Privacy Policy

Last Updated: December 17, 2025

1. Introduction

AECOS Insights ("we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered document management service.

2. Information We Collect

2.1 Information You Provide

  • Account Information: Name, email address, password (encrypted)
  • Profile Information: Avatar, display name, organization details
  • Documents: Files you upload (PDFs, Word, Excel, PowerPoint)
  • Chat Messages: Questions and interactions with the AI
  • Payment Information: Processed securely by Razorpay (we do not store card details)

2.2 Automatically Collected Information

  • Usage Data: Pages visited, features used, time spent
  • Device Information: Browser type, operating system, IP address
  • Cookies: Session cookies for authentication and preferences
  • Log Data: Server logs including timestamps, errors, and API calls

2.3 Information from Third Parties

  • AI Provider Analytics: Token usage, response times from Google, OpenAI, Anthropic, DeepSeek, xAI, Perplexity
  • Payment Provider: Transaction status from Razorpay
  • Authentication: OAuth data if you sign in with Google

3. How We Use Your Information

We use your information to:

  • Provide the Service: Process documents, generate AI responses, enable search
  • Improve the Service: Analyze usage patterns, fix bugs, develop new features
  • Communicate: Send account notifications, updates, and support responses
  • Process Payments: Handle credit purchases and subscriptions
  • Security: Detect fraud, prevent abuse, ensure data protection
  • Legal Compliance: Comply with applicable laws and regulations
  • Analytics: Understand user behavior and optimize performance

4. Data Sharing and Third Parties

4.1 AI Providers

When you use AI features, we send your query and relevant document context to third-party AI providers:

  • Google Gemini: For AI processing (see Google's AI Terms)
  • OpenAI: For GPT-4 models (see OpenAI's Usage Policies)
  • Anthropic: For Claude models (see Anthropic's Privacy Policy)
  • DeepSeek: For DeepSeek R1 model
  • xAI: For Grok models
  • Perplexity: For web-connected AI search

Important: We only send the minimum necessary context (typically 25 document chunks) for each query, not your entire document library. AI providers may use this data according to their own policies.

4.2 Infrastructure Providers

  • Supabase: Database and file storage (SOC 2 compliant)
  • Vercel: Application hosting and CDN
  • Google Cloud Platform: Document processing service

4.3 Payment Processing

Razorpay: All payment processing is handled securely by Razorpay. We do not store your credit card or banking information.

4.4 We Do NOT Sell Your Data

We do not sell, rent, or trade your personal information or documents to third parties for marketing purposes.

5. Data Security

We implement industry-standard security measures:

  • Encryption in Transit: All data transmitted via HTTPS/TLS 1.3
  • Encryption at Rest: Database and file storage encrypted with AES-256
  • Row-Level Security (RLS): Database access controlled at the row level
  • Authentication: Supabase Auth with secure session management
  • Access Control: Role-based permissions (Owner, Editor, Viewer)
  • Audit Logs: All data access and modifications are logged
  • Regular Backups: Automated daily backups with 30-day retention
  • Security Monitoring: Real-time alerts for suspicious activity

6. Data Retention

6.1 Active Accounts

We retain your data for as long as your account is active and you continue using the Service.

6.2 Account Deletion

Upon account deletion:

  • Your documents are permanently deleted within 30 days
  • Chat history is anonymized or deleted
  • Personal information is removed from our systems
  • Backups are purged after 30 days

6.3 Legal Requirements

We may retain certain data longer if required by law (e.g., financial records for 7 years for tax purposes).

7. Your Rights

You have the right to:

  • Access: Request a copy of your personal data
  • Rectification: Correct inaccurate or incomplete data
  • Erasure: Request deletion of your data ("right to be forgotten")
  • Portability: Export your data in a machine-readable format
  • Restriction: Limit how we process your data
  • Objection: Object to processing of your data
  • Withdraw Consent: Revoke consent for data processing

To exercise these rights, contact us at privacy@insights.aecos.app

8. Cookies and Tracking

8.1 Essential Cookies

We use essential cookies for authentication, session management, and security. These cannot be disabled as they are necessary for the Service to function.

8.2 Analytics Cookies

We may use analytics cookies to understand how users interact with the Service. You can opt-out via browser settings.

9. Children's Privacy

The Service is not intended for users under 18 years of age. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us immediately.

10. International Data Transfers

Your data may be transferred to and processed in countries other than your country of residence. We ensure appropriate safeguards are in place (e.g., Standard Contractual Clauses) to protect your data.

11. Data Breach Notification

In the event of a data breach that affects your personal information, we will notify you within 72 hours via email and provide details about the incident and remediation steps.

12. Changes to Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email or through the Service. Your continued use after such changes constitutes acceptance of the updated policy.

13. Contact Us

For privacy-related questions or to exercise your rights, contact us at:

Email: privacy@insights.aecos.app

Data Protection Officer: dpo@insights.aecos.app

Phone: +91 98191 23672

Address: Plot 18A, Flat B902, Media Society, Dwarka 1, South Delhi 110075, India

14. Governing Law

This Privacy Policy is governed by and construed in accordance with the laws of India. Any disputes arising out of or relating to this Privacy Policy shall be subject to the exclusive jurisdiction of the courts located in New Delhi, India.

15. Compliance

We comply with:

  • GDPR: General Data Protection Regulation (EU)
  • CCPA: California Consumer Privacy Act (if applicable)
  • India DPDPA: Digital Personal Data Protection Act, 2023
  • IT Act 2000: Information Technology Act, 2000
  • IT Rules 2011: Information Technology (Reasonable Security Practices) Rules, 2011
AI-Powered Construction Document Intelligence Platform | AECOS Insights