RMO AI is a brand operated by AimStrings. This policy explains how we collect, use, disclose, and protect personal information when you use the RMO AI website, account features, early access forms, and support channels.
Effective date: April 30, 2026
The service operator and data controller is AimStrings. RMO AI is the product and service brand used by AimStrings.
| Context | Information | Purpose | Retention |
|---|---|---|---|
| Account creation and sign-in | Email address, email verification-code sign-in identifiers, Google profile data when Google is used, authentication provider data, Supabase user ID, session metadata | Account creation, authentication, identity management, order, license, and support linking | Until account deletion or a verified deletion request |
| Member email preferences | Account email snapshot, member audience status, marketing opt-in status, consent source, locale, policy version, consent and withdrawal timestamps | Register member contacts, manage optional promotional consent, keep service email delivery separate from marketing consent | Until account deletion, consent withdrawal, or verified deletion request |
| Early access signup | Email address, language, signup source, signup time, User-Agent | Beta invitations, launch, trial, discount, and product updates when the form copy offers those communications | Until unsubscribe, consent withdrawal, or deletion request |
| Support inquiry | Name, email address, product, topic, subject, message, language, submission time, User-Agent | Receiving inquiries, responding by email, troubleshooting, dispute handling, service improvement | For up to 3 years after the inquiry is resolved, unless a longer legal retention period applies |
| Website and service usage | Pages visited, device and browser data, logs, cookies, local storage, similar identifiers | Security, fraud prevention, diagnostics, analytics, performance measurement, service improvement | Deleted or anonymized when no longer needed, or retained according to provider policies |
For users in regions where a lawful basis is required, we rely on contract necessity, consent, legitimate interests, and legal obligations as applicable to the specific processing activity.
We do not directly store full card numbers, CVC codes, bank passwords, or similar sensitive payment credentials. If paid checkout opens, payments may be processed by external payment providers or merchant-of-record providers such as Lemon Squeezy.
If you join early access or opt in to updates, we may send product, beta, trial, launch, discount, or event emails within the scope described at the point of collection. Early Access consent remains evidence for Early Access and launch communications and does not automatically become member-account marketing consent.
Member accounts may be registered in a dedicated Brevo member audience list. News, event, and discount email consent is stored separately with its source, locale, policy version, timestamps, and withdrawal status. You can unsubscribe using the link in an email, change the preference from account settings, or contact support@rmo.ai.
Order, license, security, support, and required account emails remain service or transactional communications even when promotional email is off. Member-wide notices are treated as promotional or required service notices according to their content, and promotional campaigns should not be sent from Brevo until the consent copy, logging, policy language, unsubscribe handling, and required advertising labels have been reviewed.
We do not sell personal information. We use trusted service providers to run the website, authentication, database, email, analytics, and hosting features.
| Provider | Purpose | Information Processed | Processing Region |
|---|---|---|---|
| Supabase | Supabase Auth, email verification-code authentication, database hosting | Account identifiers, authentication and session metadata, early access metadata, support inquiry content and metadata | United States and other service regions |
| Brevo | Email delivery, contact lists, member audience, marketing consent status | Email address, name, language, member audience status, marketing opt-in attributes, consent and withdrawal records, delivery records | EU and other service regions |
| Vercel | Hosting | Access logs | United States and other service regions |
| Cloudflare | Privacy-first web analytics and performance (Core Web Vitals) measurement | Cookieless, aggregate visit and performance events | Global edge network and other service regions |
| Google OAuth sign-in | Email address, profile information, authentication result | Google service regions | |
| Payment providers or merchants of record such as Lemon Squeezy | Payment processing, tax calculation and collection, receipt issuance, refunds, and chargebacks | Buyer name, email address, billing address, order and license data, payment status, partial payment-method identifiers | Service regions for each provider |
We may also disclose information if required by law, to protect our rights, to prevent abuse or security incidents, or in connection with a business transfer such as a merger, acquisition, or asset sale.
AimStrings is based in the Republic of Korea, and our providers may process information in Korea, the United States, the EU, and other countries where they operate. Where required, we rely on appropriate safeguards such as provider data processing terms, standard contractual protections, and security measures designed to protect transferred information.
Depending on where you live, you may have rights to request access, correction, deletion, restriction, portability, objection, withdrawal of consent, or information about how your personal information is used and shared. Send requests to support@rmo.ai. We may need to verify your identity before processing a request.
Where U.S. state privacy laws apply, we do not currently sell personal information or share it for cross-context behavioral advertising. We also do not knowingly process sensitive personal information for profiling or targeted advertising.
We may use cookies, local storage, and similar technologies for login sessions, language preferences, analytics, performance measurement, security, and diagnostics. You can control cookies through your browser settings, but some features may not work properly if cookies are disabled.
On English-language pages, you can accept or reject optional analytics and performance measurement through the cookie preference panel. Strictly necessary storage remains active because it supports core site functions.
The service is not directed to children under 13, and we do not knowingly collect personal information from children under 13. If you believe a child has provided us personal information, contact us so we can review and delete it where appropriate.
We use administrative, technical, and organizational measures designed to protect personal information, including access controls, server-side secret separation, encrypted transport, external authentication and payment providers, data minimization, and operational log review. No online service can guarantee absolute security.
We may update this policy when our service, providers, laws, or data practices change. If a change is material, we will provide notice by posting the updated policy or by other appropriate means.