Aimour.AI
Sign in Start Chatting
Effective: 1 January 2026

Privacy Policy — Aimour AI App

Every line of this policy is written in plain English. The short version: your conversations are yours, your data is encrypted, we don't sell anything to anyone.

1. Who we are

Aimour AI App is operated by Aimour Studio, Lda — a private company registered in Lisbon, Portugal. We act as the data controller for everything described in this policy.

2. Scope of this policy

This policy covers every interaction you have with Aimour AI App: our website, our mobile experiences, our customer support, our marketing emails and any beta features we may invite you to.

3. The data we collect from you

When you create an account we collect your email, a password hash, your chosen display name, and your preferred language. None of this is ever sold.

4. The data your device shares

Your browser or device shares a user-agent string, a coarse IP-based location and an anonymous session identifier so we can keep you signed in and prevent abuse.

5. The data you create inside the app

Your chats, voice notes, custom companion settings and any media you share live inside an isolated, encrypted vault that only you can read.

6. End-to-end encryption

Every message between you and your AI companion is encrypted in transit (TLS 1.3) and at rest (AES-256). The keys never leave the regional vault you chose.

7. Region-locked storage

Pick EU, US or Asia-Pacific during sign-up and your data physically lives in that region only. It is never replicated outside.

8. How long we keep your data

Chats stay until you delete them. Account data stays while your account is active and for 30 days after closure for fraud prevention. After that, it is purged.

9. Your right to access

You can request a full machine-readable export of every byte we hold about you at any time, free of charge, from the in-app settings.

10. Your right to deletion

You can wipe a single message, a whole conversation, or your entire account in one tap. Deletion is permanent and propagated to all backups within 30 days.

11. Your right to rectification

You can update or correct any personal detail in your profile yourself, with no need to contact support.

12. Your right to portability

Your export is delivered as a structured JSON archive so you can move it to another service if you ever want to.

13. Your right to object

You can object to any non-essential processing of your data — including analytics and product research — straight from your privacy dashboard.

14. Your right to withdraw consent

Where we rely on consent, you can withdraw it at any time without affecting the lawfulness of past processing.

15. Cookies and similar technologies

We use a single essential session cookie to keep you signed in. We do not run third-party advertising cookies anywhere on the site.

16. Analytics

We use a privacy-friendly, self-hosted analytics tool that records aggregated, anonymous page-view counts. It does not set cookies or collect personal data.

17. Children

Aimour AI App is intended for adults only. Anyone under the age of 18 is not allowed to use the service and any account suspected to belong to a minor is removed.

18. Age verification

We may ask for proof of age in regions where local law requires it. Any verification document is processed and discarded immediately by our verification partner.

19. Marketing communications

You may receive product update emails after you sign up. Every email contains a one-click unsubscribe link and your preferences are respected immediately.

20. Push notifications

Push notifications are off by default. You choose what you want to be notified about and you can revoke permission from your device at any time.

21. Service providers

We use a small number of vetted third parties for hosting, payment processing and email delivery. Each one is bound by strict data processing agreements.

22. International transfers

When data must cross a border for a specific feature, we rely on Standard Contractual Clauses approved by the European Commission and equivalent safeguards.

23. Payment data

Card details are processed directly by our PCI-DSS Level 1 payment provider. We never see or store your full card number.

24. Security practices

We run continuous vulnerability scanning, annual penetration tests and a public bug-bounty programme. Production access is restricted, logged and reviewed.

25. Data breach notification

If a personal data breach ever happens, we will notify affected users and the relevant supervisory authorities within 72 hours, in line with GDPR Article 33.

26. Legal basis for processing

We process your data on the basis of contract performance (for the service itself), legitimate interest (for fraud prevention and product improvement) and consent (for marketing).

27. Automated decisions

We do not use your personal data for automated decisions that produce legal effects. Your AI companion is a creative system, not a credit-scoring engine.

28. Profile and personality settings

The traits you assign to a companion are stored alongside your account and used only to personalise that specific conversation.

29. Voice data

Voice notes you record are processed for transcription and reply generation, then encrypted and stored in your vault. We do not use them to train external models.

30. AI training data

We do not train our foundation models on your private conversations. Period.

31. Public content

If you publicly share a screenshot or quote a conversation on your own social channels, that content is no longer private. We have no control over external platforms.

32. Support conversations

Emails or chats with our support team are stored for up to 24 months so we can keep helping you well. You can request earlier deletion.

33. Cookies preferences

You can review and adjust your cookie preferences any time via the privacy dashboard inside the app.

34. Do Not Track

We honour the Do Not Track signal where your browser sends one — analytics are skipped entirely for that session.

35. Changes to this policy

When we change this policy in a meaningful way, we will tell you by email and inside the app at least 14 days before changes take effect.

36. Supervisory authority

You have the right to lodge a complaint with your local data protection authority. In the EU you can find your local authority on the EDPB website.

37. California residents (CCPA)

California residents have the right to know, delete and opt out of any sale of personal information. We do not sell personal information of any kind.

38. Contact our DPO

Our Data Protection Officer can be reached at privacy@aimourai.app. We respond to every request within 30 days, usually much sooner.

If anything on this page is unclear, write to privacy@aimourai.app. We'd rather over-explain than leave you guessing.