Privacy Policy
Last updated: July 16, 2026
Full Stack Marketing ("we," "our," or "us") provides marketing services and operates Aion Content Studio. This notice covers our public website, Aion web and Android applications, support, sales, and related services. We operate from Colorado and apply the choices described here to visitors regardless of where they live when practical.
Information we collect
The categories below describe personal information we may collect, depending on how you interact with us.
Identifiers and contact details
Name, business email, phone, company, role, account identifiers, IP address, and device identifiers.
Commercial and account information
Plans, purchases, invoices, credit and storage activity, support history, workspace membership, and transaction records.
Internet and usage activity
Public pages viewed, referral source, button interactions, browser and device details when optional measurement is allowed; necessary product events inside Aion.
Customer content
Business Context, prompts, drafts, uploaded media, generated media, schedules, approvals, connected destinations, and files you choose to provide.
Communications
Access requests, support requests, replies, survey or research responses, and other messages sent to us.
Inferences
Limited plan-fit, onboarding, support, fraud, and workflow recommendations derived from your use of Aion.
Sensitive operational data
Encrypted credentials, connected-service tokens, voice or likeness consent records, and similar data used only to provide, secure, or support requested features.
Sources of information
- Directly from you, your workspace owner, or an authorized teammate.
- Automatically from necessary service logs and, where allowed by the regional choice described below, public-site analytics or marketing technology.
- From services you explicitly connect, such as social destinations, drafting services, CRM systems, payment providers, or storage services.
- From public business websites or links you ask Aion to use as Business Context.
- From referral, campaign, and business partners where they are permitted to provide it.
How we use information
- Provide, secure, bill, support, and improve our website, services, and Aion.
- Create requested drafts, media, previews, approvals, schedules, exports, and delivery actions.
- Authenticate users, enforce workspace roles, prevent fraud, reconcile credits, and maintain audit records.
- Respond to inquiries, access requests, support tickets, privacy requests, and legal obligations.
- Measure public-site performance and campaign effectiveness only under the optional choices described below.
- Recommend onboarding steps or a plan based on product milestones without using third-party marketing tags inside an authenticated workspace.
Public-site measurement and product boundaries
Necessary technology runs the site and Aion. On eligible public marketing pages in the United States, limited Google Analytics and HubSpot measurement is enabled by default after the site presents a clear notice and an immediate opt-out. Outside the United States, or when country-level location is unavailable, both optional categories remain off until the visitor opts in. We use one Google Analytics web stream for the root-domain journey and distinguish Full Stack Marketing from Aion using a product-area value.
Our hosting provider supplies an approximate country code for this regional choice. We use it only to select the U.S. opt-out or strict opt-in mode; the consent response does not return or store an IP address, city, or precise location. A saved visitor choice remains effective on that browser, and an opt-out takes effect immediately. Advertising storage, Google Signals, ad personalization, and third-party advertising pixels remain disabled in every mode.
Google Analytics and HubSpot marketing tags do not load on authenticated dashboard or account routes, proposal or client rooms, authentication routes, or privacy-request status pages. HubSpot tracking is also blocked on public signup, request-access, contact, booking, and hiring form routes. We do not send form values, email addresses, workspace identifiers, support references, authentication tokens, or URL query strings to those public marketing tags.
Aion still records necessary first-party security, audit, billing, allowance, generation, delivery, support, and reliability events needed to provide the service. Those operational records are not public-site advertising profiles and cannot be disabled while using the associated service function.
Global Privacy Control and opt-outs
We recognize the browser-based Global Privacy Control (GPC) signal in every region. When detected, our consent manager overrides the regional default, forces optional Analytics and Marketing categories off, removes known optional cookies where the browser permits, and prevents those scripts from loading. GPC applies to the browser or device that sends it. You may also use Your Privacy Choices in any public footer or the cookie icon on a public page to reject or change optional processing.
We do not sell personal information for money and do not currently load advertising pixels for cross-context behavioral advertising. Because third-party analytics or CRM measurement can be treated as a sale or sharing in some circumstances, our Do Not Sell or Share / Cookie Settings control stops both optional categories rather than requiring a separate vendor-by-vendor request.
When we disclose information
- Service providers that host, secure, process payments, deliver communications, measure consented public traffic, operate connected workflows, or support the service, including Vercel, Supabase, Stripe, Google Analytics, and HubSpot where applicable.
- Services and publishing destinations you direct us to use.
- Professional advisors, regulators, law enforcement, or other parties when required to protect rights, safety, or comply with law.
- A successor in a merger, financing, acquisition, reorganization, or sale, subject to appropriate protections.
We require vendors to process information for documented business purposes and apply appropriate confidentiality and security obligations where the relationship requires it.
Your privacy rights
Depending on your state and our relationship, you may have the right to:
- Know whether we process personal information and access specific information or categories.
- Correct inaccurate personal information.
- Delete personal information, subject to legal and operational exceptions.
- Receive certain information you provided in a portable format.
- Opt out of sale, targeted advertising, sharing for cross-context behavioral advertising, or qualifying automated profiling.
- Limit certain uses of sensitive personal information where applicable.
- Receive equal service and pricing without unlawful discrimination for exercising a privacy right.
Submit a request through Data Deletion and Privacy Requests or email data-privacy@fullstackmarketing.digital. We may verify your identity and authority before fulfilling a request. An authorized agent may submit a request where allowed, but we may ask for proof of authorization and direct identity verification.
California disclosures
California residents may request the categories and specific pieces of personal information collected, sources, purposes, and categories of recipients; request correction or deletion; and opt out of sale or sharing. Your Privacy Choices and a recognized GPC signal both stop optional public Analytics and Marketing measurement. We do not knowingly sell or share personal information of consumers under 16. We do not offer a financial incentive in exchange for personal information. The categories listed under Information we collect describe the categories collected during the preceding 12 months.
Colorado disclosures and appeals
Colorado residents may access, correct, delete, or obtain a portable copy of qualifying personal data and opt out of sale, targeted advertising, or qualifying profiling. We recognize GPC as a universal opt-out mechanism. If we deny a Colorado privacy request, you may appeal by replying to the decision or emailing the privacy address with "Privacy Appeal" in the subject. We will explain the appeal result and how to contact the Colorado Attorney General if the appeal is denied.
Retention
We keep personal information only as long as reasonably necessary for the purpose collected, the customer relationship, security, dispute resolution, or legal, tax, and audit obligations. Public analytics and marketing retention follow the settings and limits described in our Cookie Policy.
An inactive Aion trial or paid workspace may enter a 28-day read-only recovery period before eligible workspace app data is deleted. Published content on a third-party platform is controlled by that platform and is not deleted by removing Aion workspace data. Limited billing, tax, security, fraud, support, consent, and audit records may be retained when required.
Security and international processing
We use access controls, encryption in transit, scoped credentials, monitoring, and other technical and organizational safeguards appropriate to the information and service. No system is perfectly secure. We primarily process information in the United States and use appropriate contractual or legal safeguards when applicable to international processing.
Children
Our services are for businesses and are not directed to children under 16. Contact us if you believe a child provided personal information without appropriate authorization.
Changes and contact
We will update the date above when this notice changes and provide additional notice when a material change requires it.
Email data-privacy@fullstackmarketing.digital or write to Full Stack Marketing, Denver, Colorado, USA. We aim to acknowledge privacy requests promptly and respond within the period required by applicable law.

