Privacy Policy
Introduction
Aidu Inc. (“AIDU”, “we”, “us”, “our”) operates the AIDU platform, an AI-powered productivity and email intelligence service for Microsoft 365 users.
This Privacy Policy explains how we collect, process, use, and protect personal data.
Identity of the Company
Aidu Inc. is incorporated in the State of Delaware, United States.
Legal Entity Details: Aidu Inc. Delaware
File Number: 10318722
Date of Incorporation: September 3, 2025
Registered Office: 16192 Coastal Highway, Lewes, Delaware 19958, Sussex County, USA
Roles Under GDPR
AIDU as Data Processor
For all personal data originating from a customer's Microsoft 365 environment, AIDU is the Data Processor, operating strictly under the Customer's instructions according to GDPR Article 28. The Customer is the Data Controller.
AIDU as Data Controller
For website analytics, marketing sign-ups, and AIDU's own business operations, AIDU acts as the Data Controller.
Personal Data We Process
Account & Identity Information
Collected when you sign in with Microsoft:
- Name
- Email address
- Organization
- Microsoft profile metadata
Microsoft 365 Email Data (Processor Role)
If you authorize AIDU access:
- Email subject
- Email body
- Metadata (sender, recipient, timestamps, folders)
- Attachments (if required for AI features)
Derived Data (Stored)
We store:
- AI-generated summaries
- Priority scoring
- Categories
- Follow-up suggestions
We store raw email content but we remove them after processing is completed.
Cookies & Tracking Technologies
We use cookies and similar technologies (such as localStorage tokens) to operate our services, ensure security, and improve your experience.
Strictly Necessary or Essential Cookies
These cookies are essential to provide you with our services and cannot be switched off. They are used to authenticate you, maintain your session, and protect against security threats. Without them, the service will not function.
- Session Cookie — Maintains your authenticated session.
- CSRF Token — Protects against cross-site request forgery attacks.
Performance & Analytics Cookies
These cookies help us understand how you use our product so we can measure and improve performance, and detect and resolve errors. They collect information about feature usage, page views, and error reports. These cookies are only activated with your consent. If you do not allow these cookies, we will not be able to monitor performance or detect issues effectively.
Third-Party Services
We use the following third-party services that may set cookies or collect data through our application:
Microsoft Azure AD
Category: Strictly Necessary
Purpose: Authentication and identity
Data Hosted: EU / Microsoft infrastructure
PostHog (PostHog Inc.)
Category: Performance & Analytics
Purpose: Product analytics — understanding feature usage and improving the product
Data Hosted: EU (eu.posthog.com)
Sentry (Functional Software Inc.)
Category: Performance & Analytics
Purpose: Error tracking and performance monitoring — detecting and resolving issues
Data Hosted: EU (sentry.io)
Managing Your Preferences
You can manage your analytics cookie preferences at any time through our cookie settings in the application or through your browser settings. Strictly necessary cookies cannot be disabled as they are required for the service to operate. You may withdraw your consent for analytics cookies at any time, and we will stop collecting analytics data going forward.
To find out more about cookies, including how to manage and delete them, visit allaboutcookies.org.
Purpose of Processing
We process data to:
- Provide core AI features (summaries, classification, recommendations)
- Authenticate Microsoft accounts
- Maintain and secure the platform
- Provide customer service
- Detect abuse and ensure system integrity
- Comply with legal requirements
We never sell personal data.
Data Storage & Retention
Storage Location
All customer data is stored in Microsoft Azure EU regions.
Email Content
Automatically removed after the AI operation completes.
Derived Data
Stored until customer request, workspace closure, or 30 days after subscription ends.
Logs
Retained for security and debugging, then anonymized or deleted.
Backups
Encrypted and stored only within EU Azure regions.
AI Processing (Azure OpenAI)
When an AI feature is triggered, email content may be sent to Microsoft Azure OpenAI.
Processing & Privacy
We use Azure OpenAI with no prompt logging, no output logging, and no model training using customer data.
Microsoft may retain minimal telemetry for up to 30 days for security and abuse monitoring — consistent with Microsoft 365 Copilot policies.
Human-in-the-loop
AI suggestions are never sent without user action and must be reviewed and approved.
No Model Training
Customer data is never used to train any foundation models.
Sub-Processors
| Vendor | Service | Privacy Safeguard |
|---|---|---|
| Microsoft | Azure, OpenAI, Graph | Enterprise Data Protection |
| Nango | CRM Integration | SCCs |
| Apollo.io | Contact Enrichment | SCCs |
| HubSpot | CRM (customer-selected) | SCCs |
| Salesforce | CRM (customer-selected) | SCCs |
| Zoho | CRM (customer-selected) | SCCs |
| Pipedrive | CRM (customer-selected) | SCCs |
Organization administrators will be notified by email at least 10 days before any new sub-processor is engaged.
Operational vendors may be used. A complete list is available on request.
International Transfers
AIDU stores data exclusively in the EU. Some subprocessors (Microsoft) may process data globally under:
- Standard Contractual Clauses (SCCs)
- GDPR-approved safeguards
- Azure enterprise compliance controls
AIDU does not transfer or store personal data outside the EU unless required by a permitted subprocessor.
Security & Data Breach
Access restricted to two authorized engineers.
Data Breach Notification
If a breach affects your data, we notify you without undue delay. Regulatory notifications follow within 72 hours. We provide a full root-cause analysis and remediation steps.
Your GDPR Rights
Submit requests to support@aidu.ai. We respond within GDPR timelines.
Children's Privacy
AIDU is not intended for children under 16 and does not knowingly collect their data.
Policy Updates
AIDU may update this Privacy Policy. The “Last Updated” date will indicate changes. For any further privacy inquiries or legal matters, please reach out to our dedicated teams.