Privacy Policy

This Privacy Policy describes how Redbaez ("we," "us," or "our") collects, uses, and shares information about you when you use AIDEN services, including AIDEN.Test (collectively, the "Services"). By using our Services, you agree to the collection and use of information in accordance with this policy.

1. Information We Collect

Account Information

When you create an account, we collect:

Email address
Name (if provided)
Organization name (if provided)
Password (stored securely using industry-standard hashing)

Content You Provide

When using our Services, we collect content you create or submit:

Project information and configurations
Test prompts and stimulus materials
Uploaded documents and images
AI-generated outputs and test results

Automatically Collected Information

We automatically collect certain information when you use our Services:

Device information (browser type, operating system)
Log data (IP address, access times, pages viewed)
Usage patterns and feature interactions

2. AI Processing Disclosure

Our Services utilize third-party AI providers to deliver synthetic research capabilities. This is a critical aspect of our service that you should understand:

Third-Party AI Providers

We use the following AI service providers:

Anthropic (Claude)
OpenAI (GPT models)

Data Transmitted for Processing

When you run tests, the following data may be transmitted to AI providers:

Test prompts and questions
Stimulus materials and context
Persona configuration parameters

Important:

Your data is NOT used to train AI models. Both Anthropic and OpenAI have committed that data processed through their APIs is not used for model training. We implement data minimization practices, only sending necessary information for processing your requests.

3. Data Retention & Deletion

Retention Periods

Account data: Retained while your account is active, plus 30 days after deletion request
Project and test data: Retained while your account is active
Server logs: Retained for 90 days
Analytics data: Retained in anonymized form

Right to Deletion

You may request deletion of your data at any time by contacting us at contact@redbaez.com. Deletion requests are processed within 30 days.

Third-Party Retention

OpenAI: API data retained for up to 30 days for abuse monitoring, then deleted
Anthropic: API data not retained after processing

4. International Data Transfers

Our Services are hosted on infrastructure located in the United States. Our AI providers also operate primarily from the United States.

For users in the European Economic Area (EEA), United Kingdom, or other jurisdictions with data transfer restrictions, we rely on:

Standard Contractual Clauses (SCCs) approved by the European Commission
Our providers' compliance with applicable data protection frameworks

GDPR rights for EEA users are detailed in Section 5 below.

5. User Rights (GDPR/CCPA)

For All Users

You have the right to:

Access: Request a copy of your personal data
Rectification: Correct inaccurate personal data
Erasure: Request deletion of your personal data
Portability: Receive your data in a structured, machine-readable format

For California Residents (CCPA)

California residents have additional rights:

Right to Know: What personal information we collect, use, and disclose
Right to Delete: Request deletion of personal information
Right to Correct: Request correction of inaccurate information
Right to Opt-Out: Opt-out of the sale of personal information

We do NOT sell personal information.

For EEA Users (GDPR)

EEA users have additional rights:

Restriction: Request restriction of processing
Objection: Object to processing based on legitimate interests
Complaint: Lodge a complaint with a supervisory authority

6. Data Sharing

We share your information only in the following circumstances:

Service Providers

Hosting: Railway (infrastructure)
AI Processing: Anthropic, OpenAI
Database: Supabase
Payments: Stripe (if applicable)

Legal Requirements

We may disclose your information if required by law, legal process, or government request, or to protect the rights, property, or safety of Redbaez, our users, or others.

No Sale to Third Parties

We do not sell, rent, or trade your personal information to third parties for their marketing purposes.

7. Cookies

We use cookies and similar technologies to operate our Services:

Essential Cookies

Required for authentication, security, and basic functionality. Cannot be disabled.

Analytics Cookies

Help us understand usage patterns and improve our Services.

Managing Cookies

You can control cookies through your browser settings. Note that disabling certain cookies may affect the functionality of our Services.

8. Children's Privacy

Our Services are not intended for children under 13 years of age (or 16 in the EEA). We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately at contact@redbaez.com.

9. Security Measures

We implement appropriate technical and organizational measures to protect your data:

Encryption: Data encrypted in transit (TLS) and at rest
Access Controls: Role-based access and authentication requirements
Monitoring: Regular security monitoring and vulnerability assessments
Incident Response: Procedures for detecting and responding to breaches

Breach Notification

In the event of a data breach affecting your personal information, we will notify you within 72 hours of becoming aware of the breach, as required by applicable law.

10. Contact Us

For any questions about this Privacy Policy or to exercise your rights, contact us at:

Email: contact@redbaez.com

We will respond to your request within 30 days.

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date. Your continued use of the Services after changes are posted constitutes acceptance of the updated policy.