Privacy Policy · AICoven

# AICoven Privacy Policy _Last updated: November 2025_ AICoven values your privacy. This policy explains what data we collect, how we use it, and your rights under UK law. --- ## 1. Who We Are **AICoven** is operated by **Andreea Elena Papillon** (“we”, “us”, or “our”). Email: **hello@aicoven.ai** We are based in the United Kingdom and comply with the **UK General Data Protection Regulation (UK GDPR)** and the **Data Protection Act 2018**. --- ## 2. What Data We Collect | Category | Examples | Why we collect it | |-----------|-----------|------------------| | Account data | Email, password hash | To create and manage your account | | Provider connections | Encrypted API keys, provider name | To enable BYOK (Bring Your Own Key) integrations | | Usage data | Logs of requests, costs, and quotas | To monitor service health and your entitlements | | Memory data | Messages, approved memory chunks | To provide persistent context and recall | | Billing & entitlement | Apple transaction ID, plan name | To verify your plan and manage access | We **do not** store raw AI provider prompts or responses beyond what is necessary for the chat and memory functions. --- ## 3. How We Use Your Data We use your information to: - Provide, maintain, and improve the AICoven service. - Manage authentication, subscriptions, and BYOK integrations. - Detect abuse, ensure security, and comply with legal requirements. - Communicate with you about updates or support. We do **not** sell or rent your data to anyone. --- ## 4. How We Store and Protect Data - All communication uses **HTTPS encryption**. - API keys are **encrypted with a managed vault** (KMS / envelope encryption). - Vector memory and other data are stored securely in **Postgres (Cloud SQL + pgvector)**. - We limit staff and system access to essential operations only. --- ## 5. Cookies & Analytics We use minimal cookies — mainly for authentication and remembering preferences. We may use privacy-respecting analytics (such as Plausible or self-hosted tools) to understand usage trends without tracking individuals. --- ## 6. Sharing and Third Parties We may share limited data with: - **Google Cloud** (infrastructure and managed services) - **Apple** (subscription validation) - **Model providers** you connect via BYOK (e.g. OpenAI, Anthropic, Google) These providers process data under their own terms and privacy policies. AICoven never transmits your API keys or raw memory data to unrelated third parties. --- ## 7. Data Retention - Account data: retained while your account is active. - Memory: retained until you delete it or your account. - Logs: retained up to 90 days for security and debugging. - Subscription and entitlement records: retained as legally required for tax and audit. You can request deletion of your data at any time. --- ## 8. Your Rights (UK GDPR) You have the right to: - Access a copy of your data. - Correct inaccuracies. - Request deletion (“right to be forgotten”). - Withdraw consent where applicable. - Complain to the UK Information Commissioner’s Office (ICO) if unresolved. To exercise these rights, email **hello@aicoven.ai**. --- ## 9. Children’s Privacy AICoven is not intended for users under 16 years old. We do not knowingly collect data from minors. --- ## 10. Changes to This Policy We may update this Privacy Policy to reflect improvements or legal requirements. Material changes will be announced in-app or via email before taking effect. --- ## 11. Contact Questions about this policy or your data? 📧 **hello@aicoven.ai**