Privacy Policy

Ainomiq ("we", "our", "us") provides AI-powered automation tools for e-commerce businesses. This Privacy Policy describes how we collect, use, and protect your information when you use our platform at app.ainomiq.com.

Ainomiq is established in the Netherlands and operates in compliance with the General Data Protection Regulation (GDPR), the Dutch GDPR Implementation Act (UAVG) and other applicable privacy legislation.

Data Controller: Ainomiq, established in the Netherlands. For questions, contact us at privacy@ainomiq.com.

Data you provide to us

• Account information: email, name, company name, and password provided during registration.
• Integration credentials: OAuth tokens from connected platforms (Shopify, Klaviyo, Meta, Google). Encrypted and stored server-side only.
• Communication: messages you send us via email, support forms, or the platform.

Data collected through integrations

Each integration uses OAuth 2.0 with the minimum required scopes. We only request read-only access unless explicitly stated otherwise.

Data collected automatically

• Usage data: pages visited, features used, timestamps, browser type, and IP address.
• Cookies: essential cookies for authentication and session management only.

Customer data processed on your behalf

When you use our AI customer service features, we process your customers' emails and support requests on your behalf. See Section 4 (Data Processing Role).

We do not collect passwords, payment card information, or personally identifiable customer data beyond what is necessary. We do not use your data or your customers' data to train AI models.

• To provide AI-powered analytics, recommendations, and automation.
• To display performance dashboards and reports.
• To operate AI customer service on your behalf (processing inbound emails, generating responses).
• To send automated alerts and reports about your connected platforms.
• To authenticate your identity and manage your account.
• To improve our platform and develop new features.
• To comply with legal obligations.

We never sell, share, or distribute your data to third parties for their own purposes.

When we process your customers' personal data (e.g., handling customer service emails on your behalf), we act as a data processor under the GDPR. You remain the data controller. A Data Processing Agreement (DPA) governs this relationship and is available upon request.

• Performance of contract (Art. 6(1)(b) GDPR) — processing necessary to provide our platform services.
• Legitimate interest (Art. 6(1)(f) GDPR) — analytics, security, and service improvement.
• Consent (Art. 6(1)(a) GDPR) — where explicitly provided (e.g., marketing communications).
• Legal obligation (Art. 6(1)(c) GDPR) — compliance with applicable laws.

We have entered into data processing agreements with all sub-processors. Personal data is not transferred outside the EEA without appropriate safeguards (Standard Contractual Clauses).

• All OAuth tokens are encrypted at rest.
• All data is transmitted over HTTPS/TLS.
• Access is restricted to authenticated users only.
• Access control based on the principle of least privilege.
• Regular security assessments.

In the event of a data breach, we will notify you and the Dutch Data Protection Authority within 72 hours of discovery, in accordance with Articles 33 and 34 of the GDPR.

• Account data: for as long as your account is active.
• OAuth tokens: deleted immediately when you disconnect an integration.
• Customer data: deleted within 30 days after account deletion, unless retention is required by law.
• Usage data: up to 26 months, after which it is anonymized or deleted.

Under the GDPR, you have the following rights:

• Right of access (Art. 15) — request information about your personal data.
• Right to rectification (Art. 16) — request correction of inaccurate data.
• Right to erasure (Art. 17) — request deletion of your personal data.
• Right to restriction (Art. 18) — request restriction of processing.
• Right to data portability (Art. 20) — receive your data in a machine-readable format.
• Right to object (Art. 21) — object to processing based on legitimate interest.
• Right to withdraw consent — withdraw consent at any time.
• Revoke OAuth access — disconnect connected platforms at any time through your dashboard.

Exercise your rights via privacy@ainomiq.com. We will respond within 30 days. You may also lodge a complaint with the Dutch Data Protection Authority.

You can request deletion of all your data at any time by contacting us at privacy@ainomiq.com or through our data deletion page. We will process your request within 30 days.

We use essential cookies for authentication and session management only. We do not place tracking, advertising, or social media cookies.

Our platform is not directed at individuals under the age of 16. We do not knowingly collect personal data from minors.

We may update this Privacy Policy from time to time. Material changes will be communicated via email or a notice within the platform, at least 30 days before taking effect.

Ainomiq
Email: privacy@ainomiq.com
Website: ainomiq.com