Privacy Policy

This Policy is by AI.YI operator. GDPR, CCPA compliant. DPO: privacy@aiyiworld.com

(a) Account: Email, username, password hash, OAuth (b) Birth Data (Sensitive): Date, time, location. GDPR Art. 9, explicit consent (c) Usage: Charts, AI history, Stardust, logs (d) Payment: Stripe (no card storage) (e) Cookies: Auth, language, consent

(a) Contract (GDPR 6(1)(b)) (b) Consent (GDPR 9(2)(a)): Sensitive data (c) Legal Obligation: Financial records (d) Legitimate Interests: Improvement, fraud prevention

No sale. Only to: (a) AI (Gemini/DeepSeek): Anonymized text (b) Payment (Stripe): PCI-DSS (c) Cloud (Neon/Vercel): TLS/AES-256 (d) Legal requirements

Servers in EU/US. Protected by SCCs, adequacy decisions, encryption.

(a) Account: Duration, 30d anonymization (b) Charts: Duration (c) Consultation: Duration (d) Payment: 7y (tax) (e) Logs: 90d

GDPR/CCPA: (a) Access: /api/user/data (b) Rectify: Settings (c) Erase: Settings (d) Portability: JSON export (e) Restrict (f) Object (g) Withdraw consent (h) Complain: To authority

(a) Encryption: TLS 1.3, AES-256, bcrypt (b) Access: RBAC, MFA (c) Audits: Quarterly, pentests (d) Minimization (e) Training (f) Response: 72h (GDPR 33-34)

(a) Necessary: Auth (7d), GDPR (b) Functional: Language (c) Performance: None (no GA)

DPO: privacy@aiyiworld.com Response: 30d (GDPR 12(3))