Privacy Policy
We collect only what is necessary to provide the service. This policy explains what we collect, how we use it, and your rights over your data.
Contents
01 Data We Collect
We collect three categories of data when you use AimeonAI:
- Email address
- Account creation date
- Subscription plan
- API key (hashed)
- Video generation prompts
- Credits consumed per job
- Job timestamps & statuses
- IP address (per request)
- Device fingerprint hash
- User-agent string hash
- Stripe Customer ID
- Stripe Subscription ID
- Transaction history
- Refund records
Data you generate
Text prompts you submit are stored alongside job records to enable idempotency, support queries, and prompt caching. Video outputs are stored in secure cloud storage (AWS S3 or equivalent) and linked to your account. You can delete generated videos at any time from your account dashboard.
Automatically collected data
When you use our API, we automatically collect your IP address and a hashed device fingerprint for fraud detection and abuse prevention. We do not use these signals for advertising or profiling unrelated to service integrity.
02 How We Use Data
We use collected data strictly to operate, maintain, and improve the service:
- Service delivery: Processing generation jobs, tracking credit usage, managing subscriptions
- Fraud & abuse prevention: IP and device fingerprint analysis, rate limit enforcement, risk scoring
- Billing: Invoicing, payment processing, dispute resolution, tax compliance
- Communication: Transactional emails (receipts, account alerts, policy updates). We do not send unsolicited marketing without opt-in consent.
- Service improvement: Anonymised aggregate usage analytics — no individual identification
- Legal compliance: Retaining records as required by applicable law
We do not sell your data, use it for advertising on third-party platforms, or share it with data brokers.
03 Payment Processing
All payments are processed by Stripe, Inc., a PCI DSS Level 1 certified payment processor.
What Stripe handles
- Subscription billing and recurring charges
- One-time purchases (credit packs, video packs)
- Refund processing
- Invoice generation
- Payment dispute management
What data Stripe receives
When you complete a purchase, Stripe receives your payment card details, billing name, and billing address directly. AimeonAI receives a Stripe Customer ID and Subscription ID — token references that allow us to manage your subscription without holding sensitive financial data ourselves.
Stripe's handling of your payment data is governed by Stripe's Privacy Policy. Stripe is a data processor acting on our behalf under a Data Processing Agreement (DPA) compliant with GDPR Article 28.
Billing portal
You can view invoices, update payment methods, and manage your subscription directly through the Stripe Customer Portal, accessible from your account settings.
06 Data Retention
- Account data: Retained for the life of the account plus 6 years after deletion
- Generated videos: Retained until you delete them, or 30 days after account termination
- Generation prompts & job logs: 12 months from creation, then anonymised
- Billing & invoice records: 7 years (VAT/tax obligation in most jurisdictions)
- IP & device fingerprint logs: 90 days rolling window
- Abuse / fraud signals: Up to 2 years for accounts flagged for investigation
07 GDPR & Your Rights
If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have the following rights:
| Right | What it means | How to exercise |
|---|---|---|
| Access | Obtain a copy of your personal data | Email privacy@aimeonai.com |
| Rectification | Correct inaccurate data | Account settings or email us |
| Erasure | Request deletion of your data | Email privacy@aimeonai.com |
| Portability | Receive your data in a structured format | Email privacy@aimeonai.com |
| Restriction | Limit how we process your data | Email privacy@aimeonai.com |
| Objection | Object to processing based on legitimate interest | Email privacy@aimeonai.com |
| Withdraw consent | Withdraw consent for optional processing | Account settings or email us |
We will respond to all requests within 30 days.
08 Security
- All data transmitted is encrypted via TLS 1.2+
- Data at rest is encrypted using AES-256 at the storage layer
- API keys are stored as hashed values — we cannot recover your raw key
- Payment card data is never stored on AimeonAI infrastructure
- Access to production systems is restricted to authorised personnel only, with MFA enforced
09 Children's Privacy
AimeonAI is intended for users aged 18 and over. We do not knowingly collect personal data from minors. If you believe a minor has registered, please contact us at privacy@aimeonai.com.
10 Contact & Data Protection
- Privacy email: privacy@aimeonai.com
- General support: support@aimeonai.com
We aim to respond to all privacy requests within 5 business days with an acknowledgement, and resolve the request within 30 days.