AICORES

Privacy Policy

Last updated: 26 March 2026

AI-CORES Digital Systems Limited ("we", "us", "our"), registered in Ireland, is the data controller for personal data processed through the AICORES platform. We are committed to protecting your privacy in accordance with the General Data Protection Regulation (GDPR) (EU) 2016/679 and the Irish Data Protection Act 2018.

1. Data We Collect

1.1 Account Data

When you register, we collect: full name, email address, password (hashed), job title (optional), and phone number (optional).

1.2 Business Data

You may provide: business name, industry, business type, financial data (revenue, expenses, cash flow), and documents uploaded to the platform.

1.3 Billing Data

Payment processing is handled by Stripe (card payments) and GoCardless (direct debit). We store: subscription tier, billing status, and invoice records. We do not store full card numbers or bank account details — these are held by our payment processors.

1.4 Usage Data

We collect: pages visited, features used, diagnostic responses, AI advisor queries, and device/browser information. This helps us improve the Service.

1.5 Cookies

We use essential cookies for authentication and session management. See our Cookie Policy for details.

2. Legal Basis for Processing

We process your data on the following legal bases under GDPR Article 6:

  • Contract (Art. 6(1)(b)) — To provide the Service you have signed up for, including account management, billing, and customer support.
  • Legitimate interest (Art. 6(1)(f)) — To improve the Service, prevent fraud, and send service-related communications.
  • Legal obligation (Art. 6(1)(c)) — To comply with tax, accounting, and anti-money laundering requirements.
  • Consent (Art. 6(1)(a)) — For optional marketing emails and non-essential cookies. You can withdraw consent at any time.

3. How We Use Your Data

  • To provide, maintain, and improve the AICORES platform.
  • To generate AI-powered insights, reports, and recommendations for your business.
  • To process payments and generate invoices.
  • To send transactional emails (welcome, payment confirmations, alerts).
  • To respond to support requests.
  • To detect and prevent fraud or abuse.

4. Data Sharing

We do not sell your personal data. We share data only with:

  • Supabase (database and authentication) — EU-hosted.
  • Stripe (payment processing) — for billing and invoices.
  • GoCardless (direct debit) — for annual subscriptions.
  • Anthropic (AI processing) — for AI Advisor features only. When AI features are enabled, aggregated and anonymised financial summaries (monthly totals, industry category, and computed metrics) are sent to Anthropic's Claude API. We never send your business name, client names, supplier names, employee names, individual transaction line items, or uploaded documents to Anthropic. Anthropic does not use your data to train their models. You can opt out of AI data sharing entirely in Settings → Privacy. When opted out, no data is sent to Anthropic and the AI Advisor is disabled. All other platform features continue to work normally.
  • Resend (email delivery) — for transactional emails.
  • Vercel (hosting) — for frontend delivery.

All sub-processors are bound by data processing agreements. We require EU-adequate safeguards for any international transfers.

5. Data Retention

  • Active accounts: Data retained for the duration of your account.
  • Closed accounts: Personal data deleted within 30 days. Invoice and billing records retained for 7 years (Irish tax law).
  • Backups: Removed within 90 days of account deletion.

6. Your Rights (GDPR)

Under GDPR, you have the right to:

  • Access — Request a copy of your personal data.
  • Rectification — Request correction of inaccurate data.
  • Erasure — Request deletion of your data ("right to be forgotten").
  • Restriction — Request we limit processing of your data.
  • Portability — Receive your data in a structured, machine-readable format.
  • Object — Object to processing based on legitimate interest.
  • Withdraw consent — Where processing is based on consent.

To exercise any of these rights, email us at privacy@aicores.ai. We will respond within 30 days.

7. Data Security

We implement appropriate technical and organisational measures to protect your data, including:

  • Encryption in transit (TLS/HTTPS) and at rest.
  • Row-level security (RLS) policies in the database.
  • Secure password hashing (bcrypt).
  • Role-based access controls within workspaces.
  • Regular security reviews and dependency updates.

8. International Transfers

Our primary database is hosted within the EU (Supabase). Where data is transferred outside the EU/EEA (for example, to Anthropic in the US), we ensure adequate safeguards are in place, including Standard Contractual Clauses (SCCs) and, where applicable, supplementary measures.

9. Children

The Service is not intended for individuals under 18 years of age. We do not knowingly collect data from children.

10. Changes to This Policy

We may update this policy from time to time. Material changes will be communicated by email or through the platform. The "last updated" date at the top reflects the most recent revision.

11. Supervisory Authority

If you believe we have not handled your data correctly, you have the right to lodge a complaint with the Irish Data Protection Commission (DPC):

Data Protection Commission
21 Fitzwilliam Square South, Dublin 2, D02 RD28, Ireland
Website: www.dataprotection.ie

12. Contact

For privacy-related questions, contact our Data Protection Officer at privacy@aicores.ai.