Start audit

Updated: 2026-05-07

Privacy notice

This page sets out, in plain terms, what reaches me when you contact the site, what I do with it, and the say you keep over it. This is a one-person consulting practice. There is no newsletter list, no sales team, and no busy office mailbox passing your details around.

Who is responsible

This site belongs to Nell Ashcombe, who helps local service businesses become accurately described by search, maps, and AI answer engines. Under the General Data Protection Regulation (GDPR) and equivalent local laws, the person accountable for the information described here is the operator of generative-engine-optimization.biz. For a privacy question, or to use one of your rights, write to hello@generative-engine-optimization.biz.

What reaches me

When you send the enquiry form, here is what lands with me:

  • Your name and email address, so I can reply and address you correctly.
  • A second contact route, if you choose to add one (phone, LinkedIn, Signal), for the times email is not how you prefer to talk.
  • Whatever you tell me about the business: the service, the location, the customer question, and the part being misunderstood. Only name and email are required; the rest is yours to share or hold back.

I use these details for one thing only: to answer the enquiry you sent. I do not build a list, I do not pass your details to anyone else (the single exception is the payment service described below, and only if a payment actually takes place), and I do not collect or mine anything beyond our own exchange. Stored alongside the message are the time it arrived and a salted SHA-256 hash of your IP address, which is what keeps automated abuse off the form. The raw IP is never kept, and neither are browser fingerprints or device traits.

What I deliberately avoid

  • No tracking cookies. The analytics I use runs without cookies and keeps no per-visitor identifier.
  • No retargeting pixels, no marketing-automation tags, and no ad-network trackers anywhere on the site.
  • No automated profiling, and no automated decisions that carry a legal effect for you.
  • No selling or sharing of personal information with commercial partners. That is simply not how this practice earns its keep.

My legal basis for processing it

Enquiry messages are handled under GDPR art. 6(1)(b), as steps taken at your request before any possible engagement. The IP hash that guards the form against abuse rests on GDPR art. 6(1)(f), a legitimate interest in keeping the form usable. Where payment-outcome data exists, it is processed on the contractual basis.

How long I keep it

  • Enquiry messages: kept for the length of the engagement and 24 months afterwards, so the thread of the work stays intact, then deleted. Enquiries that do not turn into work are kept for 12 months and then deleted.
  • Payment records: kept for as long as tax and accounting law requires (commonly 5–6 years), then deleted.
  • IP hashes: kept for 90 days, which is enough for abuse protection, then deleted.
  • Email threads: kept while we are working together, or for 24 months after our last contact, whichever is longer.

Your rights

Under GDPR and comparable laws you can ask to see your information, correct it, delete it, move it elsewhere, limit how it is used, or object to its use. For any of these, write to hello@generative-engine-optimization.biz and I will respond within 30 days. If you think the law has been broken, you can complain to your local data-protection authority.

Where the data sits

The servers behind this site are in European Union (Germany). If any further processors (email provider) happen to sit outside the European Union, those transfers rely on standard contractual clauses together with the safeguards each one publishes.

Updates to this notice

I revise this notice whenever the way I handle information changes in a way that matters. The "Updated" date at the top marks the current version. When a change is material, I flag it on the home page for 30 days so returning readers notice.