This Privacy Policy sets out how Aivatech Limited ('Company', 'we', 'us', 'our') uses and protects your personal data when you ('you', 'user') access and use the website located at aivatech.group, its subdomains, and any other websites of the Company that contain a link to this Privacy Policy ('Website'), including when you reach out to us about a project, sign up for our newsletter, or purchase a subscription to one of our apps.
Product-Specific Privacy Policies. Our mobile applications may process different personal data during their operation. If you are using one of our apps, that app's own privacy policy applies to data processed within the app itself.
Our Website is intended for use only by adults (i.e., individuals who are 18 years of age or older, or the age of majority in their country). We do not knowingly collect personal information from children. If you believe that we might unintentionally collect personal data from or about a child, please contact us.
Aivatech Limited is a full-cycle mobile app development studio incorporated in Hong Kong (CR No. 76713968). Registered address: Unit 1603, 16th Floor, The L. Plaza, 367 - 375 Queen's Road Central, Sheung Wan, Hong Kong. We are the data controller for personal data collected through aivatech.group.
We comply with the Hong Kong Personal Data (Privacy) Ordinance (Cap. 616) ('PDPO'). For visitors in the European Economic Area or the United Kingdom, we also comply with the General Data Protection Regulation ('GDPR') and UK GDPR respectively. For residents of certain US states, please see Section 13.
It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes. If you have any questions about this Privacy Policy or how we handle your data, contact us.
We collect the following categories of personal data about you:
| Category | What it includes |
|---|---|
| Identity Data | First name, last name, company name. |
| Contact Data | Email address, phone number (if provided), billing address. |
| Transaction Data | Details of subscriptions or services you have purchased through our Website, including plan type, billing cycle, purchase date, renewal history, and refund status. Full payment card details are never stored by us - they are handled directly by our payment processors. |
| Technical Data | IP address, browser type and version, operating system, device type, time zone, referring URL, and other data automatically sent by your browser when you visit our Website. |
| Usage Data | Information about how you use our Website, including pages visited, time spent, links clicked, and session duration. |
| Cookie Data | See Section 6 below. |
| Marketing and Communications Data | Your preferences for receiving marketing communications from us and your communication history with us. |
| Inquiry and Feedback Data | The content of messages submitted via our contact form or sent to us by email, including project descriptions, follow-up correspondence, and any feedback you provide. |
We do not collect any Special Categories of personal data (such as health, biometric, racial or ethnic origin, political opinions, religious beliefs, or criminal records).
We collect data about you through the following means:
We only use your personal data when the law allows us to. We have set out below, in a table format, a description of all the ways we plan to use your personal data and which legal bases we rely on to do so. We apply these bases consistently across all users.
| Purpose | Data Used | Lawful Basis |
|---|---|---|
| To permit you to use the Website | Technical, Cookie | Legitimate interests (delivering our services to you) |
| To process subscription purchases and deliver services, including managing payments and sending service communications (receipts, renewal notices) | Identity, Contact, Transaction, Technical | Performance of a contract |
| To process refund and cancellation requests | Identity, Contact, Transaction | Performance of a contract / Legal obligation |
| To improve our Website and diagnose technical issues | Technical, Usage, Cookie | Legitimate interests (improving our services) |
| To prevent fraud and abuse of our Website and payment systems | Identity, Contact, Technical, Transaction | Legitimate interests (protecting our business and users) |
| Purpose | Data Used | Lawful Basis |
|---|---|---|
| To respond to project inquiries and evaluate fit for a development engagement | Identity, Contact, Inquiry and Feedback | Legitimate interests (evaluating a potential business relationship) |
| To send follow-up communications related to your inquiry | Identity, Contact, Inquiry and Feedback | Legitimate interests (follow-up on a business inquiry) |
| Purpose | Data Used | Lawful Basis |
|---|---|---|
| To comply with legal obligations (tax records, accounting, regulatory reporting, court orders) | Identity, Contact, Transaction | Legal obligation |
| To establish, exercise, or defend legal claims | Identity, Contact, Transaction, Inquiry and Feedback | Legitimate interests (protecting our legal rights) |
| Purpose | Data Used | Lawful Basis |
|---|---|---|
| To analyse how our Website is used and improve its performance (analytics cookies) | Technical, Usage, Cookie | Consent |
| To send you marketing communications (only where you have opted in) | Identity, Contact, Marketing and Communications | Consent |
We do not sell your personal data, use it for advertising profiling, or share it with data brokers. We will only use your data for purposes compatible with the original purpose for which it was collected. If we need to use it for an unrelated purpose, we will notify you and explain the legal basis.
Cookies are small files placed on your browser when you visit our Website. We use the following types:
| Type | Purpose | Can you opt out? |
|---|---|---|
| Strictly Necessary | Essential for the Website to function - session management, security, and the subscription checkout flow. No personal data is transmitted beyond what is strictly required. | No - these are essential to the service |
| Functional | Remember your preferences (language, region) to improve your experience on return visits. | Yes - via browser settings |
| Performance / Analytics | Collect aggregated, pseudonymised data about how visitors use our Website so we can measure and improve performance. Only set with your consent. | Yes - we ask for consent before setting these |
| Targeting / Advertising | We do not use advertising or cross-site tracking cookies. | N/A |
You can control and delete cookies at any time through your browser settings. Blocking strictly necessary cookies may prevent parts of the Website from working. To withdraw consent for analytics cookies, contact us.
We may share your personal data with the following categories of third parties. We share data with these third parties only when legally permitted or under data processing agreements, and only to the extent necessary for the stated purpose.
Third-party analytics providers. We may share data with analytics providers regarding your use of our Website (such as your interaction with the Website, software bugs, and errors) so that we can improve our Website and detect and prevent fraud. We use a data security and content delivery service provided by Cloudflare, Inc. (USA). You can find their privacy policy at cloudflare.com/privacypolicy.
Third-party payment processors. If you purchase a subscription through our Website, we may process your payment through one or more of the following providers:
Each payment processor may collect personal data independently, including via cookies and similar technologies. The personal data they collect may include transaction data, IP address, device information, and other data required for payment processing and fraud prevention. Payment processors act as independent data controllers for the data they collect directly from you at checkout. We never receive or store full card numbers or CVV codes.
Cloud infrastructure providers. We use cloud hosting services to operate our Website and store contact form submissions and subscription records. These providers process data only on our instructions and under data processing agreements.
Professional advisers. We may share data with lawyers, auditors, or insurers where necessary to obtain professional services or handle legal claims.
Regulatory authorities and law enforcement. We may disclose personal data where required by applicable law, court order, or regulatory authority, or where necessary to protect the rights, property, or safety of Aivatech, our users, or the public.
We do not sell, rent, or trade your personal data to any third party.
Aivatech Limited is based in Hong Kong. Some of our service providers - including payment processors and cloud infrastructure providers - are based in the United States and other countries outside the European Economic Area.
Whenever we transfer personal data from the EEA or UK to a country not deemed adequate by the European Commission or UK authorities, we use Standard Contractual Clauses (SCCs) approved by the European Commission, or equivalent safeguards recognised under UK law. By submitting your personal data to us, you acknowledge that such transfers may occur.
For Hong Kong residents, we process and store your data in accordance with the PDPO and have appropriate contractual protections in place with all service providers who process your data.
We have put in place appropriate technical and organisational measures to prevent your personal data from being accidentally lost, used, accessed, altered, or disclosed without authorisation:
No transmission over the internet is completely secure. While we take every reasonable precaution, we cannot guarantee the security of data you transmit to us. Any transmission is at your own risk. We have procedures in place to respond to suspected personal data breaches and will notify affected individuals and regulators where required by applicable law.
Our Website may contain links to third-party websites, apps, or services. Clicking those links may allow third parties to collect or share data about you. We do not control those websites and are not responsible for their privacy practices. We encourage you to read the privacy policy of every website you visit before providing any personal data.
We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected and to comply with our legal obligations:
| Data Type | Retention Period |
|---|---|
| Contact form submissions (no ongoing engagement) | 2 years from date of submission, then deleted |
| Subscription and transaction records | Duration of subscription plus 7 years (tax and accounting compliance) |
| Refund and dispute records | 7 years from date of transaction |
| Project engagement correspondence | Duration of engagement plus 5 years (legal compliance) |
| Server and access logs | 90 days, then deleted |
In some circumstances we may anonymise your personal data so it can no longer be associated with you, in which case we may retain and use it without further notice to you.
You have the following rights under data protection laws in relation to your personal data.
For Hong Kong residents, you have equivalent rights under the PDPO, including the right to access and correct personal data we hold about you.
To exercise any of these rights, use our contact form. We will respond within 30 days. We may need to verify your identity before processing your request. There is no fee unless a request is clearly unfounded, repetitive, or excessive.
You also have the right to make a complaint to your local supervisory authority. If you are not satisfied with our response, we would appreciate the chance to put it right before you contact a regulator. However, you also have the right to complain to a regulator at any time. UK-based users may contact the Information Commissioner's Office at ico.org.uk.
This section applies to you if you are a resident of any of the following US states: California, Virginia, Colorado, Connecticut, Texas, Utah, Oregon, which have adopted their state privacy acts (together 'US Privacy laws').
Below you will find information about your rights, how to exercise them, and how we handle such requests.
We will respond to your request within 45 days. In more complex cases, we may extend our response time by an additional 45 days. We reserve the right not to respond to a request if we are unable to verify your identity or authority to make such a request.
If you are a Virginia, Colorado, or Connecticut resident, you have the right to appeal our decision to deny your rights request.
We do not sell data of our users.
Please contact us if you have any questions about this policy.
If you have questions about data protection or any requests for resolving issues with your personal data, you can contact us.
Aivatech Limited
Unit 1603, 16th Floor, The L. Plaza
367 - 375 Queen's Road Central, Sheung Wan
Hong Kong
+852 3628 947
This policy may be updated from time to time. Material changes will be posted on this page with an updated modification date. For significant changes affecting active subscribers, we will send an email notification at least 14 days before the change takes effect.