Privacy Policy

Last updated: February 15, 2026

1. Introduction

This Privacy Policy ("Policy") governs how Ailwin Limited ("Ailwin," "we," "us," or "our") collects, uses, discloses, and protects your personal data when you access or use the Ailwin platform, website, APIs, and related services (collectively, the "Service"). By accessing or using the Service, you acknowledge that you have read and understood this Policy.

Ailwin operates from Hong Kong. This Policy is drafted in accordance with the Hong Kong Personal Data (Privacy) Ordinance ("PDPO") and the European Union General Data Protection Regulation ("GDPR"). Where your local jurisdiction provides additional protections, those protections apply to you.

Please also read our Terms and Conditions, which govern your access to and use of the Service.

2. Data Collection

2.1 Data You Provide

  • Account Information: Full name, email address, and password (encrypted). If you sign in using Google OAuth, we receive your email address, name, and profile photo (if available).
  • Profile Information: Professional role or title, background and expertise description, and preferred writing tone and style.
  • Content Data: Post topics and instructions, writing guidance and preferences, generated post drafts, and selected drafts.
  • Payment Information: We use Stripe to process payments. Your payment details are collected and stored by Stripe, not by Ailwin. We receive only transaction metadata such as order number, amount, date, and payment status.
  • Communications: If you contact us, we collect your name, contact information, and the contents of your messages.
  • LinkedIn Account Data: If you connect a LinkedIn account, we receive your LinkedIn user ID, name, email address, profile picture, and OAuth tokens (access token and refresh token). These tokens are stored encrypted at rest and are used solely to act on your behalf.

2.2 Automatically Collected Data

  • Technical Data: IP address, browser type and settings, device information, and operating system.
  • Usage Data: Pages viewed, features used, dates and times of access, and other information about how you interact with the Service.

2.3 Cookies and Tracking Technologies

We and our service providers use cookies and similar technologies to operate and improve the Service. They fall into the following categories:

  • Necessary cookies: Essential for the Service to function properly, including authentication and security.
  • Functional cookies: Enable enhanced features and remember your preferences.
  • Analytical and marketing cookies: Support analytics and promotional activities.

You may disable cookies through your browser settings, but some features of the Service may become unavailable.

2.4 Data We Do Not Collect

Ailwin does not knowingly collect sensitive or special-category personal data, such as health information, biometric data, or religious beliefs. The Service is not directed to individuals under 18; see Section 10 for details.

3. Purposes of Data Processing

We use your personal data for the following purposes:

  • Deliver and maintain core Service features, including AI-powered post generation, account management, and payment processing.
  • Personalize your experience by using your profile information and writing preferences to generate relevant content.
  • Publish user-edited content to LinkedIn on the user's behalf, using stored OAuth tokens. Content is only published when explicitly initiated by the user.
  • Process payments and respond to support requests.
  • Maintain system security, prevent fraud, and manage risk.
  • Send marketing communications with your consent. You may opt out at any time.
  • Perform aggregated, de-identified analysis for trend research and Service improvement.
  • Comply with legal obligations and respond to lawful requests.

Legal Basis (GDPR): We process your data based on: (a) performance of a contract, (b) legitimate interests, (c) your consent, and (d) compliance with legal obligations.

4. AI-Generated Content

The Service uses third-party large language models to generate posts on your behalf. When you request a post, we transmit your topic, instructions, and relevant profile context to the AI provider. The provider processes this information solely to produce your content and does not retain it for its own purposes.

AI Training: We do not use your Inputs or Outputs to train AI models, or permit third parties to use them for training, unless you have explicitly opted in. If you provide feedback or report content for improvement, we may use that specific feedback to enhance the Service.

No Automated Decisions: We do not make decisions based solely on automated processing that produce legal or similarly significant effects on you.

5. Data Sharing and Third-Party Services

We share personal data with the following categories of service providers, each of which processes data only as necessary to perform services on our behalf:

  • Payment processors: Transaction information necessary to process payments. Ailwin does not receive or store your full card details.
  • Authentication services: Google OAuth, when you choose to sign in with Google.
  • AI providers: Third-party language-model providers that receive the minimum context required to generate your content.
  • Infrastructure and hosting providers: Cloud services that store and serve the application and its data.
  • Social media platforms: LinkedIn, when you choose to connect your account and publish content. We transmit only the content you approve for publishing and use your stored OAuth tokens to authenticate.
  • Analytics providers: Tools that help us measure product usage in aggregate.
  • Government and law enforcement: When required by law or to respond to lawful requests.

We do not sell your personal data to third parties. We do not "sell" or "share" personal data for cross-contextual behavioral advertising.

6. Cross-Border Data Transfers

Your personal data is primarily stored on servers located in Hong Kong. If we need to transfer your data outside of Hong Kong, we will do so in compliance with the PDPO and, where applicable, Standard Contractual Clauses ("SCCs"), and will implement appropriate technical and organizational measures to ensure your data remains protected.

You acknowledge that courts, regulators, or law-enforcement agencies in other jurisdictions may gain lawful access to your data under local procedures.

7. Data Security

We implement commercially reasonable technical and organizational measures to protect your data, including SSL/TLS encryption, access controls, and regular security assessments. In the event of a data breach likely to affect your rights, we will notify you and the relevant supervisory authority within 72 hours where required by applicable law.

No method of transmission over the Internet or electronic storage is completely secure. While we strive to protect your data, we cannot guarantee absolute security.

8. Data Retention

We retain your personal data for the following periods:

  • Account and profile data: Retained for two years after account deletion.
  • Content data: Retained while your account is active and deleted upon account closure.
  • Transaction and financial records: Retained for at least seven years in accordance with Hong Kong law.
  • Usage logs: Retained for 12 months for analytics and security purposes.
  • Anonymized data: Retained indefinitely for statistical analysis.
  • LinkedIn data: LinkedIn account data (user ID, name, email, profile picture, and OAuth tokens) is deleted immediately when you disconnect your LinkedIn account or close your Ailwin account. This data is not subject to the two-year retention period that applies to other account data.

When personal data is no longer needed, we will delete, de-identify, or anonymize it in compliance with applicable laws.

9. Your Rights

Under the PDPO and the GDPR, you have the right to:

  • Access, review, and obtain a copy of your personal data.
  • Rectify or erase inaccurate or incomplete data.
  • Request restriction of processing or object to certain types of data use, including marketing.
  • Withdraw consent at any time, including by disconnecting your LinkedIn account in Settings. Withdrawal does not affect the lawfulness of prior processing.
  • Request portability of your data to another service provider.
  • Lodge a complaint with a supervisory authority.

To exercise these rights, please contact us at hello@ailwin.ai. We may request information to verify your identity before processing your request. Ailwin will not discriminate against you for exercising any of these rights.

10. General

10.1 Eligibility

The Service is not directed to individuals under 18. We do not knowingly collect personal data from children. If we learn or have reason to suspect that a user is under 18, we will investigate and, if appropriate, delete their personal data and account.

10.2 Changes to This Policy

We may update this Policy from time to time. If we make material changes, we will update the "Last updated" date at the top of this page and, where appropriate, notify you by email or in-platform messaging. Your continued use of the Service after any changes constitutes your acceptance of the revised Policy.

10.3 Contact Us

If you have any questions about this Policy, please contact us at: hello@ailwin.ai.