RMO AI is a brand operated by AimStrings. This policy explains how we collect, use, disclose, and protect personal information when you use the RMO AI website, account features, early access forms, and support channels.
Effective date: April 30, 2026
The service operator and data controller is AimStrings. RMO AI is the product and service brand used by AimStrings.
| Context | Information | Purpose | Retention |
|---|---|---|---|
| Google account sign-in | Email address, name, profile image, authentication provider data, Supabase user ID | Account authentication, identity management, future order and license linking | Until account deletion or a verified deletion request |
| Early access signup | Email address, language, signup source, signup time, User-Agent | Beta invitations, launch updates, mailing list management | Until unsubscribe, consent withdrawal, or deletion request |
| Support inquiry | Name, email address, product, topic, subject, message, language, submission time, User-Agent | Receiving inquiries, responding by email, troubleshooting, dispute handling, service improvement | For up to 3 years after the inquiry is resolved, unless a longer legal retention period applies |
| Website and service usage | Pages visited, device and browser data, logs, cookies, local storage, similar identifiers | Security, fraud prevention, diagnostics, analytics, performance measurement, service improvement | Deleted or anonymized when no longer needed, or retained according to provider policies |
For users in regions where a lawful basis is required, we rely on contract necessity, consent, legitimate interests, and legal obligations as applicable to the specific processing activity.
We do not directly store full card numbers, CVC codes, bank passwords, or similar sensitive payment credentials. If paid checkout opens, payments may be processed by external payment providers or a merchant-of-record provider.
If you join early access or opt in to updates, we may send product, beta, and launch emails. You can unsubscribe at any time using the unsubscribe link in the email or by contacting contact@aimstrings.com.
We do not sell personal information. We use trusted service providers to run the website, authentication, database, email, analytics, and hosting features.
| Provider | Purpose | Information Processed | Processing Region |
|---|---|---|---|
| Supabase | Authentication, database hosting | Account data, early access metadata, support metadata | United States and other service regions |
| Brevo | Mailing lists, transactional email | Email address, name, inquiry content, delivery records | EU and other service regions |
| Vercel | Hosting, analytics, speed measurement | Access logs, visit events, performance events | United States and other service regions |
| Google OAuth sign-in | Email address, profile information, authentication result | Google service regions |
We may also disclose information if required by law, to protect our rights, to prevent abuse or security incidents, or in connection with a business transfer such as a merger, acquisition, or asset sale.
AimStrings is based in the Republic of Korea, and our providers may process information in Korea, the United States, the EU, and other countries where they operate. Where required, we rely on appropriate safeguards such as provider data processing terms, standard contractual protections, and security measures designed to protect transferred information.
Depending on where you live, you may have rights to request access, correction, deletion, restriction, portability, objection, withdrawal of consent, or information about how your personal information is used and shared. Send requests to contact@aimstrings.com. We may need to verify your identity before processing a request.
Where U.S. state privacy laws apply, we do not currently sell personal information or share it for cross-context behavioral advertising. We also do not knowingly process sensitive personal information for profiling or targeted advertising.
We may use cookies, local storage, and similar technologies for login sessions, language preferences, analytics, performance measurement, security, and diagnostics. You can control cookies through your browser settings, but some features may not work properly if cookies are disabled.
On English-language pages, you can accept or reject optional analytics and performance measurement through the cookie preference panel. Strictly necessary storage remains active because it supports core site functions.
The service is not directed to children under 13, and we do not knowingly collect personal information from children under 13. If you believe a child has provided us personal information, contact us so we can review and delete it where appropriate.
We use administrative, technical, and organizational measures designed to protect personal information, including access controls, server-side secret separation, encrypted transport, external authentication and payment providers, data minimization, and operational log review. No online service can guarantee absolute security.
We may update this policy when our service, providers, laws, or data practices change. If a change is material, we will provide notice by posting the updated policy or by other appropriate means.