Next Evolution

1. Introduction

Next Evolution ("we," "us," or "our") operates nextevolution.io and provides AI-powered business automation services including SEO/AEO/AIO/GEO website analysis, content marketing automation tools, and business consulting services. This Privacy Policy explains how we collect, use, store, and protect your personal information when you use our platform.

By accessing or using our services, you agree to the collection and use of information in accordance with this policy. If you do not agree with our policies and practices, please do not use our services.

2. Information We Collect

2.1 Account Information

When you create an account with Next Evolution, we collect:

• Email address
• Password (stored securely using industry-standard encryption)
• Company name and profile information
• Billing information (processed securely through Stripe; we do not store full credit card details)
• Subscription tier and payment history

2.2 Website Analysis Data

When you use our SEO/AEO/AIO/GEO scanning services, we collect and analyze:

• Website URLs you submit for scanning
• Website content, metadata, and structure discovered during analysis
• Technical SEO metrics and scoring data
• Integration data from third-party services (Google PageSpeed Insights, Google Search Console, Bing Webmaster Tools) when you authorize connections

2.3 Content Intelligence Data

When you use our content marketing automation features, we collect:

• RSS feed URLs and social media source configurations
• Newsletter content preferences and schedules
• Generated blog posts, drafts, and published content
• Social media account connections and publishing history
• Company knowledge base documents you upload (PDFs, DOCX, TXT files)

2.4 Analytics and Usage Data

We use self-hosted Umami analytics (hosted at analytics.normallynocturnal.com) to collect:

• Pages you visit and features you use
• Browser type, device type, and operating system
• Referring websites and search terms
• Session duration and interaction patterns
• IP addresses (anonymized)

Our analytics solution is privacy-focused, does not use cookies for tracking, and does not share data with third parties.

2.5 Communications

When you contact us via email at info@nextevolution.io or through our contact form, we collect:

• Your email address and name
• Message content and any attachments
• Communication history and support ticket records

3. How We Use Your Information

We use the information we collect solely to provide, improve, and support the services you request from us. Specifically:

3.1 Service Delivery

• Perform SEO website analysis and generate reports
• Curate and deliver custom industry newsletters
• Generate and publish content on your behalf
• Provide consulting services and strategic recommendations
• Process payments and manage subscriptions

3.2 Product Improvement

Your company data from SEO scans, content generation, and marketing automation is used solely to improve the products and services we provide to you. This includes:

• Refining our AI models and scoring algorithms
• Improving content quality and relevance
• Enhancing feature performance and accuracy
• Developing new capabilities that benefit our customers

We do not sell, rent, or share your data with third parties for their marketing purposes.

3.3 Communication

• Send you service-related notifications (scan completions, subscription updates)
• Respond to your support requests and inquiries
• Send periodic product updates and feature announcements (you may opt out)

3.4 Security and Legal Compliance

• Detect and prevent fraud, abuse, and security threats
• Comply with legal obligations and enforce our Terms of Service
• Protect the rights, property, and safety of Next Evolution and our users

4. Data Sharing and Disclosure

We do not sell your personal information. We may share your information only in the following limited circumstances:

4.1 Service Providers

We work with trusted third-party service providers who assist us in operating our platform:

• Supabase — Cloud database and authentication services (data stored in secure, encrypted PostgreSQL databases)
• Stripe — Payment processing (PCI-DSS compliant; we never see or store full credit card details)
• Anthropic and OpenAI — AI model providers for content generation and analysis (content is processed via API and not used to train public models without your consent)
• SendGrid — Email delivery service for transactional emails and newsletters

These providers are contractually obligated to protect your data and use it only for the specific services they provide to us.

4.2 Social Media Platforms

When you authorize us to publish content on your behalf to LinkedIn, Twitter/X, Instagram, Facebook, or TikTok, we share only the content you approve for publication. We do not share your personal information beyond what is required to authenticate and publish via these platforms' official APIs.

4.3 Legal Requirements

We may disclose your information if required by law, court order, or government regulation, or if we believe disclosure is necessary to:

• Comply with legal processes
• Enforce our Terms of Service
• Protect the rights, property, or safety of Next Evolution, our users, or the public

4.4 Business Transfers

If Next Evolution is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you via email and/or a prominent notice on our website of any change in ownership or use of your personal information.

5. Cookies and Tracking Technologies

We use minimal cookies and tracking technologies:

5.1 Essential Cookies

• Authentication cookies — Store your login session (sb-access-token) to keep you logged in
• Security cookies — Prevent cross-site request forgery (CSRF) attacks

5.2 Analytics

Our self-hosted Umami analytics runs without third-party cookies. It uses a privacy-first approach that respects Do Not Track settings and anonymizes IP addresses. No personally identifiable information is collected through analytics.

5.3 Third-Party Cookies

When you connect third-party accounts (Google Search Console, social media platforms), those services may set their own cookies subject to their privacy policies. We do not control these cookies.

You can control cookies through your browser settings. Disabling essential cookies may affect your ability to use certain features of our platform.

6. Data Retention

We retain your information for as long as necessary to provide our services and comply with legal obligations:

• Account data — Retained while your account is active, plus 90 days after account deletion
• Website scan data — Retained for 2 years to enable trend analysis and historical comparisons
• Content and newsletters — Retained while your subscription is active, plus 90 days after cancellation
• Billing records — Retained for 7 years to comply with tax and accounting regulations
• Support communications — Retained for 3 years for quality assurance and dispute resolution

After retention periods expire, we securely delete or anonymize your data.

7. Your Privacy Rights

Depending on your location, you may have the following rights regarding your personal information:

7.1 Access and Portability

You have the right to request a copy of the personal information we hold about you in a machine-readable format.

7.2 Correction

You can update your account information at any time through your dashboard settings. If you believe any information we hold is incorrect, contact us to request corrections.

7.3 Deletion

You have the right to request deletion of your personal information, subject to certain legal exceptions (e.g., billing records required for tax compliance). You can delete your account through the dashboard or by emailing info@nextevolution.io.

7.4 Opt-Out of Marketing

You can opt out of marketing emails by clicking the "unsubscribe" link in any promotional email. Note that you will still receive transactional emails necessary for service delivery (e.g., scan completion notifications, billing receipts).

7.5 Data Processing Restrictions

You may request that we restrict processing of your personal information in certain circumstances, such as while we verify the accuracy of disputed data.

7.6 Object to Processing

You have the right to object to processing of your personal information for direct marketing purposes.

7.7 Withdraw Consent

Where we rely on your consent to process personal information, you have the right to withdraw that consent at any time.

To exercise any of these rights, contact us at info@nextevolution.io. We will respond to your request within 30 days.

8. GDPR and CCPA Compliance

8.1 GDPR (European Users)

If you are located in the European Economic Area (EEA), you have specific rights under the General Data Protection Regulation (GDPR):

• Our legal basis for processing your data is: (a) consent for marketing communications, (b) contract performance for service delivery, and (c) legitimate interests for product improvement
• You have the right to lodge a complaint with your local data protection authority
• Data transfers outside the EEA are protected by Standard Contractual Clauses or adequacy decisions

8.2 CCPA (California Users)

If you are a California resident, you have specific rights under the California Consumer Privacy Act (CCPA):

• Right to know what personal information we collect and how it is used
• Right to request deletion of your personal information
• Right to opt out of the sale of your personal information (we do not sell personal information)
• Right to non-discrimination for exercising your privacy rights

9. Data Security

We implement industry-standard security measures to protect your information:

• Encryption in transit — All data transmitted to and from our platform uses TLS 1.2+ encryption
• Encryption at rest — Database data is encrypted using AES-256
• Access controls — Multi-factor authentication and role-based access for our team
• Secure authentication — Passwords are hashed using bcrypt; we never store plaintext passwords
• Regular security audits — Automated vulnerability scanning and manual penetration testing
• OAuth token encryption — Social media access tokens are encrypted using Fernet symmetric encryption

While we strive to protect your data, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security but continuously work to maintain best practices.

10. Children's Privacy

Our services are not intended for individuals under 18 years of age. We do not knowingly collect personal information from children. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at info@nextevolution.io, and we will delete such information from our systems.

11. International Data Transfers

Next Evolution operates globally, and your information may be transferred to and processed in countries other than your country of residence. These countries may have data protection laws that differ from those in your country.

When we transfer personal information internationally, we implement appropriate safeguards including:

• Standard Contractual Clauses approved by the European Commission
• Ensuring our service providers are certified under recognized privacy frameworks
• Implementing technical and organizational measures to protect your data

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make changes:

• We will update the "Last Updated" date at the top of this policy
• For material changes, we will notify you via email or a prominent notice on our website
• Your continued use of our services after changes become effective constitutes acceptance of the updated policy

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.

13. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

• Email: info@nextevolution.io
• Website: nextevolution.io/contact

We will respond to privacy inquiries within 30 days.