Privacy Policy
Last updated: 2026-03-27
1. Introduction
aiteam ApS ('we', 'us', 'our') is the data controller for personal data processed through the aiteam platform at aite.am. We are committed to protecting your privacy in accordance with the EU General Data Protection Regulation (GDPR) and applicable Danish data protection legislation.
This policy explains what data we collect, why we collect it, how we process it, and your rights as a data subject.
2. Data We Collect
We collect the following categories of personal data:
Account Data
- Full name
- email address
- profile picture
- function role
- notification preferences
Organisation Data
- Company name
- corporate email domain
- industry
- sub-industry
- estimated size
- headquarters location
- description
Platform Usage Data
- Assessment responses
- agent registrations
- governance configurations
- metric entries
- task activities
- implementation guide progress
AI Consultant Data
Conversation content, context snapshots (anonymised organisational scores and metrics sent to the AI model — never PII)
Technical Data
- IP address
- browser type and version
- device information
- access timestamps
- pages visited
3. How We Use Your Data
We use your data for the following purposes:
- Providing and operating the platform features you subscribed to
- Personalising your AI Consultant experience with your organisation's context
- Generating anonymised industry benchmarks (your company is never identified)
- Sending service communications, product updates, and security notifications
- Calculating partner commissions based on aggregated subscription data
- Improving the platform through anonymised usage analytics
- Complying with legal obligations (tax records, audit logs)
4. Legal Basis for Processing
We process your data under the following legal bases:
| Purpose | Legal Basis | Details |
|---|---|---|
| Platform operation | Contract performance | Providing the platform you subscribed to |
| Service improvement | Legitimate interest | Improving features, fixing issues, analytics |
| Marketing emails | Consent | Optional — you can withdraw at any time |
| Tax & audit records | Legal obligation | Required by Danish and EU law |
| Security monitoring | Legitimate interest | Protecting platform and users from threats |
5. Data Retention
We retain different categories of data for different periods:
| Data Category | Retention Period | Reason |
|---|---|---|
| Account data | Active subscription + 90 days | Service provision + grace period |
| AI Consultant conversations | 12 months | Context continuity and service quality |
| Audit logs | 7 years | Regulatory requirement (EU AI Act, tax) |
| Anonymised benchmarks | Indefinitely | Aggregated, non-personal data |
| Technical logs | 90 days | Security and debugging |
6. Data Sharing & Sub-Processors
We share data with the following service providers, all bound by data processing agreements:
| Provider | Purpose | Data Location |
|---|---|---|
| Supabase | Database hosting & authentication | EU (Frankfurt) |
| Vercel | Application hosting & edge functions | EU (Stockholm/Paris) |
| Anthropic | AI processing (Claude models) | US (SCCs in place) |
| Stripe | Payment processing | EU/US (PCI DSS Level 1) |
| Resend | Transactional email delivery | US (SCCs in place) |
We never sell your data. Partner admins can view aggregated customer metrics (scores, adoption rates) but never individual user data, AI conversations, or raw assessment responses.
7. Your GDPR Rights
Your Rights Under GDPR
As a data subject, you have the following rights:
- Right of access — request a copy of your personal data
- Right to rectification — correct inaccurate data
- Right to erasure — request deletion of your data ('right to be forgotten')
- Right to restrict processing — limit how we use your data
- Right to data portability — receive your data in a structured, machine-readable format (JSON export available in Settings)
- Right to object — object to processing based on legitimate interest
- Right to withdraw consent — withdraw consent at any time for consent-based processing
To exercise any right, contact steven@aite.am. We will respond within 30 days as required by GDPR.
8. Cookies
We use essential cookies for authentication and session management, and preference cookies for language and theme settings. We do not use advertising or tracking cookies.
For full details, see our Cookie Policy.
9. International Transfers
All primary data storage is within the EU (Frankfurt, Germany). AI processing via Anthropic may involve data transfer to the US, protected by Standard Contractual Clauses (SCCs) as approved by the European Commission.
No personally identifiable information is included in AI API calls — only anonymised scores, aggregated metrics, and organisational context.
10. Children's Privacy
The platform is designed for business use and is not directed at individuals under 16 years of age. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us immediately.
11. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes via email or an in-app notification at least 30 days before the changes take effect. The 'Last updated' date at the top of this page indicates when the policy was last revised.
12. Contact the Data Protection Officer
For any privacy-related questions or to exercise your rights, contact our Data Protection Officer.
You also have the right to lodge a complaint with the Danish Data Protection Agency (Datatilsynet).
Questions about this policy?
Our team is happy to help with any questions.