Privacy Policy

Data Controller and Contact

For account, billing, and site usage data, the data controller is: Aidly, Paris, France. You can contact us at support@aidlyhq.com.

For customer message content processed on behalf of your organization, we act as a data processor under GDPR. See ourData Processing Agreement (DPA) for details.

Information We Collect

• Account & Authentication: email address to send magic‑link sign‑in; we may store your name and organization details. We do not require passwords.
• Customer Messages (Processor role): message content, subject, sender name/email, and metadata needed to deliver and process messages; sensitive message fields are encrypted at rest.
• Billing: payment details are processed by Stripe. We store subscription status and plan information, not full card data.
• Technical: basic logs (IP, user agent, timestamps) to operate and secure the service.

How We Use Information (Legal Bases)

• Provide and improve the platform, including AI‑based triage and agent workflows (performance of contract; legitimate interests).
• Authenticate users via magic‑link sign‑in and manage accounts (performance of contract).
• Send transactional emails (e.g., sign‑in links, receipts) (performance of contract/legal obligation).
• Optional non‑transactional marketing emails if you consent (consent; you can withdraw at any time).
• Maintain security, debug issues, and prevent abuse (legitimate interests).
• Comply with legal obligations (legal obligation).

AI Providers and Processing

• Free and Plus Plans: We use Anthropic Claude to process message content for AI-assisted triage and response generation. Message content is sent to Anthropic's API under their Commercial Terms and Privacy Policy. Anthropic does not train on data submitted via their API.
• Pro Plan (Bring Your Own Key): If you configure your own AI provider or API key, selected content is sent directly to that provider under your account. Such processing is governed by that provider's terms and privacy policy; you are responsible for ensuring lawful use and appropriate configuration.

Subprocessors and International Transfers

We use trusted vendors to deliver the Service (e.g., hosting, database, email, billing). See ourSubprocessors list. Where personal data is transferred outside the EEA/UK (e.g., to US‑based providers such as Stripe or email vendors), we implement appropriate safeguards like Standard Contractual Clauses and additional measures as needed.

Security

We use encryption in transit and at rest for sensitive fields, access controls, and monitoring. No method is 100% secure, but we take reasonable measures to protect your data.

Sensitive/Prohibited Data

The Service is not designed for special categories of data under GDPR (e.g., health, biometric, children's data), payment card data (PCI), or government identifiers. Do not submit such data unless expressly agreed in writing with additional safeguards.

Data Retention

We retain data according to the following schedule:

• Active subscription: Message content and account data are retained during your active subscription.
• Account deletion: Upon account deletion, all data is immediately removed from production systems. Backups are automatically purged within 30 days.
• Audit logs: Security and activity logs are retained for 1 year for security and compliance purposes. These may be retained after account deletion as required for legal and security obligations.
• Billing records: Retained as required by French tax law (typically 10 years), even after account deletion.

You may delete your account and request deletion of your organization's data at any time through your account settings, or by contacting support@aidlyhq.com. Data is immediately deleted from production systems, subject to legal retention requirements for billing and audit records.

Law Enforcement and Legal Compliance

We may disclose personal data when required or permitted by law, including:

• Legal Requests: We respond to valid legal requests from French, EU, and other law enforcement or regulatory authorities, including court orders, subpoenas, search warrants, and national security requests where legally required.
• Illegal Activity: We may investigate and disclose information to authorities when we reasonably believe an account is engaged in illegal activity, fraud, money laundering, or violations of sanctions or counter-terrorism financing laws.
• Regulatory Compliance: We cooperate with CNIL (French data protection authority), financial regulators, and other government agencies as required by French and EU law.
• Data Preservation: We may preserve account data for law enforcement or regulatory investigations as required by law, even after account termination. In some cases, we may be prohibited by law from notifying you of such preservation or disclosure.
• Safety and Security: We may disclose information to protect the rights, property, or safety of Aidly, our users, or the public as permitted by applicable law.

When responding to legal requests, we review each request for legal sufficiency and may challenge overbroad or inappropriate requests. We balance our legal obligations with our commitment to protecting user privacy.

Your Rights

• Data Subject Rights: You have the right to access, rectification, erasure, restriction, portability, and objection (subject to legal limits).
• Right to Erasure (Data Deletion): You can delete your account and all associated data at any time through your account settings. Data is immediately deleted from production systems. Backups are automatically purged within 30 days. Billing and audit records may be retained as required by law. In cases of ongoing legal or regulatory investigations, we may be required to retain data beyond normal retention periods.
• Consent Withdrawal: For optional marketing communications, you may withdraw consent at any time via unsubscribe links. To withdraw consent for the Service entirely, delete your account via your account settings or by contacting support.
• Exercising Your Rights: Contact support@aidlyhq.com to exercise any of your rights, or use the self-service options in your account settings. In some cases, we may be unable to fulfill requests due to legal obligations or ongoing investigations.
• Complaints: You have the right to lodge a complaint with your local supervisory authority. In France: CNIL.

Cookies and Tracking Technologies

What We Track

We use cookies and similar technologies to:

• Keep you signed in (essential - always active)
• Remember your preferences like dark/light mode (essential - always active)
• Measure website performance (analytics - requires your consent)
• Track advertising effectiveness (marketing - requires your consent)

Third-Party Tracking

LinkedIn Insight Tag: We use LinkedIn's Insight Tag to measure the effectiveness of our LinkedIn advertisements. This places cookies on your device to track which ads you clicked, whether you signed up after seeing an ad, and may access your LinkedIn professional profile information if you are logged in to LinkedIn. LinkedIn processes this data according to their Privacy Policy.

Vercel Analytics: We use Vercel Analytics to understand how users interact with our website. This service is privacy-focused and does not store personally identifiable information or track you across other websites. Vercel processes this data according to their Privacy Policy.

Your Cookie Rights

You have the right to:

• Accept or reject non-essential cookies via our cookie banner
• Change your preferences at any time
• Delete cookies from your browser settings
• Opt-out of LinkedIn tracking: LinkedIn Opt-Out

Cookie Consent

When you first visit our website, you will see a cookie banner asking for your consent to use non-essential cookies. Essential cookies for authentication and basic functionality are always active and do not require consent under GDPR.

For detailed information about the cookies we use, please see our Cookie Policy.

Data Retention

• Essential cookies: Session-based or up to 8 hours
• Preference cookies: Until you delete them (permanent)
• Analytics cookies: Session-based
• Marketing cookies (LinkedIn): 30-90 days

Contact

Questions? Email support@aidlyhq.com.