Privacy Policy

Last updated: May 17, 2026

Overview

AINK values and protects user privacy. This Privacy Policy explains how we collect, use, store, and safeguard your personal information, including AES-256-GCM field-level encryption for key sensitive fields.

Information Collection

We may collect the following types of information:

  • Account information: username, email address, company name
  • Business and financial data: invoices, vouchers, receivables/payables, inventory and payroll data you enter or generate (owned by your company tenant)
  • Device and log information: device model, OS version, access times, activity records
  • Subscription and recharge records: your subscription, recharge and invoicing information

After you enable the relevant feature and grant permission, we collect the following only while you use that feature. You can revoke each permission at any time in system settings:

  • Location: captured once when you initiate attendance check-in, to record the check-in location; no continuous tracking
  • Camera and images: used to photograph invoices/documents for text recognition (OCR) entry, accessed only when you use that feature
  • Microphone and voice: used for voice input and voice command recognition, recorded only when you actively use voice features
  • Push identifier: device push token, used to send business notifications; can be disabled in system settings

We do not collect biometric information such as faces or fingerprints, do not use the advertising identifier (IDFA), and do not perform cross-app tracking.

Information Use

We use the information we collect to:

  • Provide, maintain, and improve our services
  • Process your requests and transactions
  • Record attendance check-in location (location data)
  • Recognize and enter invoices/documents (camera and images)
  • Support voice input and command operation (microphone and voice)
  • Send service notifications and updates
  • Provide technical support
  • Ensure system security

Data Security

We implement strict security measures to protect your data:

  • All data in transit is encrypted with TLS
  • Key sensitive fields are encrypted at rest
  • Complete multi-tenant data isolation
  • Regular security audits and vulnerability scanning
  • Automatic data backups

Data Sharing

We do not share your personal information with third parties except in the following circumstances:

  • With your explicit consent
  • As required by applicable laws and regulations
  • To protect the safety of users or the public

To deliver the Service, we use the following third-party processors. All transmissions are encrypted:

  • Alibaba Cloud OSS: Stores user-uploaded files, attachments, and receipt images.
  • Alibaba Cloud SMS: Sends verification codes for registration, login, and password reset.
  • Ant Group (Alipay): Processes user payments (order amount and payer account information).
  • Alibaba Cloud DashScope (Qwen LLM): Processes AI assistant conversations (only the user's question is forwarded; business database content is not transmitted).
  • Apple Push Notification Service: Delivers iOS push notifications (device token only; no notification payload is shared).

We sign Data Processing Agreements (DPAs) with these processors, requiring them to handle your information consistent with this Privacy Policy and prohibiting use of your data for purposes outside of this Service.

Data Retention

  • Account information: Retained during the lifetime of the account; deleted within 7 days after voluntary account cancellation (including login credentials, personal identity information, device information). Data we are legally required to retain (such as orders, invoices, and contractual records) is retained for 10 years under the PRC Accounting Law and the Measures for the Administration of VAT Invoices.
  • Business data: Retained while the account is active; cleared along with the account upon cancellation (with legally mandated retention as the exception). If your account is suspended due to non-payment, business data is retained for 90 days for you to resume subscription. After 90 days without renewal, business data is cleared along with the account (subject to legal retention requirements).
  • Log information: Access logs are retained for 6 months; security audit logs for 12 months.
  • SMS verification codes: Expire automatically within 5 minutes; never stored long-term in plaintext.

Cross-Border Data Transfer

All AINK servers and databases are located within mainland China (Alibaba Cloud North/East regions). Your primary business data does not leave mainland China.

iOS Push exception: When using the iOS app, your device token (an opaque device identifier with no business meaning) is synchronized through Apple Push Notification Service (APNs) across Apple's global servers to ensure push delivery. Apple's handling of this token follows Apple's global privacy policy (apple.com/legal/privacy). We do not transmit your business data or personal sensitive information through APNs.

If we expand to cross-border services in the future and data export becomes involved, we will notify you separately, obtain your explicit consent under Article 38 of the PRC Personal Information Protection Law (PIPL), and complete the required filings and certifications.

Minor Protection

The Service targets enterprise B2B users and is not offered for registration to minors under 14.

  • Account registration: If a minor registers without guardian consent, we will immediately disable the account and delete the related personal information. Guardians may contact us at privacy@ainaike.com.
  • Customer-uploaded data containing minor information: As an ERP system, the business data you (the enterprise customer) upload to AINK may indirectly involve personal information of minors under 14 (such as employee children, minor intern records). You shall obtain separate guardian consent under PIPL Article 31 before uploading and are responsible for the legality of uploaded content. AINK does not review the compliance of minor information in your uploaded data, but provides data deletion APIs to assist with your obligations.

Data Breach Notification

If a personal information breach, tampering, or loss occurs, we will notify affected users within 72 hours via in-app message, email, or phone, including: the type and likely impact, measures we have taken or will take, and recommended mitigation steps for you.

We will also report to the relevant authorities as required:

  • Personal information protection matters: national and local Cyberspace Administration (PIPL Article 57)
  • Criminal cases: public security authorities
  • Matters involving critical information infrastructure: national security and sector-specific regulators

Your Rights

You have the following rights regarding your personal information:

  • Access and review your data
  • Correct inaccurate data
  • Delete your account and data
  • Export your data (available in iOS app under "Profile" > "Data Export")
  • Withdraw consent (note that some features may become unavailable after withdrawal)
  • File a complaint via our contact channels below or with your local cyberspace authority

Contact Us

If you have any questions about this Privacy Policy, wish to exercise the rights above, or report a violation, please contact us at:

Personal Information Protection Officer: privacy@ainaike.com

Customer Service: support@ainaike.com

Company address: Jinpu New District, Dalian, Liaoning Province, China