adiuvAI/website
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
website/privacy.html
Roberto Musso 14cb07e1a7
All checks were successful
Deploy Website / deploy (push) Successful in 3s
Details
add multilanguage support
2026-04-12 09:56:20 +02:00

387 lines
19 KiB
HTML
Raw Permalink Blame History

<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>Privacy Policy — adiuvAI</title>
<meta name="description" content="adiuvAI Privacy Policy. Learn how we protect your data with a local-first, privacy-by-design architecture.">
<link rel="canonical" href="https://adiuvai.com/privacy.html">
<meta name="theme-color" content="#f4edf3">
<!-- Open Graph -->
<meta property="og:title" content="Privacy Policy — adiuvAI">
<meta property="og:description" content="adiuvAI Privacy Policy. Learn how we protect your data with a local-first, privacy-by-design architecture.">
<meta property="og:type" content="website">
<meta property="og:url" content="https://adiuvai.com/privacy.html">
<meta property="og:image" content="https://adiuvai.com/assets/og-image.png">
<meta property="og:site_name" content="adiuvAI">
<!-- Twitter Card -->
<meta name="twitter:card" content="summary_large_image">
<meta name="twitter:title" content="Privacy Policy — adiuvAI">
<meta name="twitter:description" content="adiuvAI Privacy Policy. Learn how we protect your data with a local-first, privacy-by-design architecture.">
<meta name="twitter:image" content="https://adiuvai.com/assets/og-image.png">
<link rel="icon" type="image/svg+xml" href="data:image/svg+xml,%3Csvg xmlns='http://www.w3.org/2000/svg' viewBox='0 0 16 16'%3E%3Cpath d='M8,1 L13,8 L3,8 Z' fill='%23fbc881'/%3E%3Cpath d='M3,8 L13,8 L8,15 Z' fill='%23040404'/%3E%3C/svg%3E">
<link rel="apple-touch-icon" href="assets/apple-touch-icon.png">
<link rel="preconnect" href="https://fonts.googleapis.com">
<link rel="preconnect" href="https://fonts.gstatic.com" crossorigin>
<link href="https://fonts.googleapis.com/css2?family=Inter:wght@300;400;500;600;700&display=swap" rel="stylesheet">
<style>
*, *::before, *::after { box-sizing: border-box; margin: 0; padding: 0; }
html { scroll-behavior: smooth; }
:root {
--bg: #f4edf3;
--bg-shifted: #efe5ef;
--text: #040404;
--text-light: #fbfbfb;
--text-muted: #8a8ea9;
--primary: #fbc881;
--primary-deep: #e5a94e;
--muted: #c8c3cd;
--muted-soft: rgba(200, 195, 205, 0.4);
--card-bg: rgba(255, 255, 255, 0.45);
--card-border: rgba(255, 255, 255, 0.55);
--radius: 20px;
}
body {
font-family: 'Inter', system-ui, -apple-system, sans-serif;
background: var(--bg);
color: var(--text);
line-height: 1.6;
-webkit-font-smoothing: antialiased;
}
body::before {
content: '';
position: fixed;
inset: 0;
background:
radial-gradient(ellipse 80% 60% at 25% 20%, rgba(251,200,129,0.07) 0%, transparent 60%),
radial-gradient(ellipse 70% 50% at 75% 70%, rgba(138,142,169,0.06) 0%, transparent 50%);
pointer-events: none;
z-index: 0;
}
a { color: inherit; text-decoration: none; }
/* ── Nav ── */
nav {
position: fixed; top: 0; left: 0; right: 0; height: 64px;
display: flex; align-items: center; justify-content: space-between;
padding: 0 32px; z-index: 100;
background: rgba(244, 237, 243, 0.9);
backdrop-filter: blur(16px); -webkit-backdrop-filter: blur(16px);
border-bottom: 1px solid var(--muted-soft);
}
.nav-logo {
display: flex; align-items: center; gap: 10px;
font-size: 1.1rem; font-weight: 400; letter-spacing: -0.02em;
}
.nav-logo svg { width: 28px; height: 28px; }
.nav-logo .ai { font-weight: 700; color: var(--primary-deep); }
.btn {
display: inline-flex; align-items: center; justify-content: center;
padding: 10px 24px; border-radius: 50px; font-size: 0.875rem;
font-weight: 600; border: none; cursor: pointer;
font-family: inherit; transition: all 0.4s cubic-bezier(0.16,1,0.3,1);
}
.btn-primary { background: var(--text); color: var(--text-light); }
.btn-primary:hover { background: #222; transform: translateY(-1px); box-shadow: 0 8px 24px rgba(0,0,0,0.12); }
.btn-primary:focus-visible { outline: 2px solid var(--primary); outline-offset: 2px; }
/* ── Content ── */
.page-header {
padding: 120px 24px 48px; text-align: center; position: relative; z-index: 2;
}
.page-header .label {
font-size: 0.72rem; font-weight: 600; letter-spacing: 0.14em;
text-transform: uppercase; color: var(--primary-deep); margin-bottom: 12px;
}
.page-header h1 {
font-size: clamp(2rem, 4vw, 3rem); font-weight: 600;
letter-spacing: -0.03em; line-height: 1.15; margin-bottom: 12px;
}
.page-header .meta {
font-size: 0.85rem; color: var(--text-muted);
}
.content {
max-width: 720px; margin: 0 auto; padding: 0 24px 100px;
position: relative; z-index: 2;
}
.content section {
margin-bottom: 48px;
}
.content h2 {
font-size: 1.25rem; font-weight: 600; letter-spacing: -0.02em;
margin-bottom: 16px; padding-bottom: 8px;
border-bottom: 1px solid var(--muted-soft);
}
.content h3 {
font-size: 1.05rem; font-weight: 600; margin: 24px 0 8px;
}
.content p {
margin-bottom: 12px; color: var(--text); font-size: 0.94rem; line-height: 1.75;
}
.content ul, .content ol {
margin: 0 0 16px 20px; font-size: 0.94rem; line-height: 1.75;
}
.content li { margin-bottom: 6px; }
.content strong { font-weight: 600; }
.content a {
color: var(--primary-deep); text-decoration: underline;
text-underline-offset: 2px;
}
.content a:hover { color: var(--text); }
.callout {
padding: 20px 24px; border-radius: 12px;
background: var(--card-bg); backdrop-filter: blur(16px);
border: 1px solid var(--card-border); margin-bottom: 20px;
}
.callout p { margin-bottom: 0; }
.callout .icon { font-size: 1.2rem; margin-right: 8px; }
table {
width: 100%; border-collapse: collapse; margin-bottom: 16px; font-size: 0.88rem;
}
th, td {
text-align: left; padding: 10px 14px;
border-bottom: 1px solid var(--muted-soft);
}
th { font-weight: 600; font-size: 0.82rem; text-transform: uppercase; letter-spacing: 0.05em; color: var(--text-muted); }
/* ── Footer ── */
footer {
padding: 40px 24px; text-align: center;
border-top: 1px solid var(--muted-soft); position: relative; z-index: 2;
}
.footer-logo {
display: flex; align-items: center; justify-content: center;
gap: 8px; margin-bottom: 10px; color: var(--text-muted); font-size: 0.95rem;
}
.footer-logo svg { width: 22px; height: 22px; }
.footer-logo .ai { font-weight: 700; }
footer .legal { font-size: 0.78rem; color: var(--muted); }
footer .legal a { color: var(--text-muted); text-decoration: underline; text-underline-offset: 2px; }
footer .legal a:hover { color: var(--text); }
@media (max-width: 640px) {
nav { padding: 0 16px; }
.page-header { padding: 100px 20px 36px; }
.content { padding: 0 20px 80px; }
}
</style>
</head>
<body>
<nav role="navigation" aria-label="Main navigation">
<a href="./" class="nav-logo" aria-label="adiuvAI home">
<svg viewBox="0 0 64 64" fill="none" aria-hidden="true">
<path d="M32,4 L48,32 L16,32 Z" fill="#fbc881"/>
<path d="M16,32 L48,32 L32,60 Z" fill="#040404"/>
<circle cx="32" cy="32" r="2.5" fill="#040404" opacity="0.18"/>
</svg>
adiuv<span class="ai">AI</span>
</a>
<a href="./#final-cta" class="btn btn-primary">Join the waitlist</a>
</nav>
<header class="page-header">
<p class="label">Legal</p>
<h1>Privacy Policy</h1>
<p class="meta">Last updated: April 11, 2026</p>
</header>
<main class="content">
<div class="callout">
<p><span class="icon">🔒</span> <strong>The short version:</strong> adiuvAI is local-first. Your personal data — emails, tasks, notes, files — is processed and stored on your device. We never see it, and we can't access it.</p>
</div>
<section>
<h2>1. Who We Are</h2>
<p>adiuvAI ("we", "us", "our") is a desktop application and optional cloud service developed by Roberto Musso, based in the European Union. This Privacy Policy explains how we collect, use, and protect your information when you use the adiuvAI desktop application, our website (adiuvai.com), and any related services.</p>
<p>For questions about this policy, contact us at <a href="mailto:privacy@adiuvai.com">privacy@adiuvai.com</a>.</p>
</section>
<section>
<h2>2. Our Privacy Architecture</h2>
<p>adiuvAI is built on a <strong>local-first, privacy-by-design</strong> architecture. This means:</p>
<ul>
<li><strong>Processing happens on your device.</strong> When adiuvAI reads your email, organizes tasks, or generates your daily brief, all processing occurs locally in the Electron desktop application.</li>
<li><strong>Your data stays on your machine.</strong> Tasks, notes, projects, files, and extracted email content are stored in a local SQLite database and local vector store (LanceDB) on your device.</li>
<li><strong>EU AI Act compliant.</strong> Our AI features are designed in accordance with the EU Artificial Intelligence Act (Regulation 2024/1689).</li>
</ul>
</section>
<section>
<h2>3. What We Collect</h2>
<h3>3a. Data You Provide Directly</h3>
<table>
<thead><tr><th>Data</th><th>Purpose</th><th>Stored Where</th></tr></thead>
<tbody>
<tr><td>Email address</td><td>Account creation, waitlist, communications</td><td>Our server (PostgreSQL)</td></tr>
<tr><td>Name</td><td>Account personalization</td><td>Our server</td></tr>
<tr><td>Password</td><td>Authentication</td><td>Our server (bcrypt hash only)</td></tr>
<tr><td>Payment info</td><td>Subscription billing</td><td>Stripe (PCI-compliant) — we never store card numbers</td></tr>
</tbody>
</table>
<h3>3b. Data the App Processes Locally</h3>
<p>The following data is processed and stored <strong>exclusively on your device</strong>. We do not have access to it:</p>
<ul>
<li>Email content, attachments, and metadata</li>
<li>Tasks, projects, notes, and checkpoints</li>
<li>Calendar events and meeting notes</li>
<li>Files and folders you choose to monitor</li>
<li>AI conversation history</li>
<li>Vector embeddings of your content</li>
</ul>
<h3>3c. Data Shared with AI Providers</h3>
<p>When you use adiuvAI's AI features, portions of your data are sent to third-party large language model (LLM) providers for processing. This includes:</p>
<ul>
<li><strong>What is sent:</strong> Text snippets relevant to the current AI task (e.g., an email you're asking about, task context for prioritization). We send the minimum context needed.</li>
<li><strong>Providers:</strong> OpenAI, Anthropic, or other LLM providers as configured. The specific provider depends on the task for optimal cost and performance.</li>
<li><strong>Retention:</strong> We use provider tiers that do not retain your data for training. Refer to each provider's data processing terms for details.</li>
</ul>
<h3>3d. Data We Collect Automatically</h3>
<table>
<thead><tr><th>Data</th><th>Purpose</th><th>Legal Basis</th></tr></thead>
<tbody>
<tr><td>IP address</td><td>Rate limiting, abuse prevention</td><td>Legitimate interest</td></tr>
<tr><td>API usage patterns</td><td>Service improvement, tier enforcement</td><td>Legitimate interest</td></tr>
<tr><td>Crash reports (opt-in)</td><td>Bug fixing</td><td>Consent</td></tr>
</tbody>
</table>
<h3>3e. Website (Waitlist)</h3>
<p>When you join the waitlist, we collect only your email address. We do not use tracking pixels, analytics scripts, or third-party cookies on our website.</p>
</section>
<section>
<h2>4. How We Use Your Data</h2>
<ul>
<li><strong>Account management:</strong> Create and maintain your account, process subscriptions.</li>
<li><strong>Service delivery:</strong> Authenticate your desktop app, provide cloud backup/sync if opted in.</li>
<li><strong>Communications:</strong> Send product updates, security notices, and waitlist notifications. You can unsubscribe anytime.</li>
<li><strong>Security:</strong> Detect abuse, enforce rate limits, prevent unauthorized access.</li>
<li><strong>Improvement:</strong> Aggregate, anonymized usage patterns to improve the product. Never individual content.</li>
</ul>
</section>
<section>
<h2>5. Data Sharing</h2>
<p>We do not sell, rent, or trade your personal information. We share data only with:</p>
<ul>
<li><strong>Stripe</strong> — for payment processing (PCI DSS Level 1 compliant)</li>
<li><strong>Brevo (Sendinblue SAS)</strong> — for transactional emails (waitlist confirmation, product updates). Your email address is shared with Brevo solely to deliver these messages. Brevo acts as a data processor under GDPR and stores data in the EU. <a href="https://www.brevo.com/legal/privacypolicy/">Brevo Privacy Policy</a></li>
<li><strong>LLM providers</strong> (OpenAI, Anthropic) — text snippets for AI processing, under no-training data agreements</li>
<li><strong>Cloud infrastructure</strong> (hosting provider) — encrypted data only for cloud backup/sync features</li>
<li><strong>Law enforcement</strong> — only when required by law, and limited to data we actually possess (account info, not your local content)</li>
</ul>
</section>
<section>
<h2>6. Your Rights (GDPR)</h2>
<p>As an EU-based service, we respect the rights granted by the General Data Protection Regulation (GDPR) and equivalent UK/Swiss legislation:</p>
<ul>
<li><strong>Access:</strong> Request a copy of any personal data we hold about you.</li>
<li><strong>Rectification:</strong> Correct inaccurate personal data.</li>
<li><strong>Erasure:</strong> Request deletion of your account and all associated data from our servers.</li>
<li><strong>Portability:</strong> Export your data in a machine-readable format.</li>
<li><strong>Restriction:</strong> Request we limit processing of your data.</li>
<li><strong>Objection:</strong> Object to processing based on legitimate interest.</li>
<li><strong>Withdraw consent:</strong> Where processing is based on consent, withdraw it at any time.</li>
</ul>
<p>For local data: since it's stored on your device, you have full control already — you can view, export, or delete it at any time without contacting us.</p>
<p>To exercise your rights for server-side data, email <a href="mailto:privacy@adiuvai.com">privacy@adiuvai.com</a>. We respond within 30 days.</p>
</section>
<section>
<h2>7. Data Retention</h2>
<ul>
<li><strong>Account data:</strong> Retained while your account is active. Deleted within 30 days of account deletion request.</li>
<li><strong>Encrypted backups:</strong> Deleted within 30 days of account deletion, or on your request.</li>
<li><strong>Waitlist (confirmed):</strong> Retained until beta launch, then migrated to account data or deleted on request. Every email includes an unsubscribe link that immediately anonymizes your data.</li>
<li><strong>Waitlist (unconfirmed):</strong> Automatically anonymized after 48 hours. The anonymized record (signup date, source) is retained for aggregate analytics but contains no personal data.</li>
<li><strong>Server logs:</strong> Retained for 90 days, then purged.</li>
<li><strong>Local data:</strong> Under your control — persists until you delete it or uninstall the app.</li>
</ul>
</section>
<section>
<h2>8. Security</h2>
<p>We implement appropriate technical and organizational measures to protect your data:</p>
<ul>
<li>End-to-end encryption (AES-256) for all cloud-stored content</li>
<li>Device-bound encryption keys via OS-level secure storage (Electron safeStorage)</li>
<li>bcrypt for password hashing, SHA-256 for refresh token storage</li>
<li>Rate limiting and abuse detection on all API endpoints</li>
<li>JWT-based authentication with short-lived access tokens</li>
<li>Regular security reviews of the codebase</li>
</ul>
</section>
<section>
<h2>9. Children's Privacy</h2>
<p>adiuvAI is not intended for use by anyone under the age of 16. We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.</p>
</section>
<section>
<h2>10. Third-Party Integrations</h2>
<p>adiuvAI integrates with third-party services at your direction:</p>
<ul>
<li><strong>Gmail / Google Workspace:</strong> OAuth 2.0 access. Email content is fetched and processed locally. We request read-only scopes.</li>
<li><strong>Microsoft Outlook / Teams:</strong> OAuth 2.0 access. Same local-only processing model.</li>
<li><strong>Telegram Bot:</strong> Messages you send to the adiuvAI bot are processed to execute commands (check tasks, get brief, add notes). We do not store Telegram message history on our servers.</li>
</ul>
<p>Each integration can be disconnected at any time from within the app, which revokes our access.</p>
</section>
<section>
<h2>11. International Transfers</h2>
<p>Account data may be processed in the EU. If data is transferred outside the EEA, we ensure adequate safeguards are in place (Standard Contractual Clauses or adequacy decisions) in compliance with GDPR Chapter V.</p>
</section>
<section>
<h2>12. Changes to This Policy</h2>
<p>We may update this Privacy Policy from time to time. Material changes will be communicated via email (for registered users) or a prominent notice on our website. The "Last updated" date at the top reflects the most recent revision.</p>
</section>
<section>
<h2>13. Contact</h2>
<p>For any privacy-related questions, concerns, or requests:</p>
<p>
<strong>Email:</strong> <a href="mailto:privacy@adiuvai.com">privacy@adiuvai.com</a><br>
<strong>Data Controller:</strong> Roberto Musso, adiuvAI<br>
<strong>Location:</strong> European Union
</p>
<p>You also have the right to lodge a complaint with your local data protection authority.</p>
</section>
</main>
<footer>
<div class="footer-logo">
<svg viewBox="0 0 64 64" fill="none" aria-hidden="true">
<path d="M32,4 L48,32 L16,32 Z" fill="#fbc881"/>
<path d="M16,32 L48,32 L32,60 Z" fill="currentColor"/>
</svg>
adiuv<span class="ai">AI</span>
</div>
<p class="legal">
&copy; 2026 adiuvAI. All rights reserved.
&nbsp;&middot;&nbsp;
<a href="./privacy.html" aria-current="page">Privacy</a>
&nbsp;&middot;&nbsp;
<a href="./terms.html">Terms</a>
</p>
</footer>
<script defer src='https://static.cloudflareinsights.com/beacon.min.js' data-cf-beacon='{"token": "33a52748219640618115655d931ddb87"}'></script>
</body>
</html>
Reference in New Issue View Git Blame Copy Permalink