Data handling
What data a Noetio audit touches, what leaves your systems (nothing), which subprocessors see prompts, and how long artifacts are kept.
Audits run on public data
An audit queries public AI engines about your brand and reads your public website. It needs no access to your systems, analytics, CRM, or customer data. The only private inputs are your contact details and anything you choose to tell us on a call.
What subprocessors see
Running the audit means sending prompts to OpenAI, Google and Perplexity. Prompts contain buyer-style questions plus your brand or domain name, never your customer data. Hosting is Vercel; the database is EU-hosted Postgres (Supabase); payments are Stripe; scheduling is Cal.com.
Retention
Free-scan results are cached for 7 days. Audit artifacts are kept while you are a client and for 12 months after delivery so later re-runs can be compared against the original, then deleted on request or on schedule.
Where things live
Application data lives in an EU-hosted database. The website is served via a global CDN. Audit deliverables are prepared on EU-located infrastructure and shared with you directly.
The full statement, including GDPR rights and what we deliberately do not claim, is on the security page.