Skip to content
> ./aidex.sh_

Privacy Policy

Last updated: March 8, 2026

This Privacy Policy explains how AIDex ("we," "us," or "our") collects, uses, stores, and protects your information when you use the AIDex platform at https://aidex.sh (the "Service"). By using the Service, you agree to the practices described in this policy.

1. Information We Collect

1.1 Account Information

When you create an account, we collect your name and email address. If your organization administrator invites you, we also receive your assigned role and department within that organization.

1.2 Assessment Data

As you complete assessments through the platform, we collect your responses, uploaded files, and any ideas or notes you submit. This data drives the AI analysis that generates your reports, roadmaps, and secure scores.

1.3 AI Generated Content

The Service generates reports, roadmaps, secure scores, and other content based on your assessment data. We store this generated content within your organization's tenant database so you can access it at any time.

1.4 Usage Data

We automatically collect basic technical information when you interact with the Service. This includes your IP address, browser type, pages visited, and timestamps. We use this data to maintain security, diagnose technical problems, and understand general usage patterns.

2. How We Use Your Information

We use the information we collect to:

  • Provide, operate, and maintain the Service
  • Process your assessment data through AI to generate reports, roadmaps, and secure scores
  • Authenticate your identity and manage your account
  • Respond to your support requests and communicate with you about the Service
  • Detect, prevent, and address security threats, fraud, and technical issues
  • Comply with legal obligations and enforce our Terms of Service

We do not sell your personal information. We do not use your data for advertising. We do not share your information with third parties for their marketing purposes.

3. AI Processing and OpenAI Disclosure

AIDex uses OpenAI's GPT models to analyze your assessment responses and generate reports, roadmaps, secure scores, and other content. When you trigger an AI generation, your assessment data is sent to OpenAI's API for processing.

  • Your assessment responses, uploaded text content, and related context are transmitted to OpenAI's servers for processing
  • OpenAI processes this data according to their API Data Usage Policies, which state that data sent through the API is not used to train their models
  • We send only the minimum data necessary to generate the requested output
  • Generated content is returned to AIDex and stored within your organization's isolated tenant database

By using AI generation features, you acknowledge that your assessment data will be transmitted to OpenAI for processing. If your organization has policies that restrict sending data to third party AI providers, consult your compliance team before using these features.

4. Data Storage and Tenant Isolation

AIDex operates as a multi-tenant platform. Each organization receives its own isolated database. This architecture means your organization's data is physically separated from other organizations' data at the database level.

Your data is stored on servers located in the United States. We implement industry-standard security measures to protect your data, including encrypted connections (TLS), secure authentication, and file upload scanning with ClamAV antivirus.

5. Cookies

AIDex uses a cookie consent system that groups cookies into four categories: essential, functional, analytics, and marketing. When you first visit the Service, you are prompted to accept or customize which categories you allow beyond essential cookies.

  • Essential — session authentication, CSRF protection, and consent preferences. These cannot be disabled.
  • Functional — enhanced features such as remembering your preferences across visits.
  • Analytics — aggregated, anonymous usage data to help us improve the Service.
  • Marketing — reserved for future use. We do not currently use marketing cookies.

You can change your cookie preferences at any time via the "Cookie Settings" link in the site footer. For a complete list of cookies and their purposes, see our Cookie Policy.

AIDex honors the Global Privacy Control (GPC) signal. If your browser sends a GPC signal, we automatically opt you out of marketing cookies.

6. Data Retention

We retain your data for as long as your account and your organization's account remain active. If you or your organization administrator requests account deletion, we will delete your data within 30 days, except where we are required by law to retain certain records.

When an organization's account is terminated, the entire tenant database is deleted.

7. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access the personal information we hold about you
  • Correct inaccurate or incomplete information
  • Delete your personal information, subject to legal retention requirements
  • Export your data in a portable format
  • Object to certain processing activities

To exercise any of these rights, contact us at support@aidex.sh. We will respond to your request within 30 days.

8. Children's Privacy

AIDex is designed for business use and is not directed at individuals under the age of 18. We do not knowingly collect personal information from children. If we learn that we have collected data from a child under 18, we will delete that information promptly.

9. Changes to This Policy

We may update this Privacy Policy from time to time. When we make changes, we will update the "Last updated" date at the top of this page. For significant changes, we will notify you by email or through a notice within the Service.

10. Contact Us

If you have questions about this Privacy Policy or our data practices, contact us at support@aidex.sh.