Privacy Policy

This Privacy Policy explains how AIBA Technologies ("AIBA," "we," "us," or "our") collects, uses, discloses, and safeguards information when you use the AIBA mobile application (bundle ID: com.aibatech.aiba), related websites, and services (collectively, the "Service").

1. Introduction & Scope

This policy applies to the AIBA app, including AI personal assistant features, bodycam video recording, device connectivity, and subscription services. By using the Service, you agree to the practices described here. If you do not agree, please delete your account and cease use.

2. Information We Collect

We collect the following categories of data when you use the Service:

• Account & Authentication: Email address, hashed password, authentication tokens, subscription tier, and account status.
• User Content & Memories: Conversations, prompts, responses, AI agent configurations, notes, bodycam videos, audio clips, QR scan results, and conversation history (including memory and context).
• Voice & Audio: Audio input for voice commands, speech recognition, and bodycam footage; we store transcripts and audio/video you choose to save.
• Payment: Limited billing metadata from Stripe (e.g., customer ID, subscription plan, payment status). Full payment details are handled directly by Stripe and are not stored by AIBA.
• Device & Usage: Device identifiers (e.g., model, OS version), app version, IP address, device language, crash reports, performance data, interaction events, and background activity related to Bluetooth, audio, fetch, and remote notifications.
• Support & Communications: Messages and attachments you send to us.

3. Device Permissions & Specific Uses

• Camera: Capture bodycam video and scan QR codes. Video is stored only when you save or back it up; QR results are processed to deliver requested actions.
• Microphone: Voice commands, audio recording, and bodycam footage. Audio is processed for commands and transcribed for conversation memory; recordings are stored only when you save or back them up.
• Photo Library: Upload profile photos and media you choose to add to conversations or agents.
• Location (When In Use): Tag device location for tracking assistance and device markers; location is not stored continuously and is retained only with related activity you save.
• Bluetooth: Connect to AIBA Earbuds and supported devices; we store pairing state and device identifiers needed for connectivity.
• Speech Recognition: Process voice commands and dictation. Transcripts are stored as part of conversation history; raw audio is not retained unless you save a recording.
• Local Network: Discover and connect to supported devices on your network; network identifiers are used only for discovery and are not retained beyond the session.
• Push Notifications: Provide alerts and updates; we store a push token to deliver messages.
• Background Modes (Bluetooth, audio, fetch, remote notifications): Maintain device connections, audio interactions, periodic updates, and timely notifications.

4. How We Use Information

• Provide AI assistant features, conversation memory, and custom agent workflows.
• Enable bodycam recording, device discovery, and Bluetooth connections.
• Authenticate accounts, manage subscriptions, and process payments.
• Store and sync conversation history and backups according to your subscription tier.
• Improve performance, safety, and reliability; detect and prevent fraud or abuse.
• Comply with legal obligations and enforce our Terms.

5. AI Processing & Model Providers

We route conversation content to AI models to generate responses. You can select which provider is used. When an external API key is provided by you, that provider will receive your content under its own terms.

• Providers: OpenAI (GPT), Anthropic (Claude), and Google (Gemini).
• Purpose: Process your prompts, conversation history, and agent instructions to return answers or actions.
• Data Sent: Text transcripts, metadata needed for context, and any files or media you choose to include for processing.
• Controls: You may change or disable providers in settings and may delete associated content from your account at any time.
• Provider Policies: Use of your data by providers is governed by their privacy policies and terms. Review OpenAI, Anthropic, and Google AI policies for retention and training practices.

6. Cloud Backup & Retention by Tier

• Free: Backups retained for 3 days.
• Pro: Backups retained for 30 days.
• Premium: Backups retained for 180 days.

Backups include conversation history, memories, and any media you choose to sync. You may delete backups at any time in settings; deletion cascades to cloud storage within the applicable retention window.

7. Security & Encryption

• End-to-End Protection for Personal Data and Memories: Personal memories and conversation backups are encrypted in transit (TLS) and encrypted at rest; encryption keys are tied to your authenticated account and are not shared with third parties.
• Access Controls: Role-based access for staff, logging, and least-privilege permissions.
• Payment Security: Payments are processed by Stripe; we do not store full payment details.
• Device Security: You control device-level protections (screen lock, biometrics); stored media and transcripts follow your device's security posture.

8. Sharing & Disclosure

• AI Providers: Conversation content is shared with your selected AI provider solely to fulfill your requests.
• Service Providers: Cloud hosting and storage, analytics, crash reporting, Expo/EAS for app delivery, Stripe for payments, email and support tools.
• Bluetooth/Device Partners: Connection data shared locally to pair with AIBA Earbuds and compatible devices.
• Legal & Safety: Disclosure where required by law, valid legal process, or to protect the safety, rights, and property of users or AIBA.
• No Sale or Advertising Tracking: We do not sell personal data and do not use third-party advertising SDKs for cross-app tracking.

9. Voice, Audio, and Speech Data

• Voice commands are processed to create text transcripts; transcripts are stored with your conversation history.
• Raw audio for commands is processed in real time and is not retained unless you save a recording or bodycam video.
• Audio and video you save are included in backups per your subscription tier and are encrypted in transit and at rest.

10. Bluetooth, Local Network, and Device Discovery

• We use Bluetooth to pair and maintain connections with AIBA Earbuds and other supported devices.
• We use the local network to discover and connect to supported devices on the same network.
• Identifiers used for pairing or discovery are handled locally and retained only as needed to maintain the connection.

11. Location Data

• Used when in use to tag device locations for tracking assistance and to annotate activity.
• Location is not continuously tracked in the background for advertising or profiling.
• Location entries you save follow the same retention rules as related content and backups.

12. Data Retention & Deletion

• Account data and conversation history are retained while your account is active.
• Backups are retained according to the tier in Section 6 and deleted upon your request or account deletion.
• Logs and diagnostics are retained for a limited period for security and troubleshooting before deletion or aggregation.
• You can delete conversations, agents, backups, and media within the app; you can request full account deletion at connect@aibatech.com.

13. Your Rights & Controls

• Access, correct, delete, or export your data.
• Change AI provider selection and revoke external API keys.
• Withdraw consent for permissions (camera, microphone, photos, location, Bluetooth, speech recognition, local network, notifications) via device settings.
• Opt out of marketing communications from us (if offered) via email preferences.

To exercise rights, use in-app controls or contact connect@aibatech.com. We may verify your identity before fulfilling requests.

14. CCPA/CPRA (California)

• We do not sell or share personal information for cross-context behavioral advertising.
• California residents can request access, correction, deletion, and information about how we collect, use, and disclose personal information.
• We honor authorized agent requests consistent with California law.

15. GDPR/UK GDPR (EEA & UK)

• Controller: AIBA Technologies.
• Legal Bases: Contract (to provide the Service), consent (optional features/permissions), legitimate interests (security, improvement), and legal obligations.
• EEA/UK users have rights to access, rectification, erasure, restriction, objection, and data portability.
• Where processing relies on consent, you may withdraw consent at any time in-app or via device settings.

16. App Tracking Transparency

• We do not track you across apps or websites for advertising and do not link data with third-party data for ad targeting.
• If future tracking is introduced, we will request permission via Apple's App Tracking Transparency prompt and update this policy.

17. Children's Privacy

The Service is not directed to children under 13, and we do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided information, contact us to delete it.

18. International Data Transfers

Information may be processed in the United States or other countries where we or our service providers operate. When applicable, we use appropriate safeguards such as standard contractual clauses.

19. Changes to This Policy

We may update this policy to reflect changes to the Service or legal requirements. Material changes will be communicated in-app or on our website. Continued use after changes means you accept the updated policy.

20. Contact Us

If you have questions or requests, contact AIBA Technologies at connect@aibatech.com.