Fundamentals

Table of Content

Table of Content

Table of Content

Purposes & Legal Bases

Why we use your data and the legal grounds that allow us to do so.

Purposes & Legal Bases

How to read this page

This page explains why AIM processes data and under which GDPR legal basis each purpose is carried out. It complements Data & Sources, Retention, and Recipients & Transfers.

Provide and operate AIM (Contract)

We create and manage your account, authenticate you via Supabase, run our multi-AI features (including intelligent routing), deliver prompts and AI outputs, and provide support.
Legal basis: Performance of a contract (Art. 6(1)(b)). Minimal reliability/safety telemetry relies on legitimate interests (Art. 6(1)(f)).

Conversation & prompt history (Contract / Legitimate interests)

Your prompts and conversations are kept and accessible in your account for as long as the account remains active. This helps you pick up work and allows our support team to resolve issues. If you want them deleted, email our support team at support@aim.example (no Privacy Rights portal).
Legal basis: Performance of a contract (provide the history you expect), plus legitimate interests (quality and support).

Optional integrations you connect (Contract / Consent if required)

When you explicitly connect Google services (e.g., Gmail summaries, Calendar event creation), we process only what’s strictly necessary to fulfill your request. Access can be revoked at any time.
Legal basis: Performance of a contract with your explicit authorization; consent where a provider requires it.

Authentication, security & fraud prevention (Legitimate interests / Legal obligation)

We process login events, MFA signals, session identifiers, and abuse/fraud indicators to protect accounts and service integrity.
Legal basis: Legitimate interests (Art. 6(1)(f)); and where applicable legal obligation.

Payments, subscriptions & invoicing (Contract / Legal obligation)

We handle subscription status and invoicing; Stripe processes payments and card data (card numbers never touch AIM). We keep accounting records as required by law.
Legal basis: Performance of a contract and legal obligation (tax/accounting).

Analytics & measurement (Consent)

We run Google Analytics only with your consent, collected at entry under our Consent-or-Subscription model. Analytics help us understand usage and improve performance.
Legal basis: Consent (Art. 6(1)(a)).

Training & model improvement (Legitimate interests / Consent where required)

By default, prompts and outputs may be used to improve model performance, including models from third-party AI vendors. You can opt out in settings; where a vendor supports its own opt-out, we honor and propagate your choice when technically available.
Legal basis: Legitimate interests (Art. 6(1)(f)) with a clear opt-out; consent where local law or a provider requires it.

Service communications & support (Contract / Legitimate interests)

We send operational messages (security alerts, critical notices) and respond to support requests you initiate.
Legal basis: Performance of a contract and legitimate interests (service quality).

Marketing & investor relations (Consent / Legitimate interests)

We do not run broad user marketing without consent. Communications with investors occur directly and rely on legitimate interests.
Legal basis: Consent where applicable; legitimate interests for investor relations.

Cookies, trackers & access model (Consent / Contract or Legitimate interests for necessary)

We use strictly necessary trackers for core operation and, with consent, non-essential trackers (e.g., analytics). On entry you choose Accept & Access or Access Without Tracking via Subscription (an equivalent, tracking-free option). If you refuse and do not choose the subscription, access is not granted.
Legal basis: Consent for non-essential trackers; contract or legitimate interests for strictly necessary trackers.

Location signals (Legitimate interests; no precise location)

We process approximate IP-based location to understand user distribution and optimize performance. We do not collect precise, device-level location at launch.
Legal basis: Legitimate interests for approximate IP.

Enterprise workspaces (Processor role under DPA)

For enterprise workspaces, the Enterprise Customer is typically the Controller for member content and configuration; AIM acts as a Processor under a Data Processing Agreement (DPA).
Legal basis: Performance of a contract with the Enterprise Customer; processing under the DPA.

Legal compliance & claims (Legal obligation / Legitimate interests)

We process data to comply with legal obligations (e.g., tax, fraud reporting) and to establish, exercise, or defend legal claims.
Legal basis: Legal obligation and legitimate interests.

Your controls

  • Delete conversation history: email support@aim.example.

  • Training opt-out: toggle available in settings (propagated to vendors where supported).

  • Consent settings: make your choice at entry (Consent-or-Subscription) and withdraw consent at any time via the persistent Privacy link.

Conclusion

AIM processes only what’s necessary to provide and secure the multi-AI service—account/auth via Supabase, prompts/outputs, optional Google integrations (with authorization), security signals, and billing via Stripe (no card storage). Google Analytics runs only with consent. Model training is on by default with an opt-out; we don’t collect precise device location. Conversation history stays while your account is active and can be deleted by emailing support@aim.example. Access follows a Consent-or-Subscription model, and you can withdraw consent anytime.
Versioning

Effective date: {YYYY-MM-DD} • Last updated: {YYYY-MM-DD}

Data & Sources

Data & Sources

Data & Sources

Retention

Retention

Retention

Get Template for free

Get Template for free

Get Template for free

Create a free website with Framer, the website builder loved by startups, designers and agencies.