Contact Us
Contact Us

Privacy Policy

1. Introduction

AAI Solutions (“we,” “us,” or “our”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you use our web applications and AI-powered services (the “Services”).

This Privacy Policy applies to all users globally and complies with:

  • General Data Protection Regulation (GDPR) for users in the European Union
  • California Consumer Privacy Act (CCPA) and other US state privacy laws
  • India’s Digital Personal Data Protection Act and Information Technology Act
  • Other applicable international privacy regulations

By using our Services, you consent to the practices described in this Privacy Policy.

2. Information We Collect

2.1 Information You Provide Directly

Account Information:

  • Name, email address, phone number
  • Company name and job title
  • Username and password (encrypted)
  • Billing and payment information

User Content:

  • Data, files, documents, and information you upload or input into our Services
  • Communications with our support team
  • Feedback, surveys, and testimonials

AI Interaction Data:

  • Prompts, queries, and inputs you provide to our AI Services
  • Your preferences and settings

2.2 Information Collected Automatically

Usage Information:

  • Log data (IP address, browser type, operating system)
  • Device information (device type, unique device identifiers)
  • Pages visited, features used, time spent on Services
  • Referring/exit pages and URLs
  • Date and time of access

AI Model Interactions:

  • API calls and requests
  • Model outputs and responses
  • Performance metrics and error logs
  • Feature usage patterns

Cookies and Tracking Technologies:

  • We use cookies, web beacons, and similar technologies to collect information
  • See Section 9 for detailed cookie information

2.3 Information from Third Parties

Authentication Services:

  • If you sign in using third-party services (Google, Microsoft, etc.), we receive basic profile information

Business Partners:

  • Information from authorized resellers or integration partners
  • Publicly available business information

3. How We Use Your Information

3.1 Primary Purposes

We use your information to:

Provide and Maintain Services:

  • Process and fulfill your requests
  • Generate AI-powered insights and outputs
  • Authenticate users and maintain accounts
  • Process payments and billing
  • Provide customer support

Improve and Develop Services:

  • Analyze usage patterns to improve functionality
  • Develop new features and services
  • Monitor and improve AI model performance
  • Conduct research and analytics
  • Debug and fix technical issues

Communications:

  • Send service updates and notifications
  • Respond to inquiries and support requests
  • Send marketing communications (with your consent)
  • Provide important security or policy updates

Security and Compliance:

  • Detect and prevent fraud, abuse, and security threats
  • Comply with legal obligations
  • Enforce our Terms of Service
  • Protect rights, property, and safety

3.2 AI-Specific Data Usage

Important Commitment: We do NOT use your User Content or AI interaction data to train our foundational AI models or improve models for other customers.

We may use aggregated, anonymized, or de-identified data (that cannot be linked back to you) for:

  • General model performance monitoring
  • Statistical analysis and research
  • Service improvements

Your specific inputs and outputs remain confidential and are used only to:

  • Provide you with AI-generated results
  • Improve your individual user experience
  • Debug issues with your specific requests

3.3 Legal Basis for Processing (GDPR)

For users in the EU/EEA, our legal bases for processing include:

  • Contract Performance: Processing necessary to provide Services you’ve requested
  • Legitimate Interests: Improving Services, security, fraud prevention
  • Consent: Marketing communications, optional features (you may withdraw consent anytime)
  • Legal Obligation: Compliance with laws and regulations

4. How We Share Your Information

4.1 We Do NOT Sell Your Personal Data

We do not sell, rent, or trade your personal information to third parties for their marketing purposes.

4.2 Sharing Categories

We may share your information in the following circumstances:

Service Providers and Vendors:

  • Cloud infrastructure providers (AWS, Azure, Google Cloud)
  • Payment processors
  • Customer support tools
  • Analytics providers
  • Email service providers

These vendors are contractually obligated to protect your data and use it only for specified purposes.

AI Technology Partners:

  • We may use third-party AI infrastructure (e.g., Azure OpenAI Service)
  • These partners are bound by strict data protection agreements
  • Your data is processed in secure, isolated environments
  • No training on your data occurs

Business Transfers:

  • In the event of merger, acquisition, or sale of assets, your information may be transferred
  • You will be notified and have choices regarding your data

Legal Requirements:

  • To comply with legal obligations, court orders, or government requests
  • To protect rights, property, or safety of AAI Solutions, users, or the public
  • To detect, prevent, or address fraud, security, or technical issues

With Your Consent:

  • For any other purpose disclosed to you with your explicit consent

4.3 Data Protection Measures for Third Parties

All third-party service providers must:

  • Sign data processing agreements (DPAs)
  • Comply with applicable privacy laws (GDPR, CCPA, etc.)
  • Implement appropriate security measures
  • Use data only for specified purposes
  • Delete or return data when no longer needed

5. International Data Transfers

5.1 Global Operations

AAI Solutions operates globally with infrastructure in:

  • United States
  • European Union
  • India
  • Other regions as needed

5.2 Transfer Mechanisms

When we transfer personal data internationally, we use approved mechanisms:

For EU Data:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Adequacy decisions where applicable
  • Binding Corporate Rules

For UK Data:

  • UK International Data Transfer Agreement (IDTA)
  • UK Addendum to EU SCCs

For Indian Data:

  • Compliance with cross-border transfer provisions under Indian law
  • Appropriate contractual safeguards

5.3 Data Localization

Where required by law (e.g., certain Indian data categories), we maintain data storage within the respective jurisdiction.

6. Data Security

6.1 Security Measures

We implement industry-standard technical and organizational measures:

Technical Safeguards:

  • Encryption in transit (TLS 1.3) and at rest (AES-256)
  • Private LLM instances in isolated infrastructure
  • No public API calls; inference in contained environments
  • Multi-factor authentication (MFA)
  • Regular security audits and penetration testing
  • Intrusion detection and prevention systems
  • Access controls and least-privilege principles

Organizational Safeguards:

  • Employee training on data protection
  • Confidentiality agreements with staff
  • Background checks for personnel with data access
  • Incident response procedures
  • Regular compliance assessments

AI Security:

  • Adversarial testing and AI red teaming
  • Prompt injection and jailbreak protections
  • Content filtering and safety mechanisms
  • Model security monitoring

6.2 Data Breach Notification

In the event of a data breach affecting your personal information, we will:

  • Notify affected users within 72 hours (as required by GDPR)
  • Notify relevant supervisory authorities
  • Provide information about the breach and remedial steps
  • Take immediate action to mitigate harm

6.3 Your Responsibility

You are responsible for:

  • Maintaining the confidentiality of your account credentials
  • Using strong, unique passwords
  • Notifying us of any unauthorized access
  • Keeping your contact information current

7. Data Retention

7.1 Retention Periods

We retain your personal information only as long as necessary:

Active Accounts:

  • Account data: Duration of your subscription plus 90 days
  • User Content: Duration of your subscription plus 30 days
  • AI interaction logs: 12 months for debugging and security

Inactive Accounts:

  • After account closure: 90 days for recovery, then permanently deleted
  • Financial records: 7 years (legal requirement)
  • Aggregated analytics: Indefinitely (fully anonymized)

7.2 Deletion Process

Upon account termination or deletion request:

  • We delete personal data from active systems within 30 days
  • Backup systems purged within 90 days
  • Anonymized data may be retained for analytics

8. Your Privacy Rights

8.1 Rights for All Users

You have the right to:

  • Access your personal information
  • Correct inaccurate or incomplete data
  • Request deletion of your data (subject to legal obligations)
  • Object to processing of your data
  • Export your data in a portable format
  • Withdraw consent (where processing is based on consent)

8.2 GDPR Rights (EU/EEA Users)

In addition to the above, EU users have:

  • Right to restriction of processing
  • Right to object to automated decision-making
  • Right to lodge a complaint with your supervisory authority
  • Right to data portability in machine-readable format

EU Supervisory Authority:
 You may contact your local data protection authority or:
Irish Data Protection Commission (our lead supervisory authority)
Website: www.dataprotection.ie

8.3 CCPA/CPRA Rights (California Users)

California residents have additional rights:

  • Right to know what personal information is collected
  • Right to know if personal information is sold or shared (we don’t sell data)
  • Right to opt-out of sale/sharing
  • Right to limit use of sensitive personal information
  • Right to non-discrimination for exercising rights

8.4 Indian Users

Users in India have rights under the Digital Personal Data Protection Act:

  • Right to access and correction
  • Right to erasure and data portability
  • Right to nominate a data fiduciary
  • Right to grievance redressal

8.5 How to Exercise Your Rights

To exercise any of these rights:

We will respond to verified requests within:

  • 30 days (GDPR)
  • 45 days (CCPA, extendable to 90 days)
  • Timeframes required by applicable law

9. Cookies and Tracking Technologies

9.1 Types of Cookies We Use

Strictly Necessary Cookies:

  • Authentication and session management
  • Security and fraud prevention
  • Load balancing

Functional Cookies:

  • User preferences and settings
  • Language selection
  • Feature accessibility

Analytics Cookies:

  • Usage statistics
  • Performance monitoring
  • Error tracking

Marketing Cookies (with your consent):

  • Personalized content
  • Campaign effectiveness
  • Remarketing (if opted in)

9.2 Cookie Management

You can control cookies through:

  • Our cookie consent banner (for EU users)
  • Your browser settings
  • Third-party opt-out tools (e.g., Network Advertising Initiative)

Note: Disabling necessary cookies may affect Service functionality.

9.3 Do Not Track

We respect Do Not Track (DNT) signals. When DNT is enabled, we do not track your browsing for advertising purposes.

10. Children’s Privacy

Our Services are not directed to individuals under 18 (or the age of majority in your jurisdiction). We do not knowingly collect personal information from children.

If we learn we have collected information from a child, we will:

  • Delete the information immediately
  • Terminate the associated account
  • Notify the parent/guardian if contact information is available

If you believe we have collected information from a child, contact us at [email protected].

11. Third-Party Services and Links

11.1 Third-Party Integrations

Our Services may integrate with third-party applications (e.g., Google Drive, Salesforce). Your use of these integrations is subject to the third party’s privacy policy.

We are not responsible for third-party privacy practices.

11.2 External Links

Our Services may contain links to external websites. We are not responsible for the privacy practices of these sites. We encourage you to review their privacy policies.

12. AI Transparency and Explainability

12.1 How Our AI Works

Our AI Services use:

  • Large language models (LLMs) for natural language processing
  • Machine learning algorithms for predictions and insights
  • Private model instances within secure infrastructure

12.2 AI Limitations

AI-generated outputs:

  • May contain errors, inaccuracies, or biases
  • Should not be relied upon for high-stakes decisions without human review
  • Reflect patterns in training data, not human understanding
  • May produce inconsistent results

12.3 Human Oversight

We implement human oversight through:

  • Regular model performance reviews
  • Bias and fairness testing
  • Content filtering and safety mechanisms
  • User feedback mechanisms

13. Marketing Communications

13.1 Types of Communications

With your consent, we may send:

  • Product updates and feature announcements
  • Educational content and best practices
  • Special offers and promotions
  • Newsletters and company news

13.2 Opt-Out

You can opt-out anytime by:

  • Clicking “unsubscribe” in any marketing email
  • Adjusting preferences in your account settings
  • Emailing [email protected]

Note: You cannot opt-out of essential service communications (e.g., security alerts, billing notices).

14. Business Customer Data

14.1 Data Processor Role

When you use our Services as a business customer, you are the data controller and we are the data processor for any personal data in your User Content.

14.2 Data Processing Agreement

Business customers may request a Data Processing Agreement (DPA) that includes:

  • Standard Contractual Clauses (for EU data)
  • Sub-processor list
  • Security commitments
  • Data subject rights procedures

Contact [email protected] for DPA requests.

15. California Shine the Light

California residents may request information about our disclosure of personal information to third parties for direct marketing purposes. However, we do not disclose personal information to third parties for their direct marketing purposes.

16. Changes to This Privacy Policy

16.1 Updates

We may update this Privacy Policy to reflect:

  • Changes in our practices
  • New legal requirements
  • Service improvements
  • User feedback

16.2 Notification

We will notify you of material changes by:

  • Posting the updated policy with a new “Last Updated” date
  • Sending email notification
  • Displaying an in-app notice
  • For material changes affecting GDPR rights: obtaining renewed consent

16.3 Your Continued Use

Continued use after the effective date constitutes acceptance of the updated policy.

17. Contact Us

17.1 General Privacy Inquiries

Email: [email protected]
Support: [email protected]

17.2 Data Protection Officer (GDPR)

For EU/EEA users:
Email: [email protected]

17.3 Regional Contacts

European Union:
 [EU Office Address]
Email: [email protected]

India:
 Grievance Officer: [Name]
[Indian Office Address]
Email: [email protected]
Response Time: 30 days as per Indian law

United States:
 [US Office Address]
Email: [email protected]

17.4 Supervisory Authorities

EU/EEA Users:
 Irish Data Protection Commission
21 Fitzwilliam Square South, Dublin 2, D02 RD28, Ireland
Website: www.dataprotection.ie

UK Users:
 Information Commissioner’s Office (ICO)
Website: www.ico.org.uk