Legal

Privacy Policy

Last updated: June 13, 2026  ·  Effective: June 13, 2026

1. Introduction

AI Business Engine ("Company", "we", "us", or "our") is committed to protecting your personal data. This Privacy Policy explains how we collect, use, store, and share your personal information when you use our platform at aibce.io ("Service").

This policy complies with the EU General Data Protection Regulation (GDPR), the UK GDPR, the California Consumer Privacy Act (CCPA), and other applicable data protection laws.

For GDPR purposes, AI Business Engine is the data controller of your personal data.

2. Data We Collect

Data CategoryExamplesLegal Basis (GDPR)
Account dataEmail address, name, profile pictureContract performance (Art. 6(1)(b))
Business idea dataIntake conversation, business description, industry selectionContract performance (Art. 6(1)(b))
Payment dataPayment method (processed by Stripe — we do not store card numbers)Contract performance (Art. 6(1)(b))
Usage dataPages visited, features used, session durationLegitimate interests (Art. 6(1)(f))
Technical dataIP address, browser type, device typeLegitimate interests (Art. 6(1)(f))
CommunicationsSupport emails, feedback submissionsLegitimate interests (Art. 6(1)(f))
Marketing preferencesEmail newsletter opt-in/outConsent (Art. 6(1)(a))

3. How We Use Your Data

We use your personal data to:

  • Provide, operate, and improve the Service
  • Process your business build requests through our AI agent system
  • Process payments and collect revenue share via Stripe Connect
  • Send transactional emails (build status, payment receipts, account notifications)
  • Send marketing communications (only with your consent)
  • Comply with legal obligations
  • Detect and prevent fraud, abuse, and security incidents
  • Analyse usage patterns to improve the Service

4. AI Processing of Your Data

Your business idea, intake conversation, and related content are processed by AI language models to generate your business plan, code, and marketing materials. We use the following AI providers as data processors:

OpenAI
Purpose: Business plan generation, code generation, marketing copy
Transfer safeguard: USA (Standard Contractual Clauses)
Anthropic
Purpose: Business strategy, coding agents
Transfer safeguard: USA (Standard Contractual Clauses)
Google (Gemini)
Purpose: Meta-strategist, documentation agents
Transfer safeguard: EU/USA (Adequacy Decision + SCCs)
DeepSeek
Purpose: Code generation only (no personal data)
Transfer safeguard: China (non-personal data only)

All AI providers are bound by Data Processing Agreements (DPAs) with the Company. Your data is used solely to provide the Service and is not used to train AI models by our providers (subject to their respective opt-out settings, which we have enabled where available).

5. Data Sharing

We do not sell your personal data. We share your data only with:

  • Clerk — authentication and user management (clerk.com)
  • Stripe — payment processing and revenue share collection (stripe.com)
  • AI providers — as described in Section 4 above
  • Resend — transactional email delivery (resend.com)
  • Google Cloud Platform — infrastructure hosting (cloud.google.com)
  • Law enforcement — when required by applicable law or court order

6. Data Retention

We retain your personal data for as long as your account is active. Upon account deletion:

  • Account data is deleted within 30 days
  • Business project data (code, plans, assets) is deleted within 30 days unless you have exported it
  • Payment records are retained for 7 years as required by financial regulations
  • Anonymised usage analytics may be retained indefinitely

7. Your Rights

Under GDPR and applicable law, you have the following rights:

Right of access
Request a copy of all personal data we hold about you
Right to rectification
Correct inaccurate or incomplete personal data
Right to erasure
Request deletion of your personal data ('right to be forgotten')
Right to portability
Receive your data in a machine-readable format
Right to restriction
Restrict how we process your data in certain circumstances
Right to object
Object to processing based on legitimate interests
Right to withdraw consent
Withdraw marketing consent at any time
Right to complain
Lodge a complaint with your national data protection authority

To exercise any of these rights, contact us at privacy@aibce.io. We will respond within 30 days. You can also exercise your data deletion and export rights directly from your account dashboard under Settings → Data & Privacy.

8. International Data Transfers

Your data may be transferred to and processed in countries outside the European Economic Area (EEA), including the United States. We ensure appropriate safeguards are in place for all such transfers, including:

  • EU Standard Contractual Clauses (SCCs) with US-based processors
  • EU-US Data Privacy Framework adequacy decisions where applicable
  • Binding Corporate Rules where available

9. Cookies

We use cookies and similar tracking technologies. For detailed information, please see our Cookie Policy. You can manage your cookie preferences at any time via the cookie banner or your browser settings.

10. Children's Privacy

The Service is not directed to individuals under the age of 18. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us immediately at privacy@aibce.io.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email at least 30 days before they take effect. The "Last updated" date at the top of this page reflects the most recent revision.

12. Contact & Data Protection

AI Business Engine — Data Controller

Privacy enquiries: privacy@aibce.io

General support: support@aibce.io

EU residents may also contact their national supervisory authority. A list of EU data protection authorities is available at edpb.europa.eu.