Privacy Policy

Last updated: 2025

This Privacy Policy describes how Aidly (“we”, “us”) collects, uses, and safeguards information in connection with our customer support platform. The Service is intended for lawful business use by individuals 18+.

Data Controller and Contact

For account, billing, and site usage data, the data controller is: Aidly, Paris, France. You can contact us at support@aidly.me.

For customer message content processed on behalf of your organization, we act as a data processor under GDPR. See ourData Processing Agreement (DPA) for details.

Information We Collect

  • Account & Authentication: email address to send magic‑link sign‑in; we may store your name and organization details. We do not require passwords.
  • Customer Messages (Processor role): message content, subject, sender name/email, and metadata needed to deliver and process messages; sensitive message fields are encrypted at rest.
  • Billing: payment details are processed by Stripe. We store subscription status and plan information, not full card data.
  • Technical: basic logs (IP, user agent, timestamps) to operate and secure the service.

How We Use Information (Legal Bases)

  • Provide and improve the platform, including AI‑based triage and agent workflows (performance of contract; legitimate interests).
  • Authenticate users via magic‑link sign‑in and manage accounts (performance of contract).
  • Send transactional emails (e.g., sign‑in links, receipts) (performance of contract/legal obligation).
  • Optional non‑transactional marketing emails if you consent (consent; you can withdraw at any time).
  • Maintain security, debug issues, and prevent abuse (legitimate interests).
  • Comply with legal obligations (legal obligation).

AI Providers and BYO Keys

If you connect your own AI provider or endpoint, selected content may be sent to that provider under your configuration. Such processing is governed by that provider’s terms and privacy policy; you are responsible for ensuring lawful use and appropriate configuration.

Subprocessors and International Transfers

We use trusted vendors to deliver the Service (e.g., hosting, database, email, billing). See ourSubprocessors list. Where personal data is transferred outside the EEA/UK (e.g., to US‑based providers such as Stripe or email vendors), we implement appropriate safeguards like Standard Contractual Clauses and additional measures as needed.

Security

We use encryption in transit and at rest for sensitive fields, access controls, and monitoring. No method is 100% secure, but we take reasonable measures to protect your data.

Sensitive/Prohibited Data

The Service is not designed for special categories of data under GDPR (e.g., health, biometric, children’s data), payment card data (PCI), or government identifiers. Do not submit such data unless expressly agreed in writing with additional safeguards.

Data Retention

We retain data for as long as needed to provide the Service and meet legal obligations. We follow industry‑standard retention practices and document details in our DPA. You may request deletion of your organization's data by contacting support.

Your Rights

  • Access, rectification, erasure, restriction, portability, and objection (subject to legal limits).
  • To exercise your rights, contact support@aidly.me.
  • You have the right to lodge a complaint with your local authority. In France: CNIL.

Cookies

We keep cookies minimal and do not use third‑party analytics cookies at launch. See ourCookies Policy for details.

Contact

Questions? Email support@aidly.me.