Privacy Policy

1. Information We Collect

Information You Provide

• Account Information: Phone number (required), optional email
• Authentication: GitHub OAuth tokens (encrypted)
• API Keys: Third-party AI provider API keys (encrypted with AES-256)
• Messages: iMessage commands you send to our service

Information We Collect Automatically

• Usage Data: Commands used, feature interactions, timestamps
• Device Information: Device type, operating system (for mobile)
• Log Data: IP addresses, browser type, pages visited

Information We Do NOT Collect

• Full repository snapshots by default
• Payment information (handled by Stripe)
• Location data

2. How We Use Your Information

We use your information to:

• Provide, maintain, and improve the Service
• Process your requests and send responses via iMessage
• Authenticate your GitHub connection when you request it
• Send important service notifications
• Detect and prevent fraud or abuse
• Comply with legal obligations

We do NOT use your information to: Sell to third parties, train AI models, or target you with advertising.

3. Data Storage and Security

Encryption

• API keys: Encrypted using AES-256-GCM
• Data in transit: TLS 1.3 encryption
• Database: Encrypted at rest

Data Retention

• Account data: Retained while your account is active and as needed for operations/compliance
• Message and workflow metadata: Retained for reliability, abuse prevention, and support
• Operational/security logs: Retained for a limited period

Infrastructure

Our service is hosted on secure cloud infrastructure. Data is stored in the United States and protected with standard security controls in transit and at rest.

4. International Data Transfers

Your information is processed and stored in the United States. If you are accessing the Service from outside the United States, please be aware that your data will be transferred to, stored, and processed in the United States where our servers are located and our central database is operated.

We currently do not operate data centers in the European Union. By using the Service, you consent to the transfer of your information to the United States. We take appropriate safeguards to ensure your data is protected in accordance with this Privacy Policy regardless of where it is processed.

For users in the European Economic Area (EEA), we rely on your consent and the necessity of data processing for the performance of our contract with you as the legal basis for transferring your data outside the EEA.

5. Third-Party Services

We integrate with the following third-party services:

6. Your Rights (GDPR/CCPA)

You have the right to:

• Access: Request a copy of your personal data
• Rectification: Correct inaccurate personal data
• Erasure: Request deletion of your data ("right to be forgotten")
• Portability: Receive your data in a structured format
• Objection: Object to certain processing of your data
• Restriction: Request limited processing of your data

To exercise these rights, contact us at admin@aimsg.dev. We will respond within 30 days.

7. California Privacy Rights

If you are a California resident, the California Consumer Privacy Act (CCPA) provides you with additional rights regarding your personal information:

• Right to Know: You may request that we disclose the categories and specific pieces of personal information we have collected about you, the categories of sources from which the information was collected, the business purpose for collecting the information, and the categories of third parties with whom we share the information.
• Right to Delete: You may request that we delete your personal information, subject to certain exceptions.
• Right to Opt-Out of Sale: We do not sell your personal information. As such, we do not offer an opt-out mechanism for the sale of personal information.
• Non-Discrimination: We will not discriminate against you for exercising your CCPA rights. You will not receive different pricing or quality of service for exercising your rights.

To submit a CCPA request, email us at admin@aimsg.dev with the subject line "CCPA Request." We will verify your identity before processing any request and respond within 45 days.

8. Cookies and Tracking

We use minimal cookies:

• Essential cookies: Required for authentication and security
• Preference cookies: Remember your settings

We do not use tracking cookies, advertising cookies, or third-party analytics that track you across websites.

9. Children's Privacy

The Service is not intended for users under 13 years of age. We do not knowingly collect personal information from children under 13. If you believe we have collected information from a child under 13, please contact us immediately.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last updated" date. For significant changes, we will also send an email notification.

11. Data Breach Notification

In the event of a data breach that affects your personal information, we are committed to notifying affected users promptly:

• Timing: We will notify affected users within 72 hours of becoming aware of a breach, in accordance with GDPR requirements.
• Method: Notifications will be sent via email (if available) and through the Service. We will also post a notice on our website.
• Content: Notifications will include the nature of the breach, the categories of data affected, the likely consequences, and the measures we have taken or plan to take to address the breach.
• Regulatory Reporting: We will report breaches to the relevant supervisory authorities as required by applicable law.

12. Contact Us

For privacy-related questions or to exercise your rights, contact us at:

• Email: admin@aimsg.dev
• Data Protection Officer: admin@aimsg.dev
• Website: https://aimsg.dev