, or governmental authority, or if we believe disclosure is necessary to protect our rights, your safety, or the safety of others, or to investigate fraud or security issues. In the event of a merger, acquisition, or sale of assets, personal data may be transferred to the acquiring entity, subject to the same privacy protections outlined in this Policy.

 

6. International Data Transfers

​

Our Service and third-party processors may transfer personal data outside the United Kingdom and European Economic Area. When we transfer data internationally, we ensure appropriate safeguards are in place.

 

Our AI providers (OpenAI, Google, Anthropic, Perplexity) may process website content in the United States and other countries. These providers implement appropriate safeguards for international transfers, including Standard Contractual Clauses (SCCs) approved by the European Commission or other legally recognized transfer mechanisms.

 

Stripe processes payment data internationally in accordance with their privacy policy and implements appropriate safeguards including SCCs. ActiveCampaign may process data in the United States and implements appropriate safeguards including SCCs.

 

We ensure that all international data transfers comply with UK GDPR requirements, including the use of the International Data Transfer Agreement (IDTA) approved by the UK ICO where applicable.

 

7. Retention

​

We retain personal data for as long as necessary to provide our Service, comply with legal obligations, resolve disputes, and enforce our agreements.

 

Account Data: We retain your account information (name, email, website URL) for the duration of your active subscription and for a reasonable period thereafter (typically 12 months) to handle any post-termination matters, respond to inquiries, or facilitate re-subscription. You can request earlier deletion.

 

Website Analysis Data: We retain your Analysis reports for the duration of your subscription and for a reasonable period thereafter to allow you to access historical reports. Anonymised, aggregated data derived from analyses may be retained indefinitely for service improvement purposes.

 

Billing Records: We retain billing and transaction records for the period required by UK tax and accounting regulations, typically seven years from the end of the financial year to which they relate.

 

Marketing Data: We retain marketing communication data until you unsubscribe or request deletion. After un-subscription, we retain your email address on a suppression list to ensure we do not contact you again.

 

Technical Logs: We retain technical logs and security data for troubleshooting and security purposes, typically for 12 to 24 months.

 

You can request deletion of your personal data at any time by contacting us. We will comply with deletion requests except where retention is required by law or for legitimate business purposes such as defending legal claims or resolving disputes.

 

8. Your Rights

​

Under UK GDPR and EU GDPR, you have the following rights regarding your personal data.

 

Right of Access: You can request a copy of the personal data we hold about you. We will provide this in a structured, commonly used format.

 

Right to Rectification: You can request correction of inaccurate or incomplete personal data. You can update most account information directly through your account settings.

 

Right to Erasure: You can request deletion of your personal data in certain circumstances, including when the data is no longer necessary for the purposes for which it was collected, when you withdraw consent (where processing is based on consent), or when you object to processing based on legitimate interests.

 

Right to Data Portability: You can request a copy of your personal data in a structured, machine-readable format, and you can request that we transmit this data directly to another service provider where technically feasible.

 

Right to Restriction: You can request that we limit how we use your personal data in certain circumstances, such as when you contest the accuracy of the data or object to processing.

 

Right to Object: You can object to our processing of your personal data for direct marketing purposes at any time by using the unsubscribe link in marketing emails. You can also object to processing based on legitimate interests by explaining your particular situation.

 

Right to Withdraw Consent: Where we process data based on consent (such as for marketing emails or certain cookies), you can withdraw that consent at any time. Withdrawal does not affect the lawfulness of processing before withdrawal.

 

Right to Lodge a Complaint: You can lodge a complaint with the Information Commissioner's Office (ICO) in the UK or your local data protection authority in the EU if you believe we have not handled your personal data appropriately.

 

To exercise any of these rights, please contact us at support@goaimysite.com. We will respond to your request within one month. In some cases, we may need to verify your identity before processing your request.

 

9. Cookies and Tracking Technologies

 

We use cookies and similar tracking technologies to operate our Service, analyse usage, and deliver personalised experiences.

 

9.1 What Are Cookies

 

Cookies are small text files stored on your device by your web browser. They allow websites to remember your preferences, recognise you on return visits, and collect information about how you use the site.

 

9.2 Types of Cookies We Use

 

Essential Cookies: These cookies are necessary for our Service to function properly. They enable core functionality such as account authentication and login, session management and security, form submission and data processing, and basic site navigation. Essential cookies cannot be disabled without affecting service functionality. These cookies do not require your consent as they are strictly necessary for the operation of our Service.

 

Analytics Cookies: We use analytics cookies to measure website usage, understand user behaviour, and improve our Service. These cookies collect information about pages visited, time spent on pages, navigation patterns, and technical information (browser, device, screen resolution). Analytics data is aggregated and anonymised. We primarily use Google Analytics. Analytics cookies are stored for up to 2 years. You can opt out of analytics cookies using our cookie banner or through your browser settings.

 

Marketing Cookies: We use marketing cookies to track email engagement and measure the effectiveness of our marketing campaigns. These cookies help us understand which marketing messages are most relevant to you and measure conversion rates from marketing emails. We use ActiveCampaign for marketing cookies. Cookie duration varies by specific cookie. You can opt out of marketing cookies using our cookie banner.

 

9.3 Cookie Management

 

When you first visit our website, you will see a cookie banner allowing you to accept or reject non-essential cookies (analytics and marketing). Your choice is stored for 12 months. You can change your cookie preferences at any time by clicking the cookie settings link in our website footer or by clearing your browser cookies and revisiting our site.

 

You can also control cookies through your browser settings. Most browsers allow you to view, manage, and delete cookies. Please note that disabling essential cookies will affect the functionality of our Service. Disabling analytics or marketing cookies will not affect core Service functionality but may result in a less personalized experience.

 

9.4 Do Not Track

 

Some browsers include a "Do Not Track" (DNT) feature that signals to websites that you do not want to be tracked. Our Service does not currently respond to DNT signals, as there is no industry-wide standard for how to interpret and respond to these signals. You can control tracking through our cookie banner and browser settings.

 

10. Data Security

 

We implement appropriate technical and organisational measures to protect personal data against unauthorised access, alteration, disclosure, or destruction.

 

Encryption: We encrypt data in transit using TLS/SSL protocols to protect data transmitted between your browser and our servers. We encrypt sensitive data at rest, including certain account information and billing data.

 

Access Controls: We restrict access to personal data to authorised personnel who need it to perform their job functions. We implement role-based access controls and strong authentication requirements. We regularly review and audit access permissions.

 

Security Monitoring: We monitor our systems for security threats, vulnerabilities, and unusual activity. We conduct regular security assessments and apply security updates promptly. We maintain incident response procedures to address security breaches.

 

Vendor Security: We require third-party service providers to implement appropriate security measures and comply with data protection requirements. We conduct due diligence on vendors before engagement and periodically review their security practices.

 

Employee Training: We train our employees on data protection principles and security best practices. We maintain confidentiality obligations for all personnel with access to personal data.

 

Despite our security measures, no system is completely secure. We cannot guarantee absolute security of personal data transmitted over the internet or stored on our systems. If you become aware of any security vulnerability or breach, please contact us immediately at support@goaimysite.com.

​

11. Children's Privacy

 

Our Service is not directed to children under the age of 16. We do not knowingly collect personal data from children. Our Service is designed for business users and website owners, who are typically adults. If you believe we have inadvertently collected data from a child under 16, please contact us immediately at support@goaimysite.com, and we will delete it promptly.

​

12. Automated Decision-Making

 

Our Service uses AI technologies to analyse websites and generate recommendations. This automated analysis does not involve profiling or automated decision-making that produces legal effects or similarly significantly affects you. The Analysis we provide is advisory in nature. You retain full control over whether and how to implement our recommendations. You are not subject to any automated decisions that would affect your legal rights or have significant consequences without human oversight.

​​

13. B2B Prospecting Activities

​

In addition to our AI My Site service, we conduct business-to-business (B2B) prospecting activities to identify and reach out to potential business customers who may benefit from our services. This section explains how we collect, use, and protect personal data in connection with our prospecting activities.

​

13.1 Data We Collect for Prospecting

​

We collect and process contact information for B2B prospecting purposes including:

​

• Business email addresses

• First and last names

• Job titles and positions

• Company names and domains

• Company size and location (for targeting purposes)

• Publicly available professional information

 

This information is sourced from publicly available sources via third-party B2B data providers and is used solely for the purpose of reaching out to potential business contacts.

​

13.2 How We Source Prospecting Data

​

We use Hunter.io, a B2B data provider, to source contact information for prospecting purposes. Hunter.io provides email addresses, names, job titles, and company information sourced from publicly available information on the internet, including company websites, professional directories, and other public sources.

​

Hunter.io processes data in accordance with their privacy policy and GDPR requirements. Hunter.io may process data in the United States and implements appropriate safeguards including Standard Contractual Clauses (SCCs) approved by the European Commission.

​

We do not share your personal data with Hunter.io. Hunter.io only provides us with contact information they have already collected from public sources. For more information about Hunter.io's data practices, see their privacy policy at https://hunter.io/privacy-policy.

​

13.3 Lawful Basis for Prospecting

​

We process contact information of business professionals under the lawful basis of Legitimate Interest (GDPR Article 6(1 )(f)) for B2B marketing purposes.​ Our legitimate interest: Identifying and reaching out to potential business customers who may benefit from our services. Balancing test: We have assessed that our interest in B2B marketing does not override the rights and freedoms of individuals because:

​

• We only contact business email addresses associated with corporate domains (not personal email addresses such as Gmail or Hotmail)

• We target specific business roles and company profiles relevant to our services

• We provide clear opt-out mechanisms in every communication

• We maintain a suppression list to prevent re-contact after opt-out

• We comply with UK Privacy and Electronic Communications Regulations (PECR) and ePrivacy regulations

• We limit the frequency and nature of our communications

​

13.4 UK PECR Compliance

​

Under the UK Privacy and Electronic Communications Regulations (PECR) Regulation 22, we may send marketing emails to corporate email addresses without prior consent, provided:

​

• The email is sent to a corporate subscriber (business email address at a company domain)

• We clearly identify ourselves in the email

• We provide a valid contact address

• We offer a simple means to opt out (unsubscribe link)

​

We distinguish between corporate email addresses (e.g., john@company.com) and personal email addresses (e.g., john@gmail.com). We only send prospecting emails to corporate email addresses associated with business roles relevant to our services.

 

Personal email addresses require explicit consent before we send marketing communications. We do not send prospecting emails to personal email addresses.

​

13.5 How We Use Prospecting Data

​

We use prospecting data for the following purposes:

​

• Identifying potential business customers who may benefit from our services

• Sending initial outreach emails introducing our services

• Following up with prospects who have shown interest

• Tracking engagement with our prospecting communications

• Managing our prospecting campaigns and measuring effectiveness

 

We do not use prospecting data for any other purpose, and we do not sell or rent prospecting data to third parties.

​

13.6 Retention of Prospecting Data

​

We retain prospect contact information for the duration of our prospecting campaigns and for a reasonable period thereafter to track engagement and prevent duplicate outreach.

 

Active Prospects: We retain contact information for prospects who have not opted out for up to 12 months from the date of first contact. During this period, we may send follow-up communications if you have engaged with our initial outreach.

 

Engaged Prospects: Prospects who engage with our communications (reply to emails, visit our website, request information) may be retained longer as potential or active customers. If you become a customer, your data will be processed in accordance with the main sections of this Privacy Policy.

 

Unengaged Prospects: Prospects who do not engage with our communications within 30-90 days may be automatically removed from our active contact list. However, their email addresses are retained in our suppression list (see below) to prevent re-contact.

 

Opted-Out Prospects: Prospects who opt out are immediately moved to our suppression list and are not contacted again. Suppression list data is retained indefinitely to ensure we respect your communication preferences.

​

13.7 Suppression List (Do Not Contact List)

​

We maintain a suppression list (also known as a "do not contact" list) containing email addresses of individuals who have:

​

• Opted out of our communications via unsubscribe links

• Requested deletion of their data

• Marked our emails as spam

• Bounced repeatedly or indicated invalid email addresses

​​

Email addresses on the suppression list are retained indefinitely to ensure we do not contact these individuals again, even if their information is re-discovered through our prospecting activities. This retention is necessary for our legitimate interest in respecting individuals' communication preferences and complying with data protection law.

 

Suppression list data is limited to email addresses and opt-out dates. We do not retain other personal information for suppressed contacts unless required for legal compliance or to defend against legal claims.

​

13.8 Your Rights Regarding Prospecting Data

​

If you have received a prospecting email from us and wish to exercise your data protection rights, you can:

 

• Right to Opt Out: Click the unsubscribe link in any email we send you. You will be immediately added to our suppression list and will not receive further prospecting communications from us.

• Right of Access: Email support@goaimysite.com to request a copy of the personal data we hold about you. We will provide this information in a structured, commonly used format within one month.

• Right to Rectification: Email support@goaimysite.com to request correction of inaccurate or incomplete personal data.

• Right to Erasure: Email support@goaimysite.com to request deletion of your personal data. We will delete your data except for your email address, which will be retained on our suppression list to ensure we do not contact you again.

• Right to Object: You can object to our processing of your personal data for prospecting purposes at any time by clicking the unsubscribe link in our emails or by emailing support@goaimysite.com. We will immediately cease processing your data for prospecting purposes.

• Right to Lodge a Complaint: You can lodge a complaint with the Information Commissioner's Office (ICO) in the UK at https://ico.org.uk if you believe we have not handled your personal data appropriately.

 

We will respond to your request within one month. In some cases, we may need to verify your identity before processing your request.

​

13.9 Security of Prospecting Data

​

We implement the same security measures for prospecting data as we do for customer data, including:

​

• Encryption of data in transit using TLS/SSL protocols

• Encryption of sensitive data at rest

• Access controls restricting access to authorised personnel only

• Regular security assessments and monitoring

• Secure storage in databases with appropriate technical and organisational safeguards

​

Our prospecting database is hosted on secure infrastructure with encryption at rest (AES-256 ) and is subject to the same security standards as our customer data.

​

13.10 Data Sharing for Prospecting

​

We share prospecting data with the following third-party service providers:

​

• ActiveCampaign (Email Delivery): We use ActiveCampaign to send prospecting emails and track engagement (email opens, clicks). ActiveCampaign processes your name, email address, and engagement data in accordance with their privacy policy. ActiveCampaign may process data in the United States and implements appropriate safeguards including Standard Contractual Clauses (SCCs).

• Hunter.io (Data Sourcing): As described in Section 13.2, we use Hunter.io to source prospecting data. Hunter.io provides us with contact information they have already collected from public sources. We do not share your data with Hunter.io.

​​

We do not sell, rent, or share prospecting data with any other third parties except as required by law or as described in Section 5.6 (Legal & Corporate Events) of this Privacy Policy.

​

13.11 International Data Transfers

​

Prospecting data may be transferred outside the United Kingdom and European Economic Area to third-party service providers (Hunter.io, ActiveCampaign) who process data in the United States and other countries.

​

We ensure that all international data transfers comply with UK GDPR requirements, including:

​

• Use of Standard Contractual Clauses (SCCs) approved by the European Commission

• Use of the International Data Transfer Agreement (IDTA) approved by the UK ICO where applicable

• Ensuring that third-party processors implement appropriate technical and organisational safeguards

​​

13.12 Automated Decision-Making in Prospecting

​

Our prospecting activities involve limited automated decision-making to identify potential business contacts who match our target criteria (company size, location, industry, job role). This automated filtering does not produce legal effects or similarly significantly affect you.

​

All prospecting communications are reviewed and approved by human personnel before being sent. You are not subject to any automated decisions that would affect your legal rights or have significant consequences without human oversight.

​

13.13 Changes to Prospecting Practices

​

We may update our prospecting practices from time to time to reflect changes in our business, technology, or legal requirements. Material changes to how we collect, use, or share prospecting data will be reflected in updates to this section of our Privacy Policy.

 

We will post the updated policy on our website with a new "Last Updated" date. For material changes, we will provide notice through our website or other appropriate channels.

​

14. Updates to This Policy

 

We may update this Privacy Policy from time to time to reflect changes in our practices, Service features, legal requirements, or third-party services we use. We will post the updated policy on our website with a new "Last Updated" date. For material changes that significantly affect how we collect, use, or share your personal data, we will notify you by email or through a prominent notice in our Service at least 30 days before the changes take effect.

 

Your continued use of our Service after the effective date of an updated Privacy Policy constitutes acceptance of the updated policy. If you do not agree to the updated policy, you must stop using our Service and may cancel your subscription.

 

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your data.

​

14. Contact Us

 

If you have questions about this Privacy Policy, how we handle your personal data, or wish to exercise your data protection rights, please contact us at support@goaimysite.com or write to us at GoAimMySite, 124 City Road, London, EC1V 2NX.

 

We will respond to your inquiry within a reasonable timeframe, typically within one month. For complex requests, we may extend this period by an additional two months and will notify you of any extension.