AiMYNDibeta

AiMYNDi · Legal

Privacy Policy

How AiMYNDi collects, uses, and protects your personal data.

1. Introduction

This Privacy Policy explains how AiMYNDi AB ("AiMYNDi," "we," "us," or "our") collects, uses, shares, and protects personal data when you use our websites, applications, tools, and any related services (together, the "Services").

We aim to be straightforward about what we do with your data. If anything here is unclear, email us at [email protected].

This policy works together with our Terms and Conditions. Capitalised terms not defined here have the meaning given in the Terms.

2. Data Controller

The controller of your personal data is:

AiMYNDi AB
Swedish organisation number (organisationsnummer): 559502-0461
Registered with the Swedish Companies Registration Office (Bolagsverket).

Contact for all privacy matters: [email protected].

3. What We Collect

We collect personal data in the following categories. The exact data depends on how you interact with the Services — for example, you can browse without creating an account, but creating an account or submitting content involves more data.

3.1 Data You Provide Directly

  • Account data: email address, name, and any profile information you choose to add when registering.
  • Authentication data: password hashes, third-party sign-in identifiers where you choose to sign in via a supported identity provider, and session tokens.
  • Billing data: subscription plan, billing address, and invoice history. Card details are handled by our payment processor and are not stored by AiMYNDi.
  • Content you submit: URLs and links you paste; images, photographs, floor plans, PDFs, and other documents you upload; text you type into chat, notes, prompts, or contact forms. This content is covered by the user-content provisions in our Terms.
  • Communications: if you email us or otherwise reach out, we receive whatever information you include in that message.

3.2 Data We Generate for You

  • Outputs: analyses, scores, comparisons, chat responses, staging images, and other results produced by the Services at your instruction.
  • Account history: records of analyses you have run, items you have saved, and similar activity within your account.

3.3 Data Collected Automatically

  • Request logs: IP address, user agent, referrer, requested URL, and timestamps, logged by our hosting provider for a short rolling window. Used to operate the Services, detect abuse, and debug issues.
  • Usage telemetry: feature interactions, error events, performance metrics, and similar diagnostic data. Used to operate, debug, and improve the Services.
  • Device and connection data: device type, operating system, browser, approximate location derived from IP, and similar technical signals.
  • Cookies and similar technologies: see Section 9 for details.

4. How We Use Your Data

We use your personal data for the following purposes and on the following legal bases under Article 6 GDPR:

  • To provide the Services — creating your account, authenticating you, running the analyses you ask for, storing your outputs, taking payment. Legal basis: performance of a contract (Article 6(1)(b)).
  • To keep the Services secure and reliable — abuse prevention, fraud detection, debugging, security monitoring. Legal basis: legitimate interests (Article 6(1)(f)) in operating a safe service.
  • To improve and develop the Services, including the quality of our AI features. We may use aggregated, de-identified, or sampled data for product analytics, evaluation, and model-quality improvement. Legal basis: legitimate interests (Article 6(1)(f)); where stricter consent is required by local law, we will ask for it.
  • To communicate with you — service announcements, security notices, replies to your questions, and, where you have opted in, product updates or marketing emails. Legal basis: legitimate interests or your consent, depending on the message type. You can opt out of marketing emails at any time.
  • To meet legal obligations — bookkeeping, tax, responding to lawful requests from authorities, and complying with Swedish, EU, and other applicable law. Legal basis: legal obligation (Article 6(1)(c)).
  • To establish, exercise, or defend legal claims. Legal basis: legitimate interests (Article 6(1)(f)).

We do not sell your personal data, and we do not share it with third parties for their own advertising purposes.

5. AI Processing and Third-Party Providers

The Services use artificial-intelligence systems, including large language models and generative image models, to produce analyses, staging images, chat responses, and similar outputs. To deliver these features, AiMYNDi relies on third-party AI providers and related infrastructure providers. The specific providers we use may change from time to time as the Services evolve.

  • Content you submit may be transmitted to third-party providers for the purpose of producing the output you have requested. This includes URLs, text, images, and documents you upload or paste, as well as prompts and chat messages.
  • Data handling by third-party providers is governed by the agreements we enter into with them. Where a provider offers configurations that limit how your content is retained or used, we consider and apply such options as we consider appropriate.
  • We may use aggregated or de-identified data derived from your use of the Services to evaluate and improve our features, including AI prompts, scoring logic, and model selection.
  • International transfers. Third-party providers may be located outside the European Economic Area. Where such transfers occur, we rely on appropriate legal safeguards available at the time, such as the European Commission's Standard Contractual Clauses or equivalent mechanisms. You can ask for more information about the safeguards that apply at [email protected].

AI outputs are, by their nature, not guaranteed to be accurate. See Section 4.11 of the Terms for our disclosures on AI limitations.

6. Other Recipients of Your Data

We share personal data with the following categories of recipients, each acting as a processor on our behalf unless stated otherwise:

  • Hosting and infrastructure providers that run our servers, databases, object storage, and content delivery network.
  • Payment processor that handles card and bank payments for subscriptions. The processor is an independent controller for card data.
  • Email delivery provider for transactional and, where you have opted in, marketing emails.
  • Error monitoring and product analytics providers that receive diagnostic events and usage telemetry.
  • AI model providers as described in Section 5.
  • Professional advisors such as auditors and lawyers, where necessary and under confidentiality obligations.
  • Authorities where we are legally required to disclose data, or where disclosure is necessary to protect rights, property, or safety.
  • Successors in the event of a merger, acquisition, reorganisation, or sale of assets, in which case we will require the recipient to honour this Privacy Policy or notify you of any material change.

We keep the current list of key sub-processors available on request at [email protected].

7. How Long We Keep Data

We keep personal data only for as long as we need it. As a general rule:

  • Account data: while your account is active, and for a limited period after deletion to handle disputes, enforce our agreements, and meet legal obligations.
  • Billing and invoice records: retained as required by Swedish bookkeeping law — typically seven years from the end of the applicable financial year.
  • Content you submit and outputs we generate: retained while the associated item is available in your account, and deleted when you delete it or close your account, subject to short-term backups.
  • Request logs and security telemetry: retained on a rolling basis, typically between 30 and 90 days.
  • Communications: correspondence you send us is retained for as long as needed to handle the matter and a reasonable period afterwards.
  • Marketing communications: preference data retained until you unsubscribe or delete your account.

Where we are required by law to retain data for longer, we do.

8. Your Rights

If you are located in the European Economic Area, the United Kingdom, or another jurisdiction with a similar framework, you have the following rights in respect of your personal data:

  • Access — ask us for a copy of the personal data we hold about you.
  • Rectification — ask us to correct data that is inaccurate or incomplete.
  • Erasure — ask us to delete personal data in the cases set out by GDPR Article 17.
  • Restriction — ask us to limit how we process your data in the cases set out by GDPR Article 18.
  • Objection — object to processing based on legitimate interests, including profiling, as set out by GDPR Article 21.
  • Portability — ask us to provide certain data you have given us in a structured, machine-readable format, or to transmit it to another controller where technically feasible.
  • Withdraw consent — where we rely on your consent, you can withdraw it at any time without affecting the lawfulness of processing before withdrawal.
  • Automated decision-making — we do not make decisions producing legal or similarly significant effects about you based solely on automated processing.

To exercise any of these rights, email [email protected]. We will respond within the timeframes required by law (usually one month). To protect your data, we may need to verify your identity before acting on a request.

You also have the right to lodge a complaint with a supervisory authority. In Sweden, this is the Integritetsskyddsmyndigheten (IMY)imy.se. If you live in another EEA country, you can complain to the supervisory authority there.

9. Cookies and Similar Technologies

A cookie is a small file stored on your device by a website. We also use related technologies such as local storage and similar identifiers, which we refer to together as "cookies" in this section.

We use cookies in the following categories:

  • Strictly necessary — required for the Services to function, including signing you in, keeping your session active, balancing load across our servers, and remembering choices such as your language preference. These do not require your consent under GDPR and the ePrivacy Directive.
  • Analytics and performance — help us understand how the Services are used so we can improve them. These are only set after you give consent through a consent prompt, where applicable.
  • Marketing and advertising — we do not currently set marketing or advertising cookies. If we introduce them, we will update this policy and ask for your consent before any such cookie is set.

You can control cookies through your browser settings. Blocking strictly necessary cookies may stop parts of the Services from working.

10. Children

The Services are not directed to children under the age of 16, and we do not knowingly collect personal data from them. If you believe a child has provided personal data to us, contact [email protected] and we will delete it.

11. Security

We use reasonable technical and organisational measures to protect personal data against unauthorised access, loss, alteration, and disclosure. These include encryption in transit, access controls, logging, and regular review of our providers. No system is perfectly secure, and we do not promise that our Services cannot be compromised. In the event of a personal data breach that meets the legal threshold, we will notify the relevant supervisory authority and, where required, affected users.

12. International Transfers

When we transfer personal data outside the European Economic Area — primarily to the United States, in the context of hosting, AI providers, and other sub-processors — we rely on appropriate safeguards. These currently include the European Commission's Standard Contractual Clauses and, where applicable, the EU-U.S. Data Privacy Framework. You can ask for a copy of the safeguards that apply to a specific transfer at [email protected].

13. Changes to This Policy

We may update this Privacy Policy as the Services evolve or as the legal environment changes. We will update the "Last updated" date at the top of the page and, for material changes, give you additional notice (for example, in-product or by email). Continued use of the Services after the update means you acknowledge the revised policy.

14. Contact

For any privacy question, request, or complaint, contact us at [email protected].

AiMYNDi AB
Swedish organisation number (organisationsnummer): 559502-0461
Registered with the Swedish Companies Registration Office (Bolagsverket).

Back to homeTerms and Conditions