Fundamentals

Table of Content

Table of Content

Table of Content

Recipients & Transfers

Who we share data with, and if it’s transferred internationally and under which safeguards.

Purpose of this page

This page explains who receives your data, why we share it, and how international transfers are safeguarded. For what we collect and why, see Data & Sources and Purposes & Legal Bases.

Service providers we rely on

We use vetted providers under data-processing agreements and least-privilege access:

  • Authentication & storageSupabase (accounts, auth flows, databases, backups).

  • PaymentsStripe (subscriptions and invoicing; card numbers never touch AIM).

  • SupportIntercom (ticketing and in-product support).

  • EmailHostinger (email hosting for AIM addresses). We may add a dedicated email-delivery provider for certain channels.

  • Analytics (consent-based)Google Analytics (runs only if you consent).

  • Observability (environment-dependent) — may include Sentry, Datadog, New Relic, or none yet until activated.

Each provider receives only the minimum data necessary to perform its task, with contractual and technical safeguards.

AI model providers (routing)

To generate AI outputs, AIM may route prompts to third-party model providers. The lineup may include OpenAI, Anthropic, Google, DeepSeek, Flux, Perplexity, Meta, Mistral, Moonshot, Qwen, and others. The set can evolve over time. Where supported, we honor and propagate your training opt-out.

Optional integrations you connect

If you connect Google integrations (e.g., Gmail summaries, Calendar event creation), AIM accesses only the fields strictly required to fulfill your request. Access is revocable at any time from your Google account. We do not reshare that data for unrelated purposes.

Enterprise workspaces

For B2B workspaces, the Enterprise Customer is typically the Controller for member content; AIM acts as Processor under the DPA and may disclose workspace data to customer admins at their instruction (e.g., compliance exports).

Corporate transactions

If AIM enters a merger, acquisition, financing, or sale, personal data may transfer under contractual protections and notice, maintaining equal or stronger privacy safeguards.

Legal and safety

We may disclose data where required or permitted by applicable law to protect users, investigate abuse or fraud, or comply with lawful process.

International transfers & safeguards

AIM operates on global infrastructure. When data leaves your country or the EEA/UK/CH, we rely on Standard Contractual Clauses (SCCs) (or an equivalent mechanism) and supplementary measures such as encryption in transit and at rest, access controls, and data minimization. Model routing may involve providers in multiple jurisdictions; onward-transfer protections are required by contract.

Keeping this current

We maintain a living sub-processor roster at /privacy/subprocessors. That roster prevails if it differs from this summary and may be updated as our stack evolves.

Effective date: {YYYY-MM-DD} • Last updated: {YYYY-MM-DD}

Sub-processors

What this page covers

This page lists the third parties that process personal data on AIM’s behalf (our “sub-processors”). It’s intentionally high-level so we can adapt our stack; the /privacy/subprocessors page is updated as providers are added or changed.

Current categories & named providers

  • Authentication & storageSupabase (core account, auth, database, backups).

  • PaymentsStripe (subscription and invoicing; card data handled by Stripe).

  • SupportIntercom (support chat and ticketing).

  • Email (hosting)Hostinger (AIM email accounts).

  • Email (delivery) — a dedicated sender may be added for transactional or marketing sends; if activated, it will appear on /privacy/subprocessors.

  • Analytics (consent-based)Google Analytics (only when you consent).

  • Observability — may include Sentry, Datadog, New Relic, or none yet depending on environment and rollout stage.

  • AI model providers (routing) — may include OpenAI, Anthropic, Google, DeepSeek, Flux, Perplexity, Meta, Mistral, Moonshot, Qwen, and others; your training opt-out is honored and, where supported, propagated.

Scope notes
• Providers are engaged under DPAs and least-privilege access.
• Some providers may be activated per-environment or per-feature.
• We avoid listing internal tools that do not process personal data.

International transfers

Sub-processors may process data on global infrastructure. Where data is transferred internationally, we use SCCs or an equivalent mechanism and apply supplementary measures (encryption, access controls, minimization).

Change management

  • We keep /privacy/subprocessors current as our stack evolves.

  • Enterprise customers may subscribe to updates via their account manager or support channel.

  • Material changes will be reflected on that page before they take effect.

Conclusion

AIM shares data only with strictly necessary sub-processors—including Supabase, Stripe, Intercom, Hostinger, Google Analytics (consent-based), and environment-dependent observability like Sentry/Datadog/New Relic—all bound by DPAs and least-privilege access. International transfers rely on Standard Contractual Clauses (SCCs) plus supplementary measures (encryption in transit/at rest, access controls, minimization). Google integrations are optional and revocable, and AI routing to providers such as OpenAI, Anthropic, Google, DeepSeek, Flux, Perplexity, Meta, Mistral, Moonshot, and Qwen honors your training opt-out where supported. We maintain a living roster at /privacy/subprocessors and provide advance notice of material changes.

Effective date: {YYYY-MM-DD} • Last updated: {YYYY-MM-DD}

Retention

Retention

Retention

Your Rights

Your Rights

Your Rights

Get Template for free

Get Template for free

Get Template for free

Create a free website with Framer, the website builder loved by startups, designers and agencies.