Privacy Policy

Last updated: April 19, 2026

1. Introduction

This Privacy Policy explains how AIDO ("we", "us", "our") collects, uses, stores, and protects your personal data when you use our website at getyouraido.com and our hosted services (collectively, the "Service"). We are committed to protecting your privacy and processing your data in compliance with the General Data Protection Regulation (GDPR) and other applicable data protection laws.

2. Data Controller

The data controller responsible for processing your personal data is the operator of AIDO. For questions about this policy or your data, contact us at [email protected].

3. Data We Collect

We collect and process the following categories of personal data:

  • Account data: name and email address, provided when you purchase a subscription through Stripe.
  • Billing data: payment information is processed exclusively by Stripe. We store your Stripe customer ID and subscription status but never store credit card numbers or payment credentials.
  • Instance metadata: IP address of your server, health status, hostname, and setup timestamps.
  • Communication data: support ticket content, email logs (recipient, template, status, timestamps).
  • Technical data: IP address, browser user agent, and request timestamps collected automatically through server logs and rate-limiting mechanisms.

4. Data We Do NOT Collect

We do not collect, access, store, or process the content of your conversations with your AIDO agent, the files in your agent's workspace, your agent's memory or configuration, or the API keys you provide to your agent. Each customer's AIDO instance runs on an isolated server. We have no automated access to the data within your instance beyond health-check pings and administrative access for maintenance purposes.

5. Legal Basis for Processing

We process your personal data on the following legal grounds:

  • Contract performance (Art. 6(1)(b) GDPR): processing your account and billing data is necessary to deliver the Service you subscribed to.
  • Legitimate interest (Art. 6(1)(f) GDPR): server logs, health monitoring, and security measures to protect the Service and detect abuse.
  • Legal obligation (Art. 6(1)(c) GDPR): retention of billing records as required by tax and commercial law.

6. How We Use Your Data

  • Provision and maintain your AIDO instance.
  • Process payments and manage your subscription.
  • Send transactional emails (welcome, instance status, payment issues, password reset).
  • Respond to support tickets.
  • Monitor system health and enforce rate limits.
  • Comply with legal obligations.

We do not sell your data, use it for advertising, share it with third parties for marketing purposes, or use it to train AI models.

7. Third-Party Processors

We use the following third-party services to operate the platform:

  • Stripe (payment processing) — processes your payment data under their own privacy policy.
  • Scaleway (cloud infrastructure) — hosts your AIDO instance on dedicated servers within the EU.
  • Cloudflare (DNS and security) — manages DNS records and provides network-layer protection.

All processors are bound by data processing agreements and process data in accordance with GDPR requirements. Infrastructure is hosted within the European Union.

8. Data Retention

  • Active accounts: data is retained for the duration of your subscription.
  • After cancellation: a 7-day grace period is followed by instance suspension, then termination after 30 days.
  • After termination: your instance data (server, files, conversations) is permanently deleted. Account records (name, email, billing history) are retained for up to 90 days, then deleted unless legally required to retain them longer.
  • Email logs: deleted when your account is deleted (cascade deletion).
  • Billing records: retained as required by applicable tax and commercial law (typically 7-10 years).

9. Your Rights

Under the GDPR, you have the right to:

  • Access — request a copy of the personal data we hold about you.
  • Rectification — request correction of inaccurate data.
  • Erasure — request deletion of your data ("right to be forgotten").
  • Restriction — request that we limit processing of your data.
  • Portability — receive your data in a structured, machine-readable format.
  • Objection — object to processing based on legitimate interest.

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days. You also have the right to lodge a complaint with your local data protection authority.

10. Cookies

The Service uses only strictly necessary cookies for authentication (session tokens for the customer portal). We do not use tracking cookies, analytics cookies, or third-party advertising cookies. No cookie consent banner is required because we only use cookies that are essential for the Service to function.

11. Security

We implement appropriate technical and organizational measures to protect your data, including: encrypted connections (TLS), hashed authentication tokens, isolated per-customer infrastructure, IP-based access controls, and automated health monitoring. Despite these measures, no system is completely secure. We encourage you to protect your own credentials and API keys.

12. International Data Transfers

Your data is processed and stored within the European Union (Scaleway, France/Netherlands). If any processing occurs outside the EU, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses.

13. Children

The Service is not directed at individuals under the age of 18. We do not knowingly collect personal data from minors. If you believe we have collected data from a minor, contact us and we will delete it promptly.

14. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email to active subscribers. The "last updated" date at the top of this page indicates the most recent revision.