Privacy Policy
Last Updated: February 5, 2026
This Privacy Policy describes how Aira ("Company", "we", "us", or "our") collects, uses, stores, and discloses information when you use our website, platform, APIs, and related services (the "Service"). By accessing or using the Service, you agree to the practices described in this Privacy Policy.
1. Information We Collect
1.1 Information You Provide
- Account Information: When you register, we collect your name, email address, and authentication credentials through third-party providers (e.g., Google OAuth).
- Contact Form Submissions: When you submit a demo request or contact form, we collect your name, email, company name, and any message you provide.
- Content You Upload: Documents, knowledge base articles, and other content you upload to the Service for AI processing.
- Payment Information: If you subscribe to a paid plan, payment details are collected and processed by our third-party payment processor (Stripe). We do not store full payment card details on our servers.
1.2 Information Collected Automatically
- Usage Data: Pages visited, features used, timestamps, referring URLs, and interaction patterns.
- Device Information: Browser type, operating system, screen resolution, and device identifiers.
- IP Address: Your IP address is collected for security, analytics, and fraud prevention purposes.
- Cookies and Similar Technologies: As described in our Cookie Policy.
1.3 Information from End Users
When your end users (customers) interact with the chat widget deployed through the Service, we may collect chat messages, session identifiers, browser information, and IP addresses. You are responsible for informing your end users about the data collection that occurs through the Service and obtaining any necessary consents as required by applicable law.
2. How We Use Your Information
We use collected information for the following purposes:
- To provide, operate, and maintain the Service
- To process AI responses using your uploaded knowledge base
- To manage your account and process transactions
- To respond to your inquiries and provide support
- To send administrative communications (account-related, security alerts)
- To analyze usage patterns and improve the Service
- To detect, prevent, and address security issues, fraud, and abuse
- To comply with legal obligations
- To enforce our Terms of Service
3. Legal Basis for Processing (GDPR)
If you are in the European Economic Area (EEA), our legal bases for processing your information include:
- Contractual Necessity: Processing necessary to perform our agreement with you (providing the Service).
- Legitimate Interests: Processing necessary for our legitimate interests (analytics, security, service improvement), provided these do not override your rights.
- Consent: Where you have given consent for specific processing activities (e.g., marketing communications).
- Legal Obligation: Processing necessary to comply with applicable laws.
4. Data Sharing and Third-Party Processors
We may share your information with the following categories of third parties:
| Service | Purpose |
|---|---|
| Hetzner (via Coolify) | Hosting & delivery |
| Cloudflare | CDN & file storage |
| Firebase / Google | Authentication |
| AI Providers (e.g., Groq, OpenAI) | AI response generation |
| Stripe | Payment processing |
| Resend | Transactional email |
We require all third-party processors to handle your data in accordance with applicable data protection laws. However, we are not responsible for the data practices of third-party providers once data has been transmitted to them.
We do not sell your personal data to third parties.
5. Data Retention
We retain your personal data for as long as necessary to fulfill the purposes described in this Privacy Policy, including to provide the Service, comply with legal obligations, resolve disputes, and enforce our agreements. The specific retention period is determined at our sole discretion based on the nature of the data and the purposes for which it was collected.
When you delete your account, we will make reasonable efforts to delete your personal data within a reasonable timeframe, subject to technical limitations, legal requirements, and backup retention schedules. We are not obligated to delete data that is required for legal compliance, dispute resolution, or enforcement of our Terms.
6. Data Security
We implement reasonable administrative, technical, and physical security measures to protect your information.
No method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security and are not liable for any unauthorized access, data breach, or data loss, despite our reasonable efforts to protect your information.
7. Your Rights (GDPR / EEA Residents)
If you are a resident of the European Economic Area, you have the following rights:
- Right of Access: Request a copy of the personal data we hold about you.
- Right to Rectification: Request correction of inaccurate personal data.
- Right to Erasure: Request deletion of your personal data, subject to legal exceptions.
- Right to Restrict Processing: Request restriction of processing in certain circumstances.
- Right to Data Portability: Request a machine-readable copy of your data.
- Right to Object: Object to processing based on legitimate interests.
- Right to Withdraw Consent: Withdraw consent at any time where processing is based on consent.
To exercise any of these rights, please contact us using the contact information provided on our website. We will respond to your request within the timeframe required by applicable law. We may require verification of your identity before processing your request.
8. International Data Transfers
Your information may be transferred to and processed in countries other than your country of residence, including countries that may not provide the same level of data protection as your home country. By using the Service, you consent to such transfers. We will take reasonable steps to ensure that your data is treated securely and in accordance with this Privacy Policy.
9. Children's Privacy
The Service is not directed to individuals under the age of 16. We do not knowingly collect personal data from children under 16. If we become aware that a child under 16 has provided us with personal data, we will take steps to delete such data.
10. Changes to This Privacy Policy
We reserve the right to update this Privacy Policy at any time at our sole discretion. Changes are effective immediately upon posting. We will make reasonable efforts to notify you of material changes, but we are not obligated to do so. Your continued use of the Service after any changes constitutes acceptance of the revised Privacy Policy. It is your responsibility to review this Privacy Policy periodically.
11. Contact
If you have any questions about this Privacy Policy or wish to exercise your data protection rights, please contact us using the contact information provided on our website.