Privacy Policy

Last updated: 2025-12-01

1. Data Controller

AINIQ (example organization). Contact: privacy@ainiq.app.

2. Purpose of Processing

Creating a personalized psychological profile and producing reflective responses through your digital twin.

3. Personal Data We Collect

Authentication Data: Email address, user ID, password hash
Survey Responses: Personality questionnaire answers, pairwise comparisons, schema assessments, interests
Chat Conversations: Your messages with your digital twin (encrypted on the server)
Profile Data: Big Five personality analysis, decision-making patterns, coping strategies (psychological heuristics)
Payment Information: Stripe Customer ID, purchase history, token balance (Stripe handles actual payment details)
Usage Data: Login times, chat activity, token consumption, last activity timestamp
Technical Logs: IP address (anonymized in analytics), user agent, error logs, timestamps

Note: We do not store health data, ethnic background, political opinions, or other GDPR special categories of personal data. Personality profiles are not medical diagnoses.

4. Legal Basis

Contract for service usage and legitimate interest (maintaining model quality) with minimized personal data.

5. Data Retention

Profile data is retained as long as your user account is active or until a deletion request is processed. Logs may be aggregated or anonymized.

6. Data Sources

User input (surveys, text), system-derived features (models, analyses).

7. Data Recipients and Transfers

Third-party service providers:

OpenAI (GPT-4o, GPT-5): AI model provider for chat functionality. We send prompt content (your messages + context). OpenAI Privacy Policy | Data Processing Addendum
Database Service: Database and authentication hosted in EU data centers.
Stripe: Payment processing and billing. Stripe handles your payment details directly; we do not store credit card numbers. Stripe Privacy
Resend: Transactional email delivery (purchase confirmations). Resend Privacy
Redis.io: Caching and rate limiting. Does not persistently store personal data. Redis Privacy
Sentry: Error tracking and debugging. Error logs do not contain personal data. Sentry Privacy

7.1 International Data Transfers

Data Location: All personal data is stored and processed within the EU/EEA region where possible. However, some service providers (notably OpenAI) are located in the United States and other third countries.

Transfer Safeguards (GDPR Chapter V):

Standard Contractual Clauses (SCC): We use EU Commission-approved Standard Contractual Clauses for data transfers to countries without an adequacy decision (e.g., USA). These clauses ensure your data receives equivalent protection as in the EU.
OpenAI Data Processing Addendum: OpenAI has committed to Standard Contractual Clauses and does not use API data to train their models. Chat data sent to OpenAI is encrypted in transit and retained only for abuse monitoring (30 days), not for training purposes.
Technical Safeguards: We implement additional encryption and pseudonymization measures to minimize risks associated with international transfers.
EU-USA Data Privacy Framework: Some of our providers participate in the EU-USA Data Privacy Framework, providing an additional layer of protection for transatlantic data flows.

By using our Service, you acknowledge and consent to these international data transfers under the safeguards described above.

We do not sell or rent your personal data to third parties for marketing purposes.

8. Data Security

Technical Security Measures:

Encryption: Chat messages are encrypted on the server. All data transmission uses HTTPS/TLS encryption.
Access Control: Database-level security ensures users can only access their own data.
Rate Limiting: API abuse prevention to protect against automated attacks.
Authentication: Industry-standard secure password hashing and OAuth 2.0 support.
Infrastructure Security: Firewalls, intrusion detection, and regular security updates.
Error Monitoring: Automated error tracking without exposing personal data. Logs do not contain passwords or payment details.

Organizational Measures:

Data access limited to necessary personnel only (principle of least privilege).
All staff bound by confidentiality agreements.
Regular security audits and vulnerability assessments.

8.1 Data Breach Notification (GDPR Articles 33-34)

In the unlikely event of a personal data breach (unauthorized access, loss, alteration, or disclosure of your data), we are committed to transparency and swift action:

Notification to Supervisory Authority:

We will notify the relevant data protection authority (e.g., Finnish Data Protection Ombudsman) within 72 hours of becoming aware of a breach, unless the breach is unlikely to result in a risk to your rights and freedoms.
The notification will include: nature of the breach, categories and approximate number of affected users, likely consequences, and measures taken to address it.

Notification to You (Affected Users):

If a breach is likely to result in a high risk to your rights and freedoms (e.g., risk of identity theft, financial loss, discrimination, or reputational damage), we will notify you without undue delay.
We will send notification via email to your registered address and/or display an in-app alert.
The notification will describe the breach in clear, plain language and advise you on steps to mitigate potential harm (e.g., changing passwords, monitoring accounts).

Our Response:

Immediately contain and investigate the breach.
Implement remedial measures to prevent recurrence.
Document all breaches in our internal breach register (as required by GDPR Article 33(5)).
Cooperate fully with supervisory authorities and law enforcement if required.

Your Responsibility: Keep your login credentials secure. Use a strong password. Enable two-factor authentication if available. Do not share your account. Report suspicious activity immediately to privacy@ainiq.app.

9. Your Rights

Right to access your data (export request)
Right to rectify and delete data
Right to restrict processing and object in certain situations
Right to data portability

10. Cookies and Tracking Technologies

This site uses essential cookies for user sessions and consent preferences. Analytics and marketing are loaded only with your consent.

Cookie Categories

Essential: Required for login and security (authentication tokens), and storing your choices (consent).
Analytics: Anonymous visitor statistics (anonymized, does not use tracking cookies).
Marketing: Retargeting / conversion tracking (Meta Pixel, Google gtag) – loaded only if you accept.

Cookies We Use

Name / Pattern	Category	Duration	Purpose
consent	Essential	180 days	User consent choices (analytics / marketing). Also stored in localStorage.
sb-*-auth-token	Essential	Session	Authentication access token (httpOnly: false, so client can read it).
sb-*-auth-token-code-verifier	Essential	10 min	OAuth PKCE code verifier (removed after exchange).
auth_continue, auth_origin	Essential	10 min	OAuth callback navigation (removed after login).
_fbp, _fbc	Marketing	90 days	Meta Pixel (only with marketing consent). Conversion tracking.
_ga, _ga_*	Marketing	24 months	Google gtag (only with marketing consent). IP anonymized.
_gcl_au	Marketing	90 days	Google Ads conversion tracking.

Note: Analytics services are configured to anonymize IP addresses automatically and do not track individual users across sites.

You can open cookie settings anytime via the "Cookie Settings" link in the footer to modify your consent. Marketing and analytics scripts are not loaded before consent.

11. Automated Profiling

The profile is generated algorithmically. It is not an official psychological diagnosis or decision, but a reflection tool.

12. Changes to This Policy

Update date is shown at the top of this page. Significant changes will be announced in the application.

13. Contact for Rights Requests

Send your request to: privacy@ainiq.app. We will respond within the legally required timeframe.

Privacy Notice

Introduction

This Privacy Notice explains how personal data is collected, used, and protected when you use the AINIQ application and related services. AINIQ consists of two distinct parts: a locally installed application that runs on your device, and a separate online service (cloud-based SaaS platform). These parts operate independently, and no data is automatically transferred from the local app to the online service without your action or consent. We are committed to protecting your privacy and using clear language to describe our practices.

Below we outline the key aspects of our data practices, in accordance with international standards and the EU General Data Protection Regulation (GDPR):

What personal data we collect and where it is collected (local application vs. online service).
Special categories of personal data (sensitive data) and our policy of not processing them.
How and why we use your personal data (purposes of processing).
How long we retain data and how you can control it.
Your rights regarding your personal data.
How we share or disclose data to third parties.
International data transfers (we process data within the EU).
Our use of cookies and similar technologies.
How we safeguard data security.
Contact information for privacy inquiries or requests.

What Data We Collect and Where

AINIQ processes personal data in two environments: the local application on your device and the AINIQ online service. These operate separately, meaning data in your local app is not automatically shared with our online servers unless you choose to sync or use online features. Below is a breakdown of the data collected in each environment:

Local Application (on Your Device)

Profile Information: When you create a user profile in the app, you may enter information such as your name, nickname, or other profile details. This profile data is stored locally on your device as part of the app’s user profile and is not sent to AINIQ servers.
App Usage Data (Local): The app may store certain usage preferences and content locally. This can include settings you configure, favorites, notes or other content you create within the app. For example, the app might remember the last feature or screen you accessed to enhance your user experience. All such usage data remains on your device.
User-Provided Content and Inputs: If you input personal content into the app (such as uploading text, images, messages, or other data), that content stays on your device. AINIQ’s local features or AI modules may process this information offline on your device. The personal content you provide is not uploaded to our servers unless you explicitly choose to do so (for example, by using a cloud backup or sync feature, if available).
Device Data for App Features: The local app may request access to certain device functions or sensors (e.g. your camera, microphone, or storage) to provide specific features. Any data from these (for instance, a photo you take or audio you record for the app) is processed locally by the application. Such data is not automatically transmitted to any external service or to AINIQ’s servers.

AINIQ Online Service (Cloud Platform)

Account Information: If you sign up for an AINIQ online account or use cloud features, we may ask you to provide basic registration details such as an email address, username, and a password. This information is used to create and manage your online account and is stored securely on our servers.
Online Usage Data: When you use the AINIQ online service (for example, logging into the web portal, accessing cloud-based modules, or syncing data), our systems automatically collect certain log and usage information. This may include your IP address, device identifiers, browser type or app version, login timestamps, and actions you take in the service. We collect this data to maintain the service, diagnose issues, ensure security, and analyze usage trends (for example, to see which features are most popular).
Cookies and Similar Technologies: If the online service includes a web interface or website, we use cookies and similar tracking technologies to enhance your experience. Cookies are small text files stored on your browser or device. They help with things like keeping you logged in, remembering site preferences, and understanding how you navigate our site. For instance, cookies may collect data on which pages you visit, buttons you click, or other browsing behavior. This information helps us improve website usability and performance. (See the Cookies section below for more details.)
Contact and Support Messages: If you interact with us via online channels – for example, by sending a support request, feedback, or filling out a contact form – we will collect the information you provide in that communication. This typically includes your name, email address, and the content of your message. We use this information solely to respond to your inquiry or request.

Important Note: The local application and the online service are designed to function independently. Simply using the app on your device does not transmit your personal data to the internet or to our servers. You control if and when any data leaves your device – for example, if you actively choose to synchronize data to the cloud service or enable an online feature, then data transfer will occur with your consent. Otherwise, your data stays local.

Special Categories of Personal Data (Sensitive Data)

We do not intend to collect or process any sensitive personal data about you. Sensitive or special categories of personal data include information such as your racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic or biometric data, health information, or data concerning your sex life or sexual orientation. The AINIQ application and services are not intended for handling such sensitive data, and you should refrain from inputting or uploading this type of information into the app or online service.

Please do not submit any sensitive personal data when using AINIQ. We explicitly prohibit the use of AINIQ to collect or process these special categories of data. Any such information inadvertently provided may be deleted or anonymized, and it will not be used for any purpose. By avoiding submission of sensitive data, you help us ensure we only handle data appropriate for our services.

How We Use Your Data (Purposes of Processing)

We collect and use personal data only for specific, legitimate purposes. Below are the primary purposes for which AINIQ processes your information:

Providing and Operating the Service: We use personal data to deliver the app’s functionality and online services to you. For example, the app uses your profile information to display your profile within the interface. Locally stored settings and data are used to run features you initiate (e.g. displaying your notes or preferences). On the online service side, the account details you provide (like your email and password) are used to create your account, authenticate you, and allow you to log in and use the cloud features.
Personalizing User Experience: We may use the information we have (within both the local app and online service) to personalize and improve your experience. In the local app, your settings and usage history might be utilized to recommend content or features that align with your past activities (for example, suggesting a module you frequently use or enjoyed previously). In the online service, analyzing usage data (in aggregate) helps us understand which features are most used or helpful, so we can tailor the service to be more intuitive and beneficial for users.
Service Improvement and Development: Data (especially in an aggregated or anonymized form) is used to help us troubleshoot, develop, and enhance AINIQ’s application and services. For instance, if the app crashes or encounters an error, a crash log or performance report might be generated; if you choose to share these reports with us, we use them to identify and fix bugs. Similarly, analytics from the online service (such as overall usage patterns or feedback you provide) allow us to identify common needs or trends and improve existing features or add new ones. Our goal is to continuously refine AINIQ to make it more reliable, secure, and user-friendly.
Compliance with Legal Obligations: In certain cases, we may need to process some data to comply with laws or regulations. For example, if we have to retain transaction records for accounting or fulfill a legal request (explained further in Data Sharing and Disclosure), we will use the necessary data for those legal purposes only.

AINIQ does not use your personal data for any purposes other than those outlined above without obtaining your consent or unless otherwise permitted or required by law. Notably, we do not use your data for direct marketing purposes unless you have explicitly given us permission. (As of now, AINIQ does not send promotional emails or marketing communications to users without consent.)

If in the future we wish to process your data for a new purpose that is not compatible with the purposes listed above, we will update our privacy notice and, if required, seek your consent.

Cookies and Similar Technologies

Like most online services, the AINIQ online service and website use cookies and similar technologies to ensure the service works correctly and to enhance your experience.

What Are Cookies? Cookies are small text files placed on your device (computer, smartphone, etc.) when you visit a website. They allow the website to recognize your device and store certain information about your preferences or past actions.

How We Use Cookies: AINIQ uses cookies for several reasons:

Authentication and Session Management: We use cookies to recognize you when you log in to the online service. This allows us to maintain your session (so you don’t have to keep logging in as you navigate through pages) and to remember any preferences or settings you have selected.
Preferences and Functionality: Cookies help remember your choices on our site, such as language preference or any customizations, so that we can provide a tailored experience. For example, a cookie might remember that you dismissed a notification so it doesn’t show again.
Usage Analytics: We may use cookies (or similar tools like local storage or analytic scripts) to gather information about how visitors use our website. This can include which pages are visited, for how long, and what features are used. This data helps us understand user engagement and improve our content and layout. These analytics cookies may come from third-party providers that specialize in analytics (but they will only collect general usage data, not personally identifying information, and only for our purposes).
Security: Cookies can be used to enable and support our security features, for example by helping to detect malicious activity or violations of our Terms of Service.

Your Choices: When you first visit our site, you may be presented with a cookie banner or settings allowing you to accept or reject certain cookies. You can always manage your cookie preferences through our website’s cookie settings or via your browser settings. Most web browsers allow you to refuse new cookies, delete existing cookies, or notify you when new cookies are set. Please note that if you disable or delete cookies, some features of the AINIQ online service (such as keeping you logged in) may not function properly.

For more detailed information on the cookies we use, you can refer to our Cookie Notice (if provided) or contact us with any questions. By using the AINIQ online services with cookies enabled in your settings, you consent to our use of cookies as described here.

Data Retention: How Long We Store Your Data

We only keep personal data for as long as it is necessary to fulfill the purposes described in this notice (or as required by law). Because AINIQ involves both a local app and an online service, retention practices differ slightly between these environments:

Local Application Data: All personal data stored by the local app on your device (such as your profile and any content or settings saved locally) remains on your device for as long as you use the application. We (AINIQ as a service provider) do not have automatic access to or control over the data on your device. This means you control how long that data is kept. You may at any time edit or delete the personal data stored by the app, typically via the app’s settings or profile management features. If you uninstall the AINIQ application from your device, the data it stored locally will generally be deleted from your device’s storage as part of the uninstall process. (Note: In some cases, your device’s backups could contain app data. If you restore a device backup that includes AINIQ data, that data may reappear on your device even after uninstalling, until the backup is deleted or updated.)
AINIQ Online Service Data: Personal data that is stored in our online service (for example, your account information and any cloud-stored content) is retained for as long as is necessary for the purposes it was collected. In practice, as long as your user account remains active, we will retain the information associated with your account. If you decide to stop using the service, you may choose to deactivate or delete your AINIQ online account. Upon account deletion (or a specific request to delete your data), we will remove or anonymize your personal data from our systems within a reasonable time frame. In most cases, deletion or anonymization will occur within approximately 30 days after your request or account closure, unless applicable law requires a different retention period.
Short-term Logs: Some data, such as system logs (including IP addresses and usage logs collected for security, troubleshooting, or analytics), may be retained for a brief period after collection. We typically retain such logs for only a few months for system integrity, security monitoring, and analysis. After this period, we either delete the logs or anonymize them so they can no longer be linked to an individual.
Legal Requirements for Retention: In certain situations, we may need to retain data for a longer period if required by law. For example, if there are financial transactions (for a paid subscription) or records needed for accounting/tax purposes, we might need to keep those records for the duration mandated by law. Similarly, if we are obligated to retain data due to a legal dispute or enforcement of our terms, we will hold the necessary data for as long as legally required. Any data retained solely due to legal obligation will be used only for that purpose and not for other business purposes.
End of Retention & Deletion: Once personal data is no longer needed for the purposes for which it was collected (and we are not legally required to keep it), we will either permanently delete it or irreversibly anonymize it. Anonymization means altering the data so that it can no longer be linked to you or identify you personally. For instance, if you delete your AINIQ online account, we will ensure that all personal data related to that account is removed or anonymized across our active databases and backups within a reasonable period.
Your Control over Data: Remember that you have the right to request deletion of your data at any time (see User Rights below). We also strive to provide you with in-app and online tools to manage your data. For example, you can delete or modify your own profile information and content at your discretion. We encourage you to use these tools to keep your data up-to-date and to remove anything you no longer want us to store.

Your Rights as a User (GDPR and Privacy Rights)

As a user of AINIQ, and particularly if you are in the European Union or European Economic Area, you have certain rights regarding your personal data under the GDPR (General Data Protection Regulation) and other applicable privacy laws. We are committed to honoring these rights. Below is a summary of your key rights and what they mean:

Right of Access (Data Access): You have the right to know whether we are processing personal data about you, and if so, to access that data. This means you can ask us to confirm if we have your personal information, and request a copy of the data we hold about you. We will provide this information in a concise, transparent, and easily understandable format. (In practice, this is like asking for a "data report" or "register extract" of your information.)
Right to Rectification (Correction): If you believe that any personal data we have about you is inaccurate or incomplete, you have the right to request that we correct or update it. For example, if you find that your profile information in the online service is outdated or incorrect, you can update it yourself (via your account settings) or ask us to correct it. We will correct erroneous data without undue delay.
Right to Erasure (Deletion or "Right to be Forgotten"): You have the right to request that we delete your personal data. You can, for instance, ask us to delete your entire user account and all associated information. When we receive a deletion request and have confirmed your identity, we will permanently delete the personal data that we are not legally required or otherwise permitted to retain. In some cases, instead of deletion, we may anonymize the data (for example, if the data is needed for statistical purposes) – but in such cases, it will be irreversibly de-identified so that it no longer can be linked to you.
Right to Restrict Processing: In certain circumstances, you can ask us to limit how we use your data. This means we would store your data but temporarily refrain from processing it for any purpose other than storage (and possibly to ensure the restriction continues to be honored). You might request restriction if, for example, you contest the accuracy of your data (while we verify it), or if you object to a certain use and we are evaluating your request. During the restriction period, we will not use or share the data except for preserving it or as otherwise agreed to by you or required by law.
Right to Object: You have the right to object to our processing of your personal data when such processing is based on our legitimate interests (or those of a third party), and you feel it impacts your fundamental rights and freedoms. If you file an objection, we will review the reasons and generally will stop or refrain from processing the data in question unless we have compelling legitimate grounds to continue (as permitted by law). Importantly, you always have the right to object to the use of your personal data for direct marketing. Note: AINIQ does not currently use your data for any direct marketing without your consent, and you can opt out at any time if that changes.
Right to Data Portability: Where you have provided data to us and we process it by automated means based on your consent or in performance of a contract, you have the right to obtain a copy of that data in a structured, commonly used, machine-readable format. For example, you might request an export of the personal data you provided in setting up your profile or any content you uploaded. You also have the right to request that we transmit that data to another service provider, if technically feasible. We will assist in transferring your data in a safe and secure manner upon your instruction.
Right to Withdraw Consent: In cases where we rely on your consent to process your personal data (if any, for example optional features or newsletters that you agreed to), you have the right to withdraw that consent at any time. If you withdraw consent, we will stop the processing that was based on consent. Withdrawal of consent does not affect the lawfulness of processing that occurred before the withdrawal. For instance, if you had consented to receive an email newsletter and later withdraw that consent, we will stop sending you the newsletter, but any emailing done before your withdrawal was still legal.
Right to Lodge a Complaint: If you believe that we have infringed your data protection rights or violated applicable privacy laws, you have the right to file a complaint with a supervisory authority. For users in the EU, this would typically be your national Data Protection Authority (for example, in Finland this is the Office of the Data Protection Ombudsman). We would, however, appreciate the chance to address your concerns directly first. If you have any issues or feel your rights are not being respected, please contact us and we will do our best to resolve the matter to your satisfaction.

Exercising Your Rights: You can exercise these rights at any time by contacting us (see Contact Information below). To protect your privacy, we may need to verify your identity before fulfilling certain requests (for example, access or deletion requests) – this is to ensure that we don’t disclose or remove the wrong person’s information. We will respond to your request as quickly as possible, and in any event within the timeframe required by law (generally within 1 month, although we may extend this period by an additional two months for complex requests – we will inform you if an extension is needed).

We will not discriminate against you for exercising any of these rights. All users enjoy the same service and features regardless of whether they exercise privacy rights.

Data Sharing and Disclosure

We treat your personal data as confidential. We do not sell your personal information to third parties for their own marketing or business purposes. We will only share or disclose your data with third parties in a few specific scenarios, as outlined below, and always in accordance with applicable privacy laws:

Service Providers and Subprocessors: We may share certain data with trusted third-party companies that help us operate and improve AINIQ (often called “service providers” or subprocessors). These include, for example, cloud hosting providers (where our online service and databases run), data storage and backup services, analytics services, error/crash reporting services, or email service providers (for sending account-related emails). We only share data with these partners to the extent necessary for them to perform their services on our behalf. They are not allowed to use your information for any other purpose. We carefully select our partners and require them to contractually commit to appropriate data protection and security obligations. They must follow our instructions and applicable law when processing your data, and we continue to supervise and remain responsible for their handling of your information.
Legal Requirements and Safety: We may disclose personal data to government authorities, courts, or law enforcement if required to do so by law or if such action is necessary to (i) comply with a legal obligation, such as a court order or subpoena; (ii) respond to valid legal requests relating to criminal investigations, national security, or law enforcement matters; or (iii) enforce our terms of service, protect the rights, property, or safety of AINIQ, our users, or the public. In all such cases, we will only disclose the minimum amount of information that is legally required or justified, and we will ensure any request is valid and necessary before responding.
Business Transfers: If the company or organization that develops and offers AINIQ undergoes a business transaction such as a merger, acquisition, reorganization, or sale of some or all assets, user data (including personal data) may be transferred to the successor or new owner as part of that transaction. If such a transfer occurs, we will ensure that your personal data remains subject to the same protections outlined in this Privacy Notice. The new owner will be required to continue respecting your personal data in line with applicable privacy laws and this notice. We will also notify you (for example, via email or a notice on our website) before your data is transferred and becomes subject to a different privacy policy.
Your Own Sharing Actions: AINIQ may offer features that allow you to share certain data or content with others at your discretion (for example, sharing a screenshot or a summary from the app with a friend, or posting content to a social media platform). In such cases, the transfer of data happens only when you actively initiate it. We do not send your personal data to other users or outside parties unless you use a feature that does so. It’s essentially you choosing to share, and you will be informed in the app when you are about to send data outside of AINIQ. Always use caution and only share what you’re comfortable with, since once you share data externally (even through an app feature), that shared data is no longer under our control.

Other than the situations above, we will not disclose your personal data to third parties without your consent. If we ever need to share information for any other reason, we will obtain your permission or at least inform you clearly, as required by law.

International Data Transfers

Your personal data is handled in a way that complies with European data protection standards. We do not transfer or store personal data outside of the European Economic Area (EEA) in the normal course of operating AINIQ. All of our data processing and storage occurs on servers located within the EU/EEA (for example, in data centers in Finland or other EU countries). We intentionally select infrastructure and service providers that keep data within the EU to ensure that your information is protected under the strong privacy laws of the EU.

This means that when you use AINIQ, your personal information remains within jurisdictions that are governed by EU data protection regulations (GDPR). As a result, your data benefits from the robust legal protections and high security standards enforced in the EU.

No Data Transfers Outside EU: At present, we have no need to transmit your personal data to any country outside the EEA. If in the future we consider using a service or partner located outside of the EEA (for instance, a global cloud service or an email delivery provider with servers in the USA), we will only do so in full compliance with data protection law. In particular, we would ensure that:

The non-EEA country is recognized by the European Commission as having an adequate level of data protection or, if not,
We put in place appropriate safeguards as required by GDPR, such as Standard Contractual Clauses (SCCs) or other approved transfer mechanisms, combined with additional technical and organizational measures as necessary to protect the data.
We would also notify users of any significant changes in data transfer practices and update this privacy notice accordingly.

To emphasize, currently there is no transfer of user personal data outside the EU/EEA as part of AINIQ’s standard operations. We remain committed to keeping your data within jurisdictions that uphold high privacy standards.

Data Security Measures

We take data security very seriously at AINIQ. We implement a variety of technical and organizational measures to protect your personal data from unauthorized access, disclosure, alteration, or destruction. Here are some key aspects of our approach to security:

Privacy-By-Design (Local Processing): AINIQ is built with privacy in mind. Many core features – including the AI-based processing of your personal content – are designed to run locally on your device rather than on our servers. By processing data offline on your device, we greatly reduce the amount of personal information transmitted over the internet. This architecture minimizes the risk of data leaks or breaches since your sensitive content often never leaves your personal device.
Encryption: All personal data that does need to travel between your device and our online service is protected by strong encryption. We use HTTPS (SSL/TLS) for all client-server communications, ensuring that data in transit is encrypted and cannot be read or tampered with by unauthorized parties. Additionally, any sensitive data stored on our servers is encrypted at rest whenever feasible. For example, passwords are stored using secure hashing and salting techniques, and other sensitive fields may be encrypted in our databases to add an extra layer of protection.
Access Control and Confidentiality: We strictly limit access to personal data to only those personnel (employees or authorized contractors) who need the information to perform their duties (for example, customer support or system maintenance). We enforce the principle of least privilege, meaning each person is granted the minimum access necessary. All staff with access to personal data are bound by confidentiality obligations (both legal requirements and contractual agreements). They are trained in privacy and security best practices to ensure your data remains confidential.
Secure Infrastructure: Our servers and databases are protected by multiple layers of security controls. We employ firewalls to block unauthorized network access, and we use up-to-date anti-virus and anti-malware tools to protect against viruses or malicious attacks. We also deploy intrusion detection and prevention systems to monitor for suspicious activities. Our systems are continuously monitored, and security alerts are set up to notify us of any unusual events. We also separate and isolate systems as needed so a vulnerability in one component does not compromise the whole system.
Software Updates and Patching: We keep all our software and systems updated to mitigate security vulnerabilities. This includes regularly updating the AINIQ application (we encourage you to always install the latest app updates) and promptly applying patches to our server operating systems, databases, and dependencies when security fixes are released. Rapid patching helps protect against newly discovered threats.
Security Testing and Preparedness: We conduct periodic security assessments and testing of our platform. This may include practices like penetration testing by security experts and routine code reviews focused on security. By proactively testing, we aim to catch and fix potential security weaknesses before they can be exploited. Furthermore, we have an incident response plan in place. This means if we detect a security incident or data breach, we are prepared to act quickly: we will investigate the issue, mitigate the harm, and inform affected users and, if required, relevant authorities (such as data protection regulators) in a timely manner, as mandated by law.
User Responsibilities: While we work hard to secure our systems, it’s important to note that security is a partnership. As a user, you also play a role in keeping your data safe. We strongly encourage you to use a strong, unique password for your AINIQ account and to keep your login credentials secret. If multi-factor authentication (MFA) is available, consider enabling it for added security. Also, protect your devices with a passcode, biometric lock, or other security measures to prevent unauthorized access to the AINIQ app and your personal data stored on the device. Be cautious of phishing attempts or suspicious links – AINIQ will never ask for your password via email. And finally, keep your AINIQ app updated to the latest version, since updates often include security enhancements and bug fixes.

By implementing these measures and staying vigilant, we aim to safeguard your personal data at all times. However, if you have reason to believe that your data may have been compromised or you notice any vulnerability or security issue in AINIQ, please notify us immediately so we can take appropriate action.

Contact Information

If you have any questions, concerns, or requests regarding this Privacy Notice or your personal data, please do not hesitate to contact us. We are here to help and address any privacy or data protection queries you may have.

Contact Email: privacy@ainiq.com
(You can email us here for matters such as data access requests, deletion requests, or any other privacy-related inquiries.)

Contact Address: AINIQ Privacy Team, [Address of Company/Organization]
(If you prefer to reach out via mail or need our official business address, please use the above. Replace with actual mailing address.)

Data Protection Officer (if applicable): [Name], dpo@ainiq.com
(If AINIQ has appointed a Data Protection Officer, their contact details would be provided here. You may contact the DPO directly for any sensitive privacy concerns.)

We will respond to your inquiries as soon as possible, and in any event within the timeframes required by law. Your privacy is important to us, and we welcome your feedback.

Thank you for reading our Privacy Notice. We hope this helps you understand how your data is handled when using AINIQ. We are committed to protecting your personal data and providing a safe, trustworthy service.