Privacy Policy

Last updated on 13/08/2025

1. Who we are (Data Controller).

AIM (“we”, “us”, “our”) is the Data Controller for personal data processed via our website and app.
Primary contact for privacy matters: support@aim-ai.tech.
If we appoint a Data Protection Officer (DPO), we will add those details here.

Territorial scope. We primarily serve EU/EEA users. This policy applies globally to all users unless local law requires otherwise.

2.What AIM is (Service overview)

AIM is a single-user SaaS platform that:

  • Unifies leading AI models (e.g., ChatGPT, Claude, Gemini, Mistral, etc.) in one chat.

  • Lets you select a model manually or use automatic model selection (“Smart Routing”).

  • Can handoff context between models to keep answers coherent.

  • Offers built-in agents that prepare/execute follow-up actions (e.g., summaries, emails, calendar events, file organization) only with your explicit approval.

  • Runs in the browser (no local install). Integrations use OAuth with minimal, revocable scopes.

3. Data we collect

Account & billing. Name, email, country/language, subscription status; billing history; payment tokens from our payment processor (we do not store full card numbers).

Content & usage. Prompts, messages, uploaded files, conversation history; model usage events (model switches, Smart Routing selections), agent actions; technical logs (IP truncated, device/browser, timestamps, performance/diagnostic data).

Integrations (OAuth). Metadata (connected account, granted scopes). Content from third-party tools (e.g., a document in Drive/Notion) only when you ask AIM to use it for your request.

Cookies/trackers.

  • Essential (session, security, anti-fraud).

  • Analytics (with consent, unless exempt).

  • Functional (UI preferences, language).

We do not intentionally collect special categories of data. Please avoid submitting sensitive data unless strictly necessary.

4. Purposes & legal bases

Service delivery (account, chat, Smart Routing, context handoff, agents). Legal basis: Contract (Art. 6(1)(b)).
Security, fraud/abuse prevention, quality, support. Legal basis: Legitimate interests (Art. 6(1)(f)).
Billing & tax compliance. Legal basis: Legal obligation + Contract.
Product analytics & improvement. Legal basis: Consent (for non-essential analytics cookies) or Legitimate interests where strictly necessary/aggregated in compliance with local guidance.
Product communications (service notices, material changes). Legal basis: Contract/Legitimate interests.
Marketing (newsletters, offers). Legal basis: Consent (opt-in, with unsubscribe in every message).

Smart Routing & context handoff. We may share only the necessary parts of your current session with another model to provide a coherent answer. Legal basis: Contract + Legitimate interests (quality, efficiency).

Agents. Agents prepare/execute steps only after your approval. Legal basis: Contract; some notifications/connectors may additionally rely on Consent.

5. Sharing & processors

We share personal data only with trusted recipients that help us provide the service:

  • Hosting & databases (EU by default).

  • AI model providers (to execute your request; we minimize prompts/context shared).

  • Payments & invoicing (payment processor; accounting).

  • Email & in-app messaging (transactional notices, support).

  • Security & backups (monitoring, anti-abuse).

  • Analytics (if enabled with consent).

A current list of sub-processors/partners is available on request at support@aim-ai.tech and is kept up to date.

We do not sell personal data.

6. International transfers

Where data is transferred outside the EEA/UK (e.g., to an AI provider or cloud service in another jurisdiction), we use recognized transfer mechanisms such as EU Standard Contractual Clauses (SCCs) and apply minimization and appropriate safeguards (encryption, access controls). Details are available on request.

7. Retention (how long we keep data)

Conversations

  • Standard: 3 months

  • Premium: Unlimited (with export options)

  • Maximum: Unlimited (with export options)

Uploaded files. By default, retained in line with the associated conversation unless you delete earlier.
Technical logs. 6–12 months (security/diagnostics).
Billing records. Up to 10 years (legal/tax).
Consents. Duration of the relationship + legal proof periods.

Encrypted backups may hold residual copies for a limited technical period before scheduled purge.

8. Security

Technical. TLS in transit; AES-256 at rest; logical segregation; least-privilege access; audit logs; encrypted backups; regular security reviews.
Organizational. Access governance, staff awareness, incident response.
Sandbox (no-retention) mode. For certain sensitive use cases (plan-dependent), we may offer an execution mode without storing content. Capabilities/limits may differ.

9. Your rights (GDPR)

You can request access, rectification, erasure, restriction, portability, and objection; and withdraw consent at any time (where processing relies on consent).
How to exercise: email support@aim-ai.tech with “Privacy Request” and the email linked to your account. We respond within 30 days (extendable for complexity).
You may lodge a complaint with your local authority (e.g., CNIL in France).

10. Children

AIM is not intended for users under 16 (or the minimum age required in your country). If you believe a minor has registered, contact support@aim-ai.tech so we can delete the account.Your continued use of the website after such modifications will constitute your acknowledgment of the modified Privacy Policy.

11. Cookies & consent management

We use a consent banner to let you accept, reject, or customize non-essential cookies at any time.

Examples

  • aim_sessionEssential — session — authentication/security.

  • aim_consentEssential — 6–12 months — stores your choices.

  • aim_perfAnalytics — up to 13 months — usage metrics (only with consent).

A “Manage cookies” link in the footer should reopen the consent panel.

12. Agents & automations (your approval)

Agents may propose next steps (weekly recap, invite, file organization, ready-to-send message). Nothing is executed without your explicit approval.
We keep an action log (time, action, status). Where possible, an undo/rollback is offered.

13. Automated decision-making

AIM does not make decisions producing legal or similarly significant effects on you without human involvement. Smart Routing/orchestration assists model choice and composition; you retain control (manual switches, approvals).

14. Changes to this policy

We may update this policy as our service, providers, or regulations evolve. For material changes, we will notify you by email and/or in-app. Continued use of AIM after the effective date constitutes acceptance of the updated policy.

15. Contact & complaints

  • Privacy & support: support@aim-ai.tech

  • Supervisory authority: You may contact your local authority (e.g., CNIL in France) if you believe your rights are not respected.