Privacy Policy
v1.0.1
September 17, 2025
Erlin AI Inc ("Company," "we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how your personal information is collected, used, and disclosed by Erlin.ai. This policy applies to our website (https://erlin.ai) and any related services (collectively, the "Service").
Erlin.ai is an AI Intelligence company providing comprehensive AI-powered content generation and content marketing services including Public relations services, Search engine optimization, Generative Engine Optimization (GEO), and Answer Engine Optimization (AEO) services.
By using our Service, you agree to the terms of this Privacy Policy and our Terms of Service.
I. Information We Collect
We collect two types of information:
1. Personal Information
This includes:
Name
Email address
Company name
Phone number
IP address
Account credentials and billing information
Content and data you provide through our Platform
Analytics data from connected third-party accounts (Google Analytics, Google Search Console, etc.)
Any additional information you choose to share with us
Workspace information (Slack workspace ID, team ID, user ID)
Data received from Slack events, slash commands, and system logs
Note: "If our app receives data from Slack that is not required for providing the Service, such data is discarded and not used."
2. Non-Personal Information
This includes anonymized data such as browser type, device information, referring URLs, time and date of visits, usage patterns, and other analytics.
We also collect information through cookies and third-party tools like Google Analytics and PostHog to understand user behavior and improve our services.
3. AI Platform Monitoring Data
As part of our AI visibility and brand perception analysis services, we collect:
Brand mentions and context from AI platforms and search engines
Competitive benchmarking data from publicly available sources
AI-generated responses and search results related to your brand
Performance metrics from various AI platforms and search engines
This may include limited Slack workspace metadata strictly necessary for app functionality. We do not use Slack data for advertising or unrelated purposes.
II. How We Use Your Information
We use your information to:
Provide and improve our Service
Deliver AI intelligence, analytics, and optimization recommendations
Monitor your brand's visibility across AI platforms and search engines
Perform competitive benchmarking and analysis
Generate AI-powered content and optimization suggestions
Respond to inquiries and support requests
Send product updates, offers, and marketing emails (you can opt-out anytime)
Analyze usage patterns and user behavior
Ensure security and prevent fraud
Service Improvement and Development
We may use aggregated, de-identified data derived from your use of the Services to improve and develop our Platform, AI models, and service offerings. This includes using patterns from user interactions, content performance data, and optimization results to enhance our algorithms and service quality. We will not use your specific personal data to train AI models for third parties or disclose your individual data in any identifiable form.
We may share data with trusted vendors who help us operate our platform, including infrastructure providers (like AWS and Supabase) and AI partners. These partners only process data under our instructions and in accordance with our data processing agreements.
III. Children's Privacy
We do not knowingly collect or solicit data from anyone under the age of 13. If we learn we have collected such data, we will delete it immediately. If you believe this has occurred, contact us at support@erlin.ai.
IV. Your Rights
As a GDPR-compliant platform, you have the right to:
Access, update, or delete your personal data
Object to processing or restrict usage
Withdraw consent for marketing communications
Request portability of your data
Lodge complaints with supervisory authorities
To exercise these rights, please contact support@erlin.ai.
You may request access, transfer, or deletion of your personal information at any time by contacting support@erlin.ai
Requests are processed within a reasonable timeframe.
V. Data Security
We use industry-standard measures like encryption, firewalls, and secure servers to protect your data. However, no online system is 100% secure, and we cannot guarantee absolute security.
VI. Third-Party Links
Our Service may contain links to third-party sites. We are not responsible for the privacy practices of these sites. Please review their policies before engaging.
VII. Policy Changes
We may update this Privacy Policy periodically. Major changes will be communicated via email or posted prominently on the site. Continued use of the Service after updates means you accept the changes.
VIII. Contact Us
If you have any questions, reach out at:
Erlin AI Inc
131 Continental Dr, Suite 305
Newark, DE 19713, USA
Email: support@erlin.ai
Phone: 646-797-3088
IX. Third-Party Service Providers
To deliver our services efficiently, we use third-party providers that may process your data on our behalf. These include:
Infrastructure and Platform Services:
Amazon Web Services (AWS) – for secure hosting and cloud infrastructure
Supabase – for database, authentication, and storage services
Google Analytics & PostHog – to help us analyze usage and improve user experience
AI Platform Partners:
OpenAI & Anthropic – to enable certain AI functionalities within our platform
Google AI Services – for AI-powered insights and optimization
Additional AI Platforms – including but not limited to ChatGPT, Perplexity, Claude, Gemini, and other AI platforms that we monitor and integrate with to provide our AI visibility and optimization services
Data and Analytics Partners:
Third-party APIs – for accessing search engine data, social media insights, and competitive intelligence
Analytics and monitoring tools – to track brand visibility across AI platforms and search engines
Any data shared with these tools is strictly for improving your experience and handled securely. Each provider is contractually obligated to safeguard your data, process it only for authorized purposes, and comply with applicable privacy regulations.
X. Data Retention
We retain your personal data for as long as necessary to:
Provide the services you've requested
Comply with our legal obligations
Resolve disputes and enforce our agreements
Improve our services through aggregated, de-identified data analysis
User Account Data: Retained until the account is deleted or the user requests removal.
Temporary Interaction Data (Slack slash command inputs, events, logs): Retained for no longer than 30 days, unless required for security, fraud prevention, or compliance.
After the applicable retention period, data is securely deleted or anonymized.
For service improvement purposes, we may retain de-identified and aggregated data derived from your usage indefinitely, as this data cannot be traced back to individual users. When personal data is no longer needed for the above purposes, we securely delete or anonymize it.
XI. AI-Powered Features and Data Processing
We may use AI services to process and respond to user input as part of our AI intelligence and content generation services. These interactions are designed to be secure, and your personal inputs are not used to train external AI models for third parties.
AI Intelligence and Analytics
Our AI visibility intelligence, analytics, and insights are built based on responses we receive from various AI platforms, LLMs, and API partners. This data processing includes:
Monitoring brand mentions across AI platforms
Analyzing AI-generated responses and search results
Processing competitive intelligence data
Generating optimization recommendations based on AI platform behavior
Data used with AI tools is handled in accordance with this Privacy Policy and under strict confidentiality agreements with our AI providers.
Content Generation Services
When you use our AI-powered content generation features:
Your input data is processed to generate personalized content and recommendations
Generated content is provided for your review and approval
We do not store or use your specific content inputs to train models for other users
All processing occurs within secure, encrypted environments
XII. International Data Transfers
Your information may be transferred to and processed in countries other than your country of residence. These countries may have data protection laws that are different from the laws of your country. When we transfer your personal information to other countries, we implement appropriate safeguards to protect your information in accordance with applicable data protection laws.
XIII. California Privacy Rights (CCPA)
If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):
Right to know what personal information is collected and how it is used
Right to delete personal information
Right to opt-out of the sale of personal information (Note: We do not sell personal information)
Right to non-discrimination for exercising your privacy rights
To exercise these rights, please contact us at support@erlin.ai.
XIV. Cookies and Tracking Technologies
We use cookies and similar tracking technologies to:
Maintain your login session
Remember your preferences
Analyze website usage and performance
Provide personalized content and recommendations
You can control cookie settings through your browser, but disabling cookies may affect the functionality of our Service.
XV. Business Transfers
In the event of a merger, acquisition, or sale of assets, your personal information may be transferred as part of the transaction. We will notify you via email or prominent notice on our website before your personal information becomes subject to a different Privacy Policy.
XVI. MCP Connector and Third-Party AI Assistant Access
This section describes how data is handled when you connect Erlin.ai to third-party AI assistants such as Anthropic's Claude (via the Claude Connectors Directory or as a custom connector) using our Model Context Protocol (MCP) server hosted at mcp.erlin.ai.
1. What the Connector Accesses
When you connect Erlin.ai to an AI assistant through our MCP server, the assistant can — only on your behalf and only with your active session — access the same data you can access through the Erlin.ai dashboard, including:
Brand visibility checks across AI platforms (ChatGPT, Gemini, Perplexity, and others)
Tracked prompts, collections, and visibility snapshots
Website analysis and recommendations
Google Analytics 4 (GA4) and Google Search Console (GSC) data — only when you have separately connected those accounts within Erlin.ai
Competitor tracking and favorites
Account metadata (subscription tier, available tool quotas)
The MCP server does not receive or transmit your AI assistant conversation history. Anthropic (or any other MCP client) only sees the responses to specific tool calls you or the assistant explicitly invoke.
2. Authentication and OAuth Token Handling
The MCP connector uses OAuth 2.1 for authentication. Our authentication is handled by Supabase acting as the authorization server (hosted on Supabase's infrastructure).
When you connect the AI assistant to Erlin.ai:
You are redirected to Supabase's authorization endpoint, where you sign in and grant consent
Supabase issues a short-lived JWT access token (typically valid for one hour) and a longer-lived refresh token
The access token is passed to the MCP server with each request and validated against Supabase's JWKS endpoint
Refresh tokens are rotated on each use; old refresh tokens are invalidated
Tokens are stored encrypted at rest by the AI assistant platform you use (e.g., Anthropic). Erlin.ai does not have visibility into or control over how that platform stores the token after issuance.
3. Third-Party Processors in the MCP Path
When the connector is in use, your data may pass through the following processors in addition to those listed in Section IX:
Supabase, Inc. — authentication and database services (authorization server + storage of your Erlin.ai account data)
The AI assistant platform you connect — for example, Anthropic (Claude). The assistant platform processes the tool calls and responses; its handling is governed by its own privacy policy
AI platforms we query on your behalf — OpenAI (ChatGPT), Anthropic (Claude), Google (Gemini, AI Overviews), Perplexity. These are queried only when you invoke a visibility check or related tool
Google — only if you have connected Google Analytics 4 or Google Search Console; access is read-only and scoped to the properties you select
4. Data Retention for MCP-Accessed Data
OAuth access tokens: issued for short lifetimes (typically one hour) and not persisted by Erlin.ai beyond the request lifecycle
Refresh tokens: retained until you revoke access or your account is deleted, whichever comes first
AI platform responses (visibility snapshots): retained for the lifetime of your account so you can view historical trends; deleted on account deletion or by individual snapshot deletion via the dashboard
Tool call audit logs: retained for 90 days for security, abuse-prevention, and debugging purposes, then deleted or anonymized
GA4 and GSC data accessed via the connector: cached for the duration of the sync window; raw data is not redistributed
5. Revoking Connector Access and Deleting Data
You can revoke an AI assistant's access to your Erlin.ai account at any time through any of the following methods. We recommend using all applicable methods together for complete revocation.
Method 1 - Disconnect within the AI assistant (immediate effect on that assistant)
Open the AI assistant's connectors or integrations panel (for example, in Claude: Settings → Connectors → Erlin → Disconnect) and disconnect Erlin.ai. This immediately stops the assistant from making further tool calls to your account. The access token is discarded by the assistant platform.
Method 2 - Manage integrations in Erlin.ai
Sign in to your Erlin.ai account and visit your integrations settings at https://app.erlin.ai/integrations. This page lists the third-party services connected to your account. Self-serve revocation of MCP connector sessions is being rolled out on this page; until that ships, Method 1 (assistant-side disconnect) combined with Method 3 (support request) provides full revocation.
Method 3 - Request session revocation by email
Email support@erlin.ai with the subject "Revoke MCP connector session" from the email address associated with your Erlin.ai account. Our team will invalidate all outstanding access and refresh tokens issued to AI assistants under your account within two business days. You will receive a confirmation email when revocation is complete.
Method 4 - Full account deletion
To delete your Erlin.ai account and all associated data - including OAuth tokens, refresh tokens, visibility snapshots, audit logs, and any synced GA4/GSC data - email support@erlin.ai with the subject "Delete my account." All personal data is deleted within 30 days of request, except where retention is required by law (for example, billing records). A confirmation email is sent when deletion is complete.
Important note on revocation scope: Revoking the connector does not by itself delete the underlying Erlin.ai data you have collected (visibility snapshots, GA4/GSC sync history, tracked prompts). If you want both the connector revoked and the data deleted, follow Method 4.
6. Read vs. Write Operations
The Erlin.ai MCP server exposes both read-only tools (e.g., listing prompts, fetching visibility data) and write tools (e.g., creating new prompts, triggering visibility checks). Write tools are clearly marked as destructive in the MCP tool annotations, and the AI assistant will prompt you for confirmation before executing them. No write operation can be performed on your data without an active, authenticated session. (edited)