Last updated: March 30, 2026
AimpleAI is committed to protecting your privacy. This policy describes how we collect, use, and safeguard your personal information when you use our platform.
AimpleAI ("we", "our", or "us") operates an AI-powered marketing workspace platform accessible at aimpleai.com. This Privacy Policy explains how we collect, use, disclose, and safeguard information when you visit our website or use our application.
By accessing or using AimpleAI, you agree to the collection and use of information in accordance with this policy. If you do not agree, please discontinue use.
Account Information. When you create an account, we collect your name, email address, organization name, and password (stored in hashed form). If you invite team members, we collect their email addresses on your behalf.
Profile & Organization Data. Information you add to your profile, organization settings, teams, and role configurations within the app.
Content You Create. Marketing projects, strategy documents, campaign data, social media drafts, content library items, brand profiles, competitor notes, and any other content you create or upload inside the workspace.
Usage Data. We automatically collect information about how you interact with the platform, including pages visited, features used, session duration, error logs, and device or browser information.
Payment Information. Billing details are processed by our payment provider (Razorpay or Stripe) and are not stored on our servers. We retain transaction records such as plan type, amount, and date.
Communications. If you contact us by email or through in-app support, we retain those communications to help resolve issues.
We use the information we collect to:
We retain your personal data for as long as your account is active or as needed to provide services. If you delete your account, we will delete or anonymize your personal data within 30 days, except where retention is required to comply with legal obligations, resolve disputes, or enforce agreements.
Content you delete within the app (projects, campaigns, etc.) may remain in encrypted backups for up to 90 days before permanent deletion.
We implement industry-standard measures to protect your data:
No system is perfectly secure. We encourage you to use a strong, unique password and to notify us immediately at security@aimpleai.com if you suspect unauthorized access to your account.
AimpleAI uses AI workflows to help you create marketing content. We disclose the following so you can make informed choices:
What AI does on your data. We process your tenant content for: (a) content generation via large language models (LLM completions); (b) retrieval-augmented generation over your own approved corpus only — there is no cross-tenant retrieval; (c) moderation classification, which runs in suggest-only mode (we do not auto-block; your operators retain full liability for any "accept-risk" override, captured in an audit ledger); and (d) embedding (vectorisation for retrieval).
Vendor. AI inference is provided by OpenAI under enterprise no-training contractual terms — your content is not used to train OpenAI's models.
Cross-border transfer. AI inference requests are sent to OpenAI's US-region endpoints. Other tenant data (audit logs, content storage, RAG corpus) remains in your residency region (e.g., Mumbai `ap-south-1` for India tenants). Indian tenants: this cross-border flow is mitigated by the no-training enterprise contract; pending external counsel review of DPDP §16 sufficiency.
PII scrub. We run a best-effort PII scrub over content before AI vendor transmission to redact obvious identifiers (emails, phone numbers, IDs).
Tenant liability. AI-generated output is produced from your inputs. You are responsible for reviewing and approving AI output before publication.
We use Grafana Cloud Faro Real-User Monitoring to capture anonymous, aggregate front-end telemetry — strictly for platform-health and performance debugging.
What we capture. Web Vitals (LCP, FID, CLS, INP, TTFB), uncaught JavaScript errors with stack traces, page-navigation events, and view names.
What we do NOT capture. No personal data. No form-field contents. No URL query strings containing identifiers. No tenant content. No user IDs (beyond an anonymous, rotating session UUID).
Consent gate. Faro is loaded only after you accept non-essential cookies in our cookie banner. The default is essential-only; analytics is opt-in.
Sub-processor. Grafana Labs (Grafana Cloud). Indian visitor traffic is routed to the `ap-south-1` (Mumbai) Faro collector endpoint. Retention is 90 days.
Application identifier. Single application `aimple-frontend-prod`.
Counsel note (DRAFT). Faro is treated as an analytics-tier processing flow distinct from the AI-content chain in section 7. Pending external counsel review of DPDP §6 notice-at-collection adequacy and GDPR Article 13 transparency.
Depending on your location, you may have the following rights:
Access. Request a copy of the personal data we hold about you. Correction. Request correction of inaccurate or incomplete data. Deletion. Request deletion of your personal data, subject to legal retention requirements. Portability. Request your data in a structured, machine-readable format. Objection. Object to processing based on legitimate interests. Withdraw Consent. Where processing is based on consent, withdraw it at any time.
To exercise any of these rights, contact us at privacy@aimpleai.com. We will respond within 30 days.
For users resident in India, the Digital Personal Data Protection Act 2023 ("DPDP Act") applies.
Our role. AimpleAI is a Data Fiduciary for the personal data we process on our own account (tenant operator accounts, audit logs, billing data) and a Data Processor when we process tenant-uploaded end-user data on a tenant's documented instructions (e.g., Customer Match audience uploads).
Data residency. India tenant audit log data is stored in AWS `ap-south-1` (Mumbai) with Object Lock + per-region KMS encryption. Workflow event-history is currently single-region with per-region namespace isolation; full multi-region deployment is on our Phase-2 roadmap.
Your DPDP rights. §11 access · §12 correction & erasure · §13 grievance redressal · §14 nominate. Statutory grievance acknowledgement: 7 days. Resolution: 30 days. Escalation: Data Protection Board of India.
Children's data (§9). Tenants are contractually prohibited from uploading personal data of any individual under 18. Contact our Grievance Officer immediately if you believe such data has been inadvertently uploaded.
Grievance Officer (DRAFT — pending counsel sign-off). Jai Singh, Founder & Grievance Officer, email `jaisingh1006@gmail.com`. A dedicated `grievance@aimpleai.com` alias and registered postal address will be substituted upon counsel sign-off.
Our platform may contain links to third-party websites or services not operated by us. This Privacy Policy does not apply to those services. We encourage you to review the privacy policies of any third-party services you access.
AimpleAI is not directed to individuals under the age of 16. We do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a minor, contact us at privacy@aimpleai.com and we will promptly delete it.
We may update this Privacy Policy periodically. When we make material changes, we will notify you by updating the "Last updated" date at the top of this page and, where appropriate, sending an email notice. Continued use of AimpleAI after changes take effect constitutes acceptance of the revised policy.
For questions, requests, or concerns about this Privacy Policy, contact us at:
Email: privacy@aimpleai.com General: aimpleai@gmail.com Grievance Officer (India — DPDP §13, draft pending counsel sign-off): jaisingh1006@gmail.com