Privacy Policy
4. Our Use of AI for Educational Purposes
Aiino uses AI to provide adaptive learning experiences. We believe in being fully transparent about how this technology works and how your child's data is used.
4.2 Data Used by the AI
The AI uses only: • Non-personally identifiable data you provide - Child's age (not birthdate or real name) • Anonymized usage data collected automatically - Interactions with specific content, time spent on activities, features used • Text transcripts from conversations -
The AI does not process any personally identifiable information (PII) like:
❌ Real names or photos
Location data
Contact information
School information
Audio recordings
4.3 Third-Party AI Providers and Your Privacy
Our AI Infrastructure: Our AI features are powered by leading technologies hosted on Amazon Web Services (AWS), specifically using AWS Bedrock AI models accessed via AWS Bedrock.
What This Means: • AWS provides the cloud infrastructure (servers, security, networking) • AWS Bedrock AI provides the language model technology • AWS Bedrock is the service that connects them securely • Your child's data is processed on AWS servers in the United States • The AI model providers (AWS Bedrock) never directly see your child's data
Contractual Protections: We have strong contractual agreements with AWS that legally require them to: Comply with all applicable privacy laws, including COPPA, CCPA, and Indian IT Act
Process data only on our behalf and strictly according to our instructions
Never store or access any personally identifiable information (PII) from Aiino users for their own purposes
Never use data to train AI models or for uses beyond generating responses for Aiino
Implement robust security measures (encryption, access controls) to protect data and prevent unauthorized access
Only access anonymized or pseudonymized data, ensuring no personal identifiers are exposed
Delete data when no longer needed for providing the service
Allow us to audit their compliance with these requirements
How AI Responses Work - Step by Step:
When your child asks a question or has a conversation:
Your child speaks a question (e.g., "Tell me a story about a dragon")
Device converts speech to text (on-device, audio never sent to us)
We send the text (never audio) to AWS servers in us-west1 (Oregon, United States)
AWS processes the text using AWS Bedrock AI models hosted on AWS Bedrock
AWS Bedrock AI model generates a response (e.g., an age-appropriate story about a friendly dragon)
AWS sends the response back to our servers
We send the response to your child's device
Text transcript is stored for up to 90 days (or your chosen retention period) so you can review it
Critical Privacy Guarantees:
• AWS does not use your child's data to train AI models - This is contractually prohibited • AWS does not share your data with model providers (AWS Bedrock etc.) - The model providers never see user data • Data is processed solely to generate responses for your child - No other use is permitted • AWS processes data only according to our instructions - They cannot use it for their own purposes • All data is encrypted in transit and at rest - Using industry-standard AES-256 and TLS 1.3 encryption • Data is processed in real-time - AWS does not store conversation data long-term on our behalf
Model providers (AWS Bedrock AI) never see your child's data. They provide the AI model technology, but AWS runs these models in isolation without sharing user data with the model creators.
Think of it like this: It's similar to using Microsoft Word on your computer. Microsoft provides the software, but they don't keep copies of your documents. Similarly, AWS Bedrock provides the AI model, but AWS runs it without sharing your child's conversations with AWS Bedrock.
Data Processing Note: When we process requests through AWS: • Your IP address is transiently accessed by AWS infrastructure during the API call (this is necessary for internet communication) • AWS does not store IP addresses on our behalf (we have configured AWS not to log IP addresses) • IP addresses are only used for routing the request and are immediately discarded • This is standard for any cloud-based service
Third-Party Privacy Policies: For more information about how our infrastructure providers protect data: • AWS Privacy Policy: https://aws.amazon.com/privacy/ • AWS Customer Agreement: https://aws.amazon.com/agreement/ • AWS Data Processing Addendum: https://aws.amazon.com/compliance/data-privacy-faq/
4.4 AI-Generated Content Disclaimer
The Aiino app uses AI to generate educational content, stories, and conversational responses. This AI-generated content may include: • Characters and personalities • Visual descriptions • Storylines and scenarios • Educational explanations
Important Disclaimers:
No Real People: AI-generated content may resemble real human beings or portray realistic characters. However, any such resemblance is purely coincidental and does not indicate any connection to real individuals, living or deceased.
Entertainment and Education Only: AI-generated and interactions are designed solely for educational and entertainment purposes and should not be mistaken for real human interactions or professional advice.
No Endorsements: AI-generated content does not constitute endorsements of any products, services, individuals, or organizations.
Liability: We are not responsible for any unintended likeness or similarities that may appear in AI-generated content.
4.5 No Professional Advice
Important: The Service and any AI-generated outputs are provided for general educational and entertainment purposes only.
They do NOT constitute professional advice, including:
Educational or academic advice , Medical or psychological advice
Legal advice
Financial advice
Parenting advice
Therapeutic counseling
Always Consult Professionals:
You should not rely on the Service as a substitute for advice from qualified professionals. Always consult appropriate professionals for specific guidance related to your child's: • Education and learning needs • Health and medical concerns • Behavioral or developmental issues • Special educational requirements • Any serious matters requiring expert advice
AI Limitations:
AI systems can make mistakes, provide incomplete information, or generate responses that may not be appropriate for every child. Parental supervision and judgment are essential.
5. How We Share or Disclose Information
We do not rent or sell your personal data. We have never sold personal information, and we have no plans to do so.
We only share information with trusted partners in the following limited circumstances:
5.1 Service Providers
We share information with trusted third-party vendors who perform services on our behalf. These partners are bound by strict confidentiality agreements and are only permitted to use the data to fulfill their contractual duties.
All service providers must:
Sign Data Processing Agreements with privacy and security requirements
Process data only as we instruct
Implement appropriate security measures
Comply with COPPA and other applicable privacy laws
Not use children's data for their own purposes
Our categories of service providers include:
Cloud Hosting Providers
Amazon Web Services (AWS)
Purpose: Secure hosting of application data, AI services, and infrastructure
Location: United States (us-west1 region in Oregon)
Data Shared: All data necessary to operate the service, including: • Account information (email, encrypted passwords) • Child profiles (age, nickname) • Text conversation transcripts • Usage data • Device information (temporarily during requests)
Important Privacy Protections: • All data stored in us-west1 (Oregon, United States) • Data encrypted at rest using AES-256 • Data encrypted in transit using TLS 1.3 • IP address logging disabled (not stored)
Privacy Policy: https://aws.amazon.com/privacy/
AWS Compliance: https://aws.amazon.com/compliance/
AI & Machine Learning Services
AWS Bedrock AI (accessed via AWS Bedrock)
Purpose: Generate conversational AI responses from text transcripts to provide educational, age-appropriate conversations for children
Data Shared: Text transcripts of child conversations (NOT voice recordings, NOT real names, NOT photos)
How It Works: • We send text to AWS Bedrock • AWS Bedrock processes text using AWS Bedrock AI models • Models generate educational responses • Responses sent back to the child • AWS Bedrock AI (the company) never directly sees or accesses user data
Contractual Protections:
Prohibited from using data to train their own AI models
Prohibited from storing data beyond what's needed to generate responses
Prohibited from sharing data with any third parties
Must process data only on our behalf and per our instructions
Must delete data immediately after generating responses
Data Retention by AI Provider: Processes in real-time, does not store long-term
Critical Privacy Guarantee: AWS doesn't train on your data. AWS Bedrock AI (the model provider) never sees your child's conversations.
Privacy Policy: https://AWS Bedrock.ai/terms/ (Note: AWS Bedrock processes via AWS and is bound by AWS's Data Processing Agreement with us)
Payment Processing
Apple Inc. (for iOS in-app purchases)
Purpose: • Process subscription payments securely • Handle parental consent verification (0.29 USD temporary charge for US users) • Manage subscription renewals and cancellations
Data Shared: • Payment information (we never see full card details) • Subscription status • Purchase receipts
What We Receive: Only a secure payment token to confirm subscription is active
Privacy Policy: https://www.apple.com/legal/privacy/
Google LLC (for Android in-app purchases)
Purpose: • Process subscription payments securely • Handle parental consent verification (0.29 USD temporary charge for US users) • Manage subscription renewals and cancellations
Data Shared: • Payment information (we never see full card details) • Subscription status • Purchase receipts
What We Receive: Only a secure payment token to confirm subscription is active
Privacy Policy: https://policies.google.com/privacy
Analytics & Performance Monitoring
System Stability & Crash Reporting Provider: Firebase Crashlytics (Google LLC) Purpose: To identify technical errors, app crashes, and stability issues. (We use this solely to ensure the app works correctly).
Data Processed:
Technical crash logs (Error details)
Device attributes (Operating system version, device model)
Installation UUID (Random technical identifier)
Note: We do not track user behavior, session times, or usage patterns.
Privacy-Protective Configuration:
Advertising ID collection is internally impossible (not installed).
Personalized advertising is disabled.
No cross-app tracking. Privacy Policy: https://firebase.google.com/support/privacy
Customer Support & Communication
Amazon SES (Simple Email Service)
Purpose: Send account-related emails and support communications
Emails We Send: Signup OTP, Reset Password OTP, Forget Password OTP, Parent Request AI data, then we send them in pdf via mail, Account Deletion Notification
Data Shared: • Email address • Message content (only what you send us or we send you) • No tracking pixels or read receipts
Privacy Policy: https://aws.amazon.com/privacy/
Push Notifications
Apple Push Notification Service (APNS)
Purpose: Send important notifications about your child's account (only if you enable notifications)
Data Shared: • Device tokens (unique identifier for your device, not linked to personal information) • No message content stored by Apple
Types of Notifications: • Subscription reminders • Security alerts • Important account updates
Control: You can disable notifications in your device settings at any time
Privacy Policy: https://www.apple.com/legal/privacy/
SMS/OTP Services (for Indian Users Only)
Amazon SNS (Simple Notification Service)
Purpose: Send one-time passwords (OTP) for parental verification in India
Data Shared: • Mobile phone number (only for Indian users who choose OTP verification)
How It Works: • You provide your mobile number • AWS SNS sends a 6-digit OTP via SMS • You enter OTP to verify you're a parent • Verification complete
Data Retention: • Phone numbers stored securely • Used only for verification purposes • Not shared with third parties • Can be updated in Settings
Privacy Policy: https://aws.amazon.com/privacy/
Device Speech Recognition Providers
Apple Speech Recognition (iOS)
Purpose: Convert your child's voice to text on-device
Processing: • On-device only (audio does not leave the device unless you've enabled Siri or other Apple services) • Audio converted to text locally • Audio immediately discarded after conversion • Aiino does not receive audio data
What Aiino Receives: Only the text transcript
Control: Settings > Privacy & Security > Speech Recognition > Aiino
Privacy Policy: https://www.apple.com/legal/privacy/
Google Speech Services (Android)
Purpose: Convert your child's voice to text
Processing: • May use Google servers depending on device settings • Controlled by your device manufacturer, not Aiino • Aiino does not receive audio data
What Aiino Receives: Only the text transcript
Control: Settings > Apps > Aiino > Permissions > Microphone
Privacy Policy: https://policies.google.com/privacy
Important: Please refer to your device provider's privacy policy for details on how they process voice data for speech recognition. Aiino does not control this process.
5.2 Complete List of Third-Party Service Providers
For transparency, here is the complete list of third parties that may process children's personal information:
Amazon Web Services (AWS) - Cloud hosting, AI services, email, SMS
AWS Bedrock AI (via AWS Bedrock) - AI response generation
Apple Inc. - Payment processing, push notifications (iOS)
Google LLC - Payment processing, Crash Reporting (Firebase)
We do not use:
Advertising networks
Social media platforms
Marketing automation tools
Third-party analytics beyond Firebase
Data brokers
Any service that sells or shares children's data
5.3 Updates to Service Providers
We will update this list within 30 days if we add new service providers that process children's personal information.
Material changes will be communicated via email to parents.
For questions about our service providers, contact us at info@aiino.ai.
5.4 Legal and Safety Reasons
We may disclose personal data if required by law or in good faith to:
Comply with legal process - Subpoenas, court orders, law enforcement requests (we will notify you unless legally prohibited)
Protect safety - Prevent harm to children, users, or the public (e.g., child safety concerns, threats of violence)
Enforce our rights - Enforce our Terms of Service, prevent fraud, protect intellectual property
Prevent fraud or security threats - Detect and prevent hacking, unauthorized access, or abuse of the Service
If we receive a legal request for your data, we will:
Carefully review the request for legal validity
Notify you (unless prohibited by law)
Provide only the minimum data necessary
Challenge overbroad requests when possible
5.5 Business Transactions
In the event of a merger, acquisition, bankruptcy, or sale of assets:
We will:
Notify you via email at least 30 days in advance of the transaction
Post prominent in-app notification about the change in ownership
Provide details about the new owner and their privacy practices
Give you the option to delete your account and data before the transfer
Require the new owner to honor this Privacy Policy
Your Options: • Continue using the Service (data transfers to new owner) • Delete your account before the transfer (data permanently deleted) • Contact us with questions about the transaction
Personal data may be transferred to the new owner, but you maintain control over your data through the deletion option.
5.6 No Sale of Personal Information
We do not sell personal information. We have never sold personal information, and we have no plans to do so in the future.
We do not:
Sell or rent personal information to third parties
Share information for cross-context behavioral advertising
Allow third parties to collect information for their own advertising
Participate in data broker arrangements