Privacy Policy

Last Updated: March 2026

1. Introduction

A.I. Hero, Inc. ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy describes how we collect, use, disclose, and safeguard your information when you use AI Hero Studio ("Service"). We recognize that information privacy is an ongoing responsibility, and we will update this Privacy Policy as we adopt new practices or policies.

2. Data Protection Officer

A.I. Hero, Inc. is headquartered in California, United States. If you have questions or concerns about our personal data practices, or wish to exercise your privacy rights, please contact our data protection officer:

  • A.I. Hero, Inc.
  • 201 Spear St., Suite 1100
  • San Francisco, CA 94105
  • United States
  • Email: team@aihero.studio

3. Information We Collect

3.1 Information You Provide

  • Account Information: Email address and display name provided during registration
  • Payment Information: Billing details processed securely through third-party payment processors
  • Content and Data: Journal entries, grocery lists, tasks, household information, voice transcripts, uploaded documents, and any other data you input into the Service
  • Communications: Messages, feedback, and support requests

3.2 Automatically Collected Information

  • Usage Data: Features used, actions taken, time and duration of activities
  • Device Information: IP address, browser type, operating system, device identifiers
  • Log Data: Access times, pages viewed, errors encountered
  • Cookies and Tracking: As described in our Cookie Policy

3.3 Information from Third Parties

We may receive information about you from third-party services you connect through OAuth integrations. This is limited to the scopes you explicitly authorize.

4. How We Use Your Information

We use collected information to:

  • Provide, operate, and maintain the Service
  • Process your transactions and manage your account
  • Improve, personalize, and expand our Service
  • Understand and analyze how you use the Service
  • Develop new features, products, and functionality
  • Communicate with you for customer service, updates, and marketing (with your consent)
  • Detect, prevent, and address technical issues and security threats
  • Comply with legal obligations and enforce our Terms of Service

We do not sell personal information to anyone and only share it with third parties who are facilitating the delivery of our services.

5. AI and Machine Learning

Our Service uses artificial intelligence and machine learning technologies. Regarding your data and AI:

  • Your content is used solely to provide the Service to you
  • We do not use your personal data or content to train AI models.
  • We may store interactions (including voice transcripts and agent conversations) for observability, debugging, and improving service reliability
  • AI-generated outputs may be incorrect, incomplete, or misleading. You should independently verify information before relying on it
  • Aggregated, anonymized usage patterns (not individual content) may be used to improve overall service quality
  • You maintain ownership of all content and data you create

6. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to operate the Service. For detailed information about the cookies we use and how to manage them, please see our Cookie Policy.

7. Information Sharing and Disclosure

7.1 Service Providers

We engage trusted third-party companies to perform services on our behalf, including cloud infrastructure, payment processing, analytics, email delivery, and error monitoring. These providers are bound by contractual obligations to keep your information confidential.

7.2 Business Transfers

In connection with any merger, sale of company assets, or acquisition, your information may be transferred. We will provide notice before your information becomes subject to a different privacy policy.

7.3 Legal Requirements

We may disclose your information if required by law or in response to valid requests by public authorities (e.g., court orders, subpoenas). Since our founding, we have received zero government requests for information.

7.4 Your Consent

We may share your information with your explicit consent for specific purposes.

We never sell your personal information to third parties.

8. Data Security

We implement appropriate technical and organizational security measures to protect your information, including:

  • Encryption of data in transit (HTTPS) and at rest
  • Passwordless OTP authentication (no passwords stored)
  • HTTP-only cookies for session management
  • Realm-based data isolation between workspaces
  • CORS protection and input validation
  • Regular security assessments
  • Incident response and breach notification procedures

No method of transmission over the internet is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

9. International Data Transfers

A.I. Hero, Inc. has its headquarters in the United States. Information we collect will be processed in the United States. By using the Service, you acknowledge that your personal information will be processed in the United States.

The United States has not received a finding of "adequacy" from the European Union under Article 45 of the GDPR. Pursuant to Article 46 of the GDPR, we provide appropriate safeguards by entering binding, standard data protection clauses enforceable by data subjects in the EEA and the UK. We also collect and transfer personal data to the U.S. with consent, to perform a contract with you, or to fulfill a compelling legitimate interest in a manner that does not outweigh your rights and freedoms.

10. Data Retention

We retain your information for as long as necessary to provide the Service, comply with legal obligations, resolve disputes, and enforce our agreements. When you delete your account, we will delete or anonymize your personal information within 90 days, except where we are required to retain it for legal or regulatory purposes.

All personal data we control may be deleted upon verified request from you or your authorized agent. For more information on data retention or to request erasure, please contact us at team@aihero.studio.

11. Your Privacy Rights

Depending on your location, you may have the following rights regarding your personal data:

  • Right to be Informed: Know what data we collect and how we use it
  • Right of Access: Request a copy of your personal data
  • Right to Rectification: Request correction of inaccurate or incomplete data
  • Right to Erasure: Request deletion of your personal data
  • Right to Restrict Processing: Request restriction of processing in certain circumstances
  • Right to Data Portability: Request your data in a structured, machine-readable format
  • Right to Object: Object to processing for certain purposes
  • Right to Withdraw Consent: Withdraw consent where we rely on it for processing
  • Rights Related to Automated Decision Making: Object to decisions made solely through automated processing, including profiling

To exercise these rights, please contact us at team@aihero.studio. Reasonable access to your personal data will be provided at no cost.

12. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

  • Right to know what personal information is collected
  • Right to know whether personal information is sold or disclosed
  • Right to opt-out of the sale of personal information
  • Right to deletion of personal information
  • Right to non-discrimination for exercising CCPA rights

Note: We do not sell personal information.

13. GDPR Compliance

If you are located in the European Economic Area (EEA) or the United Kingdom, we process your personal data in compliance with the General Data Protection Regulation (GDPR). Our legal bases for processing include:

  • Contract Performance: To provide the Service to you
  • Legitimate Interests: To improve and secure the Service
  • Legal Compliance: To meet regulatory requirements
  • Consent: Where specifically requested

If you are located in the EU, you also have the right to lodge a complaint with your national data protection authority or the European Data Protection Supervisor.

14. Children's Privacy

Our Service is not directed to individuals under the age of 18. We do not knowingly collect or solicit personal information from children. If you become aware that a child has provided us with personal information, please contact us and we will take steps to delete such information.

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the new Privacy Policy on this page and updating the "Last Updated" date. We encourage you to review this Privacy Policy periodically.

16. Questions, Concerns, or Complaints

If you have questions about this Privacy Policy or our privacy practices, please contact us: