# Privacy Policy **AigonPay Limited (trading as aigon.ai)** **Last Updated: 17 April 2026** **Effective Date: 29 September 2025** ## 1. Introduction AigonPay Limited ("we," "our," "us," or "aigon.ai") respects your privacy and is committed to protecting your personal data. This privacy policy explains how we collect, use, store, and protect your information when you use our AI personal assistant services ("Services") through messaging platforms including WhatsApp, Telegram, and other supported channels. This policy applies to all users of our Services regardless of location. As a UK-registered company, we comply with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and respect international data protection standards. ## 2. Data Controller Information **Company:** AigonPay Limited **Trading As:** aigon.ai **Registered Address:** 71-75 Shelton Street, Covent Garden, London, United Kingdom, WC2H 9JQ **Company Number:** 16219013 **Contact Email:** privacy@aigon.ai **Data Protection Contact:** privacy@aigon.ai ## 3. Information We Collect ### 3.1 Information You Provide Directly When you interact with our AI personal assistant, we collect: - **Unique Identifiers**: - For WhatsApp: Your phone number - For Telegram: Your unique Telegram ID and username (if available) - For other platforms: Platform-specific identifiers - **Profile Information**: Your profile name and display information if made available by the messaging platform - **Conversation History**: - For assistants with persistent memory features: Messages, commands, and queries are retained as part of the service offering to maintain context and provide continuous assistance - For ephemeral/temporary session assistants: We do not retain conversation data after the session ends - **Shared Documents**: Any documents, files, or media you share with the assistant for processing or analysis - **Audio and Video Files**: Voice messages or video files you send for transcription, analysis, or processing - **User Preferences**: Settings and preferences you configure for your assistant experience ### 3.2 Information Collected Automatically When you use our Services, we automatically collect: - **Usage Data**: Time and date of interactions, frequency of use, features accessed - **Platform Information**: The messaging platform you're using (WhatsApp, Telegram, etc.) - **Technical Identifiers**: Unique bot conversation IDs and session identifiers - **Service Interaction Logs**: Records of tasks performed by the assistant on your behalf ### 3.3 Information We Do NOT Collect - Payment or financial information (this functionality is not yet active) - Information from external accounts (email, calendar, banking) - Location data beyond what may be voluntarily shared in conversations - Biometric data - Cross-platform linking data (unless explicitly requested by you) ## 4. How We Use Your Information We use your personal data for the following purposes: ### 4.1 Service Provision - To provide AI personal assistant services - To respond to your queries and commands - To perform requested tasks such as note-taking, text rewriting, and analysis - To maintain conversation continuity and context ### 4.2 Personalisation - To customise the assistant's responses based on your interaction history - To remember your preferences and frequently used features - To improve the relevance and quality of assistance provided ### 4.3 Service Improvement - To analyse usage patterns and improve our AI models - To develop new features and capabilities - To fix bugs and technical issues - To ensure service reliability and performance ### 4.4 Communication - To send important service updates or changes - To respond to your inquiries or support requests ### 4.5 Legal and Safety - To comply with legal obligations - To prevent fraud and abuse - To enforce our Terms of Service ## 5. Legal Basis for Processing Under UK GDPR, we process your personal data based on: - **Contract**: Processing necessary to provide you with our Services - **Legitimate Interests**: To improve our Services, ensure security, and operate our business efficiently - **Consent**: Where explicitly provided for optional features or processing activities - **Legal Obligation**: Where we must process data to comply with laws ## 6. Data Retention We retain your personal data based on the type of service you're using: - **Persistent Assistant Services**: - Conversation history and shared documents are retained as part of the service offering to provide continuous, context-aware assistance - Data is retained while you actively use the service and until you request deletion - **Ephemeral/Session-Based Services**: - Conversation data is only retained temporarily during your active session and within the undo window - Once your session ends and the undo window expires, no conversation data is retained - Temporary processing only during active use - **Technical Logs**: Generally retained for up to 12 months for security and debugging purposes For detailed business-driven data retention information, please see Appendix A: Data Retention Details. You may request deletion of your data at any time (see Section 10). ## 7. Data Sharing and Disclosure ### 7.1 We Do NOT Sell Your Data We never sell, rent, or trade your personal information to third parties for their marketing purposes. ### 7.2 Service Providers We may share data with trusted service providers who assist us in operating our Services: - Cloud infrastructure providers for data storage - Technical service providers for system maintenance - Analytics providers for service improvement (anonymised data only) ### 7.3 Legal Requirements We may disclose your information if required by law or if we believe such action is necessary to: - Comply with legal obligations or court orders - Protect and defend our rights or property - Prevent fraud or abuse - Protect the safety of users or the public ### 7.4 Business Transfers If we are involved in a merger, acquisition, or sale of assets, your information may be transferred. We will provide notice before your personal data becomes subject to a different privacy policy. ## 8. International Data Transfers As an internationally operating service, your data may be processed and stored in various countries. When we transfer data outside the UK: - We ensure appropriate safeguards are in place (such as Standard Contractual Clauses) - We verify that the receiving country has adequate data protection laws - We implement technical and organisational measures to protect your data ## 9. Data Security We implement appropriate technical and organisational measures to protect your personal data against: - Unauthorised access or disclosure - Accidental loss or destruction - Unlawful processing These measures include: - Encryption of data in transit using industry-standard protocols - Access controls and authentication systems - Regular security assessments and monitoring - Secure server infrastructure with restricted access - Regular backups and recovery procedures - Security incident response procedures Note: To provide our search and analysis features effectively, conversation data is stored in a searchable format on our secure servers. We implement strict access controls and security measures to protect this data. However, no method of electronic transmission or storage is 100% secure. While we strive to protect your personal data, we cannot guarantee absolute security. ## 10. Your Rights Under UK GDPR, you have the following rights regarding your personal data: ### 10.1 Access You have the right to request a copy of the personal data we hold about you. ### 10.2 Rectification You can request that we correct any inaccurate or incomplete personal data. ### 10.3 Erasure ("Right to be Forgotten") You can request deletion of your personal data, subject to certain legal exceptions. ### 10.4 Data Portability You have the right to receive your personal data in a structured, commonly used, and machine-readable format. We provide data export functionality for this purpose. ### 10.5 Restriction of Processing You can request that we limit how we use your personal data in certain circumstances. ### 10.6 Object to Processing You have the right to object to certain types of processing, including processing for direct marketing. ### 10.7 Automated Decision-Making You have the right not to be subject to decisions based solely on automated processing that significantly affects you. To exercise any of these rights, please contact us at privacy@aigon.ai. We will respond to your request within one month. ## 11. Children's Privacy **Age Guidelines:** Our Services can be used by individuals of all ages, including for educational purposes such as homework assistance. We collect only the minimum information necessary to provide our Services: - Platform identifiers (WhatsApp phone number or Telegram ID) - required for the messaging platform to function - Optional display name - users can use any name or nickname they prefer - Service-related data only when specifically required for requested features **Minimal Data Collection:** We do not collect: - Real names (unless voluntarily provided) - Birthdates or age information - School or educational institution details - Parent contact information - Any unnecessary personal information **For Parents and Guardians:** We encourage parental involvement for younger users. If you have concerns about your child's use of our Services or wish to request deletion of their data, please contact us at privacy@aigon.ai ## 12. Third-Party Platforms Our Services operate through third-party messaging platforms (WhatsApp, Telegram, etc.). Your use of these platforms is subject to their respective privacy policies: - WhatsApp: https://www.whatsapp.com/legal/privacy-policy - Telegram: https://telegram.org/privacy We recommend reviewing these policies to understand how these platforms handle your data. ## 13. Cookies and Website Analytics Our website (aigon.ai) uses cookies for analytics purposes to help us understand how visitors use our site and improve our services. ### 13.1 Analytics Services We use the following analytics services: - **Google Analytics**: To understand website traffic and user behaviour - **Facebook Pixel**: To measure the effectiveness of our advertising These services use cookies to collect information about your visit, including pages viewed, time spent, and how you arrived at our site. ### 13.2 Your Cookie Choices When you first visit our website, you will see a cookie consent banner. You can choose to: - **Accept**: Analytics cookies will be enabled - **Reject**: No analytics cookies will be set You can change your cookie preferences at any time by clicking here to reset your cookie preferences. ### 13.3 Privacy-Friendly Analytics We also use GoatCounter, a privacy-friendly analytics service that does not use cookies or collect personal data. This runs regardless of your cookie consent choice. ## 14. Changes to This Policy We may update this privacy policy from time to time to reflect changes in our practices or legal requirements. We will notify you of any material changes by: - Posting the new policy on our website - Sending a notification through the Service - Updating the "Last Updated" date Your continued use of our Services after such modifications constitutes acceptance of the updated policy. ## 15. Complaints If you have concerns about how we handle your personal data, you have the right to lodge a complaint with: **UK Supervisory Authority:** Information Commissioner's Office (ICO) Wycliffe House, Water Lane Wilmslow, Cheshire SK9 5AF Website: https://ico.org.uk ## 16. Contact Us If you have questions about this privacy policy or our data practices, please contact us: **Email:** privacy@aigon.ai **Address:** Niddry Lodge, 51 Holland Street, London, W8 7JB For general support: support@aigon.ai --- **Acknowledgment** By using our Services, you acknowledge that you have read and understood this Privacy Policy and agree to the collection, use, and disclosure of your information as described herein. **Language** This policy is provided in English. Any translations are for convenience only, and the English version shall prevail in case of any discrepancy. --- ## Appendix A: Data Retention Details Our database is backed up daily for disaster recovery purposes. Old backup versions are typically deleted after 2-4 weeks to minimize data retention. While we make every effort to exclude personal data from our system logs, this may not always be possible, particularly when errors or technical issues occur. To minimize any privacy impact, we maintain a very short log retention period. All system logs are cleared every 2-4 weeks, significantly shorter than the 12-month maximum stated in Section 6 for specialized debugging purposes. ### A.1 Scribe - AI Writing Assistant Scribe retains only the last two documents generated for each user: the current document being actively worked on, and the immediately previous version to enable undo capabilities. Once a third document is generated, the oldest document is automatically deleted from our database and is no longer accessible to us. Please note that while these documents may still be visible in your messaging platform's chat history, we do not have access to that chat history and cannot retrieve deleted documents from it. ### A.2 Notetaker - AI Note-Taking Assistant Notes are retained indefinitely by design. The core purpose of Notetaker is to ensure you can always find your notes through search, and deleting them would defeat this purpose. We do not currently provide user-accessible facilities for deletion of individual notes or entire note collections. However, if you contact us directly, we will delete your entire set of notes upon request. Files shared with Notetaker are also stored indefinitely, including their complete version history, to maintain full context and retrieval capabilities. Unlike notes, files do have user-accessible deletion controls: deleted files are marked as deleted in the database, while purged files are permanently and irrecoverably removed from the database. ### A.3 Memories - AI Memory Preservation Assistant Memories are retained indefinitely by design. The fundamental purpose of this service is to preserve your personal and family memories and history, so retention is inherent to its function. We are currently developing facilities to allow users to delete individual conversations, but this functionality is not yet implemented. If you would like your memory history to be deleted, please contact us directly and we will accommodate your request. --- ## Appendix B: Browser Extensions (aigon page capture) We distribute a Chrome browser extension called **aigon page capture** (light version) that lets signed-in AigonOne users save the current web page to their account. This appendix describes what the extension collects, when, and how it is transmitted, in addition to the general terms of this policy. ### B.1 When Data Is Collected The extension is **entirely user-initiated**. No data is read, captured, or transmitted in the background. Collection happens only when you: - Click the extension icon to open its popup - Click **Add Screenshot** to capture the visible tab - Click the microphone button to dictate a note - Click **Send** (or **Record & Send**) to submit the capture to your AigonOne account Closing the popup without clicking Send discards everything locally; nothing is uploaded. ### B.2 What Data Is Collected and Sent to aigon.ai When you click Send, the following is transmitted over HTTPS to your AigonOne account at `a1.aigon.ai`, authenticated via your existing AigonOne session cookie: - **Page URL** — the URL of the active browser tab at the moment you opened the popup - **Screenshots** — PNG images of the visible area of the tab, only for tabs where you explicitly clicked Add Screenshot - **Text selection** — any text you had selected on the page when you opened the popup (pre-filled into the note field; you can edit or delete it before sending) - **Note text** — anything you type or dictate into the note field The extension does not read page content beyond your explicit selection, does not track browsing history, does not read cookies or storage from visited sites, and does not run on any tab until you open its popup. ### B.3 Voice Dictation (Light Version) The light version of the extension records audio via your microphone and sends it to aigon.ai servers for transcription using OpenAI Whisper. When you click the microphone button: - Your browser requests access to your microphone (you must grant permission) - Audio is recorded locally and transmitted over HTTPS to `a1.aigon.ai/api/transcribe` - The audio is transcribed on our servers and only the resulting **transcribed text** is returned to the extension and placed in the note field - **Audio data is not retained** — it is processed transiently and discarded immediately after transcription - No audio is sent to Google or any other third party ### B.4 Browser Permissions The extension declares the following Chrome permissions in its manifest: - **`activeTab`** — used to read the URL of the active tab and capture a screenshot of it, only when you explicitly click the extension icon or the Add Screenshot button - **`scripting`** — used to read your text selection from the active tab (one injected read, no persistent script) - **Host permission `https://a1.aigon.ai/*`** — used to POST your capture to your AigonOne account with your session cookie; no other hosts are contacted The extension does **not** declare a microphone permission in its manifest — microphone access in the light version is mediated by the browser's standard runtime prompt, which you can grant or deny on a per-install basis. ### B.5 Storage, Retention, and Deletion Captures sent via the extension become ordinary notes in your AigonOne account. They are stored and retained on the same terms as notes created through any other AigonOne channel — see Section A.2 (Notetaker). **Individual note deletion is not currently supported.** You cannot delete a single capture through the AigonOne web interface. To have any of your captures removed, you must request deletion of your **entire** AigonOne account (including all notes, captures, and associated data) by emailing [privacy@aigon.ai](mailto:privacy@aigon.ai). We will action the request within the response window described in Section 10. **Abandoned page-capture accounts are automatically deleted.** AigonOne accounts created for use with the page capture extension that have not been used for 8 to 12 weeks are automatically purged, together with all notes and captures they contain. This auto-purge applies only to page-capture accounts; other AigonOne account types are retained until you request deletion. In practice it means that if you stop using the extension entirely, your captures will be removed without any action on your part within roughly three months. Uninstalling the extension removes it from your browser but does **not** by itself delete captures already sent to your AigonOne account — those follow the account-level retention rules above. ### B.6 No Third-Party Sharing Captures and transcription audio transmitted to aigon.ai are handled under the same terms as the rest of this policy: no selling, renting, or trading to third parties for marketing. Cloud infrastructure and technical service providers used by aigon.ai (see Section 7.2) also process extension-sourced data as part of normal service operation. There are no third-party data flows specific to this extension. --- ## Appendix C: Browser Extensions (aigon) We distribute a Chrome browser extension called **aigon** that allows users to sign in to their aigon account from the browser toolbar. This appendix describes what the extension collects, when, and how it is transmitted. ### C.1 Purpose The aigon extension is an authentication tool only. It does not read page content, capture screenshots, access your browsing history, or interact with any website you visit. It communicates exclusively with `*.aigon.ai`. ### C.2 What Data Is Collected The extension collects only your **email address**, entered voluntarily into the login form. When you submit the form: - Your email address is transmitted over HTTPS to `a1.aigon.ai/login` - The server sends a one-time magic link to that address - The email address itself is not stored by the extension — it is sent to the server and immediately cleared from the form No other data is collected. The extension does not read page content, does not track browsing, and does not access cookies from any site other than `a1.aigon.ai`. ### C.3 Session Authentication Check Each time you open the extension popup, it contacts `a1.aigon.ai/api/permissions` using your existing browser session cookie (if any) to determine whether you are already signed in. No personal data is transmitted in this check beyond the session cookie that your browser sends automatically. ### C.4 Browser Permissions The extension declares no Chrome permissions beyond: - **Host permission `https://*.aigon.ai/*`** — used to check authentication status and to submit the login email; no other hosts are contacted The extension does **not** declare `activeTab`, `scripting`, `storage`, or any other browser API permission. ### C.5 Data Retention The extension stores no data locally. Authentication state is managed entirely via the session cookie set by `a1.aigon.ai` in your browser. Account data on aigon.ai is retained and deleted on the same terms as the rest of this policy (see Section 6 and Appendix A). ### C.6 No Third-Party Sharing No data collected by this extension is shared with any third party.