§1 Overview
- We do not sell your personal data to third parties — ever
- We do not use your conversations to train AI models
- We do not share your data with advertisers
- We collect only what is necessary to operate the Service
- You can delete your account and all data at any time
This Privacy Policy explains how Aelius AI ("we," "us," "our") collects, uses, stores, and protects your personal information when you use the Aelius AI Service. It also describes your rights regarding that information.
By using the Service, you agree to the collection and use of information in accordance with this Policy. This Policy is incorporated by reference into our Terms of Service.
This Service operates an uncensored AI model. Your conversations may contain sensitive, explicit, or otherwise private content. Please read §3 (Chat Data Storage) carefully to understand exactly how your conversations are stored and protected.
§2 Data We Collect
We collect the minimum data necessary to operate the Service. Here is a complete breakdown:
2.1 Data We Do NOT Collect
We explicitly do not collect the following:
- Payment information (we do not currently process payments directly)
- Government-issued identification or age verification documents (beyond checkbox confirmation)
- Precise geolocation data
- Device fingerprints or hardware identifiers beyond standard web session data
- Social media profile data or third-party OAuth tokens
- Biometric data of any kind
§3 Chat Data Storage
Because Aelius AI operates an uncensored AI, your conversations may contain explicit, sensitive, or otherwise private content. This content is stored in our database to provide persistent conversation history. Please read this section carefully before sharing sensitive personal information in the chat interface.
3.1 What Is Stored
When you use the chat interface, the following data is stored in our database:
- Every message you send — including the full text content
- Every AI response — including the full text content generated by the Model
- Chat metadata — title, creation timestamp, last updated timestamp
- Association with your account — each chat and message is linked to your user ID
3.2 Why It Is Stored
Chat history is stored to allow you to:
- Resume conversations across sessions and devices
- Review and reference past AI responses
- Manage your conversation history (rename, delete individual chats)
3.3 Who Can Access Your Chats
Your chat history is private to your account. We implement access controls to prevent other users from accessing your conversations. Aelius AI operators may access chat data only in the following circumstances:
- In response to a valid legal order, warrant, or subpoena from law enforcement
- To investigate a reported violation of our Terms of Service
- To comply with mandatory CSAM reporting obligations under federal law
- For security incident investigation with your consent, or where required by law
3.4 How to Delete Your Chat History
You can delete individual chats at any time through the chat interface using the delete option on any conversation. Deleting a chat permanently and irreversibly removes all messages in that chat from our database. You can also delete your entire account (see §9), which removes all associated chat history.
3.5 Sensitive Information Warning
Do not share information in the chat that you would not want stored in a database, such as: full Social Security/National Insurance numbers, complete payment card numbers, passwords, or highly sensitive personal secrets. While we secure your data, no digital storage system is immune to risk.
§4 How We Use Your Data
We use the data we collect exclusively for the following purposes:
- Providing the Service: Processing your prompts, delivering AI responses, and maintaining your conversation history.
- Account Management: Creating and managing your account, verifying your email, and handling password resets.
- Authentication & Security: Verifying your identity when you log in and protecting your account from unauthorized access.
- Policy Compliance Monitoring: Reviewing usage patterns to detect violations of our Terms of Service.
- Service Communications: Sending email verification links, password reset links, and material policy update notifications.
- Legal Compliance: Fulfilling mandatory reporting obligations (e.g., CSAM to NCMEC) and responding to valid legal requests.
- Service Improvement: Analyzing aggregate, anonymized usage patterns to improve the Service.
- Sell, rent, or trade your personal data to any third party
- Use your conversations to train AI models
- Share your data with advertisers or data brokers
- Use your data for purposes beyond those listed in §4
- Build individual behavioral profiles for commercial purposes
§6 Data Retention
We retain data only for as long as necessary for the purposes described in this Policy or as required by law.
| Data Type | Retention Period | Deletion Trigger |
|---|---|---|
| Account Information | Until account deletion, plus any legally required retention period | Account deletion request |
| Chat History & Messages | Until manually deleted by user, or until account deletion | User-initiated chat/account deletion |
| Uploaded Files | Duration of upload processing only — not permanently retained | Immediately after processing |
| Email Verification Tokens | Until used or expired (typically 24–72 hours) | Token use or expiry |
| Password Reset Tokens | 1 hour from creation | Token use or expiry |
| API Keys | Until account deletion or key regeneration | Account deletion or user-initiated key reset |
| Legal Compliance Data | As required by applicable law (varies by jurisdiction) | Expiry of legal retention obligation |
| CSAM-Related Reports | Retained as required by federal law and law enforcement direction | Direction from law enforcement / legal expiry |
§7 Security Measures
7.1 Technical Safeguards
We implement industry-standard security measures to protect your data:
- Password hashing: Passwords are hashed using bcrypt with appropriate work factor — never stored in plain text
- API key security: API keys are generated using cryptographically secure random number generation
- Email token security: Verification and reset tokens are generated using
secrets.token_urlsafe()(CSPRNG) - Database access controls: Database access is restricted to the application layer; no direct public database access
- Transport security: Data transmitted between your browser and our servers is protected by TLS/HTTPS encryption
- Session management: Session tokens are managed securely with appropriate expiry
7.2 Limitations
Despite our security measures, no method of internet transmission or electronic storage is 100% secure. We cannot guarantee the absolute security of your data. In the event of a data breach that affects your rights and freedoms, we will notify affected users and relevant authorities as required by applicable law.
7.3 Your Role in Security
You are responsible for maintaining the security of your account credentials. Use a strong, unique password and do not share your login details with anyone. Enable any security features we may offer. Contact us immediately if you suspect unauthorized access to your account.
7.4 Data Breach Response
In the event of a data breach, we will: (a) investigate promptly; (b) notify affected users via email within the timeframe required by applicable law (typically 72 hours under GDPR, where applicable); (c) notify relevant supervisory authorities as required; and (d) take appropriate steps to contain and remediate the breach.
§9 Your Rights & Controls
Regardless of your jurisdiction, we respect the following data rights:
To exercise any of these rights, contact us at the address in §16. We will respond within 30 days, or within the timeframe required by applicable law. We may need to verify your identity before processing your request.
§10 GDPR — EU / EEA Users
If you are located in the European Union or European Economic Area, the General Data Protection Regulation (GDPR) applies to our processing of your personal data. This section describes your specific GDPR rights and our legal basis for processing.
10.1 Legal Basis for Processing
- Contract performance (Art. 6(1)(b)): Processing your account data and chat history to provide the Service you have contracted for
- Legal obligation (Art. 6(1)(c)): Complying with mandatory reporting laws (e.g., CSAM reporting)
- Legitimate interests (Art. 6(1)(f)): Security monitoring, fraud prevention, and service improvement
- Consent (Art. 6(1)(a)): Where you have provided explicit consent, including agreement to these Terms at registration
10.2 GDPR Rights
Under GDPR, EU/EEA users have the rights described in §9, plus:
- Right to withdraw consent — where processing is based on consent, you may withdraw it at any time without affecting lawfulness of prior processing
- Right to lodge a complaint — you have the right to lodge a complaint with your national data protection supervisory authority
- Automated decision-making — we do not make decisions about you solely by automated means that produce legal or similarly significant effects
10.3 International Transfers
If your data is transferred outside the EU/EEA, we will ensure appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) or adequacy decisions. See §13 for details.
10.4 Data Protection Authority
You have the right to lodge a complaint with your national data protection supervisory authority if you believe our processing of your personal data violates GDPR. A list of EU supervisory authorities is available at edpb.europa.eu.
§11 CCPA — California Residents
If you are a California resident, the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), grants you specific rights regarding your personal information.
11.1 Categories of Personal Information Collected
In the past 12 months, we have collected the following categories of personal information: identifiers (name, email, account ID), internet/network activity (usage data), and content you provide (chat messages).
11.2 Purposes of Collection
Personal information is collected and used for the business purposes described in §4 of this Policy.
11.3 "Do Not Sell or Share My Personal Information"
We do not sell or share your personal information with third parties for cross-context behavioral advertising. You do not need to opt out because we do not engage in this practice.
11.4 Your CCPA Rights
- Right to Know: Request disclosure of personal information collected, used, disclosed, or sold about you
- Right to Delete: Request deletion of personal information we have collected about you
- Right to Correct: Request correction of inaccurate personal information
- Right to Opt-Out of Sale/Sharing: (We do not sell or share — this right is already honored)
- Right to Limit Sensitive PI Use: Request that we limit use of sensitive personal information to only what is necessary to provide the Service
- Non-Discrimination: We will not discriminate against you for exercising your CCPA rights
To exercise your CCPA rights, contact us at the address in §16. We will respond within 45 days (with a possible 45-day extension when reasonably necessary).
§12 Children's Privacy
This Service is strictly for users aged 18 and over. We do not knowingly collect personal information from anyone under the age of 18. The uncensored nature of our AI Model makes it entirely inappropriate for minors.
If we discover or are notified that we have inadvertently collected personal information from a minor, we will:
- Immediately terminate the associated account
- Delete all personal data associated with the account
- Report to relevant authorities if required by applicable child protection law
If you are a parent or guardian and believe your child has created an account on this Service, please contact us immediately at the address in §16.
This Service is not subject to COPPA (Children's Online Privacy Protection Act) in the context of deliberate child-directed collection, because we do not direct the Service at children. However, we comply with COPPA's requirements regarding inadvertent collection from minors under 13.
§13 International Data Transfers
The Service is operated from [Jurisdiction]. If you are located outside of [Jurisdiction], your personal data will be transferred to, stored in, and processed in [Jurisdiction]. The data protection laws in [Jurisdiction] may differ from those in your country.
For users in the EU/EEA or UK, where we transfer personal data internationally, we will ensure appropriate safeguards are in place, which may include:
- Standard Contractual Clauses (SCCs) approved by the European Commission
- Adequacy decisions where the recipient country has been deemed adequate
- Other lawful transfer mechanisms under applicable data protection law
By using the Service, you consent to the transfer of your personal data as described in this section.
§14 Third-Party Links & Services
The Service may contain links to third-party websites, services, or resources. This Privacy Policy applies only to the Aelius AI Service. When you click on a link to a third-party site, you are subject to that third party's privacy policy, which we encourage you to review.
We have no control over and accept no responsibility for the content, privacy policies, or practices of any third-party sites or services.
The AI Model may reference or discuss third-party services, products, or websites in its responses. These references are not endorsements by Aelius AI, and we take no responsibility for the privacy practices of any services mentioned by the AI.
§15 Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or for other operational reasons. When we make changes:
- Material changes will be notified via email to your registered address at least 30 days before taking effect, where reasonably practicable
- The "Last Revised" date at the top of this Policy will be updated
- For significant changes, we may require you to re-confirm your acceptance
We encourage you to review this Policy periodically. Continued use of the Service after the effective date of any changes constitutes acceptance of the updated Policy.
§16 Contact Us — Privacy Inquiries
For any questions, concerns, or requests regarding this Privacy Policy or your personal data, contact us:
Email: [email protected]
Subject line for access/deletion requests: Privacy Request — [Your Username]
Subject line for GDPR requests: GDPR Request — [Your Name]
Subject line for CCPA requests: CCPA Request — [Your Name]
We will respond to privacy inquiries within 30 days, or within the legally required timeframe for your jurisdiction. For urgent matters relating to children's data or security incidents, please mark your email as urgent.
Questions About Your Data?
We take privacy seriously. If you have any concerns, reach out and we'll respond promptly.
Contact Us