Privacy Policy

1. Who we are

This Privacy Policy describes how AIPU LLC ("AIPU", "we", "us", "our") collects, uses, and shares information when you use aipuapp.com and our AI dashboard service (collectively, the "Service"). AIPU LLC is the data controller of personal data processed about you in connection with the Service.

Address: 1207 Delaware Ave, #4001, Wilmington, DE 19806, USA. Privacy contact: privacy@aipuapp.com · DPO: dpo@aipuapp.com · General support: support@aipuapp.com.

2. What we collect

We collect the following categories of information:

Information you give us

• Account information: name, email address, password (stored hashed), country, plan selected.
• Payment information: billing name, billing country, last 4 digits of your card, card brand, transaction ID. Full card numbers are processed and stored by Stripe, our PCI-DSS Level 1 certified payment processor; we never see or store your full card number.
• Inputs: prompts, brand assets, voice samples, photos, videos, documents and any other content you upload to the Service to generate Outputs (with models such as SeeDance 2.0, ChatGPT Images 2.0, Veo 3.1, Sora 2, Suno v4, ElevenLabs v3 and others).
• Outputs: the videos, images, audio, music and text generated by the Service in response to your Inputs.
• Support communication: messages you send to support, including any attachments.

Information we collect automatically

• Device & usage data: IP address, browser type and version, operating system, device identifiers, language, time zone, pages viewed, features used, model usage volume, error logs, generation timing.
• Cookies and similar technologies: see Cookies & analytics.

Information from third parties

• Payment confirmations from Stripe (e.g. successful charge, refund, dispute).
• Identity verification data from Stripe Radar where used to detect fraud.

3. How we use it

We use personal data to:

• Provide, operate, secure and improve the Service.
• Authenticate you, route your prompts to the right model, and return generated Outputs to your account.
• Take payment, prevent fraud, and process refunds.
• Provide customer support and respond to your requests.
• Send you transactional emails (receipts, security alerts, password resets, important service updates).
• Send marketing emails — only with your consent or as permitted by law. You can unsubscribe at any time.
• Monitor abuse, enforce our Terms of Service and Acceptable Use Policy, and comply with our legal obligations.
• Aggregate and de-identify data for analytics, capacity planning, and product research.

4. Legal basis (GDPR)

If you are in the European Economic Area, the United Kingdom or Switzerland, we rely on the following lawful bases under the GDPR / UK GDPR:

• Contract: to provide the Service and take payment.
• Legitimate interests: to secure the Service, prevent fraud, monitor abuse, improve the product, and send transactional communications.
• Consent: for non-essential cookies, marketing emails, and any other use where consent is required.
• Legal obligation: to comply with tax, accounting, anti-money-laundering and other legal requirements.

5. Who we share data with

We share personal data only with the following categories of recipients:

• Third-Party AI Providers (e.g. OpenAI, Anthropic, Google, ByteDance / SeeDance, Black Forest Labs, ElevenLabs, Suno, Runway, Higgsfield, HeyGen): we send your prompts and required Inputs to the model you select so it can generate the Output. Each provider operates under its own privacy policy and contractual data-protection terms. Where supported, we forward "do not train" headers to opt your data out of model training.
• Payment processors: Stripe Inc. for card processing; PayPal Inc. (lifetime plans only). Their privacy policies apply to their processing.
• Hosting & infrastructure providers: our cloud hosts and CDN partners (e.g. AWS, Cloudflare) process data on our behalf under data-processing agreements.
• Email & customer-support tools for sending transactional & marketing emails and managing support tickets.
• Analytics providers (where used) — see Cookies & analytics.
• Professional advisors (lawyers, accountants, auditors) under duties of confidentiality.
• Authorities when required by valid legal process or to protect rights, safety or property.
• Successors in connection with a merger, acquisition or sale of assets, subject to confidentiality.

6. Cookies & analytics

We use cookies and similar technologies for:

• Strictly necessary — to authenticate you, remember your plan selection, and run the Service. These cannot be turned off.
• Performance & analytics — to understand how the Service is used and to improve it. We use privacy-respecting analytics (e.g. server-side or first-party analytics) where possible.
• Marketing — to measure ad effectiveness on platforms you may have arrived from. See Advertising platforms. We will only set non-essential cookies if you consent.

You can control cookies via your browser settings. Blocking strictly-necessary cookies will prevent the Service from working.

7. Advertising platforms (Meta, TikTok, Google)

We may advertise the Service on third-party platforms including Meta (Facebook, Instagram), TikTok, Google, YouTube and others. When you arrive at our site from one of these ads, we may share a hashed identifier (such as a hashed email or IP address) and event data (such as a page view, lead, or purchase) with the originating platform to measure ad performance and optimise our campaigns. This is done via each platform's official measurement tools (e.g. the Meta Pixel and Conversions API, TikTok Pixel, Google Ads tag).

You can opt out of personalised advertising via the platform-level settings: Meta ad preferences, Google ad settings, TikTok personalised ads. You can also opt out of many cross-context advertising programs at aboutads.info/choices (US) or youronlinechoices.eu (EU).

AIPU is not affiliated with, endorsed by, sponsored by or administered by Meta Platforms Inc., Google LLC, ByteDance Ltd. or any other advertising platform.

8. Retention

• Account data: for as long as your account is active and for up to 24 months after closure for fraud-prevention and legal-claim defense.
• Inputs & Outputs: stored in your account until you delete them or close your account. After account closure, generations are deleted within 30 days unless we are legally required to retain them.
• Payment records: retained for at least 7 years to comply with tax and accounting law.
• Support tickets: retained for up to 36 months.

9. Security

We use industry-standard technical and organisational measures to protect personal data, including encryption in transit (TLS 1.2+), encryption at rest, role-based access controls, audit logging, secret management, and SOC 2-aligned operational controls. No system is 100% secure; if we discover a personal-data breach affecting you, we will notify you and the relevant authorities as required by law.

10. Your rights

Depending on where you live, you may have the following rights:

• Access — get a copy of the personal data we hold about you.
• Rectification — correct inaccurate data.
• Deletion / erasure — ask us to delete your data ("right to be forgotten").
• Restriction — ask us to limit how we process your data.
• Portability — receive your data in a structured, machine-readable format.
• Objection — object to processing based on legitimate interests, including profiling and direct marketing.
• Withdraw consent — at any time, where we rely on consent.
• Lodge a complaint — with your local data-protection authority. EU residents may also contact the European Data Protection Board.

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) / California Privacy Rights Act (CPRA), including the right to know what personal information we collect and disclose, the right to delete, the right to correct, and the right to opt out of "sale" or "sharing" of personal information. AIPU does not sell personal information for money as that term is commonly understood. To the extent any of our advertising-pixel use constitutes "sharing" under California law, you can opt out by emailing privacy@aipuapp.com with "Do Not Share My Information" in the subject line, or by enabling Global Privacy Control in your browser.

To exercise any of these rights, email privacy@aipuapp.com. We will respond within 30 days (or sooner where required by law).

11. International transfers

AIPU is operated from the United States. If you access the Service from outside the United States, your personal data will be transferred to, stored in, and processed in the United States and other countries where we or our service providers operate. Where data is transferred from the European Economic Area, United Kingdom or Switzerland, we rely on appropriate safeguards including the European Commission's Standard Contractual Clauses (SCCs) and the UK International Data Transfer Addendum.

12. Children

The Service is not directed to children under 18. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, contact us at privacy@aipuapp.com and we will delete it.

13. Changes to this Privacy Policy

We may update this Privacy Policy from time to time. If we make material changes we will notify you via email or in-product notice at least 14 days in advance. The "Last updated" date at the top of this page reflects the most recent version.

14. Contact & Data Protection Officer

For privacy questions, data-subject requests, or to contact our Data Protection Officer:

AIPU LLC
Attn: Data Protection Officer
1207 Delaware Ave, #4001
Wilmington, DE 19806, USA
DPO: dpo@aipuapp.com · General privacy: privacy@aipuapp.com · General support: support@aipuapp.com