Privacy Regulations
GDPR (General Data Protection Regulation)
Jurisdiction: European Union
Status: Fully Compliant
Key Requirements Met:
- Lawful basis for processing (user consent via app usage)
- Data minimization (only text prompts processed)
- Right to access, delete, and port data
- Privacy by design and default
- Data subject rights documented in Your Rights
CCPA (California Consumer Privacy Act)
Jurisdiction: California, USA
Status: Fully Compliant
Key Requirements Met:
- Notice at collection (via Privacy Policy)
- Right to know what data is collected
- Right to deletion
- Do Not Sell: We do NOT sell personal information
- No discrimination for exercising rights
COPPA (Children's Online Privacy Protection Act)
Jurisdiction: United States
Status: Compliant (App not directed at children)
Key Requirements Met:
- App intended for users 13+
- No knowingcollection from children under 13
- Children's Privacy policy available at COPPA
Age-Appropriate Design Code (UK)
Jurisdiction: United Kingdom
Status: Compliant
Key Principles Met:
- Privacy by default
- Minimal data collection
- No profiling or behavioral tracking
- Transparency and clear language
PIPEDA (Personal Information Protection and Electronic Documents Act)
Jurisdiction: Canada
Status: Substantially Compliant
Notes: Aido follows PIPEDA principles (consent, minimal collection, security). However, formal PIPEDA certification is not required for our app type.
Platform Policies
Google Play Store Policies
Key Requirements Met:
- Accessibility Service: Justified use disclosed in Transparency Center
- Data Safety Form: Accurate declaration of no server-side data collection
- Privacy Policy: Available at Privacy Policy
- Permissions: All permissions justified in Permissions Map
- No Deceptive Behavior: Complete transparency about functionality
Apple App Store Review Guidelines
Status: Not Applicable (Android-only app)
Aido is currently only available on Android. If we expand to iOS, we will comply with Apple's guidelines.
Industry Best Practices
OWASP Mobile Application Security
Key Practices:
- Secure data storage (encrypted SharedPreferences, SQLCipher)
- HTTPS/TLS for all network communication
- Input validation and sanitization
- Minimal permissions principle
Privacy by Design Framework
7 Foundational Principles:
- Proactive not reactive
- Privacy as the default setting
- Privacy embedded into design
- Full functionality (privacy doesn't compromise usability)
- End-to-end security
- Visibility and transparency
- Respect for user privacy
Ongoing Compliance
We maintain compliance through:
- Regular Reviews: Quarterly review of privacy policies and practices
- Changelog Updates: Document all changes affecting privacy or permissions
- Monitoring: Track new regulations and platform policy updates
- User Rights: Respond to data subject requests within regulatory timelines
- Security Audits: Regular dependency updates and vulnerability scanning
Compliance Contact
For compliance questions or concerns:
Email: aiqknow@gmail.com
Data Protection Officer: Available via email above
Disclaimer
This compliance tracker is provided for transparency purposes. While we strive for accuracy, it should not be considered legal advice. For specific legal questions about data protection, consult a qualified attorney in your jurisdiction.