Privacy Policy

Last updated: May 24, 2026

1. Overview

S6S.ai ("S6S", "we", "us") provides AI Visibility monitoring, reports, and evidence-backed recommendations, with an automation layer available for developer use. This policy describes how we collect, use, store, and protect your information when you use our website and services at s6s.ai.

2. Information We Collect

2.1 Account Information

When you sign up via Google OAuth, we receive your name, email address, and profile picture from Google. When you sign up via email/password, we collect your email and an encrypted password hash. We also store your authentication provider (Google, GitHub, or email) and a unique account identifier.

2.2 AI Visibility Data

When you track a brand, run a check, or create a report, we store the brand name, domain, keywords, competitors, target markets, selected AI engines, report surfaces, observations, source-readiness signals, recommendations, and report/run history needed to provide the service.

2.3 Developer Automation Data

If you use the developer automation layer, we store the automations you create, their configuration, execution logs, and run history so you can monitor, debug, and manage them.

2.4 Third-Party Credentials

When you connect external services (Google Sheets, Google Drive, Slack, Discord, Telegram, etc.), we store the OAuth tokens or API keys needed to provide the connected service. All credentials are encrypted using AES-256-GCM at rest.

2.5 AI Chat Data

When you use the AI chat builder, we store your chat sessions and messages to provide conversation history and improve the quality of AI Visibility recommendations and developer automation suggestions.

You can opt out of contributing your chat data to platform improvements in your account settings. Opting out does not affect your ability to use the chat builder.

2.6 Usage Data

We collect basic usage telemetry such as API request counts, report/run metrics, and error logs to operate and improve the service. We do not use third-party analytics or tracking scripts on authenticated pages.

3. Google OAuth & Google API Data

S6S.ai uses Google OAuth for two purposes: authentication (sign-in) and service integration (connecting Google services to your approved actions).

3.1 Google Sign-In Scopes

When you sign in with Google, we request the following scopes:

  • openid — Verify your identity
  • email — Receive your email address to create your account
  • profile — Receive your name and profile picture for your account

We do not access any other Google data during sign-in.

3.2 Google Service Integration Scopes

When you explicitly connect a Google service to use in approved actions, we request only the scopes necessary for that service. You must grant these permissions separately from sign-in:

  • https://www.googleapis.com/auth/spreadsheets — Read and write to Google Sheets files referenced by your approved actions
  • https://www.googleapis.com/auth/drive.file — Access only the specific Google Drive files your approved actions reference

S6S.ai only accesses the specific files and data your approved actions reference. We never browse, index, or scan your Google Drive or other Google data beyond what those actions explicitly require.

3.3 How We Use Google Data

  • Google sign-in data (name, email, picture) is used solely to create and identify your S6S account.
  • Google Sheets data is read/written only when an approved action explicitly targets a specific spreadsheet.
  • Google Drive data is accessed only when an approved action explicitly references a specific file.
  • We do not use Google data for advertising, profiling, or any purpose unrelated to providing the approved action.
  • We do not sell, rent, or share Google user data with any third party.

3.4 Google API Services User Data Policy Compliance

Limited Use Disclosure

S6S.ai's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. Specifically:

  • We only use Google user data to provide and improve the S6S.ai service as described in this policy.
  • We do not transfer Google user data to third parties except as necessary to provide the service (e.g., a connected action that writes to Google Sheets), with your explicit consent, or as required by law.
  • We do not use Google user data for advertising or to serve ads.
  • We do not allow humans to read Google user data unless: (a) you provide explicit consent, (b) it is necessary for security purposes (investigating abuse), or (c) it is required to comply with applicable law.

3.5 Revoking Google Access

You can revoke S6S.ai's access to your Google data at any time by:

  • Removing the Google credential connection in your S6S account settings (this deletes stored tokens immediately)
  • Visiting your Google Account Permissions page and removing S6S.ai

When access is revoked, we delete all stored Google OAuth tokens for your account within 24 hours.

4. How We Use Your Information

We use collected information to:

  • Provide and operate the S6S.ai service
  • Create AI Visibility reports, run checks, and store recommendations for your tracked brands
  • Run connected actions on your behalf using your connected credentials
  • Authenticate your identity and secure your account
  • Store chat sessions and recommendation history for your convenience
  • Improve recommendation quality using anonymized, aggregated interaction data (with your consent)
  • Monitor service health, fix bugs, and improve performance
  • Communicate important service updates

5. Cookies

S6S.ai uses a minimal number of cookies, all essential for the service to function:

CookiePurposeDurationType
s6s_sessionAuthentication session30 daysEssential
oauth_stateCSRF protection during Google/GitHub OAuth10 minutesEssential
oauth_fromRedirect destination after OAuth sign-in10 minutesEssential

All cookies are HTTP-only, Secure (HTTPS only), and use SameSite=Lax. We do not use any advertising, tracking, or analytics cookies.

6. Data Sharing

We do not sell, rent, or share your personal data with third parties, except:

  • To run connected actions: When a connected action calls a third-party API (e.g., updating a Google Sheet), the data you configured is sent to that service as directed by you.
  • AI providers (BYOLLM): If you use your own LLM API key, your chat messages are sent to your configured AI provider (OpenAI, Anthropic, etc.) to generate recommendations or developer automation drafts. S6S does not store API keys sent to these providers.
  • Legal requirements: We may disclose data if required by law, regulation, or legal process.

7. Data Security

  • All third-party credentials are encrypted at rest using AES-256-GCM
  • Sessions use HTTP-only, Secure, SameSite cookies
  • All data is transmitted over HTTPS (TLS 1.2+)
  • API keys are hashed with SHA-256 at rest
  • Security headers enforced: HSTS, X-Frame-Options, X-Content-Type-Options, Referrer-Policy, Permissions-Policy
  • Secrets are redacted from execution outputs and logs
  • Access to production systems is restricted to authorized personnel

8. Data Retention

  • Account data: Retained for as long as your account is active. Deleted upon account deletion.
  • AI Visibility data: Retained while the tracked brand exists. Report and run-history retention depends on your plan.
  • Developer automation data: Retained for as long as the automation exists. Run-history retention depends on your plan.
  • Google OAuth tokens: Deleted immediately when you revoke the credential connection, or within 24 hours of revoking via Google Account settings.
  • Chat sessions: Retained for as long as your account is active. You can delete individual sessions at any time.
  • AI interaction data: Anonymized interaction metadata (prompt type, accept/reject, latency) may be retained for service improvement. This never includes your credentials, personal data, report content, or automation content unless you opt in.

9. Your Rights

You have the right to:

  • Access and export your AI Visibility, developer automation, and account information
  • Delete your account and all associated data
  • Delete individual tracked brands, automations, chat sessions, and credentials at any time
  • Revoke third-party service connections (tokens are deleted immediately)
  • Opt out of contributing AI interaction data for platform improvement
  • Opt out of non-essential communications
  • Request a copy of all data we hold about you

To exercise any of these rights, contact us at [email protected] or use the controls in your account settings.

10. Children's Privacy

S6S.ai is not intended for children under 13. We do not knowingly collect personal information from children under 13. If we learn that we have collected data from a child under 13, we will delete it promptly.

11. Changes to This Policy

We may update this privacy policy from time to time. We will notify you of significant changes via email or through the platform. Continued use of S6S.ai after changes constitutes acceptance of the updated policy.

12. Contact

If you have questions about this privacy policy, your data, or how we handle Google user data, contact us at:

Email: [email protected]