Privacy Policy

AILOS ("we", "us") is a leadership development platform operated by Avioro Solutions LLC. Avioro Solutions LLC is the data controller for personal data processed through AILOS. This policy explains what data we collect, how we use it, the legal bases we rely on, and the choices you have. By using AILOS you agree to the practices described here.

1. Data we collect

• Account information. Name, work email, and authentication credentials when you sign up.
• Diagnostic responses. Your answers to the leadership × AI readiness assessment and any roadmap selections.
• Coach conversations. Messages you send to the AI Coach during a session.
• Modelers inputs. Numbers and assumptions you enter into impact modelers.
• Usage data. Pages visited, features used, and basic device/browser metadata including IP address.
• Support communications. Messages you send us by email or in-app.

2. How we use your data

• Generate your personalized 12-week roadmap and module recommendations.
• Ground the AI Coach in your context (diagnostic results, role, current focus).
• Improve the product — fix bugs, refine modules, tune the diagnostic.
• Provide customer support and respond to your requests.
• Detect, prevent, and address fraud, abuse, or security incidents.
• Communicate with you about your account, new features, and (if you opt in) Avioro Solutions LLC offerings.

3. Legal bases for processing

Where the GDPR or UK GDPR applies, we rely on the following legal bases:

• Performance of a contract — to create your account, deliver the diagnostic, roadmap, Coach, and modelers, and process your subscription.
• Legitimate interests — to secure the service, prevent fraud and abuse, analyze aggregate usage, and improve the product.
• Consent — for optional marketing communications and any non-essential cookies, which you can withdraw at any time.
• Legal obligation — to comply with tax, accounting, and other legal requirements.

4. AI Coach & third-party models

The AI Coach is powered by large language models accessed through the Lovable AI Gateway (currently routing to providers including Google and OpenAI). When you send a message, the message text and minimal context (your diagnostic profile, if available) are sent to the model provider to generate a response. We do not permit your conversations to be used to train third-party models. Coach messages may be retained on our infrastructure to maintain conversation continuity; you can request deletion at any time.

5. Cookies & analytics

We use first-party cookies and local storage to keep you signed in and remember preferences. We use lightweight analytics to understand aggregate usage. We do not sell your data and we do not run third-party advertising trackers.

6. Sharing & recipients

We share personal data only with the following categories of recipients:

• Paddle.com Market Limited ("Paddle") — our Merchant of Record and payment processor. Paddle handles checkout, billing, payment method data, subscription management, invoicing, refunds, and sales tax / VAT compliance on our behalf. Paddle receives the information necessary to process your purchase (including name, email, billing address, and payment details) and acts as an independent controller for that payment data under its own privacy policy.
• Infrastructure providers — hosting, database, authentication, email, and AI model gateway providers acting as processors under contract to deliver the service.
• Professional advisers — legal, accounting, and compliance advisers, where reasonably necessary.
• Authorities — where required by law, court order, or to protect our legal rights.
• Team administrators — if you join AILOS through a Team plan, your employer's L&D administrator can see aggregate maturity data and your roadmap progress — never your raw Coach conversations.

We do not sell your personal data.

7. Retention & deletion

We keep your data for as long as your account is active. You can delete your account at any time, which removes your diagnostic responses, roadmap, modeler scenarios, and Coach history within 30 days, except where we are required to retain records for legal, tax, or accounting purposes. Payment and invoice records held by Paddle are retained under Paddle's own retention schedule to meet financial regulatory requirements.

8. Security

We implement appropriate technical and organisational measures to protect your personal data, including encryption in transit (TLS), encryption at rest, role-based access controls, least-privilege service credentials, regular dependency and security monitoring, and audit logging of administrative actions. No method of transmission or storage is 100% secure, but we work to protect your data using industry-standard practices.

9. International transfers

We and our service providers (including Paddle) may process personal data in countries outside the UK and EEA. Where this happens, we rely on appropriate safeguards such as the European Commission's Standard Contractual Clauses, the UK International Data Transfer Addendum, or transfers to jurisdictions covered by an adequacy decision.

10. Your rights

Depending on where you live, you may have rights to access, correct, export, delete, restrict, or object to processing of your personal data, and to withdraw consent at any time. If you are in the UK or EEA, you also have the right to lodge a complaint with your local supervisory authority. We will respond to verified requests within one month. To exercise any of these rights, contact us at the address below.

11. Contact

Questions or requests? Email connect@avioroconsulting.com or write to Avioro Solutions LLC.