Privacy Policy
Effective: 2026-05-04 Last updated: 2026-05-23
This Privacy Policy explains what information AIGI collects, why, and how it is used.
AIGI is operated by Imro LLC, a Wyoming limited liability company (the "Operator," "we," or "us"). The Operator's registered contact details are listed in §10 below. For privacy questions, contact: privacy@aigovbrief.com.
1. What We Collect
We collect the minimum information required to operate the service:
- Email address — when you create an account, subscribe to a brief, or contact support.
- Account metadata — your selected plan, sign-in timestamps, IP address (truncated to /24), and browser/device fingerprint hash. Used for account security and abuse prevention.
- Payment metadata — Stripe handles all card details. We never see, store, or process raw card numbers. We receive only: customer ID, subscription status, last four digits of the card, billing email.
- Brief interaction data — which briefs you opened, which sources you clicked through to. Used to improve relevance and to show you a personalized "recently viewed" list.
- Operational telemetry — server-side request traces (URL, status code, response time) for performance monitoring. No request body content is logged.
We do not collect:
- Government IDs, social security numbers, biometric data, or other sensitive personal information from end users
- Content you do not submit to the service (we do not scan your other emails, files, or accounts)
- Tracking data from third-party advertising networks
2. Why We Collect It
- To deliver the service — sending the daily brief, providing account access, processing payments
- To secure accounts — magic-link authentication, rate limiting, audit logging of sign-ins
- To improve the service — measuring which briefs are most useful, identifying broken sources, tuning model output
- To meet legal obligations — tax records, financial records (7-year retention per IRS guidance for business bookkeeping)
3. Sub-Processors
We use the following third-party services to operate AIGI. Each sub-processor receives only the data necessary for its function. By using AIGI, you acknowledge data is shared with these sub-processors:
| Sub-processor | Purpose | Data shared | Location |
|---|---|---|---|
| Stripe, Inc. | Payment processing | Email, card details (Stripe holds), subscription metadata | United States |
| Mercury Technologies, Inc. | Business banking | Operator's own data only; no end-user data shared | United States |
| Google LLC (Gemini API) | LLM enrichment + brief generation | Source content (public regulations and articles); no end-user account data | United States / EU |
| Anthropic, PBC (Claude API) | Internal tooling for analysis | No end-user account data; internal Operator workflows only | United States |
| Cloudflare, Inc. | DNS, CDN, registrar for aigovbrief.com |
Edge request metadata (IP, URL, country) | Global edge network |
| Railway Corp. | Application hosting | All of the above; runs the FastAPI + SvelteKit stack | United States |
| Hetzner Online GmbH | Self-hosted telemetry stack (SigNoz, PostHog) | Server-side request traces, page-load metrics | European Union (Germany / Finland) |
| Google Workspace | Operator's email infrastructure for intel@aigovbrief.com, support@aigovbrief.com, privacy@aigovbrief.com |
Inbound and outbound email content addressed to those mailboxes | United States / EU |
| Telegram Messenger Inc. | Operator's internal alerting only; not user-facing | No end-user data | International |
If we add or change sub-processors materially, we will update this page and notify active subscribers via email.
4. Data Retention
| Data | Retention |
|---|---|
| Account email + metadata | Lifetime of the account + 90 days after closure |
| Payment / financial records | 7 years (IRS business bookkeeping requirement) |
| Magic-link tokens | Deleted on consume; never longer than 15 minutes |
| Audit log entries (sign-ins, security events) | 90 days |
| Operational telemetry (server traces) | 30 days |
| Cookies (session + analytics) | See Cookie Notice |
You may request earlier deletion of your account data at any time by emailing privacy@aigovbrief.com. We will delete within 30 days, except records we are legally required to retain (financial records).
5. Your Rights
If you are in the European Economic Area, United Kingdom, California, Virginia, Colorado, Connecticut, Utah, or any other jurisdiction with comprehensive privacy law, you have the right to:
- Access — request a copy of the personal data we hold about you
- Correct — request correction of inaccurate data
- Delete — request deletion of your account and associated data (subject to financial-records retention obligations)
- Port — receive your data in a machine-readable format
- Object — object to specific uses of your data (e.g., service improvement analytics)
- Withdraw consent — for any use that relies on your consent
Email privacy@aigovbrief.com to exercise any of these rights. We respond within 30 days.
We do not sell your personal information. We do not share your personal information with third parties for their own marketing purposes.
6. Security
- All traffic to and from the service is encrypted via HTTPS (TLS 1.2+)
- Authentication uses single-use 32-byte magic-link tokens with 15-minute expiry, IP/24 binding, and rate-limiting
- Optional TOTP (RFC 6238) two-factor authentication is available for all owners and required on Pro and higher tiers
- Audit log entries are hash-chained (append-only)
- Credentials are stored in a dedicated secret-manager (HashiCorp Vault), never in source code or environment variables in plaintext
- All persistent on-disk state is anchored to a single deterministic location to prevent accidental data fragmentation across deployments
No system is perfectly secure. If you discover a vulnerability, please report it to support@aigovbrief.com with subject line [security]. We respond within 48 hours and credit responsible disclosures.
7. Children
AIGI is a B2B service for compliance and legal professionals. It is not directed at children under 16. We do not knowingly collect personal information from children under 16. If you believe a child has provided us personal information, contact privacy@aigovbrief.com and we will delete it.
8. International Transfers
If you access AIGI from outside the United States, your data may be transferred to and processed in the United States or in the European Union (where Hetzner-hosted telemetry resides). We rely on the EU Standard Contractual Clauses (SCCs) for transfers from the EEA. The Operator's controller-to-processor data-protection commitments are documented in our standard data-processing terms, available on request via privacy@aigovbrief.com.
9. Changes to This Policy
We may update this Privacy Policy as the service evolves. Material changes will be announced by email to active subscribers at least 30 days before they take effect. The "Last updated" date at the top reflects the most recent revision.
10. Contact
Operator: Imro LLC, a Wyoming limited liability company, doing business as AIGI Address: 2472-2 Whipple Road #501, Hayward, CA 94544 Email: privacy@aigovbrief.com