Privacy Policy
We believe privacy policy is a right, not a feature. This document explains in plain language exactly what data we collect, why we collect it, how we protect it, and the full control you have over it.
Section 01
Who we are
Aipick (“Aipick”, “we”, “our”, “us”) is the operator of Aipick.pro and the AI automation agent marketplace available at that domain. We are registered in Australia.
Plain English: We run the marketplace. When you connect an agent to your WhatsApp, Instagram or any other platform, you are authorising the agent to act on your behalf on that platform. We never access those platforms ourselves — only the agent you activate does.
Section 02
Data we collect
We collect the minimum data necessary to deliver the service. Here is a complete breakdown:
2.1 Data you give us directly (privacy policy)
| Data type | Examples | Required? |
|---|---|---|
| Account information | Name, email address, password hash | Required |
| Payment information | Cryptocurrency transaction hash, wallet address (partial), Stripe token | Required |
| Agent configuration | Business description, auto-reply tone, keywords you set in the dashboard | Required |
| Support messages | Content of emails or contact form submissions | Optional |
| Profile preferences | Notification settings, language, timezone | Optional |
2.2 Data collected automatically (privacy policy)
| Data type | Purpose | Retained |
|---|---|---|
| IP address | Security, fraud prevention | 30 days |
| Browser / device type | Optimising the interface | 90 days |
| Pages visited & click events | Product improvement analytics | 12 months (anonymised) |
| Agent activity logs | Debugging, audit trail | 60 days |
| Error reports | Bug detection | 30 days |
2.3 Data we do NOT collect (privacy policy)
We explicitly do not collect, store or read:
- The content of messages sent or received through connected platforms (WhatsApp, Instagram, Telegram, etc.)
- Your social media passwords or login credentials for any connected platform
- Payment card numbers (handled entirely by Stripe or the crypto processor)
- Biometric data of any kind
- Location data beyond country-level (derived from IP)
Important: Cryptocurrency payments are irreversible by their nature. Aipick does not hold or custody any cryptocurrency. All payment confirmation is based on blockchain transaction verification only.
Section 03
How we use your data? (privacy policy)
We process your personal data under the following legal bases and purposes:
| Purpose | Legal basis |
|---|---|
| Creating and managing your account | Contract performance |
| Activating and running AI agents you purchase | Contract performance |
| Processing cryptocurrency or Stripe payments | Contract performance |
| Sending transactional emails (receipts, agent alerts) | Contract performance |
| Fraud detection and platform security | Legitimate interest |
| Product analytics and feature improvement | Legitimate interest |
| Responding to support requests | Legitimate interest |
| Marketing emails (opt-in only) | Consent |
| Compliance with legal obligations | Legal obligation |
We never use your data to train AI models, sell advertising, or profile you for commercial purposes unrelated to delivering the Aipick service.
Section 04
Data sharing
We share your data with third parties only where strictly necessary:
| Third party | Purpose | Data shared | Sells your data? |
|---|---|---|---|
| Stripe | Payment processing | Email, transaction amount | No |
| Binance Pay / OKX Pay | Crypto payment verification | Transaction hash only | No |
| AWS / Cloudflare | Hosting & CDN | Encrypted data at rest | No |
| Sentry | Error monitoring | Anonymised crash logs | No |
| Platform APIs (Meta, Google, etc.) | Agent connection | OAuth token only | No |
We do not sell, rent, or trade your personal data to any party for any commercial purpose, ever. We do not work with data brokers.
Section 05
Platform permissions & OAuth
When you connect an agent to a social, freelance or e-commerce platform, you grant that agent specific permissions via the platform’s official OAuth system. Here is what this means:
What permissions are requested
Each agent requests only the minimum permissions it needs to function. For example, the WhatsApp Agent requests permission to send and receive messages — it does not request access to your contacts list, payment methods, or profile settings.
How tokens are stored
OAuth access tokens are encrypted with AES-256 and stored in an isolated, access-controlled vault. They are never written to logs, never transmitted in plain text, and never shared with any third party beyond the platform they were issued by.
Revoking access
You can revoke an agent’s access at any time in two ways: (1) click Disconnect in your Aipick agent dashboard, or (2) go to the connected platform’s Security → Third-Party Permissions settings and remove Aipick . Both methods immediately invalidate the OAuth token — the agent stops working within seconds.
Revoking access from either end has the same effect. No data collected by the agent on your behalf is retained after disconnection — it is purged within 24 hours.
Section 06
Cookies & tracking
We use cookies and similar technologies on Aipick.pro. You can manage your cookie preferences at any time via the cookie banner or your browser settings.
Section 07
Data retention
We keep your data only for as long as necessary:
| Data | Retention period | Reason |
|---|---|---|
| Account data | Until account deletion + 30 days | Allow account recovery window |
| Payment records | 3 years | Legal / tax obligation (UK law) |
| Agent activity logs | 60 days | Debugging support |
| OAuth tokens | Until disconnection | Agent operation only |
| Support emails | 2 years from resolution | Quality assurance |
| Analytics data | 12 months (then anonymised) | Product improvement |
| IP address logs | 30 days | Security monitoring |
To request deletion of your account and all associated data, email privacy@aipick.pro.io with the subject line “Data Deletion Request”. We will action all deletions within 14 days and confirm by email.
Section 08
Security
We take the security of your data seriously and implement the following measures:
AES-256 encryption
All data at rest — including OAuth tokens and agent configuration — is encrypted with AES-256.
TLS 1.3 in transit
All data transmitted between your browser, our servers, and third-party APIs uses TLS 1.3 minimum.
Zero plain-text credentials
Passwords are hashed with bcrypt (cost factor 12). We never store or transmit any password in plain text.
Access controls
Internal systems use role-based access. No employee has broad access to production user data — only on-call engineers with audit logging.
Penetration testing
We commission independent penetration tests twice per year and remediate all critical and high findings within 7 days.
Breach notification
In the event of a breach affecting your data, we will notify you and the ICO within 72 hours as required by UK GDPR.
Section 09
Your rights
Under our privacy policy, you have the following rights. To exercise any of them, email privacy@aipick.io. We respond within 30 days.
Right of access
Request a copy of all personal data we hold about you (a “Subject Access Request”).
Right to rectification
Ask us to correct inaccurate or incomplete personal data.
Right to erasure
Ask us to delete your personal data (“right to be forgotten”), subject to legal retention obligations.
Right to restriction
Ask us to temporarily stop processing your data while a dispute is resolved.
Right to portability
Receive a copy of your data in a structured, machine-readable format (JSON or CSV).
Right to object
Object to processing based on legitimate interests, including direct marketing (if applicable).
Right to withdraw consent
Withdraw marketing consent at any time via the unsubscribe link in any email we send.
Right to complain
Lodge a complaint with the ICA at ica.net.uk.
Section 10
Children’s privacy
Aipick is not directed at children under the age of 16. We do not knowingly collect personal data from anyone under 16. If you believe a child under 16 has provided us with personal data, please contact us immediately at privacy@aipick.io and we will delete it promptly.
Section 11
Changes to this policy
We may update this Privacy Policy from time to time. When we make material changes, we will:
- Update the “Last updated” date at the top of this page
- Send registered users an email notification at least 14 days before the changes take effect
- Display a prominent banner on the website for 30 days
Your continued use of Aipick after the effective date constitutes acceptance of the updated policy. If you disagree with changes, you may delete your account at any time.
Section 12
Contact us
For any privacy-related question, request or complaint:
Data Protection Contact
📮 Aipick Ltd, Privacy Team, London, UK
We aim to respond to all privacy requests within 5 business days and must legally respond within 30 days.