AI Business Assistant

Product

  • Features
  • Features
  • Integrations

Solutions

  • Sectors
  • Use cases
  • Customers

Resources

  • Pitchdeck
  • Help
  • About
  • User guide
  • Careers
  • Contact us
  • Service status

Get Started

  • Request a demo
  • Download
© 2025 AI Business Assistant • Terms of Use • Privacy Policy
All Rights Reserved.

Privacy Policy

Effective Date: September 30, 2025

Application: AIBA — AI Business Assistant (“Application”)

Operator: Artificial Intelligence Business Assistant LLC (TIN: 312343967)

Address: Republic of Uzbekistan, Tashkent, Sharof Rashidov 20A, 100000

Phone: +998 90 805 59 95

Email: info@aiba.uz

This Privacy Policy (“Policy”) defines how we collect, store, process, and protect your personal data when using the Application. Our goal is to protect user information strictly in accordance with the laws of the Republic of Uzbekistan.

1. Scope of Application

This Policy applies to the AIBA mobile application, its AI chat functions, integrations (Google Calendar, iCloud Calendar, document exchange systems, AISHA voice service), and in-app web views.

2. Definitions (Simplified)

Personal Data — information that directly or indirectly identifies a user.

Operator — the entity determining the purposes and means of processing data (AIBA LLC).

Processor — a third party providing technical services on behalf of the Operator.

ERI — electronic digital signature key and its certificate.

3. Data Collected (Detailed)

3.1. User Data

  1. Name, surname
  2. Date of birth
  3. Phone number
  4. PINFL (if provided by the user)
  5. Gender
  6. AI chat history (text, files, and metadata sent by the user)
  7. Profile settings, language, notification permissions

3.2. Company Data

  1. Company name, TIN
  2. Legal/physical address, contact email
  3. Bank transactions (provided within the app or via integrations)
  4. Company documents (invoices, contracts, orders, etc.)

3.3. Device and Usage Data

  1. App version, device model, OS version, crash/log data
  2. Session and telemetry data (for performance improvement)


3.4. Face Data (TrueDepth / Camera Verification)


AIBA may use the device camera and Apple’s TrueDepth API during the user identity verification process (the “Validation” feature).

The TrueDepth system processes live camera input to confirm that the passport or company data entered by the user belong to the same individual.


Types of data processed:


Real-time facial image or short video (not raw sensor or depth map data)


Limited facial geometry points used only for real-time verification (not stored in full precision)


Authentication timestamp and verification result


Purpose of collection:


To verify that the user legitimately owns or represents the company or business account during onboarding


To prevent impersonation, identity fraud, and unauthorized access


Use and storage:


Facial image data and metadata are processed once during verification through the external Validation service


The Validation service uses this data solely for verification and does not store, log, or reuse it after the process completes


AIBA does not store or retain any facial data or depth information


Sharing:


TrueDepth and facial data are shared only with the external Validation provider for the single purpose of performing real-time user verification


The Validation provider acts as a processor on behalf of AIBA and complies with applicable data-protection and security standards


  1. No facial or TrueDepth data is shared with any other third parties, and disclosure may occur only if required by law or judicial order


4. Integrations and Special Categories

4.1. Google Calendar

Calendar events are accessed/created/synchronized only with user consent. We comply with Google API Services Limited Use requirements — data is used solely to provide or improve visible app features and never shared or sold without permission.

4.2. iCloud Calendar

Integration with iCloud Calendar is based on user consent and generally uses EventKit/CalDAV mechanisms at the device level. Data within Apple’s ecosystem is protected with strong encryption, and some categories are end-to-end encrypted.

4.3. Document Exchange Systems

Documents retrieved from connected systems (e.g., EDO/EDI) are used and processed strictly for service provision.

4.4. AISHA (Voice ↔ Text)

Voice recordings are used only for speech-to-text or text-to-speech conversion — not for biometric identification. Recordings are stored for the minimum necessary time or deleted upon user request.

5. Purposes and Legal Grounds

We process data based on:

  1. Contract: to provide app functionality (registration, authentication, AI chat, calendar sync, document handling).
  2. Consent: for calendar/iCloud/AISHA integrations, notifications, marketing messages.
  3. Legitimate interests: security, auditing, bug fixing, optimization.
  4. Legal obligations: accounting and tax record retention.
  5. Marketing: user data (e.g., name, contact, usage stats) may be used for marketing; users can opt out anytime within the app.

Facial image used for verification is processed based on the user’s explicit consent, provided when confirming identity through the app. This data is used solely to verify business identity and prevent fraudulent registrations.

6. Data Storage and Localization

All data is stored on servers located in Uzbekistan.

Personal data of Uzbek citizens is collected, systematized, and stored exclusively within Uzbekistan in compliance with data localization laws.

Cross-border transfers occur only with explicit user consent and only to countries providing adequate protection, as allowed by law.

Facial images captured for verification are stored only for the minimum period necessary to confirm user identity and are encrypted using AES-256 on servers located within Uzbekistan.

7. Disclosure to Third Parties

We do not sell, rent, or disclose personal data to third parties for marketing purposes.

Service providers (hosting, SMS/call notifications, monitoring) process data only on our behalf within Uzbekistan and are contractually prohibited from independent use.

Exceptions apply only as required by law (e.g., court or government requests). Users will be informed whenever possible within legal limits.

TrueDepth and facial verification data are not shared, transmitted, or used by any external processors, advertising partners, or analytics tools.

8. User Rights

Users have the right to:

  1. Access their data
  2. Edit or correct inaccurate/incomplete data
  3. Manage integrations (enable/disable Google/iCloud/AISHA)
  4. Restrict or object to certain processing
  5. Delete their account and data (“Delete Account” option)
  6. Withdraw consent at any time

Rights can be exercised via the app (“Profile → Privacy/Account”) or by emailing info@aiba.uz. Some requests may require identity verification.

9. Account and Data Deletion (Google Play / App Store Compliance)

The app includes a “Delete Account” feature for removing all related user data.

Additionally, a dedicated web page is provided for account deletion requests: https://aiba.uz/account-deletion

Upon request, data is erased from servers within 10 business days, and access is immediately blocked.

10. ERI (Electronic Digital Signature)

ERI keys are used only after confirming the user’s identity.

Keys are encrypted (using modern algorithms such as AES-256) and transmitted via TLS 1.2+.

We comply with Law No. ZRU-793 and related regulations.

11. Security Measures

  1. Encryption of data at rest and in transit
  2. RBAC (role-based access control), audit logs, minimal-privilege principles
  3. Secure backups within Uzbekistan
  4. Internal access policies and employee confidentiality obligations
  5. Vulnerability management and incident response procedures

12. Automated Decisions and AI

AI chat and document analysis are performed solely at the user’s request.

Profiling is used only for service personalization (e.g., calendar suggestions).

Users retain the right to human intervention as provided by law.

13. Children’s Privacy

The Application is not intended for users under 18. Any such data identified will be deleted immediately.

14. Retention Periods

  1. Active accounts: retained as long as necessary for service.
  2. Deleted accounts: retained only as legally required (e.g., accounting records); all other data is deleted within 10 business days.
  3. Logs/telemetry: retained temporarily for security and debugging.

15. Permissions

  1. Calendar: view/create/sync events
  2. Microphone: for AISHA voice↔text conversion
  3. Files/Camera: for uploading/scanning documents or adding profile photos
  4. Notifications: for reminders and system alerts
  5. All permissions are requested only when necessary and can be managed in settings.
  6. Camera (TrueDepth): used exclusively for capturing a facial image during the business verification process. No continuous video, 3D map, or background facial tracking occurs.

16. Complaints and Contacts

Questions or complaints can be sent to: info@aiba.uz

17. Policy Changes

This Policy may be updated due to legal or technical changes. Updates will be announced in the app and/or on our website. For significant changes, users may receive a separate notification.