Privacy Policy

1. Controller

Stevie Agency GmbH operates the AI Company service at a-i-company.com. As the data controller within the meaning of the GDPR (Art. 4 No. 7 GDPR), we are responsible for the processing of your personal data described below.

2. Data We Collect

We collect the following categories of personal data when you use our service:

• Email address — to deliver your security report and send transactional messages related to your purchase.
• Website domain — the domain you submit for analysis. This is technical data, not personal data in most cases.
• Payment data — processed exclusively by PayPal. We receive only the confirmation of payment, your name, and your email address from PayPal's IPN service. We do not process or store credit card numbers or bank account details.
• IP address and technical metadata — collected automatically when you visit our website, for security and fraud prevention purposes.

3. Purpose and Legal Basis

We process your personal data for the following purposes:

• Service fulfillment — to process your order, run the security scan, generate your PDF report, and deliver it to your email address. Legal basis: performance of a contract (Art. 6(1)(b) GDPR).
• Transactional communications — to send you your report, receipt/invoice, and any necessary follow-up messages directly related to your purchase. Legal basis: performance of a contract (Art. 6(1)(b) GDPR).
• Legal obligations — to retain invoice and payment records as required under applicable Swiss and EU law. Legal basis: compliance with a legal obligation (Art. 6(1)(c) GDPR).
• Legitimate interests — to protect against fraud, abuse, and unauthorized access to our service. Legal basis: legitimate interests (Art. 6(1)(f) GDPR).

4. Data Sharing and Processors

We do not sell your personal data. We share your data only with the following third-party service providers, strictly to operate our service:

• PayPal (Europe) S.à r.l. et Cie, S.C.A. — payment processing. PayPal acts as an independent data controller for payment data. See PayPal's Privacy Statement.
• Resend Inc. — transactional email delivery (for sending your security report). Resend processes your email address on our behalf under a data processing agreement.
• Hetzner Online GmbH — server hosting (EU-based infrastructure in Germany).

No data is transferred to recipients outside the EU/EEA unless appropriate safeguards (standard contractual clauses) are in place.

5. Data Retention

We retain your personal data for a maximum of 2 years after your purchase date, unless a longer retention period is required by applicable law (e.g., invoicing records under Swiss VAT law may be retained for up to 10 years).

After the retention period expires, your data is securely deleted or anonymized.

6. Marketing Communications

If you have consented to receiving marketing communications, or if we have a legitimate interest in contacting you based on a prior business relationship, we may send you relevant updates about our security services.

You can opt out of marketing emails at any time by clicking the unsubscribe link included in every marketing email, or by contacting us at privacy@a-i-company.com. Opting out does not affect transactional communications related to an active order.

7. Your Rights

Under the GDPR, you have the following rights with respect to your personal data:

• Right of access (Art. 15 GDPR) — to obtain a copy of the data we hold about you.
• Right to rectification (Art. 16 GDPR) — to correct inaccurate data.
• Right to erasure (Art. 17 GDPR) — to request deletion of your data, subject to legal retention requirements.
• Right to restriction (Art. 18 GDPR) — to restrict processing under certain circumstances.
• Right to data portability (Art. 20 GDPR) — to receive your data in a structured, machine-readable format.
• Right to object (Art. 21 GDPR) — to object to processing based on legitimate interests.

To exercise any of these rights, please contact us at privacy@a-i-company.com. We will respond within 30 days.

You also have the right to lodge a complaint with a supervisory authority. In Switzerland, this is the Federal Data Protection and Information Commissioner (FDPIC).

8. Cookies and Tracking

Our website does not use tracking cookies, analytics tools, or advertising pixels. We do not build behavioral profiles or retarget visitors. Any browser storage used is strictly necessary for the functioning of the service.

9. Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, loss, or disclosure. All data transmissions are encrypted using TLS. Our servers are located in EU-based data centers operated by Hetzner Online GmbH.

10. Changes to This Policy

We may update this Privacy Policy from time to time. The current version is always available at a-i-company.com/privacy. Material changes will be communicated via email if you are an existing customer.

11. Contact

For all privacy-related inquiries, please contact:
privacy@a-i-company.com