aïno

Privacy Policy

Last updated: March 2026

aino SAS (“aino”, “we”, “us”) operates the aïno platform. This Privacy Policy explains how we collect, use, and protect your personal data when you use our service.

1. Data Controller

aino SAS
9 rue des Colonnes, 75002 Paris, France
Email: contact@aino.co

2. Personal Data We Collect

Identity Data

Name, email address, and profile picture — sourced from your authentication provider. We do not store passwords.

Content Data

Text you enter in pieces, prompts, AI conversations, and knowledge documents. This content may incidentally contain personal data about third parties (e.g., names mentioned in your documents).

Usage Data

Feature usage and timestamps related to your activity within the service.

Billing Data

Billing is handled by Paddle (our Merchant of Record). We do not store payment card details.

3. How We Use Your Data

  • User authentication — verifying your identity and managing access
  • Content creation — processing your inputs to generate AI-assisted content
  • AI coaching and training — processing messages in Learn and Training modes
  • Knowledge management — storing and indexing documents you upload
  • Collaboration — managing team access and shared projects
  • Billing — subscription management (via Paddle)

4. AI Processing

We do not use your data to train AI models.
  • aino does not use any customer content for training, fine-tuning, or improving its own systems.
  • Our AI provider (Anthropic) contractually prohibits the use of API inputs and outputs for model training.
  • Zero Data Retention is available for Enterprise customers — prompts and outputs are processed in real-time and immediately discarded by Anthropic.

5. Sub-processors

We use the following third-party services to provide the aïno platform:

Provider Purpose Location
Anthropic AI inference USA
Supabase Database hosting EU (Frankfurt)
Clerk Authentication USA
Render API hosting EU (Frankfurt)
Vercel Frontend hosting USA
Paddle Billing (Merchant of Record) UK

6. International Data Transfers

Where sub-processors process data outside the EU/EEA, we ensure appropriate safeguards are in place, including the EU-US Data Privacy Framework and EU Standard Contractual Clauses (SCCs).

7. Data Retention

  • Your data is retained for the duration of your account.
  • Account deletion is immediate and permanent — all associated personal data is deleted with no grace period.
  • Upon termination, all data is deleted within 30 days.

8. Your Rights

Under the GDPR, you have the right to:

  • Access — view and export your data at any time
  • Rectification — edit your content directly within the service
  • Erasure — delete your account (immediate and permanent)
  • Restriction — request restriction of processing
  • Portability — receive your data in a structured format
  • Objection — object to processing of your data

To exercise any of these rights, contact us at contact@aino.co.

9. Security

We implement appropriate technical and organizational security measures, including TLS 1.2+ encryption in transit, AES-256 encryption at rest, role-based access control, and input validation on all API endpoints. For details, see the Technical and Organizational Measures annex in our Data Processing Agreement.

10. Data Breach Notification

In the event of a personal data breach, we will notify affected users and the relevant supervisory authority within 72 hours of becoming aware of the breach.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email or a notice within the service.

12. Contact

For privacy inquiries:
aino SAS
9 rue des Colonnes, 75002 Paris, France
Email: contact@aino.co