Data handling

What data a Noetio audit touches, what leaves your systems (nothing), which subprocessors see prompts, and how long artifacts are kept.

Audits run on public data

An audit queries public AI engines about your brand and reads your public website. It needs no access to your systems, analytics, CRM, or customer data. The only private inputs are your contact details and anything you choose to tell us on a call.

What subprocessors see

Running the audit means sending prompts to OpenAI, Google and Perplexity. Prompts contain buyer-style questions plus your brand or domain name, never your customer data. Hosting is Vercel; the database is EU-hosted Postgres (Supabase); payments are Stripe; scheduling is Cal.com.

Retention

Free-scan results are cached for 7 days. Audit artifacts are kept while you are a client and for 12 months after delivery so later re-runs can be compared against the original, then deleted on request or on schedule.

Where things live

Application data lives in an EU-hosted database. The website is served via a global CDN. Audit deliverables are prepared on EU-located infrastructure and shared with you directly.

The full statement, including GDPR rights and what we deliberately do not claim, is on the security page.

On this page