Privacy Policy
AIMO Data Platform Effective date: 19 May 2026 Version: 1.0
Version 1.0 · Effective 19 May 2026. Permalink to this version · Current version · Change log
1. Introduction
This Privacy Policy explains how Motify Data Mining (Business ID: 1507487-0), operating as AIMO ("AIMO", "we", "us", or "our"), processes the personal data of individuals who visit our website at aimodata.ai, register a business account, or use our data monitoring platform.
This policy covers personal data we process about you as a user, contact, or website visitor — not the data inside your databases. How AIMO handles data from your databases is governed by our Data Processing Agreement.
We process personal data in accordance with Regulation (EU) 2016/679 (GDPR), the Finnish Data Protection Act (1050/2018), and other applicable Finnish and EU legislation.
AIMO is a business-to-business service. Personal data processed under this policy typically belongs to employees, contractors, or other authorised users of our business customers, or to individuals who contact us in a business capacity.
2. Data Controller
The data controller for the personal data described in this policy is:
Motify Data Mining
Business ID: 1507487-0
Email: info@aimodata.ai
Website: aimodata.ai
3. Personal Data We Collect
3.1 Account and contact data
When you register for AIMO or contact us, we collect:
- Name and business email address
- Company information
- Passkey credential identifiers (public key identifiers only; no passwords are stored)
- Account role and permission settings (Admin or Viewer)
3.2 Billing and payment data
When you subscribe to a paid plan, we collect:
- Billing contact name and email
- Company name and billing address
- VAT identification number (where applicable)
- Payment method details — these are handled directly by our payment processor; AIMO does not store full card numbers
3.3 Usage and technical data
When you use the Platform, we automatically collect:
- Log data: IP address, browser type, device type, pages visited, timestamps
- Feature usage: which monitors you configure, alert destinations you set up, AI features you invoke
- Agent telemetry: agent version, connection status, job execution counts (no database content)
- Session identifiers and authentication tokens
3.4 Communications data
When you contact us by email or through the contact form, we collect:
- Email address and the content of your message
- Any attachments or information you voluntarily provide
3.5 Data we do not collect
We do not collect, store, or process:
- Raw rows or field values from your Customer Data Sources
- Passwords (we use passkeys exclusively)
- Information about individuals who are data subjects in your databases (that relationship is governed by the DPA)
4. How We Use Personal Data
| Purpose | Legal basis |
|---|---|
| Providing and operating the Platform (account management, authentication, agent coordination) | Contract performance (Art. 6(1)(b) GDPR) |
| Processing payments and issuing invoices | Contract performance; legal obligation |
| Sending transactional messages (account alerts, invoice emails, service status notifications) | Contract performance |
| Sending product updates and newsletters | Legitimate interest or consent (where required) |
| Preventing fraud, abuse, and security incidents | Legitimate interest |
| Complying with legal obligations (e.g. tax record-keeping, responding to lawful requests) | Legal obligation (Art. 6(1)(c) GDPR) |
| Responding to enquiries and support requests | Contract performance or legitimate interest |
5. Marketing Communications
5.1 We may send you product news, feature updates, and occasional marketing emails if you are an existing customer (legitimate interest basis) or if you have opted in.
5.2 You may unsubscribe from marketing emails at any time by clicking the unsubscribe link in any such email or by emailing info@aimodata.ai. Unsubscribing from marketing does not affect transactional communications related to your account.
6. Data Retention
| Category | Retention period |
|---|---|
| Active account data | Duration of account plus 12 months after account closure |
| Billing and invoicing records | 7 years (Finnish Accounting Act / kirjanpitolaki 1336/1997) |
| Enterprise customer contact data | Up to 6 years after the last financial year in which the business relationship was active, for tax record-keeping purposes |
| Support and communications records | 3 years after the last interaction |
| Usage logs and telemetry | 12 months rolling |
| Processed Data (monitor results, schema metadata) | Deleted within 60 days of account termination |
| Encrypted backup snapshots | Personal data may persist in encrypted backups for up to 35 days after deletion from primary systems, after which backups are overwritten in the ordinary rotation |
Where we are required by law to retain data for a specified period, we will retain it for that period and no longer.
7. Sharing Personal Data
We share personal data only as described below. We do not sell personal data.
7.1 Service providers (sub-processors)
We engage the following categories of sub-processors:
- Cloud infrastructure: UpCloud Oy (Finland, EEA) — hosting, storage, compute
- Payment processing, billing, and tax: [Payment / billing / tax services provider — vendor selection pending. The selected vendor will be EEA-resident and personal data will be processed within the EEA.]
- Email delivery: Lettermint (EEA) — transactional and marketing email
A complete, current sub-processor list is maintained in our Data Processing Agreement, Section 6 and is updated with 30 days' notice of any changes.
7.2 AI feature providers
When you use AI-assisted Monitor suggestion features, schema metadata (table names, column names, data types, profiling statistics) is transmitted to Mistral AI SAS (France, EEA) via the La Plateforme (API) tier. Under that tier's terms, inputs and outputs are not used to train Mistral's models. This processing is described in our Terms of Service Section 8 and in the DPA.
7.3 Legal requirements
We may disclose personal data if required to do so by law, court order, or other legal process, or to protect the rights, property, or safety of AIMO, our customers, or others.
7.4 Business transfers
In the event of a merger, acquisition, or sale of all or substantially all of our assets, personal data may be transferred to the successor entity. We will provide at least thirty (30) days' advance notice of any such transfer by email to registered users, giving you an opportunity to object or terminate your account before the transfer takes effect.
8. International Data Transfers
8.1 AIMO is based in Finland. Personal data is stored and processed in the European Economic Area (EEA). We do not transfer personal data to countries outside the EEA. This applies to all sub-processors listed in Section 7.1 above — we select sub-processors that operate within the EEA, and we will not engage a sub-processor that would require personal data to leave the EEA.
8.2 If you have questions about where we process personal data, contact us at info@aimodata.ai.
9. Your Rights
As a data subject under GDPR, you have the following rights:
| Right | Description |
|---|---|
| Access | Request a copy of the personal data we hold about you |
| Rectification | Ask us to correct inaccurate or incomplete data |
| Erasure | Ask us to delete your personal data (subject to legal retention requirements) |
| Restriction | Ask us to restrict processing in certain circumstances |
| Portability | Receive your personal data in a structured, machine-readable format |
| Objection | Object to processing based on legitimate interest, including for direct marketing |
| Withdraw consent | Where processing is based on consent, withdraw it at any time without affecting prior processing |
To exercise any right, contact us at info@aimodata.ai. We will respond within one (1) month. We may ask you to verify your identity before fulfilling a request.
If you believe we have not handled your personal data correctly, you have the right to lodge a complaint with a data protection supervisory authority. You may complain to the Finnish Data Protection Ombudsman (Tietosuojavaltuutettu): tietosuoja.fi, P.O. Box 800, FI-00521 Helsinki. EU residents may also lodge a complaint with the supervisory authority of the Member State of their habitual residence, place of work, or place of the alleged infringement.
10. Cookies and Tracking
10.1 What we use cookies for
Our marketing website (aimodata.ai) and Platform dashboard use cookies and similar technologies only where strictly necessary for:
- Session management and authentication: to keep you signed in to the Platform and to enforce account-scoped access
- Security: to detect and prevent abuse (e.g. CSRF tokens)
We do not use cookies for usage analytics, advertising, or cross-site tracking. We do not embed third-party tracking scripts on our marketing website.
10.2 Managing cookies
You can restrict or delete cookies through your browser settings. Blocking strictly necessary cookies may prevent sign-in or other core features from working.
11. Security
We implement appropriate technical and organisational measures to protect personal data against unauthorised access, loss, or disclosure, including:
- TLS encryption for all data in transit
- AES-GCM encryption for credentials at rest
- Passkey-based authentication (no password database to breach)
- Access controls and least-privilege principles
- Regular security reviews
Details of our security architecture are published at aimodata.ai/docs/security.
12. Children's Privacy
AIMO is a business-to-business service and is not directed at children under 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.
13. Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be communicated by email to registered users at least thirty (30) days before taking effect, or by a prominent notice on our website. The effective date at the top of this document reflects the most recent revision. Historical versions are listed in the change log and each version has a stable permalink.
14. Contact
For any questions about this Privacy Policy or to exercise your rights:
Privacy contact: info@aimodata.ai
Security reports: security@aimodata.ai
Postal address: Motify Data Mining, Finland
Version 1.0 · Effective 19 May 2026 · Permalink · Change log
This Privacy Policy is written in English. In the event of any conflict with a translated version, the English version prevails.