Privacy Policy

1. Introduction

Aira ("we," "us," "our," or "Company") operates the website hiaira.ai and the Telegram Bot service (collectively, the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

2. Information We Collect

2.1 Information You Provide Directly

• Account Information: When you interact with Aira through Telegram or other messengers, we collect your user ID, username, and profile information from the platform.
• Messages and Content: All messages, files, links, and content you forward to Aira are stored in our database. This includes text, media references, and metadata about the original sources.
• Payment Information: If you subscribe to a paid plan, we collect payment details processed through Stripe. We do not store full credit card information; Stripe handles secure payment processing.
• Communication Data: If you contact us via email or support channels, we retain your messages and contact information to respond to your inquiries.

2.2 Information Collected Automatically

• Usage Data: We track how you use Aira, including the number of requests, queries, and interactions with the service to enforce usage limits and improve service quality.
• Device Information: Information about your device (OS, browser type, IP address) is collected for security and analytics purposes.
• Cookies and Tracking: We use cookies to remember your preferences and maintain your session. You can disable cookies in your browser settings.

3. How We Use Your Information

We use the information we collect for the following purposes:

• To provide, maintain, and improve the Service
• To process payments and manage your subscription
• To send technical notices and support messages
• To respond to your inquiries and requests
• To enforce our Terms of Service and other legal rights
• To comply with legal obligations
• To prevent fraud and ensure security
• To aggregate anonymized data for analytics and service improvement

4. Data Processing with Third-Party Services

4.1 AI Response Processing

When you request responses or analysis, Aira uses third-party AI processing services. Query data may be retained by service providers for abuse detection and compliance purposes, typically for limited periods. Data is processed under standard data processing agreements. For detailed information about how your data is handled during processing, please review the AI service provider's terms.

4.2 Telegram Bot API

When you interact with Aira through Telegram:

• Your messages pass through Telegram's servers for delivery
• Telegram has access to message content, user IDs, and metadata per their platform
• Only private chats between you and the bot are supported; other users cannot see your messages
• Review Telegram's Bot Privacy Policy for details

4.3 Stripe Payment Processing

Payment information is processed through Stripe:

• Aira never stores full credit card details; Stripe secures all payment data
• Stripe complies with PCI DSS standards and GDPR requirements
• You can review Stripe's Privacy Policy for payment data handling

4.4 Data Storage

Your memories and content are encrypted and stored securely:

• All content is encrypted with AES-128 encryption before storage
• Storage infrastructure is PCI DSS compliant and follows industry standards
• Data is stored in secure cloud environments with redundancy and backup

5. Data Security

We implement industry-standard security measures to protect your data:

• Encryption in Transit: All data transmitted to/from Aira uses HTTPS/TLS encryption
• Encryption at Rest: Your stored content is encrypted with AES-128 (Fernet encryption)
• Access Controls: Only authorized personnel can access your data for support purposes
• Regular Audits: We conduct security audits to identify and fix vulnerabilities

6. Your Data Rights (GDPR and Polish Law)

As a data controller under GDPR, Aira respects your rights:

6.1 Right to Access

You have the right to request a copy of your personal data that we hold. Contact us at say@hiaira.ai with your request.

6.2 Right to Rectification

You can request correction of inaccurate or incomplete personal data.

6.3 Right to Erasure ("Right to be Forgotten")

You can request deletion of your account and associated data. Upon request, we will delete:

• Your user account
• All stored memories and content
• Your payment history (as permitted by law)

Some data may be retained for legal compliance or as backup for a limited period. Send deletion requests to say@hiaira.ai.

6.4 Right to Data Portability

You can request an export of your data in a machine-readable format (JSON/CSV) to transfer to another service.

6.5 Right to Withdraw Consent

You can withdraw consent for data processing at any time by deleting your account or contacting us.

6.6 Right to Complain

If you believe your rights are violated, you can lodge a complaint with the Polish Data Protection Authority (UODO).

7. Data Retention

• Active Accounts: Data is retained as long as your account is active and for 30 days after account deletion (for backup purposes)
• Deleted Accounts: All data is permanently deleted after 30 days, except where legal obligations require retention
• Payment Records: Retained for 7 years per Polish tax and financial regulations
• Support Communications: Retained for 2 years after the last interaction

8. Data Transfers

Aira is based in Poland and operates under Polish law. Your data may be transferred to cloud service providers for processing and storage:

• Cloud Storage Providers: For data storage and processing (various locations)
• Stripe Servers: For payment processing (worldwide)
• Telegram Servers: When using the Telegram Bot (distributed globally)

These transfers comply with GDPR through Standard Contractual Clauses and adequacy decisions.

9. Cookies and Tracking Technologies

Aira uses cookies for:

• Session management
• Remembering your dark mode preference
• Tracking cookie consent

You can control cookie usage through your browser settings. Most browsers allow you to refuse cookies or alert you when cookies are being sent.

10. Third-Party Links

Aira may contain links to third-party websites. We are not responsible for the privacy practices of external sites. Please review their privacy policies before sharing personal information.

11. Children's Privacy

Aira is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If we learn that a child under 13 has provided us with personal information, we will delete it immediately.

12. Changes to This Privacy Policy

We may update this Privacy Policy periodically. The "Last Updated" date at the top indicates when changes were made. Continued use of Aira after changes means you accept the updated Privacy Policy. We will notify you of significant changes via email or prominent notice on the website.

13. Legal Entity and Data Controller Information

The data controller responsible for your personal data is:

• Data Controller Name: VITALI CHASHEIKA
• Business Address: ul. Karola Bunscha 14A/25, 30-392 Kraków, Poland
• Tax ID (NIP): 6762613359
• Registration Number (REGON): 521466270
• Jurisdiction: Poland

14. Contact Us

If you have questions about this Privacy Policy or wish to exercise your data rights, contact us at:

• Email: say@hiaira.ai
• Service: Aira (hiaira.ai)
• Support: Available via email during business hours

15. Data Protection Officer and Supervisory Authority

For inquiries related to data protection, contact us at say@hiaira.ai with the subject "Data Protection Request."

You have the right to lodge a complaint with the Polish Data Protection Authority (Urząd Ochrony Danych Osobowych - UODO):

• Website: www.uodo.gov.pl
• Email: secretariat@uodo.gov.pl