Privacy Policy

We collect only what is necessary to provide the service. This policy explains what we collect, how we use it, and your rights over your data.

Last updated: April 2026 · Effective: April 2026

01 Data We Collect

We collect three categories of data when you use AimeonAI:

Account Data
  • Email address
  • Account creation date
  • Subscription plan
  • API key (hashed)
Usage Data
  • Video generation prompts
  • Credits consumed per job
  • Job timestamps & statuses
  • IP address (per request)
  • Device fingerprint hash
  • User-agent string hash
Billing Data
  • Stripe Customer ID
  • Stripe Subscription ID
  • Transaction history
  • Refund records
We do not store raw payment card data.All payment processing is handled by Stripe. We never see or store your card number, CVV, or full billing address on our servers. See Section 3 for details.

Data you generate

Text prompts you submit are stored alongside job records to enable idempotency, support queries, and prompt caching. Video outputs are stored in secure cloud storage (AWS S3 or equivalent) and linked to your account. You can delete generated videos at any time from your account dashboard.

Automatically collected data

When you use our API, we automatically collect your IP address and a hashed device fingerprint for fraud detection and abuse prevention. We do not use these signals for advertising or profiling unrelated to service integrity.

02 How We Use Data

We use collected data strictly to operate, maintain, and improve the service:

  • Service delivery: Processing generation jobs, tracking credit usage, managing subscriptions
  • Fraud & abuse prevention: IP and device fingerprint analysis, rate limit enforcement, risk scoring
  • Billing: Invoicing, payment processing, dispute resolution, tax compliance
  • Communication: Transactional emails (receipts, account alerts, policy updates). We do not send unsolicited marketing without opt-in consent.
  • Service improvement: Anonymised aggregate usage analytics — no individual identification
  • Legal compliance: Retaining records as required by applicable law

We do not sell your data, use it for advertising on third-party platforms, or share it with data brokers.

03 Payment Processing

All payments are processed by Stripe, Inc., a PCI DSS Level 1 certified payment processor.

Stripe

What Stripe handles

  • Subscription billing and recurring charges
  • One-time purchases (credit packs, video packs)
  • Refund processing
  • Invoice generation
  • Payment dispute management

What data Stripe receives

When you complete a purchase, Stripe receives your payment card details, billing name, and billing address directly. AimeonAI receives a Stripe Customer ID and Subscription ID — token references that allow us to manage your subscription without holding sensitive financial data ourselves.

Stripe's handling of your payment data is governed by Stripe's Privacy Policy. Stripe is a data processor acting on our behalf under a Data Processing Agreement (DPA) compliant with GDPR Article 28.

Billing portal

You can view invoices, update payment methods, and manage your subscription directly through the Stripe Customer Portal, accessible from your account settings.

04 Data Sharing

We share your data only with the following categories of third parties, and only to the extent necessary to provide the service:

Third PartyPurposeData Shared
StripePayment processingEmail, Stripe IDs, billing events
AWS / Cloud StorageVideo file storageGenerated video files (encrypted at rest)
AI Model ProvidersVideo generationText prompt only (no account data)
Error monitoring (optional)Bug detectionAnonymised stack traces, no PII

We may also disclose data when required by law, court order, or valid legal process.

05 Cookies & Tracking

Essential cookies

Session cookies required to maintain your authenticated state in the dashboard. These are strictly necessary and cannot be disabled without preventing login.

Analytical cookies (optional)

If you access our marketing or documentation pages, we may use privacy-respecting analytics (such as Plausible or Fathom — no Google Analytics) to understand page traffic in aggregate.

Third-party cookies

The Stripe billing portal and Stripe Elements widgets set cookies scoped to the Stripe domain for fraud prevention and session management.

No advertising cookies.We do not use advertising networks, retargeting pixels, or social media tracking cookies on any AimeonAI property.

06 Data Retention

  • Account data: Retained for the life of the account plus 6 years after deletion
  • Generated videos: Retained until you delete them, or 30 days after account termination
  • Generation prompts & job logs: 12 months from creation, then anonymised
  • Billing & invoice records: 7 years (VAT/tax obligation in most jurisdictions)
  • IP & device fingerprint logs: 90 days rolling window
  • Abuse / fraud signals: Up to 2 years for accounts flagged for investigation

07 GDPR & Your Rights

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have the following rights:

RightWhat it meansHow to exercise
AccessObtain a copy of your personal dataEmail privacy@aimeonai.com
RectificationCorrect inaccurate dataAccount settings or email us
ErasureRequest deletion of your dataEmail privacy@aimeonai.com
PortabilityReceive your data in a structured formatEmail privacy@aimeonai.com
RestrictionLimit how we process your dataEmail privacy@aimeonai.com
ObjectionObject to processing based on legitimate interestEmail privacy@aimeonai.com
Withdraw consentWithdraw consent for optional processingAccount settings or email us

We will respond to all requests within 30 days.

08 Security

  • All data transmitted is encrypted via TLS 1.2+
  • Data at rest is encrypted using AES-256 at the storage layer
  • API keys are stored as hashed values — we cannot recover your raw key
  • Payment card data is never stored on AimeonAI infrastructure
  • Access to production systems is restricted to authorised personnel only, with MFA enforced

09 Children's Privacy

AimeonAI is intended for users aged 18 and over. We do not knowingly collect personal data from minors. If you believe a minor has registered, please contact us at privacy@aimeonai.com.

10 Contact & Data Protection

We aim to respond to all privacy requests within 5 business days with an acknowledgement, and resolve the request within 30 days.