Privacy Policy

1. Data controller

The data controller responsible for your personal data is:

Vili Invest Oy Ab (Business ID 3133478-3), Korvenrannantie 17, 04300 Tuusula, Finland.

For any privacy-related request, contact us at contact@myaivo.com.

2. What data we collect

Depending on how you use AIVO, we may process the following categories of personal data:

• Account data: name, email address, password (hashed), language and account type (private or business).
• Integration data: content and metadata from services you connect, such as emails, calendar events, tasks, messages, files in cloud drives and CRM records.
• Usage data: how you interact with AIVO, feature usage, and technical logs needed to operate the service.
• Communication data: messages you send to our support or contact channels.

3. Purpose and legal basis of processing

We process your personal data on the following GDPR legal bases:

• Performance of a contract (Art. 6(1)(b)): to provide the AIVO service, connect your tools and deliver AI summaries, prioritization and drafts.
• Consent (Art. 6(1)(a)): for optional features and for any use that requires your explicit permission, such as connecting a new integration.
• Legitimate interests (Art. 6(1)(f)): to keep the service secure, prevent abuse and improve reliability.
• Legal obligation (Art. 6(1)(c)): to comply with accounting, tax and other statutory requirements.

4. AI processing and transparency

AIVO uses artificial intelligence to read across your connected sources and generate summaries, priorities, insights and draft replies. To do this, relevant content may be sent to external AI service providers (such as OpenAI and Google Gemini) strictly for the purpose of generating your results.

We may change or add AI service providers over time. In all cases, providers act as processors on our behalf and are bound by contractual confidentiality and data-protection obligations.

5. Your data is never used to train AI models without your consent

We do not use your personal data, integration content or messages to train, fine-tune or improve any AI model — neither ours nor a third party's — without your separate, explicit and freely given consent.

Our AI service providers are instructed and contractually required not to use data submitted through AIVO's interfaces to train their models. If we ever offer a feature that would use your data for model improvement, it will be strictly opt-in, clearly explained, and revocable at any time.

6. Infrastructure and sub-processors

We rely on carefully selected providers to operate AIVO. Key sub-processors include:

• Supabase — database, authentication and secure hosting of your account and application data.
• AI service providers (e.g. OpenAI, Google Gemini) — generating AI summaries, insights and drafts.
• Hosting and infrastructure providers used to run and deliver the service.

7. Integrations, OAuth and access control

When you connect a third-party service (for example Google Gmail or Google Calendar), we request access through secure OAuth and only ask for the permissions needed to deliver the features you use. We follow the principle of least privilege.

Our use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. Data obtained from Google is used only to provide and improve the user-facing features of AIVO, is not sold, and is not used for advertising.

You stay in control of your integrations at all times. You can review which sources are connected, manage their permissions, and disconnect any integration whenever you want. Disconnecting stops further access and you may request deletion of data previously imported from that source.

8. Data retention

We retain personal data only as long as necessary for the purposes described in this policy or as required by law. Integration data is retained according to your plan's memory window and your settings. When you delete your account, we delete or anonymize your personal data within a reasonable period, except where retention is legally required.

9. Your rights under the GDPR

As a data subject in the EU/EEA, you have the right to:

• Access the personal data we hold about you.
• Rectify inaccurate or incomplete data.
• Erasure — request deletion of your data ("right to be forgotten").
• Restrict or object to certain processing.
• Data portability — receive your data in a portable format.
• Withdraw consent at any time, without affecting prior lawful processing.
• Lodge a complaint with a supervisory authority — in Finland, the Office of the Data Protection Ombudsman (tietosuoja.fi).

10. Data security

We apply technical and organizational measures to protect your data, including encryption in transit, strict access controls, tenant isolation and secure credential storage. Integration tokens are stored securely and isolated per user.

11. International data transfers

Some of our providers, including certain AI service providers, may process data outside the EU/EEA. Where this happens, we rely on appropriate safeguards such as the European Commission's Standard Contractual Clauses (SCCs) to ensure your data remains protected.

12. Cookies and local storage

AIVO uses essential cookies and local storage to keep you signed in and remember preferences such as your language. We do not use them for advertising.

13. Changes to this policy

We may update this Privacy Policy from time to time. Material changes will be communicated through the service. The effective date above indicates the latest version.