Privacy Policy

Effective Date: March 13, 2026

1. Introduction

AI Made (“Company”, “we”, “us”, or “our”) operates the AI agent skills directory and related services at https://aimade.tech (the “Site”). This Privacy Policy explains how we collect, use, disclose, retain, and protect personal information of visitors, members, and other users (collectively, “you”, “your”, or “users”). By accessing or using the Site, you acknowledge that you have read, understood, and agree to the practices described herein.

2. Definitions

Personal Data / Personal Information: Any information relating to an identified or identifiable natural person.
Processing: Any operation performed on personal data, including collection, storage, use, disclosure, or destruction.
Data Controller: The entity that determines the purposes and means of processing personal data (AI Made).
Data Processor: A third party that processes personal data on behalf of the controller (e.g., Stripe, Google).
Cookies: Small text files placed on your device by the Site or third‑party services to store information about your interaction.
GDPR: The EU General Data Protection Regulation (Regulation (EU) 2016/679).
CCPA: The California Consumer Privacy Act (California Civil Code §§ 1798.100‑1798.199).

3. Information We Collect

We collect personal data in the following categories. The list is exhaustive but not limiting; we may collect additional data when you voluntarily provide it.

3.1 Automatically Collected Information

When you visit the Site, we automatically receive technical data from your device and browser, including:

IP address (anonymized where required by law)
Device type, operating system, and browser version
Screen resolution and display settings
Referral URL and landing page
Timestamp of each request
Interaction data such as pages viewed, search queries, clicks, scroll depth, and navigation paths

This information is collected via server logs, cookies, web beacons, and similar technologies.

3.2 Account Information

If you create an account or subscribe to a membership tier, we collect the data you provide during registration and profile management, including:

Full name
Email address (used for login, notifications, and newsletters)
Encrypted password (hashed with industry‑standard algorithms)
Billing address (required for invoicing)
Optional profile fields (e.g., organization name, role, preferences, avatar)

3.3 Payment Information

All payment processing is performed by Stripe, a PCI‑DSS‑compliant third‑party processor. We collect only the minimal data needed to initiate a transaction:

Credit/debit card number, expiration date, and CVC (transmitted directly to Stripe and never stored on our servers)
Billing address (used for verification and invoicing)
Transaction identifiers and receipt information

3.4 Communications

When you contact us via email, support tickets, live chat, or any other channel, we retain the content of those communications, including any personal data you voluntarily provide (e.g., name, email, screenshots).

3.5 Newsletter & Marketing Subscriptions

If you opt‑in to receive newsletters, product updates, or promotional offers, we store your email address and your preferences regarding the type and frequency of communications.

3.6 Third‑Party Data Sources

We may receive personal data about you from third‑party services you connect to the Site (e.g., social login providers). In such cases, we only collect the data you explicitly authorize.

4. Legal Basis for Processing (GDPR)

When the GDPR applies, we rely on one or more of the following lawful bases:

Performance of a contract: Processing is necessary to provide the services you have subscribed to (e.g., account creation, membership delivery).
Legal obligation: Processing is required to comply with tax, accounting, or other statutory duties.
Legitimate interests: Processing for fraud prevention, security, analytics, and improving the Site, provided it does not override your fundamental rights.
Consent: Processing of marketing communications, cookies (non‑essential), and any optional data you voluntarily provide after clear consent.

5. How We Use Your Information

We use personal data for the following purposes, each tied to a specific lawful basis where applicable:

Account Management & Security – to create, maintain, authenticate, and secure your account (contractual necessity).
Payment Processing & Billing – to process payments, issue invoices, manage subscription cycles, and comply with financial regulations (contractual necessity and legal obligation).
Service Delivery – to provide access to the Skills Index, search and filtering tools, safety‑rating system, API endpoints, and any other features you have subscribed to (contractual necessity).
Personalization – to tailor content, recommendations, and UI preferences based on your usage patterns (legitimate interest).
Communications – to send transactional emails (e.g., password resets, receipts), newsletters, product announcements, and promotional offers you have opted into (consent).
Analytics & Improvement – to analyze aggregate usage, diagnose technical issues, conduct A/B testing, and improve performance (legitimate interest).
Legal Compliance & Protection – to enforce our Terms of Service, respond to legal requests, protect against fraud, and safeguard the rights and safety of users and the Company (legal obligation).

6. Cookies and Tracking Technologies

We use cookies and similar technologies (e.g., local storage, web beacons) to enable functionality, improve performance, and gather analytics. Below is a detailed classification.

6.1 Essential Cookies

Session ID – maintains your logged‑in state.
CSRF Token – protects against cross‑site request forgery attacks.
Authentication Cookies – store encrypted tokens for secure access.

6.2 Preference Cookies

Language & Locale – remembers your chosen language.
Theme Preference – stores light/dark mode selection.
Search Settings – retains filter choices for the Skills Index.

6.3 Analytics Cookies

Google Analytics (GA4) – collects page‑view counts, session duration, bounce rate, and conversion paths. IP anonymization is enabled for EU visitors.
Site Kit – aggregates performance metrics and provides insights to us.
LiteSpeed Cache – records cache‑hit statistics to improve load times.

6.4 Advertising & Marketing Cookies

Set only when you explicitly opt‑in to receive promotional emails or targeted content. These cookies may be placed by third‑party email service providers (e.g., Mailchimp) for campaign tracking.

6.5 Performance Cookies

Managed by LiteSpeed Cache to store static resources, reducing server load and improving page speed.

6.6 Managing Cookies

You may manage or withdraw consent for non‑essential cookies through your browser settings or via the cookie consent banner displayed on the Site. Disabling essential cookies may prevent you from logging in or using certain features.

7. Third‑Party Services and Data Transfers

We rely on a number of third‑party service providers to operate the Site. Each provider processes personal data only to the extent necessary to perform its function. Where applicable, we have entered into data‑processing agreements that impose GDPR‑compatible obligations.

Stripe – payment processing, fraud detection, invoicing. Stripe’s privacy policy is available here. Stripe may transfer data outside the European Economic Area (EEA) under the EU‑US Privacy Shield framework (or its successor) and Standard Contractual Clauses.
Google Analytics & Site Kit – website traffic analysis. Data may be transferred to and stored in the United States. We have enabled IP anonymization for EU users.
Litespeed Cache – server‑side caching. Operates on our hosting infrastructure and does not receive personal data beyond technical logs.
Mailchimp (or equivalent) – email newsletter distribution. Personal data (email address, name, subscription preferences) is stored on Mailchimp’s servers, which may be located in the United States. We have a Data Processing Addendum with Mailchimp.
Support Ticket System (e.g., Zendesk) – handles user inquiries. Stores communication content and associated user identifiers.

7.1 International Data Transfers

If you are located outside the United States, your personal data may be transferred to, stored, and processed in the United States or other jurisdictions that may not provide the same level of data‑protection as your home country. We rely on the following mechanisms to ensure an adequate level of protection:

Standard Contractual Clauses (SCCs) approved by the European Commission.
Binding Corporate Rules (BCRs) for intra‑group transfers.
Explicit consent where required (e.g., for marketing communications).

8. Data Sharing and Disclosure

We may disclose your personal data in the following circumstances:

Service Providers: To third‑party processors (Stripe, Google, Mailchimp, etc.) that perform services on our behalf.
Legal Requirements: To comply with a subpoena, court order, legal process, or governmental request.
Protection of Rights: To protect the rights, property, or safety of AI Made, its users, or the public.
Business Transfers: In connection with a merger, acquisition, reorganization, or sale of all or substantially all of our assets, provided the acquiring entity agrees to honor this Privacy Policy.
Aggregated or Anonymized Data: We may share aggregated, non‑identifiable statistics with partners, investors, or the public.

9. Data Retention

We retain personal data only for as long as necessary to fulfill the purposes described in this Policy, unless a longer period is required or permitted by law. Typical retention periods are:

Account Information: Retained until the account is deleted or becomes inactive for 24 months. Inactive accounts are archived and later purged after an additional 12 months.
Payment Records: Retained for a minimum of 7 years to satisfy tax, accounting, and anti‑money‑laundering obligations.
Analytics Data: Retained in aggregated form for up to 24 months. Raw logs containing IP addresses are deleted after 12 months.
Communications: Retained for the duration of the relationship and for 2 years thereafter, unless a longer period is required for dispute resolution.
Newsletter Subscriptions: Retained until you unsubscribe or request deletion.
Cookies: Session cookies expire when you close your browser; persistent cookies have lifespans ranging from 30 days to 2 years, as indicated in the cookie banner.

10. Security Measures

We implement appropriate technical and organizational measures to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access. These measures include:

Transport Layer Security (TLS) encryption for data in transit.
At‑rest encryption for backup databases and sensitive files.
Regular security audits, vulnerability scanning, and penetration testing.
Role‑based access controls limiting employee access to the minimum necessary.
Secure password hashing (bcrypt) and multi‑factor authentication for privileged accounts.
Incident response procedures and a dedicated security team.

While we strive to protect your data, no method of transmission over the internet or electronic storage is 100 % secure. You acknowledge that we cannot guarantee absolute security.

11. Your Rights and Choices

Depending on your jurisdiction, you may have the following rights regarding your personal data. To exercise any of these rights, please contact us at contact@aimade.tech. We will respond within 30 days, unless a longer period is required by law.

11.1 Rights Under the GDPR (EU/EEA Residents)

Right of Access: Request a copy of the personal data we hold about you.
Right to Rectification: Request correction of inaccurate or incomplete data.
Right to Erasure (“Right to be Forgotten”): Request deletion of your data, subject to legal exceptions (e.g., tax records).
Right to Restriction of Processing: Request that we limit the ways we use your data.
Right to Data Portability: Receive your data in a structured, commonly used, machine‑readable format and transmit it to another controller.
Right to Object: Object to processing based on legitimate interests or direct marketing.
Right to Withdraw Consent: Withdraw consent at any time where processing is based on consent (e.g., marketing emails).

11.2 Rights Under the CCPA (California Residents)

Right to Know: Request disclosure of the categories of personal information we collect, the sources, purposes, and third parties with whom we share it.
Right to Delete: Request deletion of your personal information, subject to certain exemptions (e.g., fraud detection, legal obligations).
Right to Opt‑Out of Sale: Although we do not sell personal data, you may exercise this right if we ever engage in a data‑sale arrangement.
Right to Non‑Discrimination: We will not discriminate against you for exercising any CCPA right.

11.3 Managing Cookies and Direct Marketing

Use the cookie consent banner to accept or reject non‑essential cookies.
Click the “unsubscribe” link in any marketing email or manage preferences via your account settings.
Set your browser to block third‑party cookies or delete existing cookies at any time.

11.4 Exercising Your Rights

To submit a request, please email contact@aimade.tech with the subject line “Privacy Request”. Include sufficient information to verify your identity (e.g., account email, name, and a copy of a government‑issued ID). We may request additional information to confirm that the request is legitimate.

12. Children’s Privacy

The Site is not directed at children under the age of 13, and we do not knowingly collect personal data from anyone younger than 13. If we become aware that a child under 13 has provided personal data, we will take reasonable steps to delete that information promptly. Parents or guardians who believe their child’s data has been inadvertently collected may contact us at contact@aimade.tech.

13. International Users

If you are located outside the United States, please be aware that your personal data may be transferred to, stored, and processed in the United States or other jurisdictions. By using the Site, you consent to such transfers and acknowledge that the United States may not provide the same level of data‑protection as your home country. We rely on Standard Contractual Clauses, Binding Corporate Rules, and/or your explicit consent to ensure an adequate level of protection.

14. Links to Other Websites

The Site may contain links to third‑party websites, services, or resources that are not operated by AI Made. This Privacy Policy does not apply to those external sites. We encourage you to review the privacy policies of any third‑party sites you visit.

15. Do‑Not‑Track Signals

Our Site does not currently respond to Do‑Not‑Track (“DNT”) signals because there is no consensus on how to interpret them under applicable law. However, you can manually disable cookies or use browser extensions to achieve a similar effect.

16. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or technology. When we make material changes, we will:

Update the “Effective Date” at the top of the document.
Post a notice on the Site’s homepage or within user dashboards.
Send an email notification to users who have provided an email address, where feasible.

Your continued use of the Site after any such changes constitutes your acceptance of the revised policy.

17. Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy or our data‑processing practices, please contact us:

Email: contact@aimade.tech
Address: AI Made, 123 Innovation Drive, San Francisco, CA 94107, USA (for correspondence only)

18. Governing Law and Dispute Resolution

This Privacy Policy and any disputes arising out of or related to it shall be governed by the laws of the State of California, United States, without regard to its conflict‑of‑law principles. Any claim or controversy arising out of this Policy shall be resolved by binding arbitration administered by the American Arbitration Association (AAA) under its Commercial Arbitration Rules, except that you may seek injunctive or equitable relief in a court of competent jurisdiction.