Privacy Policy

This Privacy Policy explains how AIDEN (“AIDEN,” “we,” “us”) collects, uses and discloses information about you when you use our website, APIs or applications (together, the “Service”). It applies alongside our Terms of Service and Acceptable Use Policy.

1. The short version

• We don't sell your data. Ever.
• We don't train foundation models on Your Content. Your chats, knowledge bases and agents are yours.
• We collect only what we need to run the Service, bill correctly, keep things secure, and improve product quality.
• You can export your data or delete your account at any time from account settings.

2. What we collect

Account information. Name, email address, password hash (or OAuth provider identity), profile preferences, and — for Academic pricing — the institutional email you verify.

Billing information. When you purchase a plan or top-up, our payment processors (Razorpay for India, Stripe/equivalent for international) collect and process payment details. We never see or store your full card number; we store only a reference to the transaction, the amount, the currency and the region.

Your Content. Agents, prompts, chats, uploaded knowledge files and generated outputs. We store this so that the Service works; see Section 3 for processing details.

Usage and telemetry. Credit consumption per request, model and tool identifiers, token counts, errors, latency, IP address (hashed where practical), user-agent and basic device information. We use this for billing, abuse prevention and product improvement.

Cookies and similar technologies. We use a small number of first-party cookies for authentication (access_token, refresh_token), for persisting your billing region (aiden_region), and for basic analytics. We do not use third-party advertising cookies.

3. How we use your information

• Operate, maintain and secure the Service.
• Authenticate you, prevent fraud and abuse, and enforce our Terms.
• Meter credits, process payments and issue invoices.
• Route your requests to third-party AI providers to generate responses (see Section 6).
• Diagnose, fix and improve the Service. We may review aggregated or de-identified usage patterns; individual chats are reviewed only when strictly necessary (for example, to resolve a support ticket you opened, or to investigate abuse).
• Send transactional emails (receipts, security alerts, policy updates).
• Send product updates only if you opt in. You can unsubscribe at any time from the link in any such email.

No foundation-model training. We do not use Your Content to train our own or any third party's foundation models. Third-party providers we route to have their own data-handling commitments; we select providers that, by default, do not retain or train on API traffic. Where a provider offers stricter enterprise-grade data controls, we pass through those settings.

4. Legal bases (GDPR / UK GDPR / DPDP)

We process personal data on the following legal bases:

• Contract — to provide the Service you signed up for.
• Legitimate interests — to secure the Service, prevent abuse, and improve quality. We balance these interests against your rights.
• Consent — for marketing communications and optional analytics; you can withdraw consent at any time.
• Legal obligations — to comply with applicable tax, accounting and law-enforcement requirements.

5. How we share information

We share personal data only with:

• Sub-processors that help us run the Service (see Section 6).
• Other users — only when you explicitly share an agent, create a public link, or publish to a marketplace. You control what is shared.
• Legal and safety — where required by valid legal process, or where we reasonably believe disclosure is necessary to protect rights, safety, or prevent fraud or serious abuse.
• Business transfers — in connection with a merger, acquisition or sale of assets, with notice to you where required by law.

6. Sub-processors

Our key sub-processors include:

• Cloud hosting: Amazon Web Services / Google Cloud (region: Mumbai and US East)
• Database: managed PostgreSQL with pgvector
• AI model providers: OpenAI, Anthropic, Google AI (Gemini), xAI, ElevenLabs, Replicate and similar providers we add from time to time
• Payments: Razorpay (India), Stripe or equivalent (international)
• Email: transactional email provider (e.g. Postmark, SendGrid)
• Error and performance monitoring: Sentry or equivalent

A current list is maintained on request; contact privacy@aiden.ai.

7. Data retention

We retain account data for as long as your account is active, plus a reasonable period thereafter to comply with legal, accounting and tax requirements (typically up to 7 years for invoices). Chats, uploaded files and agents are retained while your account is active; you can delete them at any time from the product. When you delete your account, we delete or anonymise your content within 30 days, subject to the legal retention windows above.

8. Security

We use encryption in transit (TLS) and at rest, scoped access controls, audit logging, vendor due diligence, and least-privilege access for engineers. No system is perfectly secure — if you suspect a vulnerability, please report it to security@aiden.ai.

9. International data transfers

If you access the Service from a jurisdiction outside where our servers are located, your data may be transferred across borders. Where required, we use recognised transfer mechanisms (such as the EU Standard Contractual Clauses) to protect your data.

10. Your rights

Depending on where you live, you have the right to:

• Access, correct, update, or delete your personal data
• Receive a portable copy of your personal data
• Object to, or restrict, certain processing
• Withdraw consent where processing is based on consent
• Lodge a complaint with your local data-protection authority

You can exercise most of these rights directly from your account settings. For anything else, email privacy@aiden.ai. We will respond within the time required by applicable law (usually 30 days).

11. Children

The Service is not directed to children under 13, and we do not knowingly collect personal data from children under 13. If you believe a child has provided us with personal data, contact us and we will delete it.

12. Changes to this Policy

We may update this Policy from time to time. If the changes are material, we will notify you in the Service or by email at least 14 days before they take effect.

13. Contact

Privacy questions and requests: privacy@aiden.ai. General questions: contact page.