AiMYNDibeta

AiMYNDi · Legal

Privacy Policy

How AiMYNDi collects, uses, and protects your personal data.

1. Introduction

This Privacy Policy explains how AiMYNDi AB ("AiMYNDi," "we," "us," or "our") collects, uses, shares, and protects personal data when you visit the marketing website at aimyndi.ai or use the AiMYNDi product at app.aimyndi.ai (together, the "Services").

We aim to be straightforward about what we do with your data. If anything here is unclear, email us at [email protected].

This policy works together with our Terms and Conditions. Capitalised terms not defined here have the meaning given in the Terms.

2. Data Controller

The controller of your personal data is:

AiMYNDi AB
Swedish organisation number (organisationsnummer): 559502-0461
Registered with the Swedish Companies Registration Office (Bolagsverket).

Contact for all privacy matters: [email protected].

3. What We Collect

3.1 Marketing Website (aimyndi.ai)

When you browse the marketing website, we collect the minimum needed to serve pages and keep the site working:

  • Request logs: IP address, user agent, referrer, requested URL, and timestamps, logged by our hosting provider for a short rolling window. Used to operate the site, detect abuse, and debug issues.
  • Contact email: If you email us, we receive whatever information you include in that message.

The marketing website does not, at the time of writing, set analytics, advertising, or tracking cookies. See Section 9 for details.

3.2 Product (app.aimyndi.ai)

When you use the product, we process additional data that is necessary to deliver the Services:

  • Account data: email address, name, and any profile information you choose to add.
  • Authentication data: password hashes or third-party sign-in identifiers where you choose to sign in via a supported identity provider, and session tokens.
  • Billing data: subscription plan, billing address, and invoice history. Card details are handled by our payment processor and are not stored by AiMYNDi.
  • Property content you submit: URLs and links you paste; images, photographs, floor plans, PDFs, and other documents you upload; text you type into chat, notes, or analysis prompts. This content is covered by the user-content provisions in our Terms.
  • Outputs generated for you: analyses, scores, comparisons, chat responses, and staging images produced by the Services at your instruction.
  • Usage telemetry: feature interactions, error events, performance metrics, and similar diagnostic data. Used to operate, debug, and improve the product.
  • Device and connection data: device type, operating system, browser, approximate location derived from IP, and similar technical signals.

4. How We Use Your Data

We use your personal data for the following purposes and on the following legal bases under Article 6 GDPR:

  • To provide the Services — creating your account, authenticating you, running the analyses you ask for, storing your outputs, taking payment. Legal basis: performance of a contract (Article 6(1)(b)).
  • To keep the Services secure and reliable — abuse prevention, fraud detection, debugging, security monitoring. Legal basis: legitimate interests (Article 6(1)(f)) in operating a safe service.
  • To improve and develop the Services, including the quality of our AI features. We may use aggregated, de-identified, or sampled data for product analytics, evaluation, and model-quality improvement. Legal basis: legitimate interests (Article 6(1)(f)); where stricter consent is required by local law, we will ask for it.
  • To communicate with you — service announcements, security notices, replies to your questions, and, where you have opted in, product updates or marketing emails. Legal basis: legitimate interests or your consent, depending on the message type. You can opt out of marketing emails at any time.
  • To meet legal obligations — bookkeeping, tax, responding to lawful requests from authorities, and complying with Swedish, EU, and other applicable law. Legal basis: legal obligation (Article 6(1)(c)).
  • To establish, exercise, or defend legal claims. Legal basis: legitimate interests (Article 6(1)(f)).

We do not sell your personal data.

5. AI Processing and Third-Party Providers

The Services use artificial-intelligence systems, including large language models and generative image models, to produce analyses, staging images, chat responses, and similar outputs. To deliver these features, AiMYNDi relies on third-party AI providers and related infrastructure providers. The specific providers we use may change from time to time as the product evolves.

  • Content you submit to the Services may be transmitted to third-party providers for the purpose of producing the output you have requested. This includes URLs, text, images, and documents you upload or paste, as well as prompts and chat messages.
  • Data handling by third-party providers is governed by the agreements we enter into with them. Where a provider offers configurations that limit how your content is retained or used, we consider and apply such options as we consider appropriate.
  • We may use aggregated or de-identified data derived from your use of the Services to evaluate and improve our features, including AI prompts, scoring logic, and model selection.
  • International transfers. Third-party providers may be located outside the European Economic Area. Where such transfers occur, we rely on appropriate legal safeguards available at the time, such as the European Commission's Standard Contractual Clauses or equivalent mechanisms. You can ask for more information about the safeguards that apply at [email protected].

AI outputs are, by their nature, not guaranteed to be accurate. See Section 4.11 of the Terms for our disclosures on AI limitations.

6. Other Recipients of Your Data

We share personal data with the following categories of recipients, each acting as a processor on our behalf unless stated otherwise:

  • Hosting and infrastructure providers that run our servers, databases, object storage, and content delivery network.
  • Payment processor that handles card and bank payments for subscriptions. The processor is an independent controller for card data.
  • Email delivery provider for transactional and, where you have opted in, marketing emails.
  • Error monitoring and product analytics providers that receive diagnostic events and usage telemetry.
  • AI model providers as described in Section 5.
  • Professional advisors such as auditors and lawyers, where necessary and under confidentiality obligations.
  • Authorities where we are legally required to disclose data, or where disclosure is necessary to protect rights, property, or safety.

We keep the current list of key sub-processors available on request at [email protected].

7. How Long We Keep Data

We keep personal data only for as long as we need it. As a general rule:

  • Account data: while your account is active, and for a limited period after deletion to handle disputes, enforce our agreements, and meet legal obligations.
  • Billing and invoice records: retained as required by Swedish bookkeeping law — typically seven years from the end of the applicable financial year.
  • Property content and generated outputs: retained while the associated analysis is available in your account, and deleted when you delete the analysis or close your account, subject to short-term backups.
  • Request logs and security telemetry: retained on a rolling basis, typically between 30 and 90 days.
  • Marketing communications: preference data retained until you unsubscribe or delete your account.

Where we are required by law to retain data for longer, we do.

8. Your Rights

If you are located in the European Economic Area, the United Kingdom, or another jurisdiction with a similar framework, you have the following rights in respect of your personal data:

  • Access — ask us for a copy of the personal data we hold about you.
  • Rectification — ask us to correct data that is inaccurate or incomplete.
  • Erasure — ask us to delete personal data in the cases set out by GDPR Article 17.
  • Restriction — ask us to limit how we process your data in the cases set out by GDPR Article 18.
  • Objection — object to processing based on legitimate interests, including profiling, as set out by GDPR Article 21.
  • Portability — ask us to provide certain data you have given us in a structured, machine-readable format, or to transmit it to another controller where technically feasible.
  • Withdraw consent — where we rely on your consent, you can withdraw it at any time without affecting the lawfulness of processing before withdrawal.
  • Automated decision-making — we do not make decisions producing legal or similarly significant effects about you based solely on automated processing.

To exercise any of these rights, email [email protected]. We will respond within the timeframes required by law (usually one month).

You also have the right to lodge a complaint with a supervisory authority. In Sweden, this is the Integritetsskyddsmyndigheten (IMY)imy.se. If you live in another EEA country, you can complain to the supervisory authority there.

9. Cookies and Similar Technologies

A cookie is a small file stored on your device by a website.

At the time of writing, the marketing website at aimyndi.ai does not set analytics, advertising, or tracking cookies. It may set strictly necessary cookies or equivalent technologies required for the site to function (for example, to remember a language preference if you choose one). Under GDPR and the ePrivacy Directive, strictly necessary cookies do not require your consent.

The product at app.aimyndi.ai uses cookies and similar technologies that are necessary to keep you signed in and to operate core features. Any non-essential cookies — for example, analytics or advertising — will only be set after you give consent through a consent prompt.

If we introduce analytics, advertising, or other non-essential tracking on the marketing website in future, we will update this policy and show a consent prompt before any such cookie is set.

10. Children

The Services are not directed to children under the age of 16, and we do not knowingly collect personal data from them. If you believe a child has provided personal data to us, contact [email protected] and we will delete it.

11. Security

We use reasonable technical and organisational measures to protect personal data against unauthorised access, loss, alteration, and disclosure. These include encryption in transit, access controls, logging, and regular review of our providers. No system is perfectly secure, and we do not promise that our Services cannot be compromised. In the event of a personal data breach that meets the legal threshold, we will notify the relevant supervisory authority and, where required, affected users.

12. International Transfers

When we transfer personal data outside the European Economic Area — primarily to the United States, in the context of hosting, AI providers, and other sub-processors — we rely on appropriate safeguards. These currently include the European Commission's Standard Contractual Clauses and, where applicable, the EU-U.S. Data Privacy Framework. You can ask for a copy of the safeguards that apply to a specific transfer at [email protected].

13. Changes to This Policy

We may update this Privacy Policy as the Services evolve or as the legal environment changes. We will update the "Last updated" date at the top of the page and, for material changes, give you additional notice (for example, in-product or by email). Continued use of the Services after the update means you acknowledge the revised policy.

14. Contact

For any privacy question, request, or complaint, contact us at [email protected].

AiMYNDi AB
Swedish organisation number (organisationsnummer): 559502-0461
Registered with the Swedish Companies Registration Office (Bolagsverket).

Back to homeTerms and Conditions