AICoven Privacy Policy
Last updated: November 2025
AICoven is built around the principle of privacy by default. This policy explains what data we collect, how it is used, and your rights under UK law.
1. Who We Are
AICoven is operated by Andreea Elena Papillon.
📧 Email: hello@aicoven.ai
We are based in the United Kingdom and comply with the UK GDPR and the Data Protection Act 2018.
2. Data We Collect
| Category | Examples | Purpose |
|---|---|---|
| Account data | Email, authentication identifiers | Account access and security |
| Provider connections | Encrypted API keys, provider metadata | Enable BYOK integrations |
| Messages & memory | Encrypted messages, approved memory items | Provide chat and recall |
| Usage metadata | Token counts, timestamps, costs | Quotas, diagnostics |
| Subscription data | Apple transaction identifiers | Verify entitlements |
We do not sell or rent personal data.
3. Encryption & Security Model
- Sensitive content (messages, memories, provider keys) is encrypted at rest.
- Encryption keys originate on your device and are not stored persistently on our servers.
- Data is decrypted only transiently in server memory to fulfil a request, then discarded.
- All network traffic is protected with TLS (HTTPS).
This model protects your data from database compromise and unauthorized access at rest.
4. AI Providers & Third Parties
When you use AICoven:
- Requests may be sent to AI providers you connect (e.g. OpenAI, Anthropic).
- Those providers process data under their own privacy policies and terms.
- AICoven never shares your API keys or content with unrelated third parties.
5. Vector Search & Memory
To enable semantic memory recall:
- Memory text is encrypted.
- Vector embeddings may be stored separately to support similarity search.
Embeddings represent abstract meaning, not raw text. You may mark certain memories as sensitive to disable embedding-based search.
6. Cookies & Analytics
We use minimal cookies required for:
- Authentication
- Session security
We may use privacy-respecting analytics to understand aggregate usage without tracking individuals.
7. Data Retention
- Account data: retained while your account is active.
- Messages & memory: retained until deleted by you or upon account deletion.
- Logs: retained for a limited period (typically ≤ 90 days).
- Subscription records: retained as required for legal and audit purposes.
8. Your Rights (UK GDPR)
You have the right to:
- Access your data
- Correct inaccuracies
- Request deletion
- Export your data
- Object to or restrict processing
To exercise your rights, contact hello@aicoven.ai. You may also lodge a complaint with the UK Information Commissioner’s Office (ICO).
9. Children’s Privacy
AICoven is not intended for users under 16 years old. We do not knowingly collect data from minors.
10. Changes to This Policy
We may update this Privacy Policy to reflect changes in the service or legal requirements. Material changes will be announced in-app or via email.
11. Contact
Questions about privacy or data protection? Emailhello@aicoven.ai.