Privacy Policy

1. Introduction

Reboot Media Inc. ("we," "us," or "our"), operating the Xomer AI Engine Optimization service at xomer.ai, is committed to protecting the privacy of our clients and website visitors. This Privacy Policy explains what information we collect, how we use it, who we share it with, and your rights with respect to your data.

By using xomer.ai, submitting your website for a free audit, or subscribing to any Xomer service, you agree to the collection and use of information as described in this policy.

2. Information We Collect

From Free Audit Submissions:

• Business name and contact person name
• Email address (used to send audit results)
• Website URL (fetched and analyzed to produce audit score)
• Business city or service area

From Paid Subscribers:

• Name and email address
• Business information provided during onboarding (company details, services, target market)
• Payment information processed by Stripe (we do not store card numbers)
• Subscription tier and billing history
• Questionnaire responses provided to inform your AEO strategy

From White-Label / Agency Inquiries:

• Agency name and contact person name
• Email address
• Number of clients served

Website Content (for Audit and Optimization):

• We fetch and analyze the publicly accessible pages of any website URL you submit
• This analysis includes meta tags, structured data (schema markup), page content, robots.txt, and other publicly visible technical elements
• We do not access password-protected, login-gated, or non-public areas of any website

Automatically Collected Data:

• IP address and approximate geographic location
• Browser type and version
• Pages visited on xomer.ai and time spent
• Referring URL

3. How We Use Your Information

• To generate and deliver your free AEO audit results by email
• To onboard you as a subscriber and deliver monthly/quarterly AEO reports
• To produce your personalized AEO implementation guide
• To process subscription payments and manage billing via Stripe
• To send service communications (onboarding, report delivery, billing notices)
• To respond to your inquiries and support requests
• To improve our audit scoring methodology and service quality (using aggregated, non-identifying patterns — never your specific business data shared with other clients)
• To comply with applicable legal obligations

We do not use your information to train third-party AI models and do not sell, rent, or trade your personal information to any third party for marketing purposes.

4. AI Processing of Your Data

Our service involves querying third-party AI engines (ChatGPT/OpenAI, Claude/Anthropic, Perplexity, Google) with queries related to your business category and location in order to measure your AI Share of Voice. These queries do not include your personal information — they use industry/location/service descriptors consistent with what a potential customer might ask.

For audit and report generation, we may use AI language models (via OpenRouter or direct API) to analyze your website content, draft recommendations, and summarize findings. Inputs to these models include publicly available content from your website. We do not send payment card data, personally sensitive information, or passwords to any AI model.

AI processing is performed under our data processing agreements with each provider. We use OpenRouter as a routing layer for multi-model AI processing; queries are subject to OpenRouter's data handling policies in addition to each model provider's policies.

For Share of Voice measurement, we construct queries using general business category descriptors, geographic service areas, and service type terms derived from information you provide during onboarding. These queries do not include your personal name, contact details, or subscription status. Query construction is AI-assisted and subject to the same AI processing disclosures above.

5. Data Sharing and Third-Party Services

We share your data only with service providers necessary to operate Xomer, under appropriate data protection agreements:

We do not share your data with advertisers, data brokers, or other clients. Legal disclosures may be made when required by court order, law enforcement request, or applicable law.

6. Data Security

We implement industry-standard security measures including:

• TLS/HTTPS encryption for all data in transit
• Encrypted storage for sensitive credentials and API keys
• Access controls limiting data access to authorized personnel only
• Regular review of third-party service security practices

No system is completely secure. We cannot guarantee absolute security of data in transit or storage. In the event of a data breach affecting your personal information, we will notify you within 72 hours of discovery and cooperate with applicable notification requirements.

7. Data Retention

You may request deletion of your personal data at any time. We will fulfill deletion requests within 30 days, except where retention is required by law (e.g., billing records) or where data has been anonymized and is no longer personal data.

8. Cookies and Tracking

xomer.ai uses minimal cookies necessary for website functionality:

• Essential cookies: Required for checkout and form functionality
• Analytics: Aggregated page view data to understand site usage (no personally identifying tracking)

We do not use advertising cookies, behavioral tracking, or retargeting pixels. You can disable cookies in your browser settings; doing so may affect checkout and form functionality.

9. Your Data Rights

California Residents (CCPA/CPRA):

• Right to know what personal information we collect and how it is used
• Right to opt-out of sale of personal information (we do not sell personal information)
• Right to delete personal information (subject to legal retention requirements)
• Right to correct inaccurate personal information
• Right to non-discrimination for exercising these rights

EU / UK Residents (GDPR):

• Right to access the personal data we hold about you
• Right to rectification of inaccurate data
• Right to erasure ("right to be forgotten")
• Right to restrict processing
• Right to data portability
• Right to object to processing based on legitimate interests
• Rights related to automated decision-making

Our legal basis for processing is contractual necessity (to deliver services you requested) and legitimate interests (service improvement, security). We will respond to rights requests within 30 days. To exercise any right, email [email protected].

10. Children's Privacy

Xomer services are intended for businesses and business professionals only. We do not knowingly collect personal information from anyone under 13 years of age. If we become aware that we have collected information from a child under 13, we will delete it promptly.

11. International Data Transfers

Our services and infrastructure are operated in the United States. Data may also be processed by our service providers in other countries. By using Xomer services, you consent to your data being transferred to and processed in the United States and other countries where our service providers operate. We ensure appropriate safeguards are in place where required by applicable law.

12. Changes to This Policy

We may update this Privacy Policy to reflect changes in our practices or applicable law. Material changes will be communicated to subscribers by email at least 14 days before taking effect. The updated policy will be posted at xomer.ai/privacy with the new effective date. Continued use of our services after the effective date constitutes acceptance of the updated policy.

13. Contact Information