Skip to main content
Legal Document

Customer Privacy Disclosure

Last updated: May 30, 2026

This page provides a model privacy disclosure for AIOX Suite customers to adapt for their own websites.

When you install the AIOX Suite plugin or any AIOX app on a website you operate, AIOX receives visitor data from that site — including full IP addresses — on your behalf, as your data processor. Most privacy regimes (the GDPR, the UK GDPR, the CCPA / CPRA, the LGPD, Quebec Law 25, and similar laws) require you, as the data controller for that visitor data, to disclose this processing in your own privacy notice. This page gives you a starting point.

This page is provided for convenience only. It is not legal advice. We recommend reviewing the model paragraph with privacy counsel familiar with your jurisdiction before publishing it on your site.

How to use this page

  1. Copy the model paragraph in section 1 below.
  2. Replace the bracketed placeholders ([YOUR CONTACT EMAIL], etc.) with the relevant details for your site.
  3. Paste it into the analytics / cookies / data-processing section of your existing privacy notice — or, if your site has no privacy notice, into a new one.
  4. Make sure your privacy notice is reachable from every page of your site.
  5. If your jurisdiction requires a consent banner before any data is captured, make sure your consent mechanism is configured and triggers before the AIOX Suite plugin is allowed to send data.

1. The model paragraph

How we use AIOX Suite for AI traffic analytics and bot detection

This site uses AIOX Suite (operated by AIOX Suite, a service available at aioxsuite.com) to detect and classify automated traffic from AI assistants and crawlers, to prevent abusive traffic, to generate AI-discoverability analytics, and to publish AI-licensing signals on our behalf. To deliver these features, the AIOX Suite plugin installed on this site captures and transmits to AIOX, for every inbound request to this site, the following data:

  • The visitor's full IP address (IPv4 or IPv6);
  • The user-agent string;
  • The request path, HTTP method, and response code;
  • HTTP header order and TLS fingerprint;
  • Behavioural metrics (request rate, JavaScript-execution probes, cookie behaviour);
  • Classifier output (the bot family the visitor was identified as, where applicable, and the action taken).

This data is captured for every visitor regardless of how the visitor is ultimately classified — human, AI crawler, search engine, social agent, declared bot, or unidentified. AIOX does not set cookies on visitors' devices to capture this data; the capture is from request metadata only.

We process this data on the legal basis of our legitimate interest in securing this site, preventing abuse, enforcing our acceptable-use rules, and operating AI-discoverability analytics. You may object to this processing by contacting us at [YOUR CONTACT EMAIL].

AIOX acts as our data processor for the visitor data described above. AIOX's own data practices, retention periods, and subprocessor list are described in its Privacy Policy at aioxsuite.com/aiox-privacy/ and its subprocessor list at aioxsuite.com/aiox-subprocessors/.

Visitor data captured for this site is retained for [RETENTION PERIOD — typically 30 to 365 days, depending on your AIOX plan]. Aggregate statistics derived from the data may be retained longer for analytics continuity.

You have the right to request access to, correction of, or deletion of your personal data, and to object to or restrict its processing. To exercise these rights, contact us at [YOUR CONTACT EMAIL]. Where applicable law permits, you may also lodge a complaint with your data-protection supervisory authority.

2. Placeholders to replace

  • [YOUR CONTACT EMAIL] — the address visitors use to reach you with privacy questions;
  • [RETENTION PERIOD] — the retention window on your AIOX plan; check Analytics → Settings → Automatic Cleanup in your dashboard for the current value.

3. Optional clauses to add

3.1 If you're subject to the CCPA / CPRA (California)

If you are a California resident, the categories of personal information described above are processed by us for a "business purpose" within the meaning of the CCPA. We do not sell or share visitor data for cross-context behavioural advertising. To submit a request under California law, contact us at [YOUR CONTACT EMAIL].

3.2 If you list your subprocessors

AIOX is included in our list of subprocessors. AIOX's own subprocessors (which include cloud hosting providers, our payment processor Stripe, and third-party AI providers Google, OpenAI, Anthropic, and Perplexity) are listed at aioxsuite.com/aiox-subprocessors/.

3.3 If your jurisdiction requires consent rather than legitimate interest

We process this data on the legal basis of your consent, which we request through our cookie / consent banner before any visitor data is captured by AIOX Suite. You may withdraw your consent at any time by adjusting your preferences in the banner or by contacting us at [YOUR CONTACT EMAIL]. Withdrawal of consent does not affect the lawfulness of processing carried out before the withdrawal.

4. Things this paragraph does not cover

The model paragraph addresses only the visitor data captured by AIOX Suite. It does not cover:

  • Cookies set by your own site (analytics, advertising, embedded video, social widgets, etc.) — these need their own disclosure;
  • Personal data your site collects through forms, accounts, or e-commerce flows;
  • Third-party scripts running on your site that are not part of AIOX;
  • Your obligations under sector-specific regimes (HIPAA, COPPA, the EU AI Act, etc.).

5. Questions

If you have a question about AIOX's processing of visitor data on your behalf, contact our privacy team at privacy@aioxsuite.com. We can also provide a separate Data Processing Addendum on request.

This page is provided for convenience only. It is not legal advice.