AICoven Privacy Policy
Last updated: February 2026
AICoven is built around the principle of privacy by default. This policy explains what data we collect, how it is used, and your rights under UK law.
1. Who We Are
AICoven is operated by Andreea Elena Papillon.
📧 Email: hello@aicoven.ai
We are based in the United Kingdom and comply with the UK GDPR and the Data Protection Act 2018.
2. Data We Collect
| Category | Examples | Purpose |
|---|---|---|
| Account data | Email, authentication identifiers | Account access and security |
| Provider connections | Encrypted API keys, provider metadata | Enable BYOK integrations |
| Messages & memory | Encrypted messages, approved memory items | Provide chat and recall |
| Usage metadata | Token counts, timestamps, costs | Quotas, diagnostics |
| Subscription data | Apple transaction identifiers | Verify entitlements |
We do not sell or rent personal data.
3. Encryption & Security Model
- Sensitive content (messages, memories, provider keys) is encrypted at rest.
- Encryption keys originate on your device and are not stored persistently on our servers.
- Data is decrypted only transiently in server memory to fulfil a request, then discarded.
- All network traffic is protected with TLS (HTTPS).
This model protects your data from database compromise and unauthorized access at rest.
4. AI Providers & Third Parties
When you use AICoven:
- Requests may be sent to AI providers you connect (e.g. OpenAI, Anthropic, Google).
- Those providers process data under their own privacy policies and terms.
- AICoven never shares your API keys or content with unrelated third parties.
4.1 Data Sent to AI Providers
When you send a message, the following data is transmitted to the third-party AI provider you connect (OpenAI, Anthropic, Google, etc.):
- Your chat messages (decrypted just-in-time for the API call)
- Conversation context (relevant history from the current thread)
- Approved memory context retrieved for the conversation
- Uploaded files provided directly in the chat
- System prompts and agent instructions
Important: Your API keys are used directly with the provider. AICoven acts as an orchestration layer and does not store or log the plaintext content sent to providers.
4.2 AI Provider Data Retention & Policies
Each AI provider has their own data handling practices. Below is a summary of major providers (as of February 2025). Please review their policies directly for the most current information.
| Provider | API Data Retention | Training Use |
|---|---|---|
| OpenAI | 30 days for abuse monitoring (API), then deleted | API data not used for training by default |
| Anthropic | 30 days for safety, then deleted | API data not used for training |
| Google (Gemini API) | Not retained beyond request processing (paid API) | Paid API data not used for training |
| Ollama (Local) | No data leaves your device | Runs entirely on-device |
| Apple Intelligence (Local) | No data leaves your device | Runs entirely on-device via Apple's ML framework |
Note: Retention periods and policies may change. Always consult the provider's current documentation.
4.3 AI Provider Privacy Policy Links
Review each provider's privacy practices:
- OpenAI: Privacy Policy | API Data Usage Policy
- Anthropic: Privacy Policy | Commercial Terms
- Google (Gemini): API Terms of Service | Google Privacy Policy
- Ollama: Privacy Policy (Note: Ollama runs locally — no data is sent to external servers)
- Apple Intelligence: Apple Privacy Policy (Note: Apple local models run entirely on-device)
4.4 Local Models & On-Device Processing
AICoven Local supports fully on-device AI processing using Ollama and Apple Intelligence:
- Ollama: Open-source local model runtime. All inference happens on your Mac — no data is transmitted externally.
- Apple Intelligence: Native on-device models using Apple's ML framework. Processing is performed locally with Apple's privacy-preserving architecture.
When using local models, your messages and context never leave your device, providing the highest level of privacy.
4.5 Your Control Over AI Provider Data
You maintain control over your data flow to AI providers:
- Choose your providers: Only providers you explicitly connect receive your data.
- Disconnect anytime: Remove provider keys from Settings to stop data flow immediately.
- Use your own agreements: Your API usage falls under your direct relationship with each provider.
- Request deletion: Contact providers directly using their data subject request processes.
5. Vector Search & Memory
To enable semantic memory recall:
- Memory text is encrypted.
- Vector embeddings may be stored separately to support similarity search.
Embeddings represent abstract meaning, not raw text. You may mark certain memories as sensitive to disable embedding-based search.
6. Cookies & Analytics
We use minimal cookies required for:
- Authentication
- Session security
We may use privacy-respecting analytics to understand aggregate usage without tracking individuals.
7. Data Retention
- Account data: retained while your account is active.
- Messages & memory: retained until deleted by you or upon account deletion.
- Logs: retained for a limited period (typically ≤ 90 days).
- Subscription records: retained as required for legal and audit purposes.
8. Your Rights (UK GDPR)
You have the right to:
- Access your data
- Correct inaccuracies
- Request deletion
- Export your data
- Object to or restrict processing
To exercise your rights, contact hello@aicoven.ai. You may also lodge a complaint with the UK Information Commissioner’s Office (ICO).
9. Children’s Privacy
AICoven is not intended for users under 16 years old. We do not knowingly collect data from minors.
10. Changes to This Policy
We may update this Privacy Policy to reflect changes in the service or legal requirements. Material changes will be announced in-app or via email.
11. Contact
Questions about privacy or data protection? Emailhello@aicoven.ai.