Legal

Privacy Policy

Last Updated: March 2026 ·  CAVIC Digital OÜ  ·  Tallinn, Estonia

At AISIBLY, we build machine-readable identity infrastructure. We believe structured data demands structured privacy. This policy is written in the same spirit as our platform: clear, modular, and honest about what we collect, why we collect it, and what we do not do.

1. Information We Collect

AISIBLY collects data across three categories: account and identity data, content you submit for processing, and platform usage metrics. We collect only what is necessary to deliver, secure, and improve the service.

A. Account & Identity Data

When you register via LinkedIn or Google OAuth, we receive and store the following from your profile:

  • Full name and display name
  • Email address
  • Profile picture URL
  • Profile URL and unique identifier (LinkedIn only)
  • Headline and current job title (LinkedIn only)

We do not receive your social connections, private messages, or any data beyond the public profile fields granted by your chosen OAuth provider. When you subscribe to a paid plan, billing information is collected and processed directly by our payment processor — AISIBLY does not store raw card numbers.

B. Content You Submit

The core function of AISIBLY is generating structured identity and business data from content you provide. This includes:

  • User-submitted content: professional summaries, business descriptions, service lists, credentials, and URLs you provide via the dashboard
  • Processed output: structured data generated by our AI engine from your submitted content
  • Published profile data: the structured data made publicly available via your AISIBLY profile URL

Your submitted content is passed to our AI processing provider for structured extraction. We do not use your data to train any foundational model without your explicit prior consent.

C. Platform Usage Metrics

To manage billing tiers, enforce plan limits, and improve the platform, we collect:

  • Usage counts (tracked against your plan's limits)
  • API call volume to your public endpoints
  • Subscription events: plan activations, upgrades, and cancellations
  • Session and authentication events: login timestamps, OAuth token refreshes
  • Dashboard interaction: feature usage patterns, to prioritize roadmap development

2. How We Use Your Information

PurposeData UsedLegal Basis (GDPR)
Account creation & authenticationOAuth profile data, emailContract performance
Content processing & publicationSubmitted content, processed outputContract performance
Subscription & billing managementPlan tier, billing eventsContract performance
Service communicationsEmail address, subscription statusLegitimate interest
Platform security & fraud preventionAuth events, API call patternsLegitimate interest
Product improvementAggregated usage metrics (anonymised)Legitimate interest
Legal & compliance obligationsAccount data, billing recordsLegal obligation

We do not sell your data. We do not share your data with advertisers. We do not use your data to build advertising profiles.

3. Third-Party Services

The following sub-processors receive data as necessary to deliver the platform:

Authentication

  • LinkedIn (Microsoft Corporation) — OAuth 2.0 authentication provider. LinkedIn's own privacy policy governs data on their platform. AISIBLY receives only the profile scopes listed in Section 1A.
  • Google (Alphabet Inc.) — OAuth 2.0 authentication provider. Google's own privacy policy governs data on their platform. AISIBLY receives only your name, email address, and profile picture.

Data Storage & Infrastructure

  • Cloud database provider — Hosts your profile, content, and published data. Infrastructure is located in EU-region data centres. Data is processed under standard contractual clauses.

Payments

  • Payment processor — Handles payment processing and subscription management. PCI DSS Level 1 certified. AISIBLY receives subscription status signals but does not store raw payment credentials.

AI Processing

  • AI processing provider — Processes your submitted profile and business content to generate structured output. Content is transmitted under applicable API terms that prohibit use of your data for model training.

Transactional Email

  • Email delivery provider — Delivers transactional emails including subscription confirmations and security notices. Only your email address and relevant account context are shared.

4. Data Retention

We retain your data for as long as your account is active or as required to fulfill the purposes described in this policy.

  • Active accounts: all profile and content data is retained for the duration of your subscription
  • Cancelled subscriptions: your account remains accessible for a grace period after cancellation, after which published data is deactivated. Your account record is not immediately deleted
  • Account deletion requests: upon verified request, we delete your profile record, processed content, and published data within 30 days. Billing records may be retained for up to 7 years as required by Estonian and EU tax law
  • Aggregated analytics: anonymised usage metrics may be retained indefinitely for product development purposes

5. Data Security

AISIBLY implements industry-standard security measures appropriate to the risk profile of the data we process:

  • Transport encryption: all data in transit is encrypted via TLS 1.2+
  • Database access control: row-level security policies restrict data access to authenticated, authorised users. Published profile data is intentionally readable by public endpoints as the core service function
  • Webhook integrity: payment and subscription events are cryptographically verified before any account state changes are processed
  • API key management: service credentials are managed via environment variables and are not exposed in client-side code

No security system is impenetrable. In the event of a data breach affecting your personal data, we will notify affected users in accordance with GDPR Article 34 requirements (within 72 hours of becoming aware, where applicable).

6. Your Rights Under GDPR

AISIBLY is operated by CAVIC Digital OÜ, registered in Tallinn, Estonia — an EU member state. The General Data Protection Regulation (GDPR) applies to all users, regardless of location.

You have the following rights regarding your personal data:

  • Right of access (Art. 15): request a copy of the personal data we hold about you
  • Right to rectification (Art. 16): request correction of inaccurate or incomplete data
  • Right to erasure (Art. 17): request deletion of your data ("right to be forgotten"), subject to legal retention obligations
  • Right to data portability (Art. 20): receive your profile and content data in a machine-readable format
  • Right to restrict processing (Art. 18): request that we limit how we process your data
  • Right to object (Art. 21): object to processing based on legitimate interests, including service communications
  • Right to lodge a complaint: you may lodge a complaint with the Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon) or the supervisory authority in your country of residence

To exercise any of these rights, contact our Privacy Team (see Section 9). We will respond within 30 days.

7. Children's Privacy

AISIBLY is a professional platform intended for adults. We do not knowingly collect data from individuals under 16 years of age. If we become aware that a minor has registered, we will delete the account promptly.

8. Changes to This Policy

This Privacy Policy will be updated as the platform evolves. Material changes will be communicated via email to active users at least 14 days before taking effect.

The date at the top of this document reflects the most recent revision. Continued use of the platform after a notified change constitutes acceptance of the updated policy.

9. Contact

CAVIC Digital OÜ is the data controller for personal data processed through the AISIBLY platform.

For GDPR requests, data deletion, data export, or privacy concerns, contact our Privacy Team directly.

Contact Privacy Team