Your Privacy Matters

Privacy Policy

Last updated: February 10, 2026

1. Introduction

AItocha, Inc. ("AItocha," "we," "us," or "our") operates the following websites and services:

  • aitocha.com — Main website and information hub
  • photos.aitocha.com — AI Photo Generation Platform (AItocha Photos)
  • cx.aitocha.com — AI Customer Support Platform (AItocha CX)
  • survey.aitocha.com — Survey & Feedback Platform (AItocha Surveys)
  • legal.aitocha.com — AI Estate Planning Platform (AItocha Estate)
  • analytics.aitocha.com — Salesforce Analytics Platform (AI Compass)

This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use any of the services listed above (collectively, the "Services"). Please read this policy carefully. By using any of our Services, you consent to the practices described herein.

2. Information We Collect

2.1 Information You Provide

  • Account Information: Name, email address, and profile information provided during registration or via Google OAuth sign-in.
  • Payment Information: Credit card details and billing address processed securely through Stripe. We do not store your full credit card number on our servers.
  • User Content: Photos uploaded for AI processing, survey responses, customer support conversations, estate planning questionnaire answers, and Salesforce data queries.
  • Communications: Messages sent through contact forms, chat widgets, or email correspondence.

2.2 Information Collected Automatically

  • Device & Browser Data: IP address, browser type, operating system, device identifiers, and screen resolution.
  • Usage Data: Pages visited, features used, time spent, click patterns, and referring URLs.
  • Cookies & Similar Technologies: We use cookies and local storage to maintain sessions, remember preferences, and analyze usage patterns.

2.3 Information from Third Parties

  • Google OAuth: When you sign in with Google, we receive your name, email address, and profile picture as authorized by your Google account settings.
  • Stripe: Payment confirmation details, subscription status, and billing events.
  • Salesforce (AI Compass): If you connect your Salesforce organization, we access your Salesforce data via OAuth 2.0 in read-only mode to provide analytics and QA services.

3. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve our Services
  • Process transactions and send related billing information
  • Authenticate users via Google OAuth
  • Generate AI-powered content (photos, documents, analytics)
  • Respond to support requests and customer inquiries
  • Send service-related notifications and updates
  • Detect, prevent, and address technical issues, fraud, or abuse
  • Comply with legal obligations

4. Google OAuth & API Usage

All AItocha products share a common Google OAuth credential for sign-in. When you authenticate with Google:

  • We only request the minimum scopes needed (email, profile)
  • We do not access your Google Drive, Gmail, Contacts, or other Google services unless explicitly required by a specific product feature you opt into
  • You can revoke access at any time through your Google Account security settings
  • Our use of Google APIs complies with the Google API Services User Data Policy, including the Limited Use requirements

5. Payment Processing

All payment processing across AItocha products is handled by Stripe, Inc. When you make a purchase:

  • Your payment information is transmitted directly to Stripe via their secure, PCI-compliant infrastructure
  • We receive only a payment token, transaction ID, and confirmation — never your full card number
  • Stripe's privacy policy governs the handling of your payment data

6. How We Share Your Information

We do not sell your personal information. We may share data with:

  • Service Providers: Stripe (payments), Google (authentication), Vercel (hosting), Railway (backend infrastructure), OpenAI/Anthropic (AI processing), AWS (storage)
  • Legal Requirements: When required by law, subpoena, or government request
  • Business Transfers: In connection with a merger, acquisition, or sale of assets
  • With Your Consent: When you explicitly authorize sharing (e.g., sharing estate documents with an attorney)

7. Data Retention

We retain your information for as long as your account is active or as needed to provide Services. Specifically:

  • Account Data: Retained until you delete your account
  • AI-Generated Content: Photos and documents retained per your account plan; deleted upon account deletion
  • Payment Records: Retained as required by tax and financial regulations (typically 7 years)
  • Usage Logs: Anonymized and aggregated after 90 days

8. Data Security

We implement industry-standard security measures including:

  • TLS/SSL encryption for all data in transit
  • AES-256 encryption for sensitive data at rest
  • JWT-based authentication with secure token management
  • Regular security reviews and dependency updates
  • Read-only Salesforce access (AI Compass) — we never modify your Salesforce data

9. Children's Privacy

Our Services are not directed to children under 13. We do not knowingly collect personal information from children under 13 without parental consent.

AItocha Photos — Child Safety

AItocha Photos includes patent-pending child safety technology (U.S. Patent Application No. 63/924,236) that implements 7 layers of protection for AI-generated images involving minors. Children's photos are processed using template-only generation, are never downloadable directly, and are subject to 100% content monitoring. A parent or guardian must create and manage the account. For details, see the AItocha Photos safety documentation.

10. Your Rights

Depending on your location, you may have the following rights:

  • Access: Request a copy of your personal data
  • Correction: Request correction of inaccurate data
  • Deletion: Request deletion of your data and account
  • Portability: Request your data in a portable format
  • Opt-Out: Unsubscribe from marketing communications

To exercise any of these rights, contact us at support@aitocha.com.

11. Cookies

We use the following types of cookies:

  • Essential: Required for authentication, security, and basic functionality
  • Functional: Remember your preferences and settings
  • Analytics: Help us understand how you use our Services to improve them

You can control cookies through your browser settings. Disabling essential cookies may impact functionality.

12. Third-Party Links

Our Services may contain links to third-party websites or services. We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies before providing any personal information.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the "Last updated" date. Your continued use of our Services after changes constitutes acceptance of the updated policy.

14. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us:

AItocha, Inc.

Email: support@aitocha.com

Website: https://www.aitocha.com