1. Introduction

This Privacy Policy explains how we collect, use, store, and protect your personal data when you use Aviseus. We are committed to protecting your privacy and handling your data in accordance with applicable data protection laws.

We process personal data in accordance with the Federal Act on Data Protection (FADP) of Switzerland, the General Data Protection Regulation (GDPR) where applicable to users in the European Economic Area, the UK Data Protection Act 2018, and the California Consumer Privacy Act (CCPA) where applicable.

By registering in Aviseus, you acknowledge that you have read and understood this Privacy Policy.

2. Data Controller

The data controller responsible for your personal data is:

Taras Varshava

info@aviseus.com

If you have any questions about this Privacy Policy or how we handle your personal data, please contact us at the email address above.

For users in the European Economic Area:

We are based in Switzerland, which has been recognized by the European Commission as providing an adequate level of data protection. You may contact us directly at the email address above for any data protection inquiries.

For users in the United Kingdom:

You may contact us directly at the email address above for any data protection inquiries.

3. Definitions

• Aviseus – the online software service available via web browser and mobile devices

• Personal Data – any information that identifies or can be used to identify an individual

• Data Subject – a natural person whose personal data is being processed (you)

• Processing – any operation performed on personal data, such as collection, storage, use, or deletion

• Consent – a clear and voluntary agreement to allow personal data to be processed

4. Personal Data We Collect

We collect the following categories of personal data:

Account Information:

• Name and email address (required for registration)

• Password (stored securely using encryption)

User-Generated Content:

• Goals, tasks, and progress data you create

• Messages and conversations with the AI coach

• Personal context information you choose to share

• Summaries and notes

Technical Data:

• IP address and approximate location

• Browser type and version

• Device type and operating system

• Date and time of access

Usage Data (with your consent):

• Features used and actions performed

• Session duration and page views

Payment Information (if you subscribe to a paid plan):

• Billing email address

• Subscription status and billing cycle dates

• Payment history (amount, date, status)

Important: We do not store your credit card number, CVV, or full payment card details. This information is collected and processed directly by Stripe, our payment processor.

Authentication Data (if you sign in with Google):

• Name and email address from your Google account

• Profile photo (if available)

We only use this data to create and manage your account. We do not access your Google contacts, calendar, or any other Google services.

Device Identifiers:

• Push notification tokens (Firebase Cloud Messaging device tokens) used to deliver notifications to your device

Biometric Authentication:

If you enable biometric sign-in (Face ID or fingerprint), all biometric data is processed and stored locally on your device by the operating system. We never receive, transmit, or store any biometric data on our servers.

5. Legal Basis for Processing

We process your personal data based on the following legal grounds:

• Contract Performance: Processing necessary to provide the services you registered for (account data, user content, AI processing)

• Consent: Processing based on your explicit consent, such as analytics cookies and marketing communications (you can withdraw consent at any time)

• Legitimate Interest: Processing necessary for our legitimate interests, such as improving Aviseus, preventing fraud, and ensuring security

• Legal Obligation: Processing required to comply with legal requirements

6. How We Use Your Data

We use your personal data for the following purposes:

• To create and manage your account

• To provide the AI coaching features and generate personalized responses

• To store and display your goals, tasks, and progress

• To send you important notifications via push notifications (account security, service updates)

• To process payments if you subscribe to a paid plan

• To improve Aviseus based on usage patterns (with your consent)

• To respond to your support requests

7. AI Data Processing

Aviseus uses artificial intelligence to provide personalized coaching. When you interact with the AI coach, your messages and relevant context are processed by OpenAI's language models.

What data is sent to OpenAI:

• Your chat messages and conversation history

• Goals and tasks relevant to the conversation

• Personal context you have provided (if applicable)

OpenAI processes this data to generate responses. According to OpenAI's data usage policy, data sent through the API is not used to train their models. For more information, please review OpenAI's Privacy Policy.

8. Third-Party Services

We use the following third-party services to operate Aviseus:

OpenAI:

Purpose: AI-powered coaching and text generation.

Data shared: Chat messages and user context.

Privacy Policy

Google Analytics (with your consent):

Purpose: Understanding how users interact with Aviseus.

Data shared: Usage data, device information.

Privacy Policy

Stripe:

Purpose: Processing subscription payments and managing billing.

Data shared: Email address, payment card details (entered directly into Stripe's secure payment form), billing address if provided. Stripe stores and processes payment information in accordance with PCI-DSS standards. We receive only limited payment data from Stripe (last 4 digits of card, billing status) and never have access to your full card number. Stripe may also collect device and behavioral data through Stripe Radar for fraud prevention.

Privacy Policy

Firebase Cloud Messaging (Google):

Purpose: Delivering push notifications to your device.

Data shared: Device tokens (unique identifiers for your device). Firebase does not have access to the content of your notifications.

Privacy Policy

Google Authentication:

Purpose: Enabling sign-in with your Google account.

Data shared: We receive your name, email address, and profile photo from Google when you choose to sign in with Google. We do not access any other Google services or data.

Privacy Policy

9. International Data Transfers

Your personal data may be transferred to and processed in countries outside of your country of residence, including the United States (where OpenAI and other service providers are located).

When we transfer data internationally, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) approved by the European Commission, reliance on the EU-US Data Privacy Framework, or the service provider's compliance with applicable data protection frameworks.

10. Data Retention

We retain your personal data for as long as necessary to provide our services:

• Account data: Retained while your account is active and deleted upon account deletion

• User content (goals, tasks, chats): Retained while your account is active and deleted upon account deletion

• Technical logs: Retained for up to 90 days for security and debugging purposes

• Analytics data: Retained according to Google Analytics retention settings (up to 14 months)

• Payment records: Deleted from our database upon account deletion. Stripe retains payment history for legal and tax compliance purposes as required by law

After account deletion, we may retain anonymized or aggregated data that cannot be used to identify you.

11. Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction:

• Encryption of data in transit (HTTPS/TLS)

• Secure password hashing

• Regular security updates and monitoring

• Access controls and authentication

While we take reasonable precautions, no method of transmission over the Internet is 100% secure. We cannot guarantee absolute security of your data.

12. Your Rights

Under applicable data protection laws, you have the following rights:

• Right to access: Request a copy of your personal data

• Right to rectification: Request correction of inaccurate data

• Right to erasure: Request deletion of your personal data

• Right to restrict processing: Request limitation of how we use your data

• Right to data portability: Request your data in a machine-readable format

• Right to object: Object to processing based on legitimate interests

• Right to withdraw consent: Withdraw consent at any time (this does not affect the lawfulness of processing before withdrawal)

• Right to object to automated decision-making: You have the right not to be subject to decisions based solely on automated processing, including profiling, that produce legal or similarly significant effects

13. How to Exercise Your Rights

You can exercise many of your rights directly within Aviseus through your account settings:

• Update your data

• Delete all your data and start fresh

• Delete your account

• Manage consents

• Export your data

For other requests, please contact us at info@aviseus.com. We will respond to your request within 30 days.

14. Cookies

We use cookies and similar technologies to operate Aviseus. For detailed information about the cookies we use and how to manage them, please see our Cookie Policy.

15. Children's Privacy

Aviseus is not intended for children under the age of 16. We do not knowingly collect personal data from children under 16.

If we become aware that we have collected personal data from a child under 16 without verification of parental consent, we will take steps to delete that information promptly.

If you believe that we may have collected information from a child under 16, please contact us at info@aviseus.com so we can take appropriate action.

16. California Privacy Rights (CCPA)

If you are a California resident, the California Consumer Privacy Act (CCPA) provides you with additional rights regarding your personal information:

• Right to Know: You may request disclosure of the categories and specific pieces of personal information we have collected about you

• Right to Delete: You may request the deletion of your personal information

• Right to Correct: You may request correction of inaccurate personal information

• Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA rights

We do not sell your personal information and have not sold personal information in the preceding 12 months. We do not share your personal information for cross-context behavioral advertising.

To exercise your CCPA rights, please contact us at info@aviseus.com or use the data management options available in your account settings. We will respond to verifiable consumer requests within 45 days.

17. Supervisory Authority

If you believe that our processing of your personal data violates applicable data protection laws, you have the right to lodge a complaint with a supervisory authority.

For users in Switzerland, the relevant authority is:

Federal Data Protection and Information Commissioner (FDPIC)
Website: edoeb.admin.ch

For users in the European Union, you may contact the supervisory authority in your country of residence.

For users in the United Kingdom, the relevant authority is:

Information Commissioner's Office (ICO)
Website: ico.org.uk

18. Changes to This Policy

We may update this Privacy Policy from time to time. When we make changes, we will update the "Last updated" date at the top of this page and notify you via email or in-app notification.

We encourage you to review this Privacy Policy periodically. Your continued use of Aviseus after changes constitutes acceptance of the updated policy.