AEO Brand Scan — Privacy Policy
Last updated: May 7, 2026
What this tool does
AEO Brand Scan is a free tool that checks how AI search engines (Claude, ChatGPT, Perplexity) describe your brand compared to competitors. It is available as a web form at genpicked.com/free-tools/scan, as a Claude Code plugin, and as a standalone shell script. It is built and operated by GenPicked (genpicked.com).
What data we collect
When you run a scan, you provide:
- Your brand name
- 1 to 3 competitor names
- A category or industry description
- Optionally: brand and competitor website domains (used only for logo display via Clearbit)
We also collect automatically:
- A SHA-256 hash of your IP address (for rate limiting and abuse prevention — we do not store your raw IP)
- The source of the scan (web form, Claude Skill, or ChatGPT App)
- A timestamp
If you choose to enter your email address (optional, prompted after your second scan), we store it to send you the full citation analysis and product updates.
How your data is processed
Your scan inputs (brand, competitors, category) are sent to the following third-party AI services to generate the scan results:
- Anthropic (Claude Haiku 4.5) — via Azure AI Services
- OpenAI (GPT-5-mini) — via Azure OpenAI
- Perplexity AI (Sonar Pro) — direct API
Each provider processes your inputs according to their own privacy policies and data processing agreements. We use enterprise-grade Azure deployments for Anthropic and OpenAI, which do not use your data for model training. Perplexity's Sonar Pro API operates under their standard API terms.
What we store
- An analytics event per scan (scan ID, source, brand name, category, visibility score, CTA branch, cost, hashed IP, timestamp) — stored in Azure Cosmos DB
- Scan results are cached in server memory for 1 hour to prevent duplicate API costs for the same query — this cache is not persisted to disk and is lost on server restart
- Your email address, if you provided it, is stored in Cosmos DB
We do not store:
- Raw AI model responses (only the scorecard summary is logged)
- Your raw IP address (only the SHA-256 hash)
- Competitor names in analytics (only your brand name and category)
Rate limiting and abuse prevention
To prevent abuse and control costs, the tool enforces:
- 5 scans per IP address per 24 hours
- 50 scans per source (web, Claude Skill, ChatGPT App) per hour
- A global daily cost cap of $50 USD — if this cap is reached, the tool returns a temporary “try again tomorrow” message
- Duplicate query detection: the same brand + category + IP combination within 1 hour returns a cached result without making new API calls
Logo display
If you provide a website domain, we generate a logo URL using Clearbit (logo.clearbit.com) and Google Favicons (google.com/s2/favicons). These are public, free services. Your domain is sent to them as part of the URL request — we do not send any other data to Clearbit or Google for this purpose.
Your rights
You can:
- Use the tool without providing an email address (scans work without it)
- Request deletion of your email and associated analytics data by emailing support@genpicked.com
- Request a copy of the data we hold about your email address
Since we store IP addresses only as irreversible SHA-256 hashes, we cannot look up or delete data by IP address alone.
Third-party subprocessors
| Provider | Purpose | Data sent |
|---|---|---|
| Anthropic (via Azure) | Claude Haiku probe | Brand, competitors, category (in prompt text) |
| OpenAI (via Azure) | GPT-5-mini probe | Brand, competitors, category (in prompt text) |
| Perplexity AI | Web-grounded probe + citations | Category (in prompt text) |
| Clearbit / Google | Logo display | Domain name (if provided) |
| Microsoft Azure | Hosting, Cosmos DB | All scan analytics + email (encrypted at rest) |
Changes to this policy
We may update this policy as the tool evolves. Material changes will be noted with an updated “Last updated” date at the top of this page.
Contact
Questions about this privacy policy or data handling? Email support@genpicked.com.