PRIVACY POLICY · v1.0 · 2026-05-16
Privacy Policy.
ANSWER · AEO-EXTRACTABLE
vAEO's data handling on vaeo.ai is minimal by design. We collect what we operationally need · we don't collect what we don't need · we name third-party services we route data through.
What we collect on vaeo.ai:
- Cal.com booking data (name · email · timezone · brief context · timeslot) for engagement scheduling
- Email correspondence from direct contact (vlad@vaeo.ai)
- Basic anonymized analytics (page views · session counts · referrer source · device class — via Cloudflare Web Analytics OR Plausible · privacy-respecting · OQ-WEB-11 vendor pending)
- AI crawler access logs (Cloudflare) — for L1 Access measurement on the dogfood case
What we don't collect:
- No contact form data (no contact form exists on vaeo.ai per DEC-WEB-006)
- No cookies for tracking (only session cookies where strictly necessary)
- No personal data fingerprinting · no behavioral profiling
- No newsletter list · no email marketing program at vaeo.ai
- No third-party advertising pixel placements
- No payment data on vaeo.ai (Stripe integration deferred к Phase 2)
Third-party services we route data through: Cal.com (booking) · Cloudflare (CDN + analytics) · Resend (transactional email if applicable) · Google Workspace (vlad@vaeo.ai email storage).
Your rights (GDPR + CCPA): access · deletion · portability · opt-out · rectification · restriction · objection · withdraw consent · lodge complaint with supervisory authority.
Contact for privacy inquiries: vlad@vaeo.ai · subject «Privacy Request» · response within 30 days per GDPR Article 12.
P1 · What we collect
Minimal data collection on vaeo.ai by design. We collect only what operational engagement requires:
Cal.com booking data
- Your name (required by Cal.com for confirmation email)
- Your email address (required for calendar invite + confirmation)
- Your timezone (auto-detected · for timeslot rendering)
- Brief context field (optional · 1-2 sentences about engagement)
- Selected timeslot
Email correspondence
If you email vlad@vaeo.ai directly · your email and
message content are stored in our email infrastructure (Google
Workspace · subject to Google's privacy terms applied to workspace
data).
Anonymized analytics
Page views · session counts · referrer source · device class · approximate country (NOT precise location). Collected via Cloudflare Web Analytics (privacy-respecting · no cookies · no fingerprinting) OR Plausible (privacy-respecting alternative · OQ-WEB-11 final vendor decision pending).
AI crawler access logs
GPTBot · ClaudeBot · PerplexityBot · Google-Extended · Bingbot · ChatGPT-User · OAI-SearchBot · Applebot-Extended access logs preserved as audit artifact (for the dogfood case measurement only).
P2 · What we don't collect
Explicit non-collection statement:
- No contact form data · contact form doesn't exist on vaeo.ai (per DEC-WEB-006)
- No tracking cookies · only session cookies where strictly necessary
- No advertising cookies · no cross-site tracking
- No personal data fingerprinting · no behavioral profiling
- No newsletter list · no email marketing program at vaeo.ai
- No third-party advertising pixels · no Google Ads tracking · no Facebook Pixel · no LinkedIn Insight Tag
- No payment data on vaeo.ai · Stripe integration deferred к Phase 2 · payments through invoiced direct payment in interim
- No data sold к third parties · no monetization through data resale
P3 · How we use the data we do collect
Purpose limitation principle (GDPR Article 5.1.b):
Cal.com booking data
- Scheduling the engagement call · sending confirmation + calendar invite · pre-call context preparation
- NOT used for marketing outreach unrelated к the scoped engagement
Email correspondence
- Responding to your inquiry · operational engagement coordination
- NOT used to build prospect lists · NOT sold to third parties
Anonymized analytics
- Aggregate site performance measurement · content priority decisions · technical performance monitoring
- Anonymized at collection (no PII · no fingerprinting)
- NOT linked к specific Cal.com bookings or email correspondents
AI crawler logs
- Dogfood case audit artifact (L1 Access measurement only)
- NOT linked к visitor identity (crawlers are bots · not people)
P4 · Third-party services we route data through
Per GDPR Article 13 + 14 disclosure obligation:
Cal.com (booking scheduling)
- Service: meeting booking + calendar coordination
- Data routed: name · email · timezone · context · timeslot
- Their privacy: cal.com/privacy
- DPA: in place (Cal.com is GDPR-compliant · operates EU + US data residency)
Cloudflare (CDN + Web Analytics)
- Service: site hosting + traffic delivery + anonymized analytics
- Data routed: HTTP request metadata · anonymized page-view events
- Their privacy: cloudflare.com/privacypolicy
- DPA: in place (Cloudflare is GDPR + CCPA compliant)
Resend (transactional email · if applicable)
- Service: email delivery infrastructure
- Data routed: email recipient address · email content
- Their privacy: resend.com/legal/privacy-policy
Google Workspace (email storage)
- Service: vlad@vaeo.ai email handling (sending · receiving · storage)
- Data routed: email correspondence in full
- Their privacy: workspace.google.com/terms/privacy
No other third-party services route data from vaeo.ai. No data brokers · no marketing automation platforms · no CRM that captures site visitor data.
P5 · Your rights
Per GDPR Articles 15-22 + CCPA Section 1798.100-1798.140:
You have the right to
- Access — request a copy of personal data we hold about you
- Rectification — request correction of inaccurate data
- Erasure — request deletion («right to be forgotten» · subject к operational necessity exceptions)
- Data portability — receive data in machine-readable format
- Restriction of processing — request we limit how we use your data
- Objection к processing — opt out of data processing based on legitimate interest
- Withdraw consent — where processing is consent-based · revoke consent at any time
- Lodge a complaint with supervisory authority — EU residents: AEPD (Spain) · others: applicable national DPA
California residents (CCPA)
- Right to know what personal information is collected
- Right to delete personal information
- Right to opt-out of sale (vAEO does not sell personal information)
- Right к non-discrimination for exercising privacy rights
How to exercise rights
Email vlad@vaeo.ai
· subject «Privacy Request — [type of request].» Response within 30
days per GDPR Article 12.
P6 · How long we keep data
Retention windows per data category:
| Category | Retention period |
|---|---|
| Cal.com booking data (active engagement) | Engagement duration + 12 months (warranty/dispute window) |
| Cal.com booking data (no engagement followed) | 6 months (lead-cycle window) |
| Email correspondence (active engagement) | Engagement duration + 24 months (operational + contract reference) |
| Email correspondence (no engagement) | 12 months |
| Anonymized analytics | 24 months rolling window |
| AI crawler logs (dogfood case artifact) | Indefinite (audit artifact · part of published case documentation) |
After retention period · data deleted permanently · no recovery possible. Earlier deletion available on request (GDPR Article 17 right to erasure).
P7 · When we update this policy
This policy versions independently. Updates reflect:
- New third-party services integrated (rare · we add services slowly + transparently)
- Regulatory change (GDPR amendments · CCPA replacements · new jurisdiction additions)
- Operational change in data handling
Version history: linked from this page footer. Material changes notified к active engagements via email 30 days before effective date. Non-material changes (typo fixes · clarifications) versioned without notification.
Current version: 1.0 · effective 2026-05-16.
P8 · Contact us about privacy
All privacy inquiries route to Vlad directly as data controller:
Response within 30 days per GDPR Article 12. Most requests resolved within 5 business days.
Data Protection Officer: not required for vAEO's data processing scale (no large-scale processing of special categories · no large-scale systematic monitoring). All data protection inquiries handled directly by Vlad as data controller.