Contents
1. Overview
This Privacy Policy explains how Aloomii collects, uses, shares, and protects personal information when you use our website at aloomii.com, our customer portal at app.aloomii.com, or any of our products and services (together, the "Services").
We wrote this policy to be readable. If anything is unclear, please contact us and we'll explain.
2. Who we are
Aloomii is an AI operations company based in Caledonia, Ontario, Canada. For the purposes of privacy law, we are the "controller" of the personal information you share with us.
Our legal entity, contact information, and privacy officer can be reached through the contact details at the bottom of this policy.
3. Information we collect
3.1 Information you provide directly
When you use our Services, you may provide:
- Account information: Your name, email address, and password when you create an account
- Purchase information: Payment details and billing information when you buy a product (processed by Gumroad, not stored by us)
- Profile information: Optional information you add to your profile in the portal
- Content you create: Notes, favorites, customizations, and other data you create within the portal
- Communications: Messages you send us through our contact form, email, or support channels
3.2 Information collected automatically
When you use the Services, we automatically collect:
- Usage data: Pages you view, features you use, prompts you interact with, favorites, status changes, and search queries
- Device information: IP address, browser type, operating system, device identifiers, and screen resolution
- Session data: Login times, session duration, and authentication events
- Performance data: Error logs, page load times, and technical diagnostics
3.3 Information from third parties
We receive information from:
- Gumroad: Purchase confirmations, buyer email addresses, product purchased, and transaction metadata
- Clerk: Authentication events, account creation timestamps, and session management data
- Analytics providers: Aggregated usage patterns and visitor behavior
4. How we use your information
We use personal information to:
- Deliver the Services you purchased, including granting access to your edition and content
- Authenticate your account and protect against unauthorized access
- Process transactions and send you purchase confirmations and receipts
- Provide customer support and respond to your inquiries
- Improve our products by analyzing usage patterns and fixing issues
- Send you service communications about your account, purchases, and product updates
- Send you marketing communications (only with your consent and with the ability to unsubscribe)
- Comply with legal obligations and protect against fraud or misuse
5. Who we share it with
We don't sell your personal information. We share it only with the following service providers, each of whom has agreed to handle your data in accordance with privacy laws and our instructions.
| Service Provider | Purpose | Data Shared |
|---|---|---|
| Clerk | Authentication and account management | Email, name, password (hashed), session data |
| Gumroad | Payment processing and purchase fulfillment | Email, billing information, transaction details |
| Neon | Database hosting (your account data and portal content) | Account data, usage events, portal content |
| Cloudflare | Website hosting, CDN, security | IP address, request logs, security events |
| Kit | Email newsletter and transactional email | Email, name, subscription preferences |
| Analytics provider | Usage analytics (privacy-respecting, no cross-site tracking) | Anonymized page views and events |
We may also share information when required by law, to protect our rights or safety, in connection with a business transfer (merger, acquisition, or sale of assets), or with your explicit consent.
6. How long we keep it
We keep personal information for as long as needed to provide the Services and comply with legal obligations. Specifically:
- Account data: While your account is active, plus 12 months after closure
- Purchase records: 7 years, as required by Canadian tax law
- Usage events: 24 months, then anonymized for analytics
- Support communications: 3 years from your last contact
- Marketing data: Until you unsubscribe or request deletion
You can request deletion of your account at any time, though some information (like purchase records) may be retained to comply with legal requirements.
7. Your rights
Depending on where you live, you may have the following rights regarding your personal information:
- Access: Request a copy of the personal information we have about you
- Correction: Ask us to correct inaccurate or incomplete information
- Deletion: Request that we delete your personal information
- Portability: Receive your data in a structured, machine-readable format
- Objection: Object to certain processing, including direct marketing
- Restriction: Ask us to limit how we process your information
- Withdraw consent: Withdraw any consent you previously gave
Specific rights by jurisdiction
European Economic Area, UK, and Switzerland: Rights under GDPR and UK GDPR, including the right to lodge a complaint with your local data protection authority.
California: Rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA), including the right to know, delete, correct, opt-out of sale or sharing, and non-discrimination for exercising your rights. We do not sell personal information.
Canada: Rights under the Personal Information Protection and Electronic Documents Act (PIPEDA) and applicable provincial privacy laws.
To exercise any of these rights, contact us. We will respond within 30 days (or the timeframe required by applicable law). We will not discriminate against you for exercising your rights.
8. Cookies and similar technologies
We use cookies and similar technologies to operate and improve the Services.
Types of cookies we use
- Essential cookies: Required for the Services to function, including authentication (Clerk) and security (Cloudflare). These cannot be disabled.
- Performance cookies: Help us understand how visitors use the Services (analytics).
- Preference cookies: Remember your choices and settings.
We do not use advertising cookies or cross-site tracking. You can control cookies through your browser settings. Disabling essential cookies will prevent the Services from working properly.
9. Security
We take reasonable steps to protect your personal information, including:
- Encryption in transit (TLS) and at rest where supported by our service providers
- Access controls limiting who at Aloomii can access user data
- Using reputable service providers with strong security practices (Clerk, Neon, Cloudflare, Gumroad)
- Regular review of our security practices
However, no system is 100% secure. If we become aware of a breach affecting your personal information, we will notify you as required by applicable law.
10. International transfers
We are based in Canada. Some of our service providers are located in the United States and other countries. When we transfer your personal information outside your home jurisdiction, we rely on appropriate legal mechanisms such as standard contractual clauses or equivalent safeguards.
11. Children's privacy
Our Services are not directed to children under 16, and we do not knowingly collect personal information from children. If you believe a child has provided us with personal information, contact us and we will delete it.
12. Changes to this policy
We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email or through a notice on our website at least 30 days before the changes take effect. Your continued use of the Services after the effective date constitutes acceptance of the updated policy.
13. Contact us
If you have questions about this Privacy Policy or want to exercise any of your rights, please reach us through our contact form.
Aloomii
Caledonia, Ontario, Canada
Privacy inquiries: via aloomii.com/#contact