Skip to main content

Privacy Notice

giid.io Privacy Notice

This Privacy Notice explains how Aegenic Ltd ("Aegenic", "we", "us", "our") collects, uses, stores, and protects personal data in connection with your use of the giid.io application (the "App"). By using giid.io, you acknowledge the practices described here. Where UK or EU GDPR requires your specific consent — for example, for non-essential cookies or marketing communications — we ask you separately and you can change your mind at any time.

Last updated: April 21, 2026
PrivacyTerms

1. Data Controller

Aegenic Ltd is the data controller under the UK GDPR and EU GDPR.

  • Legal Entity Name: Aegenic Ltd
  • Registered Address: Great Portland Street, London, W1W 5PF
  • Privacy contact: privacy@giid.io

Aegenic Ltd has not appointed a Data Protection Officer, as one is not required under UK GDPR Article 37. You can reach us for any privacy-related matter at privacy@giid.io.

2. Personal Data We Collect

When you use the App, we may collect:

  • Full name
  • Email address
  • Company name (if provided)
  • IP address
  • Device and browser information
  • Usage data and interaction logs
  • Content, ideas, or feedback you enter into the App
  • Cookie and similar-technology identifiers, including (where you consent to marketing cookies) advertising identifiers set by Meta Platforms via the Facebook Pixel
  • Your recorded cookie choices, so we can honour them

We only collect data necessary to provide, improve, and secure the App, and — where you have given consent — to measure and improve our advertising.

3. Lawful Basis for Processing

We rely on the following lawful bases under GDPR:

a) Contract (Article 6(1)(b))

  • To provide and operate the App, including account management, access, and support

b) Legitimate Interests (Article 6(1)(f))

  • To improve, test, and secure the App, including diagnosing errors from server logs
  • To prevent fraud and abuse

Where legitimate interests are relied upon, we ensure they are not overridden by your rights and freedoms.

c) Consent (Article 6(1)(a))

  • Optional marketing communications, promotional content, and user research surveys (opt-in at sign-up or later)
  • Non-essential cookies and similar technologies — analytics and advertising cookies (see section 6)
  • Any analysis of your behaviour that relies on cookies or similar identifiers

You can withdraw consent at any time using the Cookie settings link in the footer (for cookies) or by contacting us (for marketing communications). Withdrawal does not affect the lawfulness of processing carried out before withdrawal.

Providing account data at sign-up is a contractual requirement — we cannot create and operate an account for you without it. Agreeing to the data-storage statement at sign-up is an acknowledgement that we will process that data under the Contract basis above; it is not GDPR 'consent' and it cannot meaningfully be 'withdrawn' without closing your account.

4. How We Use Your Data

We use your personal data to:

  • Create and manage your account
  • Provide access to the App and its features
  • Communicate service updates or notifications
  • Analyse usage to improve the App
  • Maintain system security and prevent fraud

We do not sell your personal data. We do not use the content you enter into the App — your ideas, notes, and project data — to train AI models, and we do not use your data for unrelated marketing without your explicit consent.

5. Data Sharing and Confidentiality

We take confidentiality seriously.

  • Your content, ideas, and information entered into the App remain strictly confidential.
  • We do not share, sell, or trade your ideas, feedback, or input with any third parties.
  • Data is only shared with trusted service providers for the limited purpose of operating the App, such as cloud hosting and infrastructure providers, analytics and performance monitoring tools, and email and communication services.
  • Where you consent to marketing cookies, limited data is also shared with Meta Platforms Ireland Ltd (see sections 6 and 7).
  • All third-party providers are bound by written agreements to process data securely and in compliance with GDPR.
  • Any transfer of data outside the UK or EEA is done with strict safeguards (see section 8).

Your project content — the ideas, notes, and feedback you enter into the App to build your profile — is never shared with advertising or analytics partners.

6. Cookies and Similar Technologies

We use cookies and similar technologies to make the App work and, with your consent, to measure and improve it. When you first visit the site we ask for your choice via a cookie banner. You can change your choice at any time using the "Cookie settings" link in the site footer.

Categories

  • Essential — required for the App to work: authentication, session, security, the cookie that remembers your cookie choice itself, and UI settings you've explicitly set (like theme or sidebar position). These are set without asking for consent because they are necessary to deliver the service you have requested.
  • Analytics — helps us understand how the App is used so we can fix issues and improve it. Not used for advertising. Off by default.
  • Advertising — measures how our ads perform and lets us show relevant ads on Meta (Facebook, Instagram). Involves sharing limited event data with Meta. See section 7 for details. Off by default.

Specific cookies we use

  • Better Auth session cookies — essential, first-party, provider: Aegenic, session-length (required for login).
  • aeg_consent — essential, first-party, provider: Aegenic, 180 days (stores your cookie choice).
  • aeg_anon — essential, first-party, provider: Aegenic, 180 days (pseudonymous identifier linking your cookie choice to a record).
  • sidebar_state — essential, first-party, provider: Aegenic, 1 year (remembers whether you've collapsed the app sidebar). Set only when you actively change it.
  • _fbp — advertising, first-party (on this site), provider: Meta Platforms Ireland, up to 90 days (identifies the browser to Meta's advertising systems).
  • _fbc — advertising, first-party, provider: Meta Platforms Ireland, up to 90 days (set only if you arrive via a Meta ad click; used to attribute the click).

We do not currently use a third-party analytics vendor. If we add one in future, we will update this notice and, where required, ask for your consent again.

Withdrawal

Click "Cookie settings" in the footer at any time to open a panel showing your current choices. You can change them and save, or cancel to leave them as they are. Withdrawing advertising consent stops the Pixel and Conversions API, and we actively delete Meta advertising cookies (_fbp, _fbc) at the point of withdrawal. If you clear your browser cookies, we will ask you again on your next visit.

7. Advertising Partners and the Facebook Pixel

If — and only if — you consent to marketing cookies, we use the Facebook Pixel (provided by Meta Platforms Ireland Ltd) to measure the effectiveness of our advertising on Meta products and partner sites.

We also use Meta's Conversions API. This is a server-side equivalent of the Pixel: our servers send the same events directly to Meta so measurement still works when browsers block tracking scripts. The Conversions API is subject to the same consent rule — if you reject or withdraw marketing consent, we do not send these server-side events.

What is sent to Meta

  • Page URL, referrer, and timestamp of standard events (e.g., page view, account sign-up).
  • Your IP address and user agent (as part of the HTTP request Meta receives).
  • If you are signed in: your email address, first name, last name, and our internal user ID — each transformed by a one-way cryptographic function (SHA-256 hashing) so Meta receives a fixed-length code and cannot recover the original values. Meta uses these codes to match events to your Meta account without us ever sharing the raw data.
  • Cookies set by Meta on your browser (such as _fbp, _fbc).

Joint controller arrangement

For data collected and transmitted via the Facebook Pixel and Conversions API, Aegenic and Meta Platforms Ireland Ltd act as joint controllers under GDPR Article 26, following the Court of Justice of the European Union ruling in Fashion ID (C-40/17, 29 July 2019) and the more recent Bundeskartellamt v. Meta decision (C-252/21, 4 July 2023). The essence of that arrangement:

  • Aegenic is controller for the decision to deploy the Pixel and Conversions API, for the parameters of events we send (what triggers an event, what data is included), and for the legal basis we rely on (your consent).
  • Meta Platforms Ireland Ltd is controller for Meta's subsequent processing of that data for its own purposes, including advertising delivery, measurement, and product improvement on Meta platforms.
  • The operational terms are set out in Meta's Controller Addendum, accepted via Meta's Business Tools Terms.

Your choices

  • Withdraw marketing consent at any time via the Cookie settings link in the footer — the Pixel and Conversions API will stop, and the _fbp / _fbc cookies on your browser are deleted.
  • Adjust your Meta ad preferences at facebook.com/adpreferences.
  • Request deletion of data Meta holds about you via Meta's user data deletion request flow.
  • Contact us (section 12) to exercise your rights under GDPR in relation to Aegenic's part of the processing.

8. International Data Transfers

Some of our service providers are based outside the UK and European Economic Area. Where this results in a transfer of your personal data, we rely on one of the following safeguards, as required by the UK GDPR and EU GDPR:

  • Transfers to the United States: the EU-US Data Privacy Framework (and the UK Extension to the DPF) where the recipient is certified — Meta Platforms, Inc. is so certified.
  • Adequacy decisions made by the UK government or European Commission, where available.
  • UK International Data Transfer Agreement or EU Standard Contractual Clauses, supplemented by additional safeguards where appropriate.

9. Data Retention

We retain personal data:

  • Account data: for as long as your account is active, and up to 12 months after account deletion unless you request earlier removal.
  • Cookie consent records: for the life of the related account (or, for anonymous visitors, for the life of the consent cookie — 180 days) plus a reasonable period to evidence compliance and respond to disputes.
  • Advertising event data sent to or by Meta: subject to Meta's own retention rules; Aegenic does not retain separate ad-event logs beyond what is needed for troubleshooting.

Limited data may be retained as required for legal, regulatory, or security purposes.

10. Your Rights Under GDPR

You have the right to:

  • Access your personal data
  • Correct inaccurate data
  • Request erasure ("right to be forgotten")
  • Restrict or object to processing
  • Withdraw consent at any time (including for cookies — via the Cookie settings link in the footer)
  • Request data portability
  • Lodge a complaint with a supervisory authority

If you believe we have not handled your personal data correctly, you can complain to:

  • United Kingdom — Information Commissioner's Office (ICO), ico.org.uk, helpline 0303 123 1113.
  • European Union — your local Data Protection Authority; for processing connected to the Facebook Pixel and Meta generally, the Irish Data Protection Commission (dataprotection.ie) is the lead supervisory authority for Meta.

We may request verification of your identity before fulfilling requests. See section 12 for how to contact us.

11. Data Security

We implement appropriate technical and organisational measures, including:

  • Encrypted data transmission (HTTPS)
  • Restricted access controls
  • Secure hosting environments

While no method of electronic transmission or storage is entirely immune to risk, we continuously review our security practices. In the unlikely event of a personal data breach, we will take appropriate steps and notify the relevant authorities and affected individuals in accordance with UK GDPR.

12. Contact Us

For any privacy-related questions or to exercise your rights, contact us at:

  • Aegenic Ltd, Great Portland Street, London, W1W 5PF
  • Email: privacy@giid.io

13. Children's Privacy

giid.io is intended for users aged 16 and over. We do not knowingly collect personal data from anyone under 16. If you believe we have collected data from a child under 16, please contact us at privacy@giid.io and we will delete it.

14. Automated Decision-Making

We do not use your data for automated decision-making or profiling that produces legal or similarly significant effects on you. The App uses AI models to help you structure your ideas, but the outputs are advisory — they do not make decisions that legally or significantly affect you.

15. Updates to This Notice

We may update this Privacy Notice from time to time. The latest version will always be available in the App and on our website. If we make material changes to how we use cookies or share data with advertising partners, we will ask for your consent again via the cookie banner.