GDPR Compliance

Last updated: [Insert Date]

At aiTuki, we are committed to protecting your privacy and ensuring your personal data is handled in compliance with the UK GDPR and the EU General Data Protection Regulation (GDPR).

This Policy explains how we collect, use, store, and protect your personal data, as well as your rights under GDPR.

1. Who We Are

aiTuki (“we,” “our,” “us”) provides digital health and wellbeing services through our app and website. For GDPR purposes, we are the Data Controller of your personal data.

📧 Contact: support@aituki.com

🌐 Website: [your WordPress site URL]

2. What Data We Collect

We may collect the following types of data when you use aiTuki:

  • Personal Identification Data: Name, email, account details.

  • Usage Data: App activity, preferences, device information.

  • Health & Wellbeing Data (Sensitive Data): Only if you choose to provide it (e.g., lifestyle goals, mood tracking).

  • Payment Information: If you purchase a subscription (handled securely by our payment providers).

3. How We Use Your Data

We process your data to:

  • Provide and improve the aiTuki Services.

  • Personalise your user experience.

  • Communicate with you (service updates, support, etc.).

  • Process payments for subscriptions.

  • Ensure security and prevent fraud.

  • Comply with legal obligations.

We will never sell your data to third parties.

4. Legal Basis for Processing

We process your data under one or more of the following lawful bases:

  • Consent: Where you have given clear permission (e.g., to track wellbeing goals).

  • Contract: To provide the Services you have requested.

  • Legal Obligation: To comply with applicable laws.

  • Legitimate Interests: To improve aiTuki and protect against misuse.

5. How We Store & Protect Your Data

  • Data is stored securely on encrypted servers.

  • Access is restricted to authorised staff only.

  • Sensitive data (such as health-related entries) is treated with the highest level of care.

  • We implement technical and organisational safeguards to prevent loss, misuse, or unauthorised access.

6. Data Sharing

We may share your data with:

  • Service Providers: e.g., hosting, analytics, payment processors.

  • Legal Authorities: If required by law.

All third parties must comply with GDPR and process data only on our instructions.

7. International Data Transfers

If your data is transferred outside the UK/EU, we ensure it is protected by appropriate safeguards, such as Standard Contractual Clauses (SCCs).

8. Data Retention

  • We keep your personal data only as long as necessary to provide our Services or meet legal requirements.

  • You may request deletion of your account and data at any time (see Section 9).

9. Your GDPR Rights

As a user in the UK/EU, you have the right to:

  • Access: Request a copy of your personal data.

  • Rectification: Correct inaccurate or incomplete data.

  • Erasure: Ask us to delete your data (“right to be forgotten”).

  • Restriction: Limit how we process your data.

  • Data Portability: Request your data in a structured, machine-readable format.

  • Object: Stop us processing your data in certain cases.

  • Withdraw Consent: At any time, where processing is based on consent.

📧 To exercise your rights, contact: support@aituki.com

10. Automated Decision-Making & Profiling

aiTuki may use AI-driven suggestions to improve your wellbeing journey. These features are for guidance only and do not make binding decisions about you.

11. Complaints

If you are unhappy with how we handle your data, you can contact us directly. You also have the right to lodge a complaint with your local data protection authority:

  • UK Users: Information Commissioner’s Office (ICO) – https://ico.org.uk

  • EU Users: Contact your national Data Protection Authority.

12. Changes to This Policy

We may update this GDPR Compliance Policy from time to time. Updates will be posted here with a new “Last updated” date.