1. Introduction
Prequire is operated by M-Powered Marketing Solutions LLC, a California limited liability company (“we,” “us,” “Prequire”). This Privacy Policy describes what information we collect when you use the Prequire platform and website, how we use it, and the rights you have over your information.
By using Prequire, you agree to the practices described in this policy. If you do not agree, please discontinue use of the service.
2. What we collect
Account information. When you create an account, we collect your name, email address, and billing information necessary to process your subscription.
Usage data. We collect information about how you use the platform: pages visited, features used, audit runs initiated, and similar product analytics. This data helps us improve the product and diagnose issues.
Scan data. URLs and domain names you submit to the free audit tool or logged-in scanner are processed to generate your AEO scores and recommendations. We store audit results in your account so you can reference them over time. All scan data, audit results, query libraries, and content plans you submit or generate within Prequire remain your property. Prequire acts as a data processor, not an owner, of the content you create or submit.
Cookies and analytics. We use standard web analytics to understand aggregate traffic patterns. We do not use cross-site tracking cookies or share analytics data with advertising networks.
API keys. If you choose to use Prequire’s BYOK (bring-your-own-key) model, your API keys are stored encrypted at rest. See Section 4 for details on how BYOK keys are handled.
3. How we use your information
We use the information we collect to provide, maintain, and improve the Prequire platform; to process your subscription payments; to communicate with you about your account, product updates, and support requests; and to comply with our legal obligations.
We do not sell your personal information. We do not use your scan data or content to train AI models. We do not share your API keys with anyone — they are used solely to make calls to the relevant provider on your behalf.
Internal access. Prequire personnel access customer accounts and data only as necessary for support, troubleshooting, security investigations, or to comply with legal obligations. Access is logged and limited to authorized staff.
We may use aggregate, de-identified data (for example, “X% of sites we scan have an llms.txt file”) for product research and marketing. This data cannot be used to identify you.
4. The BYOK architecture
Prequire uses a bring-your-own-key model for AI model access. When you add an OpenAI, Anthropic, or Perplexity API key to your account, that key is encrypted at rest using AES-256-GCM and stored in our database. It is used only to make API calls to that provider on your behalf when you use features that require model access.
Account data, scan results, and audit history are stored in our Supabase database, which encrypts data at rest using AES-256 and in transit using TLS 1.2 or higher. Row-level security policies isolate customer data so that no customer can access another customer’s records.
Your prompts, model responses, and token usage are governed by that provider’s terms of service and privacy policy — not Prequire’s. Prequire does not store the content of your model requests or responses beyond what is necessary to display results in your dashboard session.
You can delete your stored API keys at any time from the Settings > API Keys page in your account. Deletion is immediate and permanent.
5. Subprocessors
We work with the following third-party service providers to operate the platform. Each is bound by its own privacy policy and data processing terms.
| Provider | Location | Purpose |
|---|---|---|
| Supabase Inc. | USA | Database, authentication, and row-level security |
| GoHighLevel (HighLevel Inc.) | USA | CRM, email, and lead management |
| Stripe / FastPayDirect | USA | Payment processing and subscription management |
| Cloudflare Inc. | USA | CDN, DNS, DDoS protection, and security |
| Liquid Web LLC | USA | Web hosting infrastructure |
| Anthropic, OpenAI, Perplexity | USA | AI model API providers, accessed via BYOK only |
We may update this list. Material changes will be posted to this page.
Business customers using Prequire to audit sites on behalf of their own clients are responsible for ensuring they have the authority to do so. A Data Processing Agreement (DPA) is available upon request — contact the address in Section 12.
7. Your rights
California residents (CCPA). As a California resident, you have the right to know what personal information we collect and how it is used; the right to request deletion of your personal information; the right to correct inaccurate personal information; and the right to opt out of the sale of your personal information. We do not sell personal information, so there is no sale to opt out of. To exercise any of these rights, email us at [email protected].
General rights. Regardless of where you are located, you may request access to the personal information we hold about you, request correction of inaccurate data, or request deletion of your account and associated data. We will respond to verified requests within a reasonable time frame, and no later than required by applicable law.
Data portability. You may request an export of your account data — including scan history, audit results, query libraries, and content plans — in a structured, machine-readable format. Email the address in Section 12 to request an export. We will fulfill verified requests within 30 days.
Account deletion. To delete your account and associated data, email [email protected] from your account email address. We will process deletion requests within 30 days. Note that some data may be retained for legal, accounting, or fraud-prevention purposes as permitted by applicable law.
8. Data retention
We retain account information while your account is active and for a reasonable period after account closure to comply with legal and accounting obligations. The specific retention period depends on applicable law, but is typically no longer than seven years for financial records.
Scan data and audit results are retained in your account until you delete them. You can delete individual audits or all data at any time from within your account.
API keys are retained only as long as they are stored in your account. They are deleted immediately when you remove them from Settings.
9. Security and breach notification
We maintain administrative, technical, and physical safeguards designed to protect your information, including encryption at rest and in transit, access controls, and regular security review of our subprocessors. No system is perfectly secure, and we cannot guarantee the absolute security of your information.
In the event of a data breach affecting your personal information, we will notify affected users without undue delay and within the timeframe required by applicable law — including, where applicable, within 72 hours of becoming aware of the breach under GDPR, and as required by US state breach notification laws.
10. Children
Prequire is not intended for users under the age of 13, and we do not knowingly collect personal information from children. If you believe a child has provided personal information to us, please contact us at [email protected] and we will delete it promptly.
11. Changes to this policy
We may update this Privacy Policy from time to time. Material changes — meaning changes that affect how we use your personal information in ways you would not reasonably expect — will be communicated via email to registered users and via a prominent notice in the product. The updated policy will carry a new effective date at the top of this page.
Continued use of Prequire after a policy update constitutes acceptance of the revised terms.
12. Contact
Privacy questions and rights requests:
[email protected]
M-Powered Marketing Solutions LLC
San Francisco, CA 94110
United States