Privacy Policy

1. Information We Collect

We collect information you provide directly to us and information we collect automatically when you use the Service.

1.1 Information you provide

• Account data: your name, email address, job title, and company name when you register or update your profile.
• Assessment content: responses, scores, comments, and file uploads you enter while conducting assessments.
• Billing data: payment card details and billing address, processed by our PCI-compliant payment provider. We do not store full card numbers.
• Communications: the content of messages you send us via email or in-app chat, including support requests and feedback.

1.2 Information collected automatically

• Usage data: pages visited, features used, time spent, button clicks, and navigation paths within the Service.
• Device and log data: IP address, browser type and version, operating system, referral URLs, and timestamps.
• Cookies and similar technologies: session cookies for authentication, analytics cookies (opt-out available), and preference cookies to remember your settings.

2. How We Use Your Information

We use the information we collect to:

• Provide, operate, and improve the Service, including generating AI-powered recommendations and benchmarks.
• Authenticate your identity and maintain the security of your account.
• Process payments and manage your subscription.
• Send transactional emails (account confirmations, password resets, assessment results) and, where you have opted in, product updates and marketing communications.
• Respond to support requests, questions, and feedback.
• Conduct aggregate, anonymised analysis to improve our AI models and platform features. We never use identifiable assessment content to train our AI models without explicit consent.
• Comply with legal obligations and enforce our Terms of Service.

3. Data Storage and Security

Your data is stored on infrastructure hosted within the European Union (AWS eu-west-1 and eu-central-1 regions) by default. Enterprise customers may select alternative data residency regions, subject to plan availability.

We implement industry-standard security measures including AES-256 encryption at rest, TLS 1.3 in transit, multi-factor authentication, role-based access controls, and regular third-party penetration testing. We maintain a SOC 2 Type II compliance programme.

While we take all reasonable precautions, no method of transmission over the internet or electronic storage is 100% secure. We encourage you to use a strong, unique password and enable MFA on your account.

4. Data Sharing and Disclosure

We do not sell your personal data. We share data only in the following circumstances:

• Service providers: third-party vendors who assist us in operating the Service (e.g., cloud hosting, email delivery, analytics, payment processing). These parties are bound by data processing agreements and may only use your data as we direct.
• Within your organisation: assessment data is visible to other users in your organisation according to the permissions set by your administrators.
• Legal requirements: if required by applicable law, court order, or governmental authority.
• Business transfers: in connection with a merger, acquisition, or sale of assets, your data may be transferred as part of the transaction. We will notify you before your data is subject to a different privacy policy.

5. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

• Access: request a copy of the personal data we hold about you.
• Rectification: request correction of inaccurate or incomplete data.
• Erasure: request deletion of your personal data, subject to certain legal exceptions.
• Restriction: request that we limit the processing of your data in certain circumstances.
• Portability: receive your data in a structured, machine-readable format (JSON or CSV).
• Objection: object to processing based on our legitimate interests.
• Withdraw consent: where we rely on your consent, you may withdraw it at any time.

To exercise any of these rights, please contact our Data Protection Officer at privacy@autoaimagix.com. We will respond within 30 days.

6. Retention

We retain your personal data for as long as your account is active or as needed to provide the Service. When you close your account, we delete or anonymise your personal data within 90 days, except where retention is required by law or legitimate business purposes (such as billing records, which we retain for 7 years).

7. Cookies

We use strictly necessary cookies (required for the Service to function), functional cookies (to remember your preferences), and analytics cookies (to understand how the Service is used). You can control non-essential cookies via our cookie preference centre, accessible from the footer of any marketing page.

8. Children's Privacy

The Service is not directed to individuals under the age of 16. We do not knowingly collect personal data from children. If you believe we have inadvertently collected such data, please contact us immediately.

9. Changes to this Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email or via a prominent notice within the Service at least 14 days before the changes take effect. The "last updated" date at the top of this page reflects the date of the most recent revision.

10. Contact

If you have any questions about this Privacy Policy or our data practices, please contact us: