1. Data Controller
This Policy is by AI YI operator. GDPR, CCPA compliant.
DPO: support@aiyi.app
2. Data Collected
(a) Account: Email, username, password hash, OAuth
(b) Birth Data (Sensitive): Date, time, location. GDPR Art. 9, explicit consent
(c) Usage: Charts, AI history, Stardust, logs
(d) Payment: Stripe (no card storage)
(e) Cookies: Auth, language, consent
3. Legal Basis
(a) Contract (GDPR 6(1)(b))
(b) Consent (GDPR 9(2)(a)): Sensitive data
(c) Legal Obligation: Financial records
(d) Legitimate Interests: Improvement, fraud prevention
4. Sharing
No sale. Only to:
(a) AI (Gemini/DeepSeek): Anonymized text
(b) Payment (Stripe): PCI-DSS
(c) Cloud (Neon/Vercel): TLS/AES-256
(d) Legal requirements
5. Transfers
Servers in EU/US. Protected by SCCs, adequacy decisions, encryption.
6. Retention
(a) Account: Duration, 30d anonymization
(b) Charts: Duration
(c) Consultation: Duration
(d) Payment: 7y (tax)
(e) Logs: 90d
7. Your Rights
GDPR/CCPA:
(a) Access: /api/user/data
(b) Rectify: Settings
(c) Erase: Settings
(d) Portability: JSON export
(e) Restrict
(f) Object
(g) Withdraw consent
(h) Complain: To authority
8. Security
(a) Encryption: TLS 1.3, AES-256, bcrypt
(b) Access: RBAC, MFA
(c) Audits: Quarterly, pentests
(d) Minimization
(e) Training
(f) Response: 72h (GDPR 33-34)
9. Cookies
(a) Necessary: Auth (7d), GDPR
(b) Functional: Language
(c) Performance: None (no GA)
10. Contact
DPO: support@aiyi.app
Response: 30d (GDPR 12(3))
Exercise Your Data Rights
Export Data (GDPR Art. 15/20)Visit /api/user/data (logged in) or contact support@aiyi.app
Delete Data (GDPR Art. 17)Delete account in settings, or contact us. All data permanently removed within 30 days.
⚠️ By using AI YI services, you confirm that you have read and understood this Privacy Policy. For questions, contact support@aiyi.app