Privacy policy

  • 18 Jul 2024
  • 3663 Views
Ainisa.com - Privacy policy

Privacy Policy - Ainisa.com

Privacy Policy

Last Updated: January 25, 2026

1. Introduction

Ainisa ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Bring Your Own Key (BYOK) AI chatbot platform at ainisa.com (the "Platform").

Ainisa Limited is registered in England and Wales (Company Number: 16174959) with our registered office at 71-75 Shelton Street, Covent Garden, London, United Kingdom, WC2H 9JQ. Our operational office is located in Baku, Azerbaijan.

Understanding Our BYOK Model

Ainisa operates on a Bring Your Own Key (BYOK) model. This means you connect your own API keys from AI providers (such as OpenAI, Anthropic, etc.) to our platform. We provide the infrastructure for deploying chatbots across WhatsApp, Telegram, Instagram, Facebook Messenger, and websites, but the actual AI conversations happen directly between your end-users and your chosen AI provider.

2. Who We Are and Our Role

2.1 Data Controller vs. Data Processor

Our role in handling your data depends on the type of information:

Data Type Our Role Explanation
Your Account Information Data Controller We determine how we process your account details, subscription info, and platform usage data.
Your End-Users' Chatbot Conversations Data Processor You (the customer) are the data controller. We process this data on your behalf to provide chat history, analytics, and platform features.
API Keys Data Processor We securely store your API keys solely to enable platform functionality as per your instructions.

2.2 Age Restrictions

Our Platform is intended for users aged 16 and older. We do not knowingly collect personal information from individuals under 16. If you are under 16, please do not use our Platform or provide any information to us. If we discover that we have collected information from someone under 16, we will delete that information promptly.

3. Information We Collect

3.1 Information You Provide Directly

When you create an account and use our Platform, we collect:

  • Account Information: First name, last name, email address, company name, phone number, sex, country
  • Payment Information: Billing address and payment method details (processed securely by Stripe; we do not store credit card numbers)
  • API Keys: Your API keys from AI providers (OpenAI, Anthropic, etc.), encrypted and stored securely
  • Platform Configuration: Chatbot settings, knowledge base content, custom instructions, and platform preferences
  • Support Communications: Messages you send to our customer support team

3.2 Information From Your End-Users

When your customers interact with chatbots you've created using our Platform, we collect and process:

  • Chat Messages: The conversations between your end-users and the AI chatbots
  • User Identifiers: Phone numbers (WhatsApp, Telegram), social media IDs (Instagram, Facebook), or session identifiers (web chat)
  • Metadata: Timestamps, message delivery status, conversation analytics
Important: You (the customer) are responsible for ensuring you have the legal right to collect and process your end-users' data. You must provide appropriate privacy notices to your end-users and obtain any necessary consents under applicable law.

3.3 Information Collected Automatically

  • Usage Data: How you interact with our Platform, features used, pages viewed
  • Device Information: IP address, browser type, device type, operating system
  • Analytics Data: We use Google Analytics, Meta Pixel, and Trackdesk to understand platform usage, track conversions, and improve our services
  • Cookies: Essential cookies for platform functionality and optional analytics cookies (see Section 9)

4. How We Use Your Information

4.1 Legal Basis for Processing (GDPR)

We process your personal data based on the following legal grounds:

  • Contract Performance: To provide our Platform services as outlined in our Terms of Service
  • Legitimate Interests: To improve our services, prevent fraud, and maintain platform security
  • Legal Compliance: To comply with applicable laws and regulations
  • Consent: For marketing communications and optional analytics (you can withdraw consent at any time)

4.2 Specific Uses

We use your information to:

  • Provide, operate, and maintain the Platform
  • Process your chatbot conversations and provide chat history features
  • Securely connect to AI providers using your API keys
  • Enable messaging integrations with WhatsApp, Telegram, Instagram, and Facebook
  • Generate analytics and insights about chatbot performance
  • Process payments and manage subscriptions
  • Send important service updates and technical notifications
  • Respond to your support requests
  • Improve our Platform and develop new features
  • Detect, prevent, and address technical issues or security threats
  • Comply with legal obligations
We Never Use Your Data for AI Training: We do not use any of your data, your API keys, or your end-users' conversations to train AI models or improve AI providers' models. Your data remains private and is used solely for the Platform services you've subscribed to.

5. How We Share Your Information

5.1 Third-Party Service Providers (Subprocessors)

We share your information with the following trusted third-party service providers who help us operate our Platform:

Service Provider Purpose Data Location
DigitalOcean Cloud hosting and data storage Netherlands (EU)
Stripe Payment processing United States (EU-US DPF certified)
Zoho Mail Email communications European data centers
Meta Platforms WhatsApp, Instagram, Facebook Messenger integrations United States (EU-US DPF certified)
Telegram Telegram messaging integration Distributed globally
Google LLC Analytics (Google Analytics) United States (EU-US DPF certified)
Trackdesk Affiliate tracking European Union
Meta Pixel Marketing analytics and conversion tracking United States (EU-US DPF certified)

5.2 AI Providers (Your Choice)

When you use your own API keys, your end-users' conversations are sent directly to your chosen AI provider (e.g., OpenAI, Anthropic). This data transmission is governed by:

  • Your agreement with the AI provider
  • The AI provider's privacy policy and terms of service
  • Any Data Processing Agreements you have with them

We are not responsible for how AI providers process your data. You should review their privacy policies and ensure they meet your requirements.

5.3 We Do Not Sell Your Data

We do not sell, rent, or trade your personal information to third parties for their marketing purposes.

5.4 Legal Requirements

We may disclose your information if required by law, court order, or governmental regulation, or if we believe disclosure is necessary to:

  • Comply with legal obligations
  • Protect our rights, property, or safety
  • Prevent fraud or abuse
  • Respond to emergencies

5.5 Business Transfers

If Ainisa is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change and the choices you may have.

6. International Data Transfers

Our primary data storage is located in the European Union (Netherlands via DigitalOcean). However, as we operate from Azerbaijan with a UK-registered company and use global service providers, your data may be transferred internationally.

6.1 Safeguards for International Transfers

When transferring data outside the EU/EEA, we ensure appropriate safeguards are in place:

  • EU-US Data Privacy Framework: Service providers like Stripe, Meta, and Google are certified under the EU-US DPF
  • Standard Contractual Clauses: We use EU-approved Standard Contractual Clauses with service providers where applicable
  • Adequacy Decisions: We rely on EU Commission adequacy decisions where available

7. Data Security

We implement industry-standard security measures to protect your information:

7.1 Technical Measures

  • Encryption: All API keys are encrypted at rest using AES-256 encryption
  • Secure Transmission: All data transmissions use TLS/SSL encryption (HTTPS)
  • Secure Infrastructure: Data hosted on DigitalOcean servers in EU-compliant data centers
  • Access Controls: Role-based access controls and multi-factor authentication options
  • Regular Security Assessments: Ongoing monitoring and security updates

7.2 Data Breach Notification

In the event of a data breach that affects your personal information, we will:

  • Notify you within 72 hours of discovering the breach (as required by GDPR)
  • Inform you of the nature of the breach and data affected
  • Describe the measures we've taken or will take to address the breach
  • Notify relevant supervisory authorities as required by law

Note: While we implement strong security measures, no system is 100% secure. You are responsible for maintaining the security of your account credentials and API keys.

8. Data Retention

8.1 Retention Periods

We retain your information for the following periods:

Data Type Retention Period
Account Information Duration of your account + 30 days after deletion request
Chat Messages/Conversation History Until you delete them + 30 days after deletion request
API Keys Until you delete them + 30 days after deletion request
Payment Records 7 years (tax and accounting requirements)
Analytics Data 26 months (Google Analytics default)

8.2 30-Day Grace Period

When you request deletion of your data, we retain it for 30 days for security and legal purposes. This allows us to:

  • Prevent accidental deletions and enable account recovery
  • Complete any pending transactions or legal obligations
  • Maintain audit trails for security investigations

After 30 days, your data is permanently deleted from our systems, except where we are legally required to retain it longer (such as financial records).

9. Cookies and Tracking Technologies

9.1 Types of Cookies We Use

Essential Cookies: Required for the Platform to function properly (authentication, session management). These cannot be disabled.

Analytics Cookies: We use Google Analytics, Meta Pixel, and Trackdesk to understand how users interact with our Platform and track marketing conversions. These cookies help us improve our services and measure the effectiveness of our marketing campaigns.

9.2 Managing Cookies

You can control cookies through your browser settings. However, disabling essential cookies may prevent you from using certain Platform features.

10. Your Privacy Rights

10.1 Rights Under GDPR (EU/UK Users)

If you are located in the European Union or United Kingdom, you have the following rights:

  • Right to Access: Request a copy of the personal data we hold about you
  • Right to Rectification: Request correction of inaccurate or incomplete data
  • Right to Erasure ("Right to be Forgotten"): Request deletion of your personal data
  • Right to Restrict Processing: Request that we limit how we use your data
  • Right to Data Portability: Receive your data in a structured, machine-readable format
  • Right to Object: Object to processing based on legitimate interests or for direct marketing
  • Right to Withdraw Consent: Withdraw consent at any time (without affecting prior processing)
  • Right to Lodge a Complaint: File a complaint with your local data protection authority

10.2 How to Exercise Your Rights

To exercise any of these rights, please contact us at info@ainisa.com. We will respond to your request within 30 days.

For certain requests (deletion, access, portability), you can also manage your data directly through your account settings on the Platform.

10.3 Supervisory Authority

If you are not satisfied with our response, you have the right to lodge a complaint with:

  • UK: Information Commissioner's Office (ICO) - https://ico.org.uk
  • EU: Your local data protection authority

11. Business Customer Responsibilities

If you use our Platform to provide chatbot services to your own customers (your end-users), you are the data controller for your end-users' data. This means you are responsible for:

  • Providing appropriate privacy notices to your end-users
  • Obtaining necessary consents for data collection and processing
  • Ensuring compliance with applicable privacy laws (GDPR, CCPA, etc.)
  • Handling your end-users' privacy rights requests (access, deletion, etc.)
  • Informing your end-users about the AI provider you're using and their privacy practices

We act as your data processor for your end-users' data. A Data Processing Agreement (DPA) is available upon request and should be executed for GDPR compliance.

12. Third-Party Websites and Services

Our Platform may contain links to third-party websites, services, or integrations (such as AI provider websites, Meta's WhatsApp Business platform, etc.). We are not responsible for the privacy practices of these external sites.

We encourage you to review the privacy policies of:

  • AI providers you choose to use (OpenAI, Anthropic, etc.)
  • Messaging platforms (Meta for WhatsApp/Instagram/Facebook, Telegram)
  • Any other third-party services you integrate with our Platform

13. Marketing Communications

With your consent, we may send you marketing emails about new features, updates, promotions, or other information we think you might find interesting.

You can opt out of marketing communications at any time by:

  • Clicking the "unsubscribe" link in any marketing email
  • Contacting us at info@ainisa.com
  • Updating your preferences in your account settings

Note: Even if you opt out of marketing emails, we will still send you essential service-related communications (such as security alerts, billing notices, or important platform updates).

14. Children's Privacy

Our Platform is not intended for individuals under the age of 16. We do not knowingly collect personal information from anyone under 16.

If you are a parent or guardian and believe your child has provided us with personal information, please contact us at info@ainisa.com. We will promptly delete such information from our systems.

15. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

  • Right to Know: Request information about the personal data we've collected about you in the past 12 months
  • Right to Delete: Request deletion of your personal information
  • Right to Opt-Out of Sale: We do not sell personal information
  • Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights

To exercise these rights, contact us at info@ainisa.com.

16. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or Platform features.

When we make changes:

  • We will update the "Last Updated" date at the top of this policy
  • For material changes, we will notify you via email or through a prominent notice on the Platform
  • We encourage you to review this policy periodically

Your continued use of the Platform after changes are posted constitutes your acceptance of the updated Privacy Policy.

17. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us:

Ainisa Limited

Email: info@ainisa.com

Registered Office (UK):
71-75 Shelton Street
Covent Garden, London
United Kingdom, WC2H 9JQ
Company Number: 16174959

Operational Office:
Baku, Azerbaijan

Data Protection Officer: info@ainisa.com

We will respond to your inquiries within 30 days.

This Privacy Policy is effective as of the date stated above and applies to all users of the Ainisa Platform.

No-code Customized AI Agents with Ainisa

Be one of the first 500 businesses saving time & money with Ainisa

Start free · Bring your own OpenAI key · Upgrade only when you’re ready

  • No credit card required
  • Cancel any time
  • Integrate Anywhere

Built for e-commerce stores, agencies, and solo founders worldwide