Privacy Policy

Last updated: April 2026

1. Who We Are

AIME is owned and operated by Chris Clayton, a sole trader registered in Sweden. For the purposes of EU GDPR, Chris Clayton is the data controller for personal data collected through the Service. Contact: hello@aimehse.com.

2. Data We Collect

We collect the following personal data:

  • Account data: email address, full name, organisation, and project name provided on sign-up or in your profile
  • Content data: method statements, risk assessments, quality documents, and any files you upload to the Service
  • Payment data: billing information and subscription status processed by Stripe (we do not store card details)
  • Usage data: basic logs of how you interact with the Service, used to improve reliability

3. How We Use Your Data

We use your data to:

  • Provide and operate the Service, including AI analysis of uploaded documents (lawful basis: contract performance)
  • Process subscription payments and issue invoices (lawful basis: contract performance)
  • Send account-related notifications such as expiring method statements (lawful basis: legitimate interest)
  • Improve the Service based on usage patterns in aggregate (lawful basis: legitimate interest)

We do not sell your data to third parties or use it for advertising.

4. Sub-processors

We share data with the following third-party service providers acting as data processors on our behalf:

  • Anthropic (USA): AI analysis of documents you upload. Anthropic does not use submitted content to train its models. Anthropic Privacy Policy.
  • Supabase (EU): Database, authentication, and file storage. Data is stored in the EU.
  • Stripe (USA): Payment processing and subscription management. Stripe Privacy Policy.
  • Resend (USA): Transactional email notifications.

Where sub-processors are located outside the EU/EEA, appropriate safeguards (Standard Contractual Clauses) are in place for data transfers.

5. AI Processing

Documents you upload are sent to Anthropic's Claude API for analysis. Anthropic processes this data solely to return analysis results to the Service and does not use submitted content to train its models. You should avoid uploading documents containing sensitive personal data (such as individual workers' health information) unless strictly necessary for the method statement.

6. Data Storage and Retention

Your account and document data is stored via Supabase in the EU. We retain your data for as long as your account is active. Payment records are retained for 7 years as required by Swedish accounting law (Bokföringslagen). You may request deletion of your account and associated data at any time by contacting us.

7. Your Rights

Under EU GDPR, you have the right to:

  • Access the personal data we hold about you
  • Request correction of inaccurate data
  • Request deletion of your account and associated data
  • Object to processing or request restriction of processing
  • Data portability (receive your data in a machine-readable format)
  • Lodge a complaint with the Swedish supervisory authority, IMY (Integritetsskyddsmyndigheten) at imy.se

To exercise any of these rights, contact us at hello@aimehse.com. We will respond within 30 days.

8. Data Breach Notification

In the event of a personal data breach, we will notify the relevant supervisory authority (IMY) within 72 hours where required by law. If the breach is likely to result in a high risk to your rights and freedoms, we will also notify you directly without undue delay.

9. Cookies

We use only essential cookies required for authentication (session management). We do not use tracking or advertising cookies.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify users of significant changes by email where reasonably practicable. Continued use of the Service after changes constitutes acceptance.

11. Contact

For any privacy-related questions, contact us at hello@aimehse.com.

← Back to home