What is AI visibility and why does it matter for e-commerce?

AI visibility refers to how easily AI assistants like ChatGPT, Perplexity, and Gemini can find, understand, and recommend your business. As more consumers use AI instead of traditional search engines to find products and services, businesses without structured data are invisible to this growing channel. Gartner predicts traditional search volume will drop 25% by 2026.

What is JSON-LD schema markup?

JSON-LD (JavaScript Object Notation for Linked Data) is a method of encoding structured data using the Schema.org vocabulary. It tells AI systems and search engines exactly what your business is, what you sell, your reviews, FAQs, and more in a machine-readable format. It is embedded in your website HTML and is invisible to users but critical for AI comprehension.

What is Generative Engine Optimisation (GEO)?

Generative Engine Optimisation (GEO) is the practice of optimising your website content and structured data specifically for AI-powered search engines and assistants. Unlike traditional SEO which focuses on Google rankings, GEO focuses on making your business recommendable by ChatGPT, Perplexity, Gemini, and other AI systems.

How does the FlinnSchema AI audit work?

The FlinnSchema AI audit analyses your website across 26 factors including schema markup quality, E-E-A-T signals, AI crawler access, Reddit community presence, content freshness, conversational content structure, LLM readability, and llms.txt presence. You receive an overall AI visibility score (capped at 90%) with detailed breakdowns and actionable recommendations.

How long does schema markup implementation take?

Implementation typically takes 1-2 weeks depending on the size and complexity of your store. This includes a full audit, hand-coded JSON-LD markup for all key pages, validation against Google Rich Results Test and Schema.org, and comprehensive documentation.

Data & Analytics

Last updated: 9 May 2026

This page provides a transparent overview of every type of data FlinnSchema collects, how it is processed, where it is stored, and how long we keep it.

1. Data We Collect

Account Data

Data	Purpose	Storage	Retention
Full name	Account identification, dashboard greeting	Supabase (database)	Until account deletion + 30 days
Email address	Authentication, account communication	Supabase (auth + database)	Until account deletion + 30 days
Website URL	Running audits on your site	Supabase (database)	Until account deletion + 30 days
Password	Authentication	Supabase (hashed with bcrypt, never stored in plaintext)	Until account deletion

Audit Data

Data	Purpose	Storage	Retention
HTML content, meta tags, structured data	26-factor scoring analysis	Supabase	Account lifetime
Robots.txt, sitemap.xml, llms.txt	AI crawler access and technical SEO checks	Supabase	Account lifetime
Public reviews (Trustpilot, Google, Feefo, Reviews.io)	Trust & review scoring factor	Supabase	Account lifetime
Page performance metrics	Performance scoring factor	Supabase	Account lifetime
Crawled page URLs and per-page scores	Site-wide page crawl analysis	Supabase	Account lifetime
Overall score and 26 individual factor scores	AI visibility assessment	Supabase	Account lifetime

LLM Test Data

Data	Purpose	Sent To	Retention
Business name, website URL	Prompt generation for visibility testing	OpenAI, Perplexity, Google	Account lifetime (results stored locally)
Industry, location	Contextual prompt generation	OpenAI, Perplexity, Google	Account lifetime
AI engine responses (snippets)	Mention detection and verification	Anthropic (for verification only)	Account lifetime
Mention type, verification classification	Visibility scoring	Stored locally only	Replaced on next test run

Payment Data

Data	Purpose	Storage	Retention
Stripe session ID, payment intent	Payment verification	Supabase	7 years
Subscription status, billing period dates	Access control, quota management	Supabase	7 years
Amount, currency	Accounting records	Supabase	7 years
Credit card details	Payment processing	Stripe only (never touches our servers)	Per Stripe’s retention policy

Integration Data

Data	Purpose	Storage	Retention
Shopify store URL and OAuth token	Schema injection, blog publishing	Supabase	Until integration disconnected
WordPress site URL and application password	Schema injection, blog publishing	Supabase	Until integration disconnected
Blog posts (title, content, keyword, status)	AI blog generation and publishing	Supabase	Account lifetime
Schema Builder entries (business data, FAQ content)	Custom structured data generation	Supabase	Account lifetime

Specialist Account Data

Data	Purpose	Storage	Retention
Specialist code, display name, profile	Specialist account identification	Supabase	Account lifetime
Client-specialist link status	Managing specialist access to client accounts	Supabase	Account lifetime
Specialist access log (timestamps, actions)	Audit trail of specialist account access	Supabase	Account lifetime
Demo audit results	Sales demo audit history	Supabase	Account lifetime

Google Search Console Data

Data	Purpose	Storage	Retention
Keyword rankings, impressions, clicks	Keyword position tracking	Supabase	Account lifetime
Backlink data (referring domains, linked pages)	Backlink analysis	Supabase	Account lifetime
GSC OAuth tokens	Google Search Console connection	Supabase	Until disconnected

2. Analytics & Tracking

Google Analytics

We use Google Analytics (measurement ID: G-5VX5SD7MCY) to understand how visitors interact with our website. Google Analytics collects anonymised data including pages visited, session duration, device type, browser, and approximate geographic region. We do not use Google Analytics advertising features.

Funnel Event Tracking

Our landing pages (e.g. /go, /go2–/go11) send lightweight event data to our server when you view a page or complete an action (e.g. starting an audit, signing up). We collect:

Data	Purpose	How It’s Processed
Event type (e.g. “page view”, “audit start”)	Conversion tracking	Stored as-is in database
Page path	Identify which landing page	Stored as-is
Referrer URL	Understand traffic sources	Stored as-is
User agent	Device and browser analytics	Truncated to 500 characters
IP address	Approximate visitor counting	Hashed with SHA-256 + salt, truncated to 16 chars. Raw IP is never stored.

3. Browser Storage (localStorage)

We store the following data in your browser’s localStorage. This data never leaves your device unless explicitly noted.

Key	Purpose	Contains
flinnschema-auth	Keeps you logged in between sessions	Supabase authentication token (encrypted)
roadmap-completed-{auditId}	Tracks implementation tasks you’ve marked complete	JSON object of completed factor keys
llm-disputed-{auditId}	Remembers which LLM test results you’ve disputed	Array of engine::prompt key strings

You can clear this data at any time via your browser settings. Clearing localStorage will log you out and reset your roadmap progress and dispute flags.

4. Third-Party Services

Service	What We Send	Purpose	Their Privacy Policy
Supabase	All account, audit, and report data	Database and authentication	supabase.com/privacy
Stripe	Payment details (handled by Stripe.js)	Payment processing	stripe.com/privacy
Vercel	Application code, request logs	Hosting and serverless functions	vercel.com/legal/privacy-policy
OpenAI	Business name, URL, industry, location	ChatGPT visibility testing, blog topic generation	openai.com/privacy
Anthropic	LLM response snippets, business context	Verification classifier for test results	anthropic.com/privacy
Perplexity	Business name, URL, industry, location	Perplexity visibility testing	perplexity.ai/privacy
Google	Business name, URL (Gemini); place queries (Places API); anonymised analytics	Gemini testing, review data, analytics	policies.google.com/privacy
Resend	Recipient email, name, message content	Transactional email delivery	resend.com/legal/privacy-policy
Shopify	Store URL, OAuth tokens, blog content, schema data	Store integration for schema and blog publishing	shopify.com/legal/privacy
Upstash	Request metadata (IP-based counters)	Rate limiting	upstash.com/trust/privacy

5. Data Retention Summary

Data Category	Retention Period
Account data (name, email, URL)	Until account deletion + 30 days
Audit results and factor scores	Account lifetime
LLM test results	Account lifetime (replaced per test run)
Competitor audit results	Account lifetime
Blog posts (Shopify and WordPress)	Account lifetime
Integration tokens (Shopify, WordPress, GSC)	Until disconnected
Schema Builder entries	Account lifetime
Specialist profiles and access logs	Account lifetime
Payment and subscription records	7 years
Funnel analytics events	Up to 12 months
Browser localStorage	Until you clear it

6. How to Control Your Data

Delete your account: Available in account settings. All data deleted within 30 days except payment records (7 years for legal compliance).
Clear browser data: Clear localStorage in your browser settings to remove local session and preference data.
Opt out of Google Analytics: Install the Google Analytics Opt-out Browser Add-on or use an ad blocker.
Request data export: Email admin@flinnschema.com for a full export of your data in JSON format.
Request deletion: Email admin@flinnschema.com to exercise your right to erasure under UK GDPR.

For more information about your data protection rights, see our GDPR Compliance and Privacy Policy pages.

Back to Home