Privacy Policy
6. Data Security Practices
We take the security of your data seriously and implement industry-standard technical, physical, and administrative measures to protect it.
6.1 Encryption
Data in Transit:
All data transmitted between your device and our servers is encrypted using TLS 1.3 (Transport Layer Security), the latest and most secure encryption standard.
What this means: When your device communicates with our servers, all data is encrypted so that it cannot be intercepted or read by anyone else.
Data at Rest:
All data stored on our servers (AWS) is protected using AES-256 encryption, a military-grade encryption standard used by governments and financial institutions.
What this means: Even if someone gained physical access to our servers (which is extremely unlikely given AWS security), they could not read the data without the encryption keys.
Password Protection:
Passwords are secured using PBKDF2-SHA256 cryptographic hashing with:
- No plain-text storage
- Unique salts per password
- 260,000 computational iterations (brute-force resistant)
- One-way encryption (cannot be decrypted)
- Secure password reset only
What this means: Even we cannot see your password. If you forget it, we can only help you reset it, not recover it.
6.2 Access Control
Role-Based Access:
We use role-based access controls (RBAC) to ensure only authorized personnel have access to user data, and only to the data necessary for their specific job function.
Multi-Factor Authentication (MFA):
All employee accounts with access to user data require multi-factor authentication. This means employees must verify their identity using both a password and a second factor (usually a time-based code from their phone).
Principle of Least Privilege:
Employees can only access the minimum data necessary to perform their job functions. For example: • Customer support can see account email and subscription status • Customer support cannot see conversation transcripts or child information • Engineers with database access can see data but cannot modify or delete it without approval
Access Logging:
All access to user data is logged and monitored for unusual activity.
6.3 Security Audits and Monitoring
Continuous Monitoring:
We conduct continuous security monitoring to: • Detect potential vulnerabilities • Identify suspicious access patterns • Monitor for unauthorized access attempts • Track system health and performance • Alert on security events in real-time
Internal Security Assessments:
We perform regular internal security assessments to: • Identify and address potential risks • Review access controls • Test incident response procedures • Update security policies and procedures
Privacy-Protective Architecture:
As part of our privacy-by-design approach, we have architected our systems with built-in privacy protections:
No IP Address Logging:
We have deliberately chosen not to store or log IP addresses. This means: We cannot track user location history
We cannot build location-based profiles
IP addresses are only accessed transiently during request processing
No IP address logs exist that could be compromised in a data breach
Your location privacy is protected beyond what is required by law
Privacy by Default:
Our systems are configured to: • Collect the minimum data necessary • Apply strictest privacy settings by default • Automatically delete data when it's no longer needed • Require explicit opt-in for optional features • Anonymize data used for crash reporting.
This architectural choice provides enhanced privacy protection and reduces the risk of data exposure in the unlikely event of a security incident.
6.4 Incident Response
Data Breach Notification:
In the event of a data breach affecting children's personal information, we will:
Investigate and contain the breach - Immediately upon discovery, assess the scope, stop the breach, and prevent further unauthorized access
Notify affected parents via email within 72 hours of discovering the breach, including: • What happened and when • What data was affected • What we've done to address it • Steps you can take to protect your child • Contact information for questions
Notify relevant authorities as required by law: • Federal Trade Commission (FTC) for COPPA breaches • State Attorneys General as required • Other regulatory authorities in affected jurisdictions
Provide detailed information about: • The nature of the breach • Types of data affected • Number of affected users • Actions taken to mitigate harm • Additional steps planned
Post a public notice on our website and in-app for 30 days following the breach
Offer assistance such as: • Guidance on protective measures • Extended support • Account monitoring (if applicable)
Because we do not store audio recordings of your child's voice or log IP addresses, there is no stored voice data or location history at risk in the event of a breach.
Our Commitment:
We treat any potential data breach with the utmost seriousness and will be transparent with you about what happened and how we're addressing it.
6.5 Information Security Program
As required by the Children's Online Privacy Protection Act (COPPA), we maintain a comprehensive, written Information Security Program designed to protect children's personal information from unauthorized access, use, or disclosure.
Our Information Security Program includes:
Risk Assessment: • Annual security risk assessments identifying threats to children's data • Evaluation of likelihood and impact of potential security events • Prioritization of risks based on severity and business impact • Documentation of risk mitigation strategies and action plans • Regular reviews and updates based on new threats
Administrative Controls: • Background checks for employees with access to children's data • Mandatory security awareness training for all staff (annual refresher) • Clear access control policies based on need-to-know principle • Incident response procedures with defined roles and responsibilities • Regular policy reviews and updates • Security leadership oversight
Technical Controls: • Data encryption in transit (TLS 1.3) and at rest (AES-256) • Multi-factor authentication for all employee access • Firewall protection and intrusion detection systems • Regular vulnerability scanning and security testing • Secure software development practices • Automated security monitoring and alerting • No IP address logging (privacy-protective architecture) • Secure password hashing (bcrypt)
Physical Controls: • Secure data center facilities (AWS infrastructure with physical security) • Physical access controls and visitor logs • Environmental controls (fire suppression, climate control, backup power) • Secure disposal procedures for any hardware containing data • Video surveillance and 24/7 monitoring of facilities
Third-Party Management: • Security requirements in all vendor contracts • Data Processing Agreements with defined security obligations • Vendor access limited to minimum necessary • Regular review of vendor security practices • Annual security audits of critical service providers (planned)
Continuous Improvement: • Internal security reviews and assessments • Security metrics tracking and reporting • Incident post-mortems and lessons learned • Regular updates to security controls based on emerging threats • Staying current with industry best practices
Program Oversight:
Our Information Security Program is overseen by our Technical Lead, who reports on security status to management.
Documentation:
We maintain comprehensive documentation of our security program, including: • Security policies and procedures • Risk assessments and mitigation plans • Incident response plans • Access control matrices • Audit logs and monitoring reports
Next Scheduled Review: July 2026
For questions about our security practices, contact us at info@aiino.ai with subject line "Security Question".
7. Children's Privacy and Parental Consent
Aiino is designed for children aged 3-9, and we are fully compliant with the U.S. Children's Online Privacy Protection Act (COPPA) and applicable international privacy laws.
7.1 Verifiable Parental Consent (VPC)
We do not collect any personal information from your child without first obtaining verifiable parental consent through an FTC-approved mechanism.
Legal Requirement: COPPA requires that we verify you are a parent or legal guardian before collecting personal information from children under 13. We take this requirement seriously and have implemented robust verification processes.
7.2 Our Verification Process
Before your child can use features that process personal information, we require you to verify your identity as a parent or legal guardian.
For United States Users: Credit/Debit Card Verification
⚠️ IMPORTANT: TEMPORARY CHARGE OF 0.29 USD
To comply with federal child protection law (COPPA), we must verify that you're an adult before your child can use Aiino.
How it works:
Small temporary charge - We charge 0.29 USD to your credit or debit card
Automatic refund - This charge is fully refunded within 24-48 hours
Why we charge - This proves you control a payment method (children typically cannot)
Legal approval - This method is approved by the Federal Trade Commission (FTC) as a valid parental verification under COPPA
Secure processing - Processed securely through Apple App Store or Google Play Store
Payment Security: • All payment data is processed through PCI-DSS compliant processors • We never store your full credit card number • Only a secure token is kept to confirm your subscription • Verification is one-time only • Refunds process automatically within 24-48 hours
Supported Cards: • Visa • Mastercard • American Express • Discover • Most major debit cards
For Indian Users: One-Time Password (OTP) Verification
FREE VERIFICATION - NO CHARGE
For users in India, we offer One-Time Password (OTP) verification as an alternative.
How it works:
Provide mobile number - Enter your mobile phone number during signup
Receive OTP - You'll receive a 6-digit code via SMS
Enter OTP - Type the code in the app to verify
Verification complete - Instant verification with no charges
OTP Security & Privacy: • Processed through secure, encrypted channels (AWS SNS) • Mobile numbers stored securely and used only for verification • We never share your phone number with third parties • Verification is one-time only • OTP is valid for 10 minutes • You can request a new OTP if needed (up to 3 times) • Phone number can be updated in Settings
Alternative Verification (if needed):
If you cannot use credit card or OTP verification, contact us at info@aiino.ai to arrange alternative verification methods. We'll work with you to find a solution that complies with COPPA requirements.
7.3 What Happens Before Verification
Limited Access Mode:
Before you complete parental consent verification, the app operates in a limited exploratory mode:
What Your Child CAN Do: • Browse available content categories • See example stories and activities • Explore the app interface • View feature descriptions
What Your Child CANNOT Do: Create or save content
Privacy Protections: • We do not collect personal information during this period • Voice features are disabled • Push notifications are disabled • Default privacy settings are set to maximum protection • No data is shared with third parties
7.4 What Happens After Verification
Full Access Mode: After you complete verification and provide consent, the full app experience becomes available:
What Becomes Available:
• Full app features and content
• AI conversation capabilities (if you enable voice features)
• Personalized learning experiences
• Progress tracking and achievements
• Parent Dashboard access
• Ability to save and resume activities
Data Collection Begins: • We may collect and process personal information as described in this policy • You can enable voice conversation features • Educational personalization becomes active • You can manage all settings in the Parent Dashboard
7.5 Your Consent Covers
By completing verification, you specifically consent to:
Collection of your child's age and nickname - For account creation and age-appropriate content
Processing of usage data and educational interactions - To provide personalized learning and improve the app
Creation of text transcripts from voice input - If you enable voice features (optional)
Data sharing with service providers - As described in Section 5 (AWS, payment processors, etc.)
Storage of data - As described in Section 9 (90-day default for transcripts)
Use of data for purposes described in this policy - Educational personalization, app improvement, security, etc.
7.6 Consent for Voice-to-Text Features
Voice features are disabled by default and require separate explicit consent.
Before your child can use voice conversation features, we ask you to provide specific consent to:
• Allow your child's voice to be captured on their device and converted to text • Allow Aiino to receive and store text transcripts of your child's conversations for the limited purposes described in this Privacy Policy • Understand that audio is processed on-device and never sent to Aiino • Acknowledge that you can review, manage, and delete transcripts at any time
7.7 Managing Your Consent
You can review, modify, or withdraw your consent at any time:
View Consent Status: • Parent Dashboard > Privacy & Consent • See what you've consented to • See when consent was given • View consent history
Modify Feature Permissions: • Parent Dashboard > Feature Controls • Enable/disable specific features • Change transcript retention period • Adjust privacy settings
Withdraw Consent and Delete Account: • Settings > Account > Delete Account • Account deactivated immediately • All data deleted within 30 days • Cannot be undone
7.8 No Behavioral Advertising
We do not serve behavioral advertisements to children or use children's data for marketing or advertising purposes, regardless of consent.
We do not:
Show ads in the app (paid subscription model)
Track children across websites or apps
Build advertising profiles
Share data with advertisers
Allow third-party advertising networks
Use children's data for marketing
7.9 Ongoing Parental Rights
After providing consent, you retain all rights to:
Access and Review: • View text transcripts of your child's AI conversations • Access all data we've collected about your child • Download a copy of your child's data
Control and Manage: • Update your child's profile information • Modify privacy settings at any time • Choose transcript retention period • Enable/disable specific features
Delete and Remove: • Request deletion of specific conversations • Delete all data and close account • Request immediate data deletion (overriding retention periods)
Monitor and Protect: • Review conversation history • Report inappropriate content • Set parental controls • Manage screen time limits
To exercise these rights, visit the Parent Dashboard or contact us at info@aiino.ai.
7.10 Children's Rights
While parents control account settings and data, children using Aiino have the right to:
Safety and Security: • Have their personal information protected with industry-standard security measures • Use an app designed with their safety as the top priority • Be protected from inappropriate content through content filtering
Privacy: • Not have their data sold or used for behavioral advertising • Have their information deleted upon parental request • Have their data processed only with parental consent • Have their conversations kept private and secure
Appropriate Experience: • Access age-appropriate educational content • Interact with AI that's designed for children • Learn without manipulation or pressure • Have a safe, fun, and educational experience
Children can speak to their parents about these rights or contact us with a parent's help at info@aiino.ai.
8. International Data Transfers
8.1 Data Storage Location
Aiino stores and processes data in secure Amazon Web Services (AWS) data centers.
Primary Data Center Location:
us-west1 (Oregon, United States)
What this means: • All user data (account info, transcripts, usage data) is stored on AWS servers in Oregon • Data is subject to United States laws and regulations • AWS provides physical security, network security, and compliance certifications • Data remains within the United States unless transferred with your consent or as required by law
8.2 Transfers from Outside the United States
If you are located outside the United States (e.g., in India or other countries where we operate):
Your data will be transferred to and processed in the United States.
By using the Service, you consent to: • The transfer of your data to the United States • Processing of your data under United States privacy laws • Storage of your data on AWS servers in Oregon
Why We Transfer Data: • Our infrastructure and AI services are hosted in the United States • This allows us to provide the best performance and service quality • AWS's Oregon data center provides robust security and compliance
Protections for International Data Transfers: • Data Processing Agreement with AWS • Industry-standard encryption in transit and at rest • Compliance with applicable privacy laws in your country • Your rights under this Privacy Policy apply regardless of where data is stored
8.3 Future EU/UK Expansion
When we expand to the European Union and United Kingdom, we will ensure that any international data transfers comply with GDPR requirements.
Our GDPR Compliance Plan (before EU/UK launch):
Standard Contractual Clauses (SCCs): • We will implement Standard Contractual Clauses approved by the European Commission • SCCs are legally recognized contracts that ensure adequate protection of personal data when transferred outside the European Economic Area (EEA)
Additional Safeguards: • Supplementary measures to protect data during transfers • Data protection impact assessments (DPIAs) • Regular audits of data transfer processes
EU/UK Data Residency (Planned): • We plan to store EU/UK user data within the European Economic Area • Likely using AWS eu-central-1 (Frankfurt, Germany) or AWS eu-west-2 (London, UK) • Data will not leave the EEA except as required by law or with explicit consent
Transparency: • We will clearly notify EU/UK users about data storage location • We will provide information about any cross-border transfers • We will update this policy before launching in EU/UK
8.4 Data Localization for Indian Users (Future-Proofing)
Current Practice:
Data for Indian users is currently stored in us-west1 (Oregon, United States).
Why United States Storage: • Our infrastructure is currently US-based • AWS Oregon provides excellent performance for Indian users • Complies with current Indian privacy laws
If Indian Law Changes: India's upcoming Digital Personal Data Protection Act (DPDP Act) may require data localization. We are prepared to comply:
Our Plan: • If data localization is required, we will migrate Indian user data to AWS ap-south-1 (Mumbai, India) • We will notify Indian users 30 days before any changes to data storage location • We will ensure seamless transition with no data loss • All protections in this Privacy Policy will continue to apply
Commitment: We will comply with all Indian data protection requirements and will keep Indian users informed of any changes.
9. Data Retention
We retain personal data only for as long as necessary to fulfill the purposes outlined in this policy and to comply with our legal obligations.
Our guiding principle: Keep data only as long as needed, no longer.
9.1 Retention Periods
Account and Subscription Data:
What: Email address, encrypted password, subscription status, payment tokens
Retention: As long as your account is active
Deletion: If you delete your account, this data will be permanently deleted from our live systems within 30 days
Why we keep it: Necessary to provide the Service, manage your account, and process payments
Child Profile Data:
What: Child's age, nickname
Retention: As long as your account is active
Deletion: Deleted within 30 days of account closure
Why we keep it: Necessary to provide age-appropriate content
Text Conversation Transcripts:
What: Text transcripts of your child's conversations with the AI
Default Retention: 30 days from creation
Parent Choice: You can choose a shorter retention period: • 7 days - Transcripts deleted after one week • 30 days - Transcripts deleted after one month • 30 days - Default, transcripts deleted after three months
Early Deletion:
Parents can request earlier deletion at any time:
• Parent Dashboard > Conversations > Delete All
• Parent Dashboard > Conversations > Select specific conversation > Delete • Email info@aiino.ai with subject "Delete Conversation Transcripts"
Why we keep them: • Safety monitoring (we can review if you report concerns)
Audio Recordings of Your Child's Voice:
Retention: We do not collect or store audio recordings
What happens to audio: • Captured by device microphone • Converted to text on-device • Immediately discarded after conversion • Never sent to Aiino servers • Never stored anywhere
Device Information:
What: Device type, OS version, app version
Retention: As long as your account is active
Deletion: Deleted within 30 days of account closure
Why we keep it: To provide technical support and optimize app performance
IP Addresses:
Retention: We do not store or log IP addresses
What happens to IP addresses: • Temporarily accessed during API requests • Used for security and compliance during the request • Immediately discarded after request is processed • Never written to logs or databases • Cannot be retrieved or reviewed
Why we don't keep them: Privacy protection - we cannot track your location history or build location profiles
Data Stored Locally on Your Device:
What: Some non-personal data, such as app settings, learning progress before account creation, cached content
Retention: Until you delete the app or clear app data
Control: You control this data: • iOS: Settings > General > iPhone Storage > Aiino > Delete App • Android: Settings > Apps > Aiino > Storage > Clear Data
Important: We do not have access to this data. It's stored only on your device.
9.2 Backup Retention (Future Implementation)
Current Status: We do not currently maintain encrypted backups. All data deletion is immediate from our live systems.
Future Implementation:
When we implement backup systems for disaster recovery:
Backup Schedule: Encrypted backups created every 7 days
Backup Retention: Rolling 90-day basis (old backups automatically deleted)
Data Deletion from Backups: • When you delete data from live systems, it will be permanently erased from backups within 90 days • This is because backups are point-in-time snapshots • New backups created after deletion will not contain your deleted data • After 90 days, all backups containing your data will be overwritten
Backup Security: • Encrypted using AES-256 • Stored in separate AWS region for redundancy • Access restricted to authorized personnel only • Regular testing to ensure restoration works
Why 90 days: • Industry standard for disaster recovery • Balances data protection with disaster recovery needs • Complies with legal retention requirements
9.3 Secure Deletion
When data is deleted (either by you or automatically after retention period), we use industry-standard secure data-wiping methods to ensure that no data can be recovered after deletion.
Our Deletion Process:
Immediate Deactivation: Data is immediately marked as deleted and becomes inaccessible
Overwriting: Data is overwritten with random data multiple times
Verification: Deletion is verified through automated checks
Certificate of Destruction: For account deletions, we can provide confirmation upon request
Compliance: • NIST guidelines for media sanitization • GDPR "right to erasure" requirements • COPPA parental deletion rights
No Recovery Possible: Once data is deleted using our secure methods, it cannot be recovered by us or anyone else, even with advanced forensic tools.
Backup Deletion (when implemented): • Deleted data excluded from new backups immediately • Existing backups containing deleted data purged within 90 days • No restoration of deleted data, even in disaster recovery scenarios
9.4 Legal Retention Requirements
In some cases, we may be required to retain certain data for legal or regulatory reasons:
Legal Hold:
If we receive a court order, subpoena, or legal hold, we may need to preserve data beyond normal retention periods. We will notify you if legally permitted.
Tax and Accounting Records:
Payment records may be retained for tax compliance (typically 7 years as required by law)
Dispute Resolution:
If there's an ongoing dispute, complaint, or legal proceeding, we may retain relevant data until the matter is resolved
Compliance Records:
Records demonstrating COPPA compliance (parental consent, verification) may be retained as required by law