Privacy Policy

Last updated: April 12, 2026

1. Data Controller

The data controller responsible for data processing on this platform is:

AIONCORESYSTEMS LTD
71-75 Shelton Street, Covent Garden
London WC2H 9JQ, United Kingdom
Email: info@aioncoresystems.com
Company No. 17141664

2. Data We Collect

We collect the following categories of personal data:

Category	Data	Purpose
Account Data	Name, email address, hashed password	Account creation and authentication
Google OAuth	Name, email, profile picture (from Google)	Social login convenience
Payment Data	Stripe customer ID, payment history, invoice data	Credit purchases, billing, and refunds
Usage Data	Tasks submitted, agent configurations, credit consumption	Service delivery and quality improvement
Project Data	Code files, project configurations, team settings	Service delivery (generating and storing your projects)
Technical Data	IP address, browser type, access timestamps	Security, abuse prevention, and service stability

3. Legal Basis for Processing

We process your data based on the following legal grounds (per UK GDPR / EU GDPR where applicable):

• Performance of a contract (Art. 6(1)(b)) — processing necessary to provide the Service you requested (account, tasks, billing)
• Legitimate interest (Art. 6(1)(f)) — security monitoring, abuse prevention, and service improvement
• Consent (Art. 6(1)(a)) — optional marketing communications (you may withdraw consent at any time)
• Legal obligation (Art. 6(1)(c)) — tax and accounting requirements

4. Third-Party Processors

We share data with the following third-party processors to deliver our Service:

Provider	Purpose	Data Shared
Stripe, Inc.	Payment processing	Email, payment method, transaction data
Google (OAuth)	Login authentication	Email, name, profile picture
OpenAI	AI model inference (GPT-4o)	Task prompts and context (anonymised)
Anthropic	AI model inference (Claude)	Task prompts and context (anonymised)
Server Provider	Infrastructure hosting	All data (encrypted at rest and in transit)

We ensure all processors have adequate data protection agreements in place. Task prompts sent to AI providers are used solely for generating your outputs and are not used to train third-party models.

5. Cookies & Local Storage

We use the following client-side storage mechanisms:

• Authentication token (localStorage) — to keep you logged in
• Canvas state (localStorage) — to save your agent team configuration
• Preferences (localStorage) — Autostart setting, selected project

We do not use third-party tracking cookies, analytics cookies, or advertising cookies. No data is shared with advertising networks.

6. Data Retention

• Account data — retained as long as your account is active, deleted within 30 days of account closure
• Project data — retained as long as your account is active; you may delete individual projects at any time
• Payment records — retained for 7 years as required by UK tax law
• Server logs — automatically deleted after 90 days

7. Your Rights

Under UK GDPR and EU GDPR (where applicable), you have the right to:

• Access — request a copy of your personal data
• Rectification — request correction of inaccurate data
• Erasure — request deletion of your data ("right to be forgotten")
• Data Portability — receive your data in a structured, machine-readable format
• Object — object to processing based on legitimate interest
• Restrict Processing — request limitation of processing
• Withdraw Consent — where processing is based on consent

To exercise any of these rights, contact us at info@aioncoresystems.com. We will respond within 30 days.

8. International Data Transfers

Your data may be processed by third-party providers located outside the UK/EEA (e.g., OpenAI, Anthropic, Stripe — USA). Where this occurs, we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) or equivalent mechanisms approved by the UK ICO.

9. Data Security

We implement appropriate technical and organisational measures to protect your personal data, including:

• Encrypted connections (HTTPS/TLS) for all data in transit
• Encrypted storage for sensitive data at rest
• Hashed and salted password storage
• Strict access controls and principle of least privilege
• Regular security reviews

10. Children's Privacy

The Platform is not intended for individuals under the age of 18. We do not knowingly collect personal data from minors. If you believe a minor has provided us with personal data, please contact us immediately.

11. Changes to This Policy

We may update this Privacy Policy to reflect changes in our practices or legal requirements. Material changes will be communicated via email or a notice on the Platform. We encourage you to review this page periodically.

12. Supervisory Authority

If you believe your data protection rights have been violated, you have the right to lodge a complaint with the UK Information Commissioner's Office (ICO):

Information Commissioner's Office
Wycliffe House, Water Lane
Wilmslow, Cheshire SK9 5AF
Website: ico.org.uk
Phone: 0303 123 1113

13. Contact

For any questions or requests regarding this Privacy Policy:

AIONCORESYSTEMS LTD
71-75 Shelton Street, Covent Garden
London WC2H 9JQ, United Kingdom
Email: info@aioncoresystems.com