Last updated: April 13, 2026  ·  Effective: April 13, 2026

Privacy Policy

This Privacy Policy describes how AIMED ("AIMED," "we," "us," or "our") collects, uses, stores, and shares information about you when you access or use our website at getaimed.app and all related services (collectively, the "Service"). By using the Service, you agree to the practices described in this policy.

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, Section 10 contains additional disclosures required by applicable data protection law (GDPR). If you are a California resident, Section 11 contains CCPA-specific disclosures.

1. Who We Are

AIMED is the data controller for personal data processed under this policy. For questions about this policy or to exercise your rights, contact us at legal@getaimed.app.

2. Information We Collect

2.1 Information You Provide Directly

• Account data: Email address, display name, and authentication credentials (or OAuth tokens if you sign in with Google).
• Campaign and brief data: Product descriptions, brand guidelines, uploaded images, text prompts, scripts, and other creative content you submit to generate ad campaigns.
• Uploaded media: Video files, audio recordings, and images you upload for processing (e.g., reference videos, product photos, UGC content).
• Voice samples: Audio recordings you upload for voice cloning. By uploading a voice sample you represent and warrant that you have the legal right to use, reproduce, and process that voice, including any necessary consent from the individual whose voice it is.
• Billing information: Payment method details submitted at checkout. We use Stripe, Inc. to process payments; AIMED never stores full card numbers. We receive limited billing metadata (last 4 digits, card brand, expiry) from Stripe for account management.
• Communications: Messages you send to support, feature requests, and any other correspondence with us.

2.2 Information Collected Automatically

• Usage data: Pages visited, features used, campaign creation events, token consumption, and interaction timestamps.
• Log and device data: IP address, browser type, operating system, referrer URL, and error logs.
• Authentication tokens: Session cookies and JWT tokens used to keep you signed in, stored securely via Supabase Auth.

2.3 Affiliate Program Data

If you participate in the AIMED Affiliate Program, we collect your Stripe Connect account information, referral link usage data, commission earnings, and payout records to administer the program and comply with tax reporting obligations.

3. How We Use Your Information

• Provide, operate, and improve the Service;
• Process and deliver AI-generated video campaigns and assets;
• Manage your account, subscriptions, and token balance;
• Process payments and issue refunds;
• Send transactional emails (receipts, generation completion notices, account alerts);
• Respond to support requests and feature requests;
• Detect and prevent fraud, abuse, and security incidents;
• Comply with legal obligations;
• Analyze aggregated, de-identified usage patterns to improve product quality and reliability (we do not use your individual campaign content to train AI models without your explicit consent).

4. Third-Party Service Providers

We share data with the following categories of trusted third-party processors. Each processor handles only the data necessary for their specific function and is contractually bound to protect it:

• Supabase, Inc. — Database hosting, authentication, and object storage. Your account data, campaign data, and uploaded assets are stored in Supabase infrastructure hosted on AWS.
• Stripe, Inc. — Payment processing, subscription management, and affiliate payouts via Stripe Connect.
• HeyGen, Inc. — AI avatar video generation. Campaign inputs (scripts, avatar selections) are transmitted to HeyGen solely to produce your requested video output.
• ElevenLabs, Inc. — AI text-to-speech and voice cloning. Voice samples and text scripts are processed solely to generate requested audio output.
• Hera / fal.ai / Kling AI — AI video generation infrastructure. Relevant campaign media and prompts are transmitted solely for video generation.
• Anthropic, PBC — Large language model inference for script generation and intake parsing. Text prompts may be processed by Anthropic under their API terms.

We do not sell your personal data to third parties for their own marketing purposes.

5. AI-Generated Content and Synthetic Media

AIMED creates synthetic video content including AI-generated avatars, cloned voices, and AI-written scripts. You are solely responsible for ensuring that any content you generate complies with applicable laws, including laws governing synthetic media, deepfakes, and impersonation in your jurisdiction.

Do not submit likeness, voice, or identity of any person without their explicit, informed consent. Do not use generated content to deceive, defame, harass, or defraud any individual or entity.

6. Cookies and Tracking Technologies

We use strictly necessary cookies to maintain your authenticated session. We may use analytics cookies to understand aggregate usage patterns. You can control cookies through your browser settings; disabling session cookies will prevent you from logging in.

7. Data Retention

We retain your account data and generated assets while your account is active. If you cancel your account, we retain data for up to 90 days before deletion to allow for dispute resolution and fraud prevention, after which it is deleted or anonymized, except where we are required to retain it by law (e.g., for accounting and tax purposes — typically 7 years for financial records).

Uploaded voice samples used for cloning are retained to support your account's voice library unless you explicitly delete them.

8. Security

We implement industry-standard security measures including encryption in transit (TLS/HTTPS), encrypted at-rest storage via Supabase, role-based access control, rate limiting, and regular security reviews. However, no method of transmission or storage is 100% secure; we encourage you to use a strong, unique password for your account.

9. Children's Privacy

AIMED is not directed at children under 16 years of age. We do not knowingly collect personal data from children under 16. If you believe a child has provided us personal data, please contact us at legal@getaimed.app and we will delete it.

10. EEA / UK / Swiss Users — GDPR Disclosures

If you are located in the EEA, UK, or Switzerland, you have the following rights under GDPR (or equivalent applicable law):

• Right of access: Request a copy of the personal data we hold about you.
• Right to rectification: Request correction of inaccurate data.
• Right to erasure ("right to be forgotten"): Request deletion of your personal data subject to legal retention requirements.
• Right to restrict processing: Ask us to limit how we process your data.
• Right to data portability: Receive your data in a structured, machine-readable format.
• Right to object: Object to processing based on legitimate interests.
• Right to withdraw consent: Where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.

Legal bases for processing: We process your data on the basis of (a) contract performance — to deliver the Service you signed up for; (b) legitimate interests — for security, fraud prevention, and product improvement; (c) legal obligation — for financial record-keeping and compliance; and (d) consent — for any optional features where we request it.

International transfers: Your data may be transferred to and processed in the United States and other countries. We rely on Standard Contractual Clauses (SCCs) and/or adequacy decisions for transfers from the EEA.

You may lodge a complaint with your local supervisory authority. To exercise any of these rights, contact legal@getaimed.app.

11. California Residents — CCPA Disclosures

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA) as amended by CPRA:

• Right to know: Request disclosure of the categories and specific pieces of personal information we have collected about you.
• Right to delete: Request deletion of personal information we hold about you, subject to exceptions.
• Right to correct: Request correction of inaccurate personal information.
• Right to opt-out of sale or sharing: We do not sell or share personal information for cross-context behavioral advertising.
• Right to non-discrimination: We will not discriminate against you for exercising your CCPA rights.

To submit a verifiable consumer request, email legal@getaimed.app with "CCPA Request" in the subject line.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page with a new "Last updated" date and, where required, by sending an email to your registered address. Your continued use of the Service after the effective date of the revised policy constitutes your acceptance of the changes.

13. Contact

For privacy inquiries, requests to exercise your rights, or to reach our data protection contact:

Email: legal@getaimed.app