Privacy Policy

Last Updated: December 8, 2024 | Effective Date: August 8, 2025

Aieo AB ("Company", "we", "us", or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you use Hemlis, our sophisticated vector database service, and related websites and applications.

1. Information We Collect

1.1 Personal Information

We collect the following types of personal information:

  • Account Information: Name, email address, company name, and contact details when you create an account or subscribe to our service
  • Payment Information: Billing address and payment method details (processed securely by our payment processor Paddle.com)
  • Technical Data: IP address, browser type and version, operating system, device information, and unique device identifiers
  • Usage Data: Information about how you use our service, including API calls, feature usage, performance metrics, and error logs
  • Communication Data: Records of your communications with us, including support tickets and feedback

1.2 Automatically Collected Information

We automatically collect certain information when you access our service:

  • Log files and server data
  • Analytics and performance metrics
  • Cookies and similar tracking technologies
  • Service usage patterns and preferences

2. How We Collect Information

We collect information through various methods:

  • Direct Provision: Information you provide when registering, subscribing, or contacting us
  • Service Usage: Data generated through your use of the Hemlis service and API
  • Third-Party Processors: Information collected by Paddle.com during the payment process
  • Cookies and Analytics: Automated data collection through cookies and analytics tools
  • Customer Support: Information provided during support interactions

3. How We Use Your Information

We use collected information for the following purposes:

3.1 Service Provision

  • Providing and maintaining the Hemlis vector database service
  • Processing API requests and managing your data
  • Authentication and account management
  • Technical support and customer service

3.2 Business Operations

  • Processing payments and managing subscriptions
  • Monitoring service performance and usage analytics
  • Fraud prevention and security monitoring
  • Legal compliance and dispute resolution

3.3 Service Improvement

  • Analyzing usage patterns to improve our service
  • Developing new features and capabilities
  • Optimizing performance and user experience
  • Research and development activities

4. Legal Basis for Processing

We process your personal data based on the following legal grounds:

  • Contract Performance: Processing necessary to provide our service and fulfill our contractual obligations
  • Legitimate Interest: Processing for our legitimate business interests, such as fraud prevention and service improvement
  • Legal Compliance: Processing required to comply with applicable laws and regulations
  • Consent: Processing based on your explicit consent, where required by law

5. Information Sharing and Disclosure

5.1 Third-Party Service Providers

We share information with trusted third-party service providers:

  • Paddle.com: Our Merchant of Record for payment processing, fully compliant with GDPR and PCI DSS
  • Cloud Infrastructure: Cloud hosting providers for service delivery and data storage
  • Analytics Providers: Services for usage analytics and performance monitoring
  • Support Tools: Customer support and communication platforms

5.2 Legal Requirements

We may disclose information when required by law or to:

  • Comply with legal obligations or court orders
  • Protect our rights, property, or safety
  • Investigate fraud or security issues
  • Enforce our terms of service

6. Data Security

We implement comprehensive security measures to protect your information:

  • Encryption: Data encrypted in transit and at rest using industry-standard protocols
  • Access Controls: Strict access controls and authentication mechanisms
  • Security Monitoring: Continuous monitoring for security threats and vulnerabilities
  • Regular Audits: Periodic security assessments and compliance audits
  • Incident Response: Established procedures for security incident response and notification

Note: While we implement robust security measures, no system is completely secure, and we cannot guarantee absolute security.

7. Data Retention

We retain personal information for different periods based on the purpose:

  • Account Data: Retained for the duration of your subscription plus 3 years for legal and compliance purposes
  • Usage Data: Aggregated usage data may be retained indefinitely for analytics and service improvement
  • Support Data: Customer support communications retained for 5 years
  • Financial Data: Billing and payment records retained as required by applicable tax and financial regulations

After retention periods expire, we securely delete or anonymize personal information unless longer retention is required by law.

8. Your Privacy Rights

8.1 General Rights

You have the following rights regarding your personal information:

  • Access: Request access to your personal information
  • Correction: Request correction of inaccurate or incomplete data
  • Deletion: Request deletion of your personal information (subject to legal obligations)
  • Portability: Request transfer of your data to another service provider
  • Objection: Object to processing based on legitimate interests
  • Restriction: Request restriction of processing in certain circumstances

8.2 GDPR Rights (EU Residents)

If you are located in the European Union, you have additional rights under GDPR, including the right to lodge a complaint with your local data protection authority.

8.3 Exercising Your Rights

To exercise any of these rights, please contact us at [email protected]. We will respond to your request within 30 days.

9. Cookies and Tracking Technologies

9.1 Types of Cookies

We use the following types of cookies:

  • Essential Cookies: Necessary for service functionality and security
  • Analytics Cookies: Help us understand service usage and performance
  • Preference Cookies: Remember your settings and preferences

9.2 Cookie Management

You can control cookies through your browser settings. Note that disabling certain cookies may affect service functionality.

10. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. We ensure appropriate safeguards are in place for international transfers, including:

  • Standard Contractual Clauses approved by the European Commission
  • Adequacy decisions for countries with equivalent protection levels
  • Other legally recognized transfer mechanisms

11. Children's Privacy

Hemlis is not intended for users under 18 years of age. We do not knowingly collect personal information from children under 18. If you believe we have collected information from a child under 18, please contact us immediately.

12. Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our practices or applicable laws. We will:

  • Post the updated policy on our website
  • Update the "Last Updated" date
  • Notify you of material changes via email or service notification
  • Obtain your consent for significant changes where required by law

13. Contact Information

For privacy-related questions, concerns, or to exercise your rights, please contact us:

Contact Email: [email protected]

Company: Aieo AB

Address: Sweden

13.1 Response Times

We aim to respond to privacy inquiries within:

  • General inquiries: 5 business days
  • Rights requests: 30 days (as required by GDPR)
  • Urgent security matters: 24 hours

This Privacy Policy is designed to help you understand how we collect, use, and protect your information. If you have any questions or concerns, please don't hesitate to contact us.