AI Scan is a product operated by AAI Labs ("AAI Labs," "we," "us").
This privacy policy is intended to inform you of how we handle your personal data that you provide to us. We also assure you that we process your personal data in accordance with the Regulations, the Law on the Legal Protection of Personal Data of the Republic of Lithuania and other legal acts regulating the protection of personal data.
Our role
When we provide the diagnostic to a client company, that company decides which employees are invited and why. In that context the client is the data controller and we act as a data processor, handling data on their instructions and under a separate data processing agreement. For our own website and business operations, we are the data controller.
What we collect
We collect only what we need to deliver the service:
- Conversation content. During a scan, an AI agent ("the agent") interviews participants about their work. We collect the responses participants provide.
- Limited account and contact data. For client representatives, this includes name, work email, and similar business contact details.
- Basic technical data. Standard information your browser sends when you visit our website, used to keep the site secure and working.
We do not ask participants for sensitive personal data, and we ask that they do not include it in their responses.
How we use it
We use conversation content solely to produce the client's diagnostic report. Responses are analyzed together and presented in aggregate. Where an individual response is referenced in a report, it is de-identified first, so it is not attributed to a named person. We use account and technical data to operate the service, communicate with clients, and maintain security.
Legal basis
Where we act as controller, we process personal data on the basis of our legitimate interests in operating our business and performing our contracts. Where we act as processor, the client is responsible for establishing the legal basis for inviting participants and informing them appropriately.
Sharing
We do not sell personal data. We share it only with service providers who help us run the service (for example, hosting and communication tools), under contracts that require them to protect it, and where required by law.
Retention
We retain personal data only as long as needed to deliver the service and meet our legal and contractual obligations, after which it is deleted.
Security
We apply appropriate technical and organizational measures to protect personal data against loss, misuse, and unauthorized access.
International transfers
Where personal data is transferred outside its country of origin, we put appropriate safeguards in place, such as standard contractual clauses, consistent with applicable data protection law.
Your rights
Subject to applicable law, you may request access to, correction of, or deletion of your personal data, and may object to or restrict certain processing. To exercise these rights, contact us at hello@aai-labs.com. Where we act as a processor, we will pass relevant requests to the client and assist them in responding.
Changes
We reserve the right to modify, in whole or in part, the rules described in this Privacy Policy. We will inform you of any changes by posting an updated version of the Privacy Policy on this website.
Contact
Questions about this policy or your data can be sent to hello@aai-labs.com.