Privacy Policy
Effective date: June 29, 2026 · Last updated: June 29, 2026
This Privacy Policy explains how AiOne LLC ("AiOne," "we," "us," or "our") collects, uses, shares, and protects personal information in connection with our products and services, including the Meraqi AI design platform (the "Service"). Meraqi is a product of AiOne LLC.
1. Information we collect
We collect the following categories of personal information:
- Account information. Name, email address, password (stored only as an argon2id hash), and authentication identifiers from social login providers (Google, GitHub, Microsoft) if you choose to use them.
- Contact form submissions. If you write to us through a contact form on our websites, we collect the name you choose to provide, your email address, the topic you select, and your message, and we use them to respond to you.
- Profile and workspace data. Organization or team name, role, brand kits, and preferences.
- Content you create or upload. Designs, text, prompts, uploaded images and photos, fonts, and related assets.
- Phone number. If you enable two-factor authentication (2FA) by SMS or use SMS features, we collect and store your mobile number. See Section 2.
- Contacts you provide. If you use distribution features, recipient details you enter or import (an address book). You are responsible for having a lawful basis to provide that data.
- Payment information. Subscription and billing data, processed by our payment processor (Stripe). We do not store full card numbers.
- Connected accounts. OAuth access and refresh tokens for channels you connect (for example, social or email/SMS providers), stored encrypted.
- Usage, device, and log data. IP address, browser and device information, timestamps, and actions taken in the Service, used for security, analytics, and audit logging.
- Cookies and similar technologies. See our Cookie Policy.
2. Mobile information and SMS messaging
No mobile information will be shared with third parties or affiliates for marketing or promotional purposes. Text messaging originator opt-in data and consent will not be shared with any third parties, excluding aggregators and providers of the text-messaging services that help us deliver your messages (for example, Twilio).
We collect mobile phone numbers only when you provide them, for purposes such as:
- Sending two-factor authentication (2FA) and one-time security codes;
- Sending account, transactional, or service notifications you have requested; and
- Delivering messages you initiate through the Service to recipients you designate.
SMS opt-in is express and voluntary. Message frequency varies. Message and data rates may apply. You can opt out at any time by replying STOP, and you can request help by replying HELP. Carriers are not liable for delayed or undelivered messages. We do not sell or rent mobile numbers or SMS opt-in data, and we do not share them for third-party marketing.
3. How we use information
- Provide, operate, secure, and improve the Service;
- Authenticate you and prevent fraud and abuse;
- Generate, edit, and store the designs and content you request;
- Process payments and manage subscriptions;
- Send transactional and security messages, and, with your consent, product updates or marketing;
- Maintain audit logs and meet legal, tax, and compliance obligations;
- Analyze usage to improve features (where permitted, and subject to your cookie choices).
Where the GDPR applies, our legal bases are: performance of a contract, your consent, our legitimate interests in operating and securing the Service, and compliance with legal obligations.
4. How we share information
We do not sell your personal information. We share it only as follows:
- Service providers (subprocessors). Vendors who process data on our behalf under contract, such as Stripe (payments), Twilio (SMS), email delivery providers, and hosting/CDN providers. They may use data only to provide services to us.
- At your direction. Channels and recipients you choose when you publish or distribute content.
- Legal and safety. Where required by law, to enforce our terms, or to protect rights, safety, and security.
- Business transfers. In connection with a merger, acquisition, or sale of assets, subject to this Policy.
As stated above, SMS opt-in data and consent are excluded from sharing with third parties other than the messaging providers needed to deliver your messages.
5. AI processing
Meraqi's AI features run on infrastructure operated by AiOne. Your prompts, designs, and uploaded images are not transmitted to external third-party AI providers to generate your content. We use your content to train shared AI models only if you expressly opt in.
6. Data retention
- Account and content data is retained while your account is active. After account deletion, recoverable data is held for a 30-day window, then permanently removed.
- Prompts are minimized and purged on a rolling 30-day basis; location metadata (EXIF) is stripped from distributed images.
- Security and audit logs are retained for up to 7 years to meet legal and compliance obligations.
- Billing records are retained as required by tax and accounting law.
7. Your privacy rights
Depending on where you live, you may have the right to access, correct, delete, port, or restrict processing of your personal information, and to withdraw consent. Under the GDPR you may also lodge a complaint with a supervisory authority. Under the CCPA/CPRA (California) you may request to know, delete, and correct your information, and to opt out of "sale" or "sharing"; we do not sell or share personal information as those terms are defined.
To exercise any right, contact us at legal@aionellc.com. We respond within the timeframes required by law (generally within 30 days). We will not discriminate against you for exercising your rights.
8. Security
We protect personal information with encryption in transit (TLS 1.3) and at rest (AES-256), hashed credentials (argon2id), scoped access tokens, role-based access control, and append-only audit logging. No method of transmission or storage is completely secure, but we work to protect your information and to notify you of incidents as required by law.
9. International transfers
We are based in the United States and process data there. If you access the Service from outside the U.S., you understand your information may be transferred to and processed in the U.S. Where required, we use appropriate safeguards (such as Standard Contractual Clauses) for international transfers.
10. Children
The Service is not directed to children under 16, and we do not knowingly collect their personal information. If you believe a child has provided us information, contact us and we will delete it.
11. Changes to this Policy
We may update this Policy from time to time. We will post the updated version with a new effective date and, for material changes, provide additional notice where required.
12. Contact us
AiOne LLC
Attn: Privacy
Email: legal@aionellc.com
Website: aionellc.com