Privacy Policy

What we collect

The Platform handles three categories of information.

Operator account information. When you create an AimVisible operator account we collect your email address, your name (if provided), the role assigned to you (admin, member, or viewer), and a record of the brands you have access to. We also log events you take inside the Platform — for example, approving a proposed action — for audit and security purposes. Authentication is handled by Supabase Auth; password material itself never reaches our servers in plaintext.

Brand-connected data. When a brand connects an external system to the Platform, we read data from that system at the scope the brand has authorised. The exact data depends on the system, but typically includes:

• Shopify — orders, customers (email, name, billing/shipping address, order history), products, and store metadata. Used to compute customer segments, lifetime value, and retention signals.
• Klaviyo — email subscribers, list memberships, campaign performance, and engagement events. Used to identify which audiences respond to which messages and to draft new campaigns for operator approval.
• Meta Ads — ad account spend, campaign / ad set / ad performance, and creative metadata. Used to surface proposals about ad performance and, with operator approval, to update campaigns on the brand's behalf.
• Google Ads — equivalent campaign, ad group, and keyword data. Same usage as Meta Ads.
• Gmail (only when an operator explicitly connects an inbox) — read-only access to email threads matching the brand's registered contacts. Used to summarise client communications alongside their data signals. We never send mail on the operator's behalf.

Site usage data. Standard server logs (IP address, user agent, request paths, timestamps), error reports via Sentry with personally identifying fields scrubbed, and aggregate analytics via Google Analytics. We do not use these for advertising and do not sell them.

How we use it

The Platform uses the data above for the following purposes only:

• Operating the service. Computing customer segments, lifetime value, retention signals, ad performance summaries, and the weekly briefs the brand has engaged us to produce.
• AI generation. We pass relevant subsets of brand-connected data to large language model providers (currently Anthropic Claude) to draft proposals and briefs. The provider does not train models on this data — see our sub-processor list in section IV.
• Authorised actions. When an operator approves a proposed action (for example, a budget change to a Meta Ads campaign), the Platform calls the relevant external API to execute that action on the brand's behalf. Actions are logged.
• Service communications. Emails relating to your account, the brands you operate, scheduled deliverables, and security notices.
• Security and integrity. Detecting abuse, debugging errors, complying with legal obligations.

We do not sell personal information. We do not share brand-connected data with other AimVisible brands. We do not use brand-connected data to train our own models.

Where it lives

Brand-connected data is stored in a Supabase Postgres database hosted in the Sydney (ap-southeast-2) region. Brand assets (logos, uploaded creative, generated images) are stored in Supabase Storage, also Sydney-region. The FastAPI service that orchestrates reads and writes is hosted on Render (US-East). The Next.js frontend is hosted on Vercel's global edge network.

Some processing necessarily takes place outside Australia — large language model calls go to Anthropic in the United States, and Vercel routes UI requests through the closest edge node. Where data crosses borders we rely on the standard contractual clauses and processing terms of each sub-processor listed below.

Who we share it with

We use the following sub-processors to operate the Platform. Each is contractually bound to handle data only on our instructions and to apply security controls equivalent to ours.

Supabase

Database, authentication, file storage. ap-southeast-2 region.

Render

Hosting for the FastAPI orchestration service.

Vercel

Hosting for the Next.js operator frontend.

Anthropic

Large language model inference (Claude). Does not train on customer data per their commercial terms.

Replicate

Image generation models for creative production. Used only when an operator triggers a creative request.

Resend

Transactional email delivery (operator invites, scheduled deliverables, security notices).

Sentry

Application error monitoring. Personally identifying fields are scrubbed before transmission.

Google

Google Analytics on the marketing site (aimvisible.com). Not loaded inside the operator app.

We may disclose information if required by law, court order, or to protect our rights, our brands, or the safety of any person. We will not disclose your information for any other reason.

How long we keep it

Operator account data is retained for as long as the account is active and for up to 90 days after deletion to honour audit and security obligations.

Brand-connected data is retained for the duration of the brand's engagement with AimVisible. On termination of that engagement, we delete the brand's data within 30 days unless retention is required by law or for the resolution of a dispute. Aggregated, de-identified analytics that cannot be traced back to a brand or individual may be retained indefinitely.

Audit log entries — the record of who took what action when — are retained for seven years to support security investigations and legal obligations.

Your rights

Depending on your jurisdiction (Australia under the Privacy Act, the EU/UK under GDPR, California under CCPA), you may have the right to:

• Access the personal information we hold about you.
• Correct information that is inaccurate or incomplete.
• Request that we delete information we hold about you.
• Request a portable export of your information.
• Withdraw any consent you have given us, where the processing relies on consent.
• Lodge a complaint with the Office of the Australian Information Commissioner (OAIC) or your local data protection authority.

To exercise any of these rights, email privacy@aimvisible.com. We will respond within 30 days. For deletion specifically, see our Data Deletion Instructions page, which includes the steps required for Meta and Google to confirm deletion has been honoured.

Security

The Platform encrypts data in transit using TLS 1.2+ and at rest using the underlying provider's standard disk encryption. Authentication is via Supabase Auth with rotating session tokens. API access keys for connected platforms (Meta, Google, Klaviyo, Shopify, Gmail) are stored encrypted at the field level and accessible only to operators with the appropriate role on the brand they were collected for.

We log every access to brand-connected data and review the log regularly. We will notify affected brands without undue delay if a security incident affects their data.

Children

AimVisible is a business-to-business product. The Platform is not directed at children, and we do not knowingly collect information from anyone under 16. If you believe a child's information has been provided to us, contact us and we will delete it.

Changes

We may update this Policy as the Platform changes. Material changes will be communicated by email to the operator account on file at least 30 days before they take effect. The effective date at the top of this page reflects the most recent version.

Contact

Questions, requests, or complaints about this Policy or how we handle information:

Email

privacy@aimvisible.com

General

hello@aimvisible.com

Postal mail

Available on request via privacy@aimvisible.com