Privacy Policy

Last updated: 2026-04-26

1. Data Controller

Blockchain and Marketing Solutions EOOD ("we", "us", "our") is the data controller responsible for your personal data collected through the AI Visibility service at aivisibilityshop.net.

Registered address: Nessebar, Bulgaria
Email: contact@aivisibilityshop.net
VAT: BG206543210

2. What Data We Collect

We collect the following categories of personal data:

- Contact information: email address, name (when provided)
- Website information: URL, niche/industry
- Payment information: processed securely by Stripe; we do not store credit card numbers
- Technical data: IP address, browser type, device information
- Consent records: timestamps and status of your privacy/terms/marketing consents
- Communication data: messages sent through the contact form

3. Purpose and Legal Basis

We process your data for the following purposes:

- Contract performance (Art. 6(1)(b) GDPR): to deliver the AI Visibility audit service you purchased
- Legitimate interest (Art. 6(1)(f) GDPR): to improve our services, prevent fraud, and ensure security
- Consent (Art. 6(1)(a) GDPR): for marketing communications and for analytics and conversion tracking through Meta Pixel and Google Analytics 4, when you opt in
- Legal obligation (Art. 6(1)(c) GDPR): to comply with tax, accounting, and regulatory requirements

4. Data Processors

We share your data with the following third-party processors:

- Stripe Inc. (USA) - payment processing. Stripe is certified under the EU-US Data Privacy Framework.
- Hetzner Online GmbH (Germany) - hosting infrastructure, data stored in the EU.
- Email service provider - for transactional and notification emails.
- Meta Platforms, Inc. (USA) - advertising measurement and conversion tracking through Meta Pixel. In US privacy mode this is enabled by default; you can opt out at any time via Cookie Settings, by selecting "Do Not Sell or Share My Personal Information", or by sending the Global Privacy Control (GPC) signal from your browser. We do not use advanced matching and do not send email addresses, names, website URLs submitted in forms, contact messages, or raw URL query strings to Meta through Pixel events.
- Google LLC (USA) - analytics and conversion measurement through Google Analytics 4. In US privacy mode analytics is enabled by default; you can disable it via Cookie Settings. Advertising-related signals to Google (used by GA4 Advertising Features and any future Google Ads remarketing) are gated independently and are turned off when you opt out of advertising or send GPC. Google LLC is certified under the EU-US Data Privacy Framework. We do not send email addresses, names, website URLs submitted in forms, contact messages, or raw URL query strings to Google through Analytics events.

5. Data Retention

We retain your personal data for the following periods:

- Order and transaction data: 7 years (legal/tax obligation)
- Lead/contact form data: 2 years or until you request deletion
- Analytics data: 26 months
- Consent records: retained for the duration of the relationship plus 3 years

After the retention period, data is securely deleted or anonymized.

6. International Transfers

Your data is primarily stored on servers located in Germany (Hetzner). Certain processors may transfer limited data to the USA under the EU-US Data Privacy Framework: Stripe for payment processing, Meta Platforms for advertising measurement (only with your marketing consent), and Google LLC for analytics (only with your marketing consent).

We do not transfer your data to any other third countries without appropriate safeguards (Standard Contractual Clauses or adequacy decisions).

7. Cookies and Tracking

We operate aivisibilityshop.net in US privacy mode: analytics and advertising technologies are enabled by default for visitors in the United States, and you can opt out of either category at any time. The full inventory of cookies and storage items used on the site is in our Cookie Policy.

- Essential cookies and storage: required for the site to function and process orders; these are always active.
- Analytics (Google Analytics 4): enabled by default. You can disable it in Cookie Settings.
- Advertising and remarketing (Meta Pixel and any future Google Ads remarketing): enabled by default unless you opt out. Opt out via "Do Not Sell or Share My Personal Information" (footer link or banner), via the Cookie Settings dialog, or by sending Global Privacy Control (GPC) from your browser.

Global Privacy Control (GPC) is treated as an opt-out signal. While GPC is active, advertising and remarketing are disabled and the advertising consent flags sent to Google Consent Mode v2 are denied; analytics remains enabled by default unless you also disable it in Cookie Settings.

Meta Pixel and Google Analytics 4 may receive limited technical and event data, such as page views, conversion event names, browser/device information, and advertising-related identifiers. We do not send personal information collected in our forms to either tool, including email address, name, submitted website URL, contact message, or raw URL query strings. We do not use Meta advanced matching. In Google Analytics 4 we send only a short whitelist of event parameters; any nested item data (such as product name or price) is re-sanitized per item before it leaves your browser.

Google Analytics 4 Advertising Features (Google Signals, demographics and interest reporting) are gated by the same advertising opt-out as the rest of the advertising category. They are not enabled in our GA4 property today; if we enable them in the future, this section and the Cookie Policy will be updated to disclose the change.

You can withdraw your choices by reopening Cookie Settings, clearing site data in your browser, or contacting us at contact@aivisibilityshop.net.

Payment processing is handled by Stripe under its own secure checkout flow.

8. Your Rights

Under the GDPR, you have the following rights:

- Right of access: request a copy of your personal data
- Right to rectification: correct inaccurate data
- Right to erasure: request deletion of your data
- Right to restrict processing: limit how we use your data
- Right to data portability: receive your data in a structured format
- Right to object: object to processing based on legitimate interest
- Right to withdraw consent: for marketing communications at any time

To exercise any of these rights, contact us at contact@aivisibilityshop.net. We will respond within 30 days.

9. Data Security

We implement appropriate technical and organizational measures to protect your personal data, including:

- TLS encryption for all data in transit
- Encrypted database storage
- Access controls and authentication
- Regular security reviews

10. Supervisory Authority

If you believe we have not handled your data correctly, you have the right to lodge a complaint with the Commission for Personal Data Protection (CPDP) of Bulgaria or the supervisory authority in your country of residence.

11. Changes to This Policy

We may update this Privacy Policy from time to time. The latest version will always be available on this page with the updated date. Material changes will be communicated via email to existing customers.