Privacy Policy

Effective Date: December 12, 2025

Last Updated: December 12, 2025

Version: 1.0

Thank you for trusting AINIQ with your personal data. We are committed to protecting your privacy and using clear language to describe our practices. This Privacy Policy explains what information we collect, how we use and protect it, our lawful bases for processing your data, with whom we share it, how we use cookies, how long we retain data, how we secure data, where we store or transfer it, and your rights.

It is designed to meet international standards like the EU General Data Protection Regulation (GDPR) and California Consumer Privacy Act (CCPA, as amended by CPRA). AINIQ (referred to as "we" or "us") acts as the data controller for the personal data described in this policy (meaning we determine how and why your data is processed). If you have any questions or requests regarding your personal data, you can contact us at ainiq@ainiq.app.

What Information We Collect

We collect personal information that you provide or generate by using AINIQ. This includes account details (like your email), content you create (such as survey answers or chat messages), usage logs, and other data needed to operate the service. We do not collect sensitive personal data such as health, racial/ethnic origin, or similar special categories.

The personal data we collect falls into a few categories:

Profile and Account Information

When you create an AINIQ account, we ask for basic details like an email address, username, and password. This authentication data (e.g. email, user ID, password hash) is used to register and secure your account. You may also provide a display name or nickname for your profile. This information is stored securely on our servers for account management.

Personal Inputs and Content

You may input personal content into AINIQ, for example by answering our personality questionnaires or engaging in chats with your digital twin. This includes survey responses (e.g. answers to personality questions, assessments of interests) and chat conversation content (the messages you exchange with your AI twin). These inputs are used to generate your personalized psychological profile and reflective AI responses – essentially, to enable AINIQ's core functionality of creating a "digital twin" tailored to you. Your chat messages are end-to-end encrypted on our server for confidentiality.

Derived Profile Data

Based on your inputs, AINIQ generates a personal profile – for example, analyses of your Big Five personality traits, decision-making patterns, coping strategies, or other psychological insights. This profile data is stored to provide you with feedback and a tailored experience. (Note: These profiles are algorithmically generated for self-reflection and are not medical or clinical diagnoses.)

Usage and Technical Data

When you use the AINIQ app or online service, we collect certain technical information to ensure the service works properly and to improve it. This includes usage logs such as login times, actions you take in the app, your last activity timestamp, and similar usage metrics. We also collect device and network information like your IP address (anonymized in analytics) and browser or app version, as well as error logs and timestamps of certain events. If you use the web interface, we utilize cookies and similar technologies to remember your session and preferences (see Cookies section below).

Payment and Subscription Data

If you make purchases or subscribe to paid features, we collect information related to the transaction. For example, we may store a Stripe customer ID, your purchase history, or token balance for your account. However, we do not collect or store full payment card details – those are handled directly by our payment processor (Stripe) and not saved on our systems.

Support Communications

If you contact us (e.g. by email or through a support form), we will collect whatever information you choose to give us in that communication, such as your name, email address, and the content of your message. We use this solely to respond to and resolve your inquiry.

No Sensitive Data Collection

We do not collect sensitive personal data such as information about your health, ethnicity, political opinions, religious beliefs, or other special categories of data. AINIQ is not intended for processing sensitive information, and you should refrain from inputting such data into the app or service. If we ever inadvertently receive sensitive data, we will delete or anonymize it.

How We Use Your Data

We only use your personal data for legitimate purposes related to providing and improving the AINIQ service. In short, we use it to create and personalize your digital twin experience, operate and enhance the app's features, and fulfill legal or contractual obligations. We do not use your data for any unrelated purposes (like unsolicited marketing) without your consent.

We process personal data for the following purposes:

Provide and Operate the Service

First and foremost, we use your information to deliver AINIQ's functionality to you. This means using your profile and account data to authenticate you and show your profile in the app, using your input (survey answers, chat messages) to generate the AI coaching and "digital twin" responses, and generally running the app's features that you engage with. For example, your email and password let you log in; your personality questionnaire results are used to personalize the AI's feedback to you; your chat messages are processed by our AI model to produce replies.

Personalize Your Experience

We may use the data we have about you to tailor the service to your interests and needs. For instance, the local app remembers your preferences or frequently used modules to suggest relevant content. The online service might analyze usage patterns in aggregate to recommend popular features or improve the user interface for better usability.

Maintain and Improve the Service

Your data (especially in aggregate or anonymized form) helps us troubleshoot and enhance AINIQ over time. If the app crashes or an error occurs, a crash report or log may be generated; if you choose to send us that report, we'll use it to diagnose and fix the issue. We also analyze usage data to identify what features are working well and which could be improved. In short, this helps us make AINIQ more reliable, secure, and user-friendly for everyone.

Ensure Security and Prevent Misuse

We use certain data to keep the service and our users safe. This includes using log and device information (like IP addresses, user agent, and usage patterns) to detect unusual activity that might indicate fraud or misuse. Cookies may help with security by recognizing if you log in from a new device and prompting extra verification. We also may use data to enforce our Terms of Service and prevent abuse of the platform.

Legal Compliance

When necessary, we process personal data to comply with our legal obligations. For example, if there are financial transactions, we may retain transaction records for accounting and tax regulations. If we receive a lawful request from authorities (such as a court order), we would use or disclose the minimum data necessary to comply (see Data Sharing below). We will not use your personal information for any purpose that is incompatible with the purposes outlined above unless we obtain your consent or are otherwise required by law.

No Marketing Without Consent

Importantly, we do not use your data for any direct marketing or advertising purposes without your explicit consent. AINIQ does not send promotional emails or sell your data to advertisers. If this ever changes, we would update this policy and (if required) seek your consent before using your data in new ways.

Lawful Bases for Processing (GDPR)

If you are in the EU/EEA, we only process your personal data when we have a valid legal reason under the GDPR. This will typically be because processing is necessary to perform our contract with you (i.e. to provide the AINIQ services you signed up for), or because we have a legitimate interestin improving and securing our service that isn't overridden by your rights. In some cases, we may also rely on legal obligations or your consent.

Under the GDPR, we rely on the following legal bases for processing your personal data:

Performance of a Contract: Most of our data processing is to provide you with the AINIQ services as agreed in our Terms of Service. We must process your data to fulfill our contract with you – for example, using your email and password to create your account, or processing your inputs to generate the digital twin outputs you expect. Without this data, we couldn't provide the service you request.
Legitimate Interests: We process certain data as needed for our legitimate interests in running and improving AINIQ. This includes maintaining the security of the platform, analyzing usage to improve features, and preventing fraud. We always consider and balance any potential impact on your rights. For instance, using crash reports to fix bugs or using anonymized analytics to enhance user experience are activities that benefit both us and our user community. We minimize personal data use and implement safeguards when relying on legitimate interests (for example, anonymizing analytics and honoring privacy settings).
Legal Obligation: In some situations we have a legal duty to process or retain your data. For example, financial laws might require us to keep transaction records for a certain time, or data protection laws might require responding to your exercise of rights. If authorities lawfully require information (such as via a subpoena), we may process data to comply. We only do so when strictly necessary and in accordance with the law.
Consent: As of now, we generally do not rely on consent for most processing because the above bases cover our core activities. However, we do obtain your consent for certain optional or extra uses of data – for example, for using non-essential cookies (see Cookies section) or if we ever introduce marketing communications. Where we rely on your consent, you have the right to withdraw consent at any time. Withdrawal of consent will not affect processing already done, but will stop the processing going forward once the consent is withdrawn.

Sharing Your Data and Third-Party Processors

We treat your personal data as confidential and do not sell it to third parties for their own marketing or profit. We share your information only in a few specific scenarios: with trusted service providers who help us run AINIQ, when required by law or for safety, if our business undergoes a major change, or ifyou intentionally share via AINIQ's features. In all cases, we minimize what is shared and ensure appropriate safeguards are in place.

We will only disclose your personal data to third parties under these circumstances, in accordance with applicable privacy laws:

Service Providers (Processors)

We use reputable third-party companies to help us operate, maintain, and improve AINIQ. These partners (often called "processors" or "subprocessors") process data on our behalf for specific purposes like cloud hosting, data storage, analytics, email delivery, payment processing, and error tracking. They are contractually bound to use your data only for our specified purposes and to protect it. They cannot use your information for their own purposes. We carefully select these providers and require them to uphold strict confidentiality and security standards. (See the list of key service providers below.)

Legal Requirements and Safety

If we are compelled by law, or if it's necessary to protect rights and safety, we may disclose personal data to authorities or other parties. For example, we may respond to a court order or lawful subpoena, or disclose information to law enforcement if required to investigate fraud or security issues. We may also share data as needed to enforce our Terms of Service or protect the rights, property, or safety of AINIQ, our users, or the public. In such cases, we will only disclose the minimum information necessary and ensure the request is valid.

Business Transfers

If AINIQ (or the company behind it) is involved in a merger, acquisition, bankruptcy, reorganization, or sale of assets, user data may be transferred to the successor or acquiring entity as part of that transaction. If this happens, we will ensure your data remains subject to the same protections outlined in this policy, and the new owner will be required to handle your data in line with applicable laws and this policy. We will notify you (e.g. via email or a notice on our site) of any such transfer and any change of ownership of your personal data.

Your Own Sharing

AINIQ may offer features that let you share information with others at your discretion. For instance, you might choose to share a screenshot or a summary of your digital twin's analysis with a friend, or post content from AINIQ to social media. In these cases, nothing is shared unless you actively choose to do so.The sharing is initiated by you, and we will usually warn or prompt you in the app when an action will send your data out of AINIQ. Once you share data externally, that data is no longer under our control, so please only share what you are comfortable making public or giving to others.

Outside of the scenarios above, we will not disclose your personal data to any third party without your consent.If we ever need to share your information for any other purpose, we will ask for your permission or at least inform you clearly, as required by law.

Cookies and Tracking Technologies

AINIQ uses cookies and similar technologies to keep the service running smoothly and to understand how users interact with our site. Cookies are small files placed on your browser or device. We use necessarycookies to enable things like login sessions and saving your consent preferences. Optional cookies (like analytics or marketing cookies) are used only with your consent.

Here's how we use cookies:

Essential Cookies

Some cookies are strictly necessary for the operation of the service. These ensure you can log in, stay logged in securely, and that your privacy preferences (like whether you accept analytics) are remembered. We do not require your consent for essential cookies, because without them the service simply would not function. Essential cookies typically include your session authentication token (so you stay logged in), CSRF tokens (to protect forms from abuse), and a consent preference cookie that stores the choice you made regarding analytics/marketing cookies.

Analytics Cookies (Optional)

Analytics cookies help us understand how visitors use the website – for example, which pages are most popular and how users navigate between pages. We use this information in aggregate to improve the website and services. Analytics are configured to anonymize IP addresses and not track individual users across sites. We will only load analytics cookies if you have given consent via the cookie banner (or equivalent consent mechanism).

Marketing / Advertising Cookies (Optional)

Marketing cookies allow us to measure the effectiveness of our advertising on third-party platforms and to show you relevant ads on those platforms. For instance, if you see an AINIQ ad on a social network and later visit our site, a marketing cookie helps us know that the ad worked. These cookies may be set by third-party services (like Meta/Facebook Pixel or Google Ads). We will only load these if you consent to marketing cookies. If you don't consent, no marketing tracking is active on our site – you simply won't be tracked for ad purposes.

How to Manage Cookies

When you first visit AINIQ's website, you should see a cookie consent banner where you can accept or reject optional cookies. You can also change your cookie preferences at any time by clicking the "Cookie Settings" link in the site footer. Additionally, you can control cookies through your browser settings (most browsers allow you to refuse cookies or delete them). Note that if you disable essential cookies, parts of the service may not work correctly.

Data Retention

We keep your personal data only as long as necessary to provide you the service or as required by law. Generally, if you have an active AINIQ account, we retain your data while the account exists. If you delete your account or request deletion of your data, we will remove or anonymize it within 30 days(unless we must keep it longer for legal reasons). You have control over your data and can delete it at any time.

Here's our approach to data retention:

Account Data

As long as you have an active AINIQ account, we retain the information associated with it (profile info, chat history, survey results, etc.) so that we can provide the service to you.You can delete your account at any time from your profile settings. Upon deletion, we will remove all your personal data from our systems within approximately 30 days.

Billing Records

If you make purchases or subscriptions, we need to keep a record of those transactions for accounting and legal compliance (tax laws, etc.). Transaction records may be retained for as long as required by applicable financial regulations (often several years), even if you delete your account. However, this is limited to transactional details (not chat content).

Logs and Analytics

System logs (which may include IP addresses, timestamps, etc.) are kept for a limited time for security and debugging purposes. Typically, raw logs are retained for only a few months and then deleted or anonymized. Aggregated analytics (which do not identify individuals) may be kept longer for trend analysis.

Third-Party Retention

Data shared with our third-party processors may be retained according to their policies. For example, OpenAI (our AI provider) retains API data for up to 30 days for abuse monitoring, then deletes it. Stripe retains payment info in accordance with financial regulations. We only partner with providers who commit to appropriate retention and deletion practices.

Your Control

You can export your data or request a copy of it at any time (see Your Rights below). You can also delete specific content (like chat messages) through the app's interface. If you want all your data deleted, the easiest way is to delete your account – or contact us with a deletion request.

Data Security

We implement industry-standard security measures to protect your personal data from unauthorized access, loss, or misuse. This includes encryption of data in transit and at rest, strict access controls, regular security audits, and a well-defined incident response plan. While no system is 100% secure, we continuously work to safeguard your information to the highest reasonable standard.

Technical Measures

Encryption: All data sent between your device and our servers is encrypted using HTTPS/TLS. Sensitive data stored in our database (like passwords) is hashed with modern algorithms. We also encrypt certain fields at rest to add an extra layer of protection.
Access Control: Our database uses Row-Level Security (RLS), meaning users can only access their own data – one user cannot see another user's information even through technical exploits. Administrative access is limited to essential personnel on a need-to-know basis.
Rate Limiting: We implement rate limiting and abuse prevention measures on our APIs to protect against brute-force attacks and other automated threats.
Infrastructure Security: Our servers are hosted by reputable providers with strong physical and network security. We use firewalls, intrusion detection systems, and keep all software up-to-date with security patches.

Organizational Measures

Least Privilege: Only a minimal number of team members have access to personal data, and only as necessary to perform their job duties.
Confidentiality: All personnel with data access are bound by confidentiality agreements and trained in data protection best practices.
Security Audits: We conduct regular security reviews and vulnerability assessments of our systems to identify and remediate potential risks.

Data Breach Response

In the unlikely event of a data breach, we will act swiftly. Per GDPR requirements, we will notify the relevant supervisory authority within 72 hours of becoming aware of a breach (if it poses a risk to your rights). If a breach is likely to result in high risk to you (e.g., risk of identity theft or financial harm), we will also notify you directly via email and/or in-app notification, explaining what happened and what steps you can take to protect yourself.

Your Responsibilities

Security is a shared responsibility. Please help us keep your account secure by using a strong, unique password, enabling two-factor authentication if available, keeping your device secure, and not sharing your login credentials. If you suspect any unauthorized access to your account, please change your password immediately and contact us at ainiq@ainiq.app.

International Data Transfers

Your data is primarily stored and processed within the European Union (EU). Our database and application servers are hosted in the EU (Finland). However, some of our service providers (like OpenAI for AI processing) are based in the United States. When data is transferred outside the EU, we use appropriate safeguards (like EU Standard Contractual Clauses) to ensure your data remains protected.

Data Location

All personal data is stored on servers located within the EU/EEA. We have intentionally chosen EU-based hosting to ensure your data benefits from the strong privacy protections of European law (GDPR). Our primary database provider operates data centers in Finland.

Transfers to Third Countries

Some of our third-party service providers are located outside the EU, particularly in the United States. For example, when you use the AI chat feature, your messages are processed by OpenAI (headquartered in the USA). For any such transfers, we ensure appropriate safeguards are in place:

Standard Contractual Clauses (SCCs): We use EU Commission-approved Standard Contractual Clauses with our US-based providers. These contractual terms require the provider to protect your data to EU standards even when processing it outside the EU.
EU-US Data Privacy Framework: Some providers participate in the EU-US Data Privacy Framework, which provides additional assurances for transatlantic data transfers.
Technical Safeguards: Data transferred internationally is always encrypted in transit. We also minimize the data sent and ensure it's only used for the specific purpose (e.g., generating an AI response).

OpenAI Data Handling

OpenAI (our AI provider) has committed to Standard Contractual Clauses and does not use API data to train their models. Data sent to OpenAI is encrypted in transit and retained only for abuse monitoring (up to 30 days), then deleted. Your chat conversations are not used for AI training.

Your Privacy Rights

You have significant rights over your personal data under privacy laws (especially the GDPR if you're in the EU/EEA). This includes the right to access your data, correct inaccuracies,delete your data, restrict or object to certain processing, and port your data to another service. You can also withdraw consent and lodge complaints with regulators. We make it easy for you to exercise these rights.

Here is a summary of your key privacy rights:

Right of Access: You can request a copy of the personal data we hold about you. We will provide it in a readable format (typically JSON or similar) within 30 days.
Right to Rectification: If any of your data is inaccurate or incomplete, you have the right to have it corrected. You can update most information directly in your profile settings, or contact us for assistance.
Right to Erasure ("Right to be Forgotten"): You can request that we delete your personal data. You can delete your account from your profile settings, which will remove all your data within 30 days. Alternatively, contact us with a deletion request.
Right to Restrict Processing: In certain circumstances, you can ask us to temporarily limit how we use your data (for example, while we verify a correction request or evaluate an objection).
Right to Object: You can object to processing based on legitimate interests. If you object, we will stop processing your data for that purpose unless we have compelling grounds to continue. You always have the right to object to direct marketing (though we don't currently do this).
Right to Data Portability: You can request your data in a structured, machine-readable format so you can transfer it to another service. Use the "Export Data" feature in your profile settings or contact us.
Right to Withdraw Consent: Where we rely on your consent (e.g., for optional cookies), you can withdraw it at any time. Withdrawal won't affect processing that already occurred, but will stop future processing based on that consent.
Right to Lodge a Complaint: If you believe we've violated your privacy rights, you have the right to file a complaint with your local data protection authority. In Finland, this is the Office of the Data Protection Ombudsman (Tietosuojavaltuutetun toimisto). We would appreciate the chance to address your concerns directly first – please contact us.

How to Exercise Your Rights

To exercise any of these rights, you can email us at ainiq@ainiq.app with your request. Please include enough information to identify you (such as your account email). We may need to verify your identity before fulfilling certain requests. We will respond within 30 days (or inform you if we need an extension for complex requests). There is no fee for exercising your rights.

Automated Decision-Making and Profiling

AINIQ uses AI to generate your "digital twin" personality profile and provide personalized coaching. This involves automated processing of your survey answers and chat messages to produce insights and recommendations.

Not a Binding Decision

The personality profile and AI-generated insights are for entertainment and self-reflection purposes only. They are not official psychological diagnoses, and no binding decisions about you are made based on this automated processing. You are free to interpret, ignore, or disagree with the AI's outputs. If you have concerns about how automated processing affects you, please contact us.

Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or for other operational reasons. When we make changes, we will update the "Last updated" date at the top of this page.

For significant changes (such as new uses of your data or changes to your rights), we will provide more prominent notice – for example, via an email notification or an in-app announcement. We encourage you to review this policy periodically to stay informed about how we protect your data.

Your continued use of AINIQ after any changes to this Privacy Policy constitutes your acceptance of the updated terms. If you do not agree with a change, you should stop using the service and may request deletion of your data.

Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data, please don't hesitate to contact us. We are here to help.

Email: ainiq@ainiq.app

You can email us for data access requests, deletion requests, questions about this policy, or any other privacy-related inquiries. We will respond as quickly as possible, and in any event within the timeframes required by law (typically within 30 days).

Supervisory Authority: If you are in the EU/EEA and believe we have not adequately addressed your concerns, you have the right to lodge a complaint with your local data protection authority. In Finland, this is the Office of the Data Protection Ombudsman (Tietosuojavaltuutetun toimisto):tietosuoja.fi

Thank you for reading our Privacy Policy. We are committed to protecting your personal data and providing a safe, trustworthy service. Your privacy matters to us.