Privacy Policy

Effective date: 21 April 2026 Last updated: 21 April 2026

Who we are

AEOps ("we", "us", "our") is an independent research publication operated by Pooj Morjaria under a UK Limited company registered in England & Wales. We publish original research on AI engine citation behaviour at aeops.io.

For any privacy-related questions, contact: privacy@aeops.io

What this policy covers

This Privacy Policy explains how we collect, use, store, and share personal data when you visit aeops.io or subscribe to our weekly email brief. It applies to all visitors and subscribers in the United Kingdom, the European Economic Area, and elsewhere.

Data controller

AEOps is the data controller for personal data collected through aeops.io. We are registered with the UK Information Commissioner's Office.

• ICO registration number: ZB184735
• Registered company name: Gambit Digital Solutions Limited
• Companies House number: 08493639

What data we collect

We collect only the data we need to deliver the publication and operate the site. Specifically:

When you subscribe to the weekly brief:

• Email address (required)
• First name (optional)
• Role or sector (optional, free-text or dropdown selection)
• The date and time you gave consent to receive the weekly brief
• The date and time you unsubscribed, if applicable

When you visit the site:

• Standard server logs (IP address, user agent, referrer, pages visited, timestamps) retained for security and aggregate analytics purposes
• Anonymised analytics data (page views, session duration, country-level location) where you have consented to analytics cookies

When you reply to a newsletter or contact us:

• The email content and any personal information you choose to share

We do not collect special-category personal data (health, biometric, political, religious, sexual orientation, etc.). Please do not send us this data.

Why we collect it (lawful basis under UK GDPR)

• Consent (Article 6(1)(a) UK GDPR): to send you the weekly brief and any optional follow-up emails you've opted into.
• Legitimate interests (Article 6(1)(f) UK GDPR): to operate the site securely, prevent abuse, understand aggregate readership, and improve the publication. Our legitimate interests do not override your fundamental rights and freedoms.
• Legal obligation (Article 6(1)(c) UK GDPR): to comply with applicable laws including UK GDPR, the Data Protection Act 2018, and the Privacy and Electronic Communications Regulations.

How we use your data

We use the data we collect to:

• Send you the weekly AEOps brief on Monday mornings
• Confirm your subscription and process unsubscribe requests
• Operate, secure, and improve the site
• Understand aggregate readership patterns (no individual profiling)
• Respond to direct enquiries
• Comply with legal obligations

We do not use your data for automated decision-making or profiling that produces legal or similarly significant effects.

Who we share your data with

We share data only with the service providers we need to operate the publication. Each provider acts as a data processor and is bound by appropriate data protection terms.

• Resend (email delivery) — receives your email address, first name, and the content of newsletters sent to you. Resend is operated by Resend Inc., USA. Data transfers outside the UK rely on the UK International Data Transfer Addendum and the EU Standard Contractual Clauses.
• Supabase (database and authentication) — hosts our subscriber database. Operated by Supabase Inc., USA. Data is stored in EU regions where available.
• Vercel (site hosting) — handles request routing and serves the site. Operated by Vercel Inc., USA.

We do not sell your personal data. We do not share it with advertisers, data brokers, or other third parties for marketing purposes.

We may disclose personal data if required by law, court order, or to protect the rights, safety, or property of AEOps, our subscribers, or others.

International transfers

Some of our service providers are based outside the UK. Where we transfer your personal data outside the UK, we rely on transfer mechanisms recognised by the UK Information Commissioner's Office, including the UK International Data Transfer Addendum to the EU Standard Contractual Clauses and the UK Extension to the EU-US Data Privacy Framework where applicable.

How long we keep your data

• Subscriber data is retained for as long as you remain subscribed, plus 12 months after unsubscribe to handle re-subscription, comply with legal obligations, and document consent under UK GDPR Article 7. After that period it is deleted.
• Server logs are retained for 30 days, then deleted or anonymised.
• Analytics data is retained for up to 26 months in aggregated, anonymised form.
• Email correspondence is retained for as long as needed to handle the matter, then deleted within 24 months unless required for longer by law.

Your rights

Under UK GDPR, you have the following rights:

• Right of access — request a copy of the personal data we hold about you.
• Right to rectification — ask us to correct inaccurate or incomplete data.
• Right to erasure — ask us to delete your personal data ("right to be forgotten") in certain circumstances.
• Right to restrict processing — ask us to stop using your data while a question about it is being resolved.
• Right to data portability — receive your data in a structured, commonly used, machine-readable format.
• Right to object — object to processing based on legitimate interests, including direct marketing.
• Right to withdraw consent — withdraw consent for any processing based on consent, at any time, without affecting the lawfulness of processing before withdrawal.
• Right not to be subject to automated decision-making — including profiling that produces legal or similarly significant effects (we do not do this).

To exercise any of these rights, email privacy@aeops.io. We will respond within one calendar month.

Unsubscribing

Every email we send contains a one-click unsubscribe link. You can also email privacy@aeops.io to be removed from the list. Unsubscribing takes effect immediately.

Cookies

We use a small number of cookies to operate the site and (with your consent) to understand aggregate readership. See our Cookie Policy for the full list.

Children's data

aeops.io is not directed at children under 16. We do not knowingly collect personal data from children. If you believe a child has subscribed, email privacy@aeops.io and we will delete the record promptly.

Security

We use industry-standard technical and organisational measures to protect your personal data, including encryption in transit (TLS), encrypted storage, access controls, and regular security reviews. No system is perfectly secure, but we work to reduce risk wherever possible. If we ever suffer a personal data breach that is likely to result in risk to your rights and freedoms, we will notify the ICO within 72 hours and inform affected subscribers without undue delay.

Complaints

If you have a concern about how we handle your personal data, please contact us first at privacy@aeops.io and we will work to resolve it.

You also have the right to lodge a complaint with the UK Information Commissioner's Office:

• Website: https://ico.org.uk/make-a-complaint/
• Helpline: 0303 123 1113
• Post: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF

Changes to this policy

We may update this Privacy Policy from time to time. The "Last updated" date at the top will reflect the most recent change. Material changes will be communicated via email to active subscribers before they take effect.

Contact

For privacy-related questions or requests, contact:

Email: privacy@aeops.io Postal: Gambit Digital Solutions Limited, [registered office address], United Kingdom