Privacy Policy

Last updated: March 21, 2026

aimoko is operated by KTRL AS (org.nr. 827 430 242), Norway. We take your privacy seriously. This policy explains what data we collect, why, and how we protect it.

1. What We Collect

When you use aimoko, we may collect:

• Account information — email address, name, and authentication credentials
• Email data — email metadata (sender, subject, date) and content, accessed via OAuth connections to Gmail or Microsoft. We access only what you explicitly authorize.
• Task and calendar data — tasks, events, and notes you create or import
• Usage data — how you interact with the app (features used, timestamps)
• AI interaction data — prompts sent to AI assistants within aimoko

2. How We Use Your Data

• Provide and improve the aimoko service
• Prioritize and triage your emails and tasks using AI
• Generate drafts, summaries, and suggestions
• Sync across your connected accounts
• Send you service-related communications

We never sell your data to third parties. We do not use your email content for advertising.

3. AI Processing

aimoko uses large language models (LLMs) to process your data. This processing happens:

• On secure servers hosted in the EU (Google Cloud Platform, Frankfurt region)
• Via API calls to AI providers (Anthropic, Google) under their data processing agreements
• Your data is not used to train third-party AI models

If you connect your own AI agent (e.g., OpenClaw), data shared with the agent is governed by your agent's configuration and your own API keys.

4. Google API Scopes

When you connect a Google account, aimoko requests the following OAuth scopes:

• Gmail read/send — to display, prioritize, and draft email responses
• Calendar read/write — to display events and create AI-suggested time blocks
• Contacts read — to auto-complete recipients and enrich email context

You can revoke access at any time via Google Account Permissions.

aimoko's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

5. Data Storage & Security

• Data is stored encrypted at rest on EU-based servers
• All connections use TLS 1.2 or higher
• Access to production systems is restricted and audited
• OAuth tokens are encrypted and never stored in plain text
• We perform regular backups with encrypted storage

6. Data Retention

We retain your data for as long as your account is active. When you delete your account:

• All personal data is deleted within 30 days
• Backups containing your data are purged within 90 days
• Anonymized, aggregated analytics may be retained

7. Your Rights (GDPR)

As a user in the EEA/Norway, you have the right to:

• Access your personal data
• Rectify inaccurate data
• Delete your account and data
• Export your data in a portable format
• Object to processing or restrict it
• Withdraw consent at any time

To exercise these rights, contact us at privacy@aimoko.no.

8. Third-Party Services

We use the following third-party services:

• Google Cloud Platform — infrastructure hosting (EU region)
• Anthropic — AI language model processing
• Google AI — AI language model processing
• Let's Encrypt — SSL certificates

9. Cookies

aimoko uses essential cookies for authentication and session management. We do not use tracking cookies or third-party analytics cookies.

10. Changes to This Policy

We may update this policy occasionally. Significant changes will be communicated via email or in-app notification. Continued use of aimoko after changes constitutes acceptance.

11. Contact

KTRL AS (org.nr. 827 430 242)
Norway
Email: privacy@aimoko.no
Web: aimoko.no