← Back to Aioomi

Privacy Policy

Last updated: February 15, 2026

Aioomi ("we", "our", or "us"), operated by MySelf Yevhen Shcherbynskyi, based in Warsaw, Poland, operates the aioomi.com website and the Aioomi platform. This Privacy Policy explains how we collect, use, store, and protect your personal data when you use our Service. We are committed to compliance with the General Data Protection Regulation (GDPR) and other applicable data protection laws.

1. Data We Collect

We collect the following categories of data:

  • Account data: Email address, full name, authentication provider (email or Google), and hashed password (for email accounts). Collected during registration.
  • Agent configurations: System prompts, model settings (temperature, max tokens), widget styling preferences, and agent names created by you.
  • Knowledge Base content: Documents you upload, their text content, and generated vector embeddings used for retrieval-augmented generation.
  • Chat data: Messages exchanged between End Users and your Agents, including session metadata (timestamps, session IDs).
  • Usage data: API request logs, token usage, billing information, and general platform analytics.
  • Technical data: IP addresses, browser type, device information, and cookies used for session management.

2. How We Use Data

We use your data for the following purposes:

  • To provide and operate the Service, including authenticating your identity, running your AI agents, and processing knowledge base queries.
  • To process payments and maintain accurate billing records.
  • To communicate with you about your account, service updates, and support requests.
  • To monitor and improve the performance, security, and reliability of the Service.
  • To comply with legal obligations and enforce our Terms of Service.

We process your data under the following legal bases (GDPR Article 6): performance of a contract, legitimate interests, consent, and compliance with legal obligations.

3. Data Storage

Your data is stored using Supabase, which provides our PostgreSQL database, authentication system, and file storage infrastructure. Supabase infrastructure is hosted on Amazon Web Services (AWS) in secured data centers.

Vector embeddings for knowledge base documents are stored using the pgvector extension within our Supabase PostgreSQL database. All data is encrypted at rest and in transit using industry-standard encryption protocols (TLS 1.2+, AES-256).

4. Third-Party Services

We use the following third-party services that may process your data:

  • OpenAI: Chat messages and knowledge base content are sent to OpenAI's API for AI-powered responses (GPT-4o) and vector embeddings (text-embedding-3-small). OpenAI processes this data in accordance with their Privacy Policy. API data is not used for model training.
  • Stripe: Payment processing is handled by Stripe. We do not store credit card numbers on our servers. Stripe processes payment data in accordance with their Privacy Policy and is PCI-DSS Level 1 certified.
  • Google: If you authenticate via Google OAuth, Google shares your email address and profile name with us. We do not receive your Google password. Google processes this data in accordance with their Privacy Policy.
  • Supabase: Provides database hosting, authentication, and storage. Supabase acts as a data processor on our behalf.

5. Cookies

We use essential cookies and local storage for the following purposes:

  • Authentication: Supabase session cookies to maintain your login state.
  • Theme preference: Local storage to remember your light/dark mode selection.
  • Widget identification: A visitor ID stored in localStorage (aioomi_visitor_id) to maintain chat session continuity for End Users.

We do not use advertising or tracking cookies. All cookies are strictly necessary for the operation of the Service.

6. Your Rights

Under the GDPR and other applicable data protection laws, you have the following rights:

  • Right of access: You can request a copy of the personal data we hold about you.
  • Right to rectification: You can request correction of inaccurate or incomplete data.
  • Right to erasure: You can request deletion of your personal data, subject to legal retention requirements.
  • Right to restrict processing: You can request that we limit how we use your data.
  • Right to data portability: You can request your data in a structured, machine-readable format.
  • Right to object: You can object to processing based on legitimate interests.

To exercise any of these rights, contact us at aioomi.help@gmail.com. We will respond within 30 days.

7. Data Retention

We retain your data for as long as your account is active or as needed to provide the Service. Specifically:

  • Account data is retained until you request account deletion.
  • Chat session data is retained for 12 months after creation, then automatically deleted.
  • Knowledge base documents and embeddings are deleted when you remove them or when your account is terminated.
  • Billing records are retained for 7 years as required by applicable tax and financial regulations.

Upon account deletion, we will remove your personal data within 30 days, except where retention is required by law.

8. Children's Privacy

The Service is not directed to individuals under the age of 18. We do not knowingly collect personal data from children. If we become aware that we have inadvertently collected data from a child under 18, we will take steps to delete such data promptly.

9. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email or by posting a prominent notice on the Service at least 30 days before the changes take effect. Your continued use of the Service after the effective date constitutes acceptance of the updated policy.

10. Contact

If you have questions or concerns about this Privacy Policy or our data practices, please contact us at aioomi.help@gmail.com.