Background Image
Background Image
Background Image
Background Image
Background Image
Background Image
Background Image
Background Image
Background Image
Background Image
Background Image
Background Image

PRIVACY POLICY

Effective Date: September 16, 2025

Last Updated: September 16, 2025

Introduction


Aidu Inc. (“AIDU”, “we”, “us”, “our”) operates the AIDU platform, an AI-powered productivity and email intelligence service for Microsoft 365 users.

This Privacy Policy explains how we collect, process, use, and protect personal data.


Privacy Contact: privacy@aidu.ai

Legal Contact: legal@aidu.ai

Identity of the Company:


Aidu Inc. is incorporated in the State of Delaware, United States.


Legal Entity Details:

  • Aidu Inc. Delaware

  • File Number: 10318722

  • Date of Incorporation: September 3, 2025

  • Registered Office: 16192 Coastal Highway, Lewes, Delaware 19958, Sussex County, USA

  • Registered Agent: Harvard Business Services, Inc.

  • Communications Contact (as filed with the State):

    • Mr. Danilo Schmidt

    • Al Thanya Street 33 Umm Suqeim, Dubai United Arab Emirates

    • Phone: +971 56 296 9442



Roles Under GDPR


For all personal data originating from a customer’s Microsoft 365 environment:

  • The Customer is the Data Controller.

  • AIDU is the Data Processor, operating strictly under the Customer’s instructions according to GDPR Article 28.

  • For website analytics, marketing sign-ups, and AIDU’s own business operations, AIDU acts as the Data Controller.



Personal Data We Process


Account & Identity Information

Collected when you sign in with Microsoft:

  • Name

  • Email address

  • Organization

  • Microsoft profile metadata


Microsoft 365 Email Data (Processor Role)

If you authorize AIDU access:

  • Email subject

  • Email body

  • Metadata (sender, recipient, timestamps, folders)

  • Attachments (if required for AI features)


Derived Data (Stored)

We store:

  • AI-generated summaries

  • Priority scoring

  • Categories

  • Follow-up suggestions

  • We store raw email content but we remove them after processing is completed.


Usage data

Non-sensitive analytics:

  • Number of emails processed

  • Feature usage

  • System activity logs (no personal content)


Cookies & Tokens

  • Authentication tokens

  • Session cookies

  • Local session settings

  • No tracking or advertising cookies are used



Purpose of Processing

We process data to:

  • Provide core AI features (summaries, classification, recommendations)

  • Authenticate Microsoft accounts

  • Maintain and secure the platform

  • Provide customer service

  • Detect abuse and ensure system integrity

  • Comply with legal requirements

  • We never sell personal data.



Data Storage & Retention


Storage Location

All customer data is stored in Microsoft Azure EU regions.


Email Content

Automatically removed after the AI operation completes


Derived Data

Stored until:

  • The customer ask for deleting it

  • The workspace is closed

  • The subscription ends and not activate within 30 days


Logs

Retained for security and debugging, then anonymized or deleted.


Backups

Backups are encrypted and stored only within EU Azure regions.



AI Processing (Azure OpenAI)


Processing

When an AI feature is triggered, email content may be sent to Microsoft Azure OpenAI.


Processing

We use Azure OpenAI with:

  • No prompt logging

  • No output logging

  • No model training using customer data

  • Microsoft may retain minimal telemetry for up to 30 days for security and abuse monitoring — consistent with Microsoft 365 Copilot policies.


Human-in-the-loop

AI suggestions:

  • Are never sent without user action

  • Must be reviewed and approved


Model Training

Customer data is never used to train any foundation models.



Sub-Processors


Microsoft Corporation

Services:

  • Azure Cloud

  • Azure OpenAI

  • Microsoft Graph

Microsoft acts as AIDU’s subprocessor under:

  • Microsoft Data Protection Addendum

  • Microsoft Enterprise Data Protection standards


Stripe

  • Processes billing and subscription data.

  • Stripe may transfer data globally under Standard Contractual Clauses (SCCs).


Other Vendors

  • Operational vendors (logging, monitoring, support) may be used.

  • A complete list is available on request.




International Transfers


AIDU stores data exclusively in the EU.

Some subprocessors (Microsoft, Stripe) may process data globally under:

  • Standard Contractual Clauses (SCCs)

  • GDPR-approved safeguards

  • Azure enterprise compliance controls

AIDU does not transfer or store personal data outside the EU unless required by a permitted subprocessor.



Security Measures


AIDU implements:

  • Encryption in transit (TLS 1.2+)

  • Encryption at rest (AES-256)

  • Role-based access control

  • MFA for all internal systems

  • Principle of least privilege

  • Secure development lifecycle

  • Monitoring and audit logging

  • Incident response procedures

  • Business continuity and disaster recovery

  • Access to production systems is restricted to two authorized engineers.



Your GDPR Rights


You may:

  • Request access

  • Request correction

  • Request deletion

  • Request data export

  • Restrict processing

  • Object to processing

  • Submit requests to: privacy@aidu.ai

We respond within GDPR timelines.



Your GDPR Rights


If a breach affects your data:

  • We notify you without undue delay

  • Regulatory notifications follow within 72 hours

  • We provide a full root-cause analysis and remediation steps



Children


AIDU is not intended for children under 16 and does not knowingly collect their data.



Policy Updates


AIDU may update this Privacy Policy. The “Last Updated” date will indicate changes.



Contact


For privacy inquiries: privacy@aidu.ai

For legal matters: legal@aidu.ai

For corporate communications (official contact on state registry): danilo@aidu.ai