AIBOVE
Legal · Privacy Policy

Privacy Policy

Last updated: 22 May 2026Effective: 22 May 2026Issued by: AIBOVE BV (Netherlands)

AIBOVE BV is the controller of personal data we collect when you visit our website (aibove.ai), use our products, or contact us. We do not sell your personal data. This Policy explains what we collect, why, how long we keep it, who we share it with, and what rights you have under the GDPR.

01. Introduction

AIBOVE BV ("AIBOVE", "we", "us", or "our") respects your privacy and is committed to protecting the personal data you share with us. This Privacy Policy explains how we collect, use, store, and share personal data when you:

  • Visit our website at aibove.ai
  • Are a prospective customer or business contact
  • Use our products and services, including DropMetrics
  • Communicate with us by email, phone, chat, or other channels

This Privacy Policy does not apply to personal data that we process on behalf of our customers in our role as a data processor. That processing is governed by the Data Processing Agreement (DPA) between AIBOVE and the relevant customer.

02. Data Controller

The controller of the personal data described in this Privacy Policy is:

AIBOVE BV
Venderlier 2D
3905 PA Veenendaal
The Netherlands

Chamber of Commerce (KvK): 42058764
Email: info@aibove.ai

03. Data We Collect

3.1 Data you provide directly

  • Contact data — name, email address, phone number, company name, and job title when you fill out a contact form, request a demo, or otherwise reach out to us.
  • Account data — username, email address, password (hashed), and profile information when you create an account for one of our products.
  • Billing data — billing address, VAT number, and payment method details (processed by our payment providers; we do not store full card numbers).
  • Communications — the content of emails, chat messages, support tickets, and other correspondence you send to us.

3.2 Data collected automatically

  • Usage data — pages visited, features used, clicks, session duration, and other interaction data within our products and website.
  • Device data — browser type and version, operating system, screen resolution, and device identifiers.
  • Log data — IP address, access timestamps, referring URLs, and HTTP request details recorded by our servers.
  • Cookies and similar technologies — see Section 09 (Cookies) for details.

3.3 Data from third parties

  • Authentication providers — if you sign in via a third-party identity provider (e.g. Google, Microsoft), we receive your name, email address, and profile picture as permitted by your provider settings.
  • Integration data — when you connect third-party services to our products (e.g. Google Analytics, advertising platforms), we may receive data from those services as necessary to provide the integrated functionality.

04. How We Use It

4.1 To provide and maintain our services

We process your data to deliver the products and services you have requested, manage your account, process payments, and provide customer support. The legal basis for this processing is performance of a contract (Art. 6(1)(b) GDPR).

4.2 To improve our products

We analyse usage patterns, diagnose technical issues, and develop new features to improve the quality and reliability of our services. The legal basis is our legitimate interest (Art. 6(1)(f) GDPR) in continuously improving our products.

4.3 For marketing and communications

We may send you newsletters, product updates, or promotional content. For direct marketing via email, we rely on your consent (Art. 6(1)(a) GDPR) where required, or our legitimate interest (Art. 6(1)(f) GDPR) for existing customer relationships. You can opt out of marketing communications at any time using the unsubscribe link in each email or by contacting us.

4.4 For legal compliance

We process data where necessary to comply with applicable laws, regulations, court orders, or other legal obligations (Art. 6(1)(c) GDPR), including tax and accounting requirements.

05. AI & Automated Processing

5.1 AI-powered features

Our products may include AI-powered features that process your data to generate analyses, insights, recommendations, and reports. This processing is carried out to provide the service you have requested and is based on the performance of a contract or your consent, depending on the feature.

5.2 Aggregated and anonymised data

We may use aggregated or anonymised data derived from product usage to train, evaluate, and improve our AI models and algorithms. Aggregated and anonymised data cannot be used to identify you and is therefore no longer considered personal data under the GDPR.

5.3 No solely automated decision-making

We do not make decisions based solely on automated processing, including profiling, that produce legal effects concerning you or similarly significantly affect you within the meaning of Article 22 GDPR.

06. Sharing Your Data

We do not sell your personal data. We may share your data with the following categories of recipients:

  • Service providers — trusted third parties that help us operate our business and deliver our services, including cloud infrastructure providers (AWS, Google Cloud), payment processors (Stripe, Mollie), and AI service providers (Anthropic, OpenAI). These providers process data only on our instructions and under appropriate contractual safeguards.
  • Integrated third-party services — when you choose to connect a third-party service to our products, data may be shared with that service as necessary to provide the integration you requested.
  • Professional advisors — lawyers, auditors, accountants, and insurers where necessary for the provision of their professional services to us.
  • Regulatory authorities — government bodies, law enforcement, or regulators where required by applicable law or in response to valid legal process.
  • Successors — in connection with a merger, acquisition, or sale of all or part of our business, your data may be transferred to the successor entity.
  • With your consent — we may share data with other parties when you have given us explicit consent to do so.

07. Your GDPR Rights

Under the General Data Protection Regulation you have the following rights with respect to your personal data:

  • Right of access — you may request a copy of the personal data we hold about you.
  • Right to rectification — you may ask us to correct inaccurate or incomplete data.
  • Right to erasure — you may request that we delete your personal data, subject to legal retention obligations.
  • Right to restriction — you may ask us to restrict the processing of your data in certain circumstances.
  • Right to data portability — you may request your data in a structured, commonly used, machine-readable format.
  • Right to object — you may object to processing based on legitimate interest, including direct marketing.
  • Right to withdraw consent — where processing is based on your consent, you may withdraw it at any time without affecting the lawfulness of processing carried out before withdrawal.
  • Right not to be subject to automated decisions — you have the right not to be subject to decisions based solely on automated processing that produce legal effects or similarly significantly affect you.

To exercise any of these rights, please contact us at info@aibove.ai. We will respond within 30 days. If you are not satisfied with our response, you have the right to lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) at autoriteitpersoonsgegevens.nl.

08. International Transfers

AIBOVE is based in the Netherlands within the European Economic Area (EEA). Some of our service providers may process data outside the EEA. When personal data is transferred outside the EEA, we ensure an adequate level of protection through:

  • Adequacy decisions — transfers to countries that the European Commission has determined provide an adequate level of data protection.
  • Standard Contractual Clauses (SCCs) — EU-approved contractual clauses that oblige the recipient to protect your data to European standards.

You may request a copy of the safeguards in place by contacting us at info@aibove.ai.

09. Cookies

Our website uses cookies and similar technologies. We distinguish the following categories:

  • Strictly necessary cookies — essential for the website to function correctly (e.g. session management, security). These cookies do not require your consent.
  • Functional cookies — remember your preferences and settings to enhance your experience (e.g. language, display preferences).
  • Analytics cookies — help us understand how visitors interact with our website so we can improve it. These are placed only with your consent.
  • Marketing cookies — used to track visitors across websites and display relevant advertisements. These are placed only with your consent.

You can manage your cookie preferences at any time through your browser settings or our cookie consent tool. Disabling certain cookies may affect the functionality of our website.

10. Data Retention

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by law. Our standard retention periods are:

  • Account data — retained for the duration of your account plus 7 years to meet Dutch tax and accounting obligations.
  • Customer data (product data) — deleted within 30 days after termination of the service agreement, unless otherwise agreed or legally required.
  • Marketing data — retained until you unsubscribe or withdraw consent.
  • Server logs — retained for a maximum of 12 months.
  • Support correspondence — retained for up to 3 years after resolution to enable follow-up and quality improvement.

11. Security

We take the security of your personal data seriously and implement appropriate technical and organisational measures, including:

  • Encryption — data is encrypted in transit (TLS) and at rest.
  • Access controls — role-based access, multi-factor authentication, and the principle of least privilege.
  • Monitoring — continuous monitoring and logging of access to systems and data.
  • Backups — regular, encrypted backups to ensure data availability and disaster recovery.
  • Training — security awareness training for all employees who handle personal data.

While we strive to protect your data, no system is completely secure. We cannot guarantee the absolute security of your information.

12. Changes

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, or legal requirements. If we make material changes, we will notify you at least 30 days in advance by email or through a prominent notice on our website. We encourage you to review this page periodically.

13. Contact

If you have any questions or concerns about this Privacy Policy or the way we handle your personal data, please contact us:

AIBOVE BV
Venderlier 2D
3905 PA Veenendaal
The Netherlands

Email: info@aibove.ai