ahamoment.chat
Login

Privacy Policy

Last updated: 17 November 2025

This Privacy Policy explains how AhaMoment.chat ("we", "us", or "our") collects, uses, and shares personal data when you use our website and services (the "Service").

The Service is operated by Hemiha OÜ, a company registered in Estonia (registry code 16338273), with its registered address at Keemia tn 4, 10616 Tallinn, Estonia. As we are based in the European Union, we process personal data in accordance with the EU General Data Protection Regulation (GDPR) and applicable Estonian data protection law.

1. Data we collect

We collect the following categories of information:

  • Account information: When you sign in using Google OAuth, we receive basic profile information from Google (such as your name, email address, and profile identifier). When you sign in using an email magic link, we collect your email address.
  • Usage data and content: We store the prompts, messages, and responses you exchange with the Service, including full chat histories, as well as related metadata (such as timestamps and basic usage statistics).
  • Technical and log data: We may automatically collect information such as your IP address, browser type and version, operating system, device identifiers, referral URLs, pages viewed, and the dates and times of your requests. This helps us operate and secure the Service.
  • Payment information: Payments for paid plans are processed by Stripe. We do not store your full payment card details. Stripe may collect and store payment card details and billing information in accordance with its own privacy policy. We may receive limited information from Stripe, such as the last four digits of your card, card type, and billing country, to manage subscriptions and comply with our legal obligations.
  • Cookies and similar technologies: We use essential cookies to operate the Service (for example, to keep you logged in and to help protect against fraud). We may also use analytics and preference cookies (such as those used by Google Analytics or similar services) to understand how the Service is used and to improve it. You can control cookies through your browser settings and, where required, through any consent banner we provide.

2. How we use your data

We use personal data for the following purposes:

  • To provide, maintain, and improve the Service.
  • To authenticate you and manage your account and subscription.
  • To process payments for paid plans and handle billing.
  • To generate AI-powered responses and maintain your chat history.
  • To monitor usage, prevent abuse, and ensure the security of the Service.
  • To understand how users interact with the Service and improve user experience (including through aggregated or anonymised analytics).
  • To comply with legal obligations and respond to lawful requests.
  • To communicate with you about important changes, updates, or support issues related to the Service.

3. Legal bases for processing

Where EU or UK data protection law applies, we process your personal data on the following legal bases:

  • Contractual necessity: To provide the Service to you, including authenticating your login, generating responses, maintaining your chat history, and processing payments for paid plans.
  • Legitimate interests: To secure the Service, prevent abuse, improve and develop new features, and perform analytics using aggregated or de-identified data, where these interests are not overridden by your rights and interests.
  • Legal obligations: To comply with applicable laws (for example, accounting, tax, and anti-fraud obligations).
  • Consent: Where required by law (for example, for certain cookies or optional communications), we rely on your consent. You can withdraw your consent at any time through the mechanisms we provide (such as cookie settings or unsubscribe links), without affecting the lawfulness of processing before withdrawal.

4. How we share your data

We do not sell your personal data. We share personal data with:

  • Service providers and processors: We use trusted third parties to help us provide the Service, such as: AI model providers (for example, OpenAI and Google Gemini), authentication and database providers (for example, Supabase), hosting providers (for example, Vercel), payment processors (for example, Stripe), and analytics or logging tools (for example, Google Analytics or similar services). These providers process data on our behalf and are contractually required to use it only for the purposes we specify and to protect it appropriately.
  • Legal and regulatory authorities: We may disclose information if we believe in good faith that it is reasonably necessary to: comply with a law, regulation, legal process, or governmental request; enforce our Terms of Service; protect the security or integrity of the Service; or protect the rights, property, or safety of us, our users, or others.
  • Business transfers: If we are involved in a merger, acquisition, reorganization, sale of assets, or bankruptcy, your personal data may be transferred as part of that transaction, in accordance with applicable law.

We may also share aggregated or de-identified information that does not reasonably identify you, for example to describe usage patterns or performance metrics.

5. International data transfers

Because many of our service providers are located outside the European Economic Area (EEA), your personal data may be transferred to countries that may not provide the same level of data protection as your home jurisdiction.

When we transfer personal data outside the EEA, we will do so in accordance with applicable law, for example by using the European Commission's Standard Contractual Clauses or by relying on an adequacy decision, where available, and by requiring appropriate safeguards to protect your data.

6. Data retention

We retain personal data for as long as necessary to fulfil the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law.

  • Account and subscription data: We generally keep account and subscription-related information for the duration of your account and for a reasonable period afterwards (for example, up to one year) for backup, security, fraud prevention, and legal compliance.
  • Chat history: We generally retain your chat history for up to one year, but it may be deleted earlier. You can delete your chat history at any time from within the Service. When you delete a chat, we will remove it from the active database; we may retain limited backups or logs for a short period as necessary for security, integrity, and legal compliance.
  • Logs and technical data: Technical logs may be retained for a limited period (typically up to one year) to ensure the security and reliability of the Service.

7. Your rights

Subject to applicable law, you may have the following rights in relation to your personal data:

  • The right to access your personal data and receive a copy.
  • The right to request correction of inaccurate or incomplete data.
  • The right to request deletion of your personal data, in certain circumstances.
  • The right to restrict or object to certain processing activities.
  • The right to data portability, in certain circumstances.
  • Where processing is based on consent, the right to withdraw your consent at any time, without affecting the lawfulness of processing before withdrawal.

You can exercise many of these rights directly within the Service (for example, by deleting your chats). For other requests, please contact us using the contact details below. We may need to verify your identity before fulfilling your request and may be unable to comply with a request where we have overriding legitimate grounds or legal obligations.

You also have the right to lodge a complaint with your local data protection authority. In Estonia, this is the Estonian Data Protection Inspectorate.

8. Cookies

We use cookies and similar technologies to:

  • Keep you signed in and manage sessions.
  • Provide security features and prevent abuse.
  • Remember your preferences where applicable.
  • Measure and understand how the Service is used (for example, through analytics tools).

Where required by law, we will ask for your consent before using non-essential cookies (for example, analytics cookies). You can adjust your browser settings to refuse or delete cookies. However, if you disable certain cookies, parts of the Service may not function properly.

9. Security

We use reasonable technical and organisational measures to protect personal data from unauthorised access, loss, misuse, or disclosure. However, no online service can be completely secure, and we cannot guarantee absolute security of your information.

You are responsible for maintaining the security of your account and login methods and for promptly notifying us if you suspect any unauthorized access to your account.

10. Children's privacy

The Service is intended for users aged 18 and over and is not directed to children. We do not knowingly collect personal data from children under 18. If we become aware that we have collected personal data from a child under 18, we will take steps to delete it as soon as reasonably possible.

11. Changes to this Privacy Policy

We may update this Privacy Policy from time to time. If we make material changes, we will take reasonable steps to notify you (for example, by posting an updated version on the Service or via email). The updated Privacy Policy will be effective when it is posted, unless otherwise stated. Your continued use of the Service after the updated Privacy Policy becomes effective constitutes your acceptance of the changes.

12. Contact

If you have any questions or concerns about this Privacy Policy or our data practices, you can contact us at:

Email: aha@ahamoment.chat

© 2025 AhaMoment.chat · Hemiha OÜ. All rights reserved.