Privacy Policy

We use the information we collect to:

• Provide, operate, maintain, and improve the Service
• Process and fulfill your AI generation requests
• Manage your account, authentication, and session state
• Process billing transactions and manage credits/subscriptions
• Send you transactional communications (account verification, billing receipts, service updates)
• Monitor usage patterns to improve performance, reliability, and the user experience
• Detect, investigate, and prevent fraud, abuse, and violations of our policies
• Enforce our Terms of Service and Acceptable Use Policy
• Comply with legal obligations and respond to lawful requests

We do not sell your personal information. We do not use your content (models, images, prompts) to train AI models or for any purpose beyond providing the Service to you.

We use third-party service providers to help us operate, maintain, and improve the Service. These providers may include services for authentication, data storage, infrastructure, media hosting, content delivery, payment processing, and AI generation. Each provider receives only the minimum data necessary to perform its function and processes your data on our behalf under applicable agreements.

When you generate content, your prompts, model descriptions, and (if applicable) reference images are transmitted to third-party AI generation providers. If you use BYOK, requests are authenticated with your own API keys directly to the provider you specify. Each AI provider has its own privacy policy and data retention practices. We encourage you to review the privacy policies of any providers you use through BYOK, as data sent to them is subject to their terms.

Payment transactions are processed by PCI-DSS compliant third-party payment providers. We do not have access to your full payment card details.

Third-party providers may set cookies on your device, collect access logs (including IP addresses), or process data in locations outside your country of residence. We select providers that maintain appropriate security and privacy standards.

We implement industry-standard security measures to protect your information, including:

• Encryption of sensitive data (including API keys) at rest and in transit (TLS/SSL)
• Access controls limiting employee and system access to personal data on a need-to-know basis
• Regular security reviews of our infrastructure and third-party integrations
• Secure authentication through our third-party provider with support for MFA

Despite these measures, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security of your data. You are responsible for maintaining the confidentiality of your account credentials and API keys.

We retain your personal data and content for as long as your account is active and as needed to provide the Service. Specifically:

• Account data: Retained while your account is active and for a reasonable period after deletion to comply with legal obligations
• Generated content: Retained until you delete it or delete your account
• API keys: Retained while your account is active; deleted when you remove them or delete your account
• Log and usage data: Retained for up to 12 months for analytics and security purposes
• Billing records: Retained as required by applicable tax and accounting laws

When you delete your account, we will remove your personal data and content within 30 days, except where retention is required by law or necessary to resolve disputes.

Your information may be transferred to and processed in countries other than your country of residence, including the United States. Our third-party service providers may process data in various locations globally. By using the Service, you consent to the transfer of your information to these locations, where data protection laws may differ from those in your jurisdiction.

Depending on your jurisdiction, you may have the following rights regarding your personal data:

• Access: Request a copy of the personal data we hold about you
• Correction: Request correction of inaccurate or incomplete data
• Deletion: Request deletion of your account and associated data
• Portability: Request a machine-readable copy of your data
• Restriction: Request that we limit processing of your data in certain circumstances
• Objection: Object to processing of your data for certain purposes
• Withdrawal of consent: Where processing is based on consent, you may withdraw it at any time

To exercise any of these rights, contact us at support@aio.fm. We will respond to your request within 30 days. We may ask you to verify your identity before processing your request.

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

• The right to know what personal information we collect, use, and disclose
• The right to request deletion of your personal information
• The right to opt out of the sale of your personal information (we do not sell your data)
• The right to non-discrimination for exercising your CCPA rights

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, our legal bases for processing your data include:

• Contract performance: Processing necessary to provide the Service you requested
• Legitimate interests: Processing for fraud prevention, security, and Service improvement, balanced against your rights
• Consent: Where you have given explicit consent (e.g., optional communications)
• Legal obligation: Processing required by applicable law

You may lodge a complaint with your local data protection authority if you believe your rights have been violated.

The Service is not intended for users under the age of 18. We do not knowingly collect personal information from anyone under 18. If we become aware that we have collected personal data from a minor, we will take steps to delete that information promptly. If you believe a minor has provided us with personal data, please contact us at support@aio.fm.

In the event of a data breach that affects your personal information, we will notify affected users and relevant authorities as required by applicable law. We will provide information about the nature of the breach, the data affected, and steps you can take to protect yourself.

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of material changes by:

• Posting the updated policy on this page with a new "Last updated" date
• Sending you an email notification for significant changes that affect how we handle your data

Your continued use of the Service after changes are posted constitutes your acceptance of the updated policy.

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, contact us at:

aiofm
Email: support@aio.fm
Website: https://aio.fm