Privacy Policy

Overview

This Privacy Policy explains how Aissista collects, uses, discloses, and safeguards personal information across its websites, applications, browser extensions, APIs, and related services (the “Service”).

By accessing or using the Service, consent is provided to the data practices described in this Policy, subject to additional notices within specific features or jurisdictions.

Controller and contact

Controller: Aissista, 1010 saint paul st Baltimore MD 21202, United States. Contact: [email protected] (privacy requests), [email protected] (legal notices), [email protected].

Scope

This Policy applies to information processed by Aissista in connection with operation of the Service, including the Chrome extension, web properties, integrations, and referral features. Separate terms may apply for enterprise Data Processing Addenda (DPA), service‑specific notices, and Chrome Web Store disclosures; in case of conflict, the more specific notice governs.

Information collected

• Account and profile: name, email, password hashes, profile/organization details, plan type, preferences, locale, and time zone.

• Transaction and billing: plan selection, invoices, billing address, partial payment details via processors; full card numbers are not stored by Aissista systems.

• Service usage: device data, browser type, OS, IP address, timestamps, log files, feature interactions, crash diagnostics, performance telemetry, and limited pseudonymous identifiers.

• Content data: text inputs (prompts, documents), files provided to features (e.g., templates), and AI‑generated outputs, as required to provide functionality and improve safety.

• Cookies and similar tech: session cookies, authentication tokens, analytics tags, referral parameters, and consent signals (e.g., Global Privacy Control), plus local storage in the extension.

• Referral/attribution: referral link identifiers, cookies or query parameters, install events (e.g., extension install), campaign codes, and anti‑fraud signals for points validation.

• Support and communications: messages to support, email preferences, feedback, and survey responses; may include metadata like date, channel, and response logs.

Sources of data

Information is collected directly (account creation, content inputs), automatically (via the Service and extension), and from third parties (identity providers, analytics, payment processors, or authorized integrations). Where integrations are enabled, additional data may be processed subject to the integration’s permissions and terms.

Purposes of processing

• Provide and operate the Service: authentication, account administration, content processing, outputs generation, and feature delivery across web and extension surfaces.

• Improve, research, and secure: model and product quality, usability, safety systems, troubleshooting, analytics, and abuse prevention consistent with user settings and law.

• Communicate and support: transactional emails (e.g., security, billing, updates), support responses, and—with required consent—product news and marketing.

• Compliance and protection: detect, prevent, and respond to fraud, misuse, legal requests, and to enforce agreements and policies.

Model training and privacy choices

Aissista may use de‑identified content and telemetry to enhance product features, safety, and reliability, applying data minimization and access controls.

Business or enterprise plans may offer contractual restrictions or opt‑outs from training on Customer Content, as specified in the applicable agreement or admin settings.

Chrome extension data and permissions

To comply with Chrome Web Store policies and U.S. privacy expectations, the extension uses narrowly scoped permissions with user‑initiated activation and minimal data handling:

• activeTab: Enables on‑page assistance only when activated (e.g., clicking the extension or permitted shortcut) on the current tab; no background scraping or persistent monitoring.

• storage: Saves preferences, onboarding state, and lightweight usage settings in browser storage; does not store full document content by default; user‑initiated deletion is available.

• identity (where used): Supports secure sign‑in (e.g., OAuth) to associate extension usage with the Aissista account; only basic profile identifiers are requested for authentication.

• host permissions: Injects content scripts on specified domains (e.g., common editors) solely to provide inline suggestions and UI where text is actively edited; match patterns are minimized.

Google API/Chrome policies

Where Google APIs or Chrome identity are used, data access is limited to providing the Service, not transferred to external parties except as necessary for that purpose, and not used for advertising or sold.

The extension’s data practices adhere to Chrome’s Limited Use policies, with transparent disclosures in the store listing and in‑product settings.

Legal bases for processing (GDPR/UK GDPR)

Where applicable, processing relies on:

• Contract necessity for core services (account, authentication, features).

• Legitimate interests in improving and securing the Service, balanced against user rights.

• Consent for certain analytics, cookies, advertising, and marketing communications.

• Legal obligations including bookkeeping, tax compliance, security, and law enforcement requests.

Sharing and disclosure

• Service providers: hosting, storage, AI inference, analytics, email delivery, fraud detection, and payment processing, bound by confidentiality and appropriate data protection terms.

• Enterprise/team administrators: workspace metadata and usage details may be visible to admins per configuration and applicable agreements.

• Legal and safety: disclosures as required by law, regulation, subpoena, or to protect rights, safety, or property, including preventing fraud or abuse.

• Business transfers: personal information may be transferred as part of a merger, acquisition, financing, or sale of assets, subject to this Policy or successor safeguards.

International transfers

Data may be processed in the U.S. and other countries with different privacy laws; appropriate safeguards are used (e.g., Standard Contractual Clauses or equivalent mechanisms).

Additional technical and organizational measures include encryption in transit and at rest, access controls, and data minimization.

Retention

Data is retained only as long as necessary for the stated purposes, legal obligations, dispute resolution, and enforcement of agreements, varying by data type and jurisdiction. Upon account closure or deletion request, personal information is deleted or anonymized within a reasonable period, subject to legal retention requirements and backup cycles.

Security

Aissista employs administrative, technical, and physical safeguards, including encryption in transit, key management, role‑based access controls, and logging aligned to least‑privilege principles. No method is completely secure; strong passwords, multi‑factor authentication (if available), and limiting sensitive content in inputs are recommended.

Children’s privacy

The Service is not directed to children under 13, and personal information from children is not knowingly collected; if discovered, such data will be deleted and related accounts disabled. Where a higher local age applies, parental consent is required consistent with applicable law.

Cookies and tracking

• Essential: required for authentication, security, and core functionality and cannot be disabled without impairing the Service.

• Analytics: measure feature usage and performance; typically aggregated or pseudonymous; consent may be required in some regions.

• Advertising/retargeting: used only where permitted by law and configured; opt‑out or consent withdrawal is honored via settings or banners. Cookie preferences can be managed via consent banners, browser controls, and in‑product settings; disabling certain cookies may affect functionality.

Do Not Track and GPC

Global Privacy Control (GPC) and similar legally recognized opt‑out signals are honored where required; this may limit advertising or analytics personalization. Standard “Do Not Track” browser signals that are not legally standardized may not be acted upon beyond existing settings and choices.

Referral program privacy

Referral participation processes referral identifiers, cookies, attribution parameters, install/activation events, and anti‑fraud signals to validate points and unlock Free Limit. Self‑referrals, duplicate accounts, and deceptive practices may result in investigation and reversal of points for abuse prevention.

Sale/share of data and targeted advertising (U.S. state laws)

Aissista does not sell personal information as defined by California CPRA or “share” it for cross‑context behavioral advertising; where targeted advertising partners are used, opt‑out mechanisms are provided as required.

Residents of applicable states (e.g., CA, VA, CO, CT, UT) may exercise rights to opt out of targeted advertising or certain profiling using provided controls.

State and regional rights

• EEA/UK: Rights include access, correction, deletion, restriction, portability, and objection; a supervisory authority complaint may be filed if concerns are unresolved.

• California (CPRA): Rights include access, deletion, correction, portability, and opt‑out of sale/sharing and certain profiling; non‑discrimination is honored for exercising rights.

• Virginia/Colorado/Connecticut/Utah and similar laws: Rights include access, deletion, correction, portability, and opt‑out of targeted advertising and certain profiling.

Exercising rights and verification

Submit requests to [email protected] with sufficient information to verify identity and the relationship to the account; in some cases, additional verification or authorized agent documentation is required.

A response will be provided within the timeframe required by applicable law (typically 30–45 days), with an appeal mechanism offered where state law mandates it (e.g., written appeal within 30 days of denial).

Data minimization and deletion options

In‑product controls allow updating preferences, managing cookies, deleting content, or deleting the account; deletion may be delayed by backups and legal retention duties.

Enterprise admins may manage workspace data and retention in accordance with contracts and policy settings.

Third‑party links and integrations

External sites and services have independent privacy practices; review their policies before sharing data or enabling integrations.

Data exchanged with integrations is governed by the integration’s terms and the permissions granted.

Changes to this policy

This Policy may be updated periodically; material changes will be communicated via the Service or email, and the “Last Updated” date will be revised. Continued use after the effective date signifies acknowledgment of the updated Policy.

Contact and complaints

Privacy inquiries and data subject requests: [email protected]; legal notices: [email protected]; mailing: Aissista, 1010 saint paul st Baltimore MD 21202, USA.

EEA/UK users may contact the relevant supervisory authority; U.S. state residents may contact their Attorney General if rights requests are denied after appeal.

Region‑specific addendum

• EEA/UK representative and DPO: If appointed, contact details will be provided here; Standard Contractual Clauses govern transfers where applicable.

• California metrics: Where required, annual reporting on access, deletion, and opt‑out request metrics will be published or provided upon request.

Chrome extension privacy summary

• Data access is user‑initiated and limited to the active page where assistance is requested.

• No collection of full browsing history or background content outside the active, permitted page.

• No sale of extension data; no use for unrelated advertising; only Service‑related processing.

• Users can clear local storage and disconnect accounts via the extension or web settings.

Effective date

Effective Date: Sep 15, 2015

Last Updated: Sep 15, 2015