Privacy Policy

1. Introduction

This Privacy Policy explains how AITourPilot ApS ("AITourPilot," "we," "us," or "our") collects, uses, stores, and protects your personal data when you use our website (aitourpilot.com), our campaign pages (engage.aitourpilot.com), and our AI-powered museum tour services. We are committed to protecting your privacy in compliance with the EU General Data Protection Regulation (GDPR) and applicable Danish data protection law.

2. Who We Are (Data Controller)

The data controller responsible for your personal data is:

3. Data We Collect and Why

We collect and process personal data only when necessary and for specific, legitimate purposes:

a) Website Visitors

• Analytics data: anonymized usage data (pages visited, time on site, device type) to improve our website. Legal basis: legitimate interest (Art. 6(1)(f) GDPR).
• Technical data: IP address (anonymized), browser type, operating system, collected automatically by our hosting provider (Vercel). Legal basis: legitimate interest.

b) Email Subscribers (Early Access / Newsletter)

• Email address: collected when you sign up for early access or our newsletter. Legal basis: consent (Art. 6(1)(a) GDPR).
• Name (if provided): to personalize communications. Legal basis: consent.

c) Contact Form Submissions

• Name, email address, message content: collected when you contact us. Legal basis: legitimate interest / pre-contractual measures (Art. 6(1)(b) GDPR).
• Museum/Organisation name (if provided): for business inquiries. Legal basis: legitimate interest.

d) Museum Partners

• Business contact details: name, email, phone, organization name, collected during demo bookings and partnership discussions. Legal basis: pre-contractual/contractual measures (Art. 6(1)(b) GDPR).

e) App Users

• Usage data: tour interactions, preferences, and feedback within the AITourPilot app. Legal basis: consent and/or contract performance.
• Audio data: voice interactions with the AI guide are processed in real-time and are not stored unless explicitly consented to. Legal basis: consent (Art. 6(1)(a) GDPR).

We do not collect sensitive personal data (health data, biometric data, political opinions, etc.).

4. Cookies and Tracking

Our website uses minimal cookies:

• Essential cookies: required for the website to function (session management, locale preference). These do not require consent.
• Analytics cookies: we may use privacy-respecting analytics (e.g., Vercel Analytics) that do not track individual users across sites. If we implement tracking that requires consent, we will ask for it first.

We do not use advertising cookies or sell your data to third parties. We do not use Facebook Pixel, Google Ads remarketing, or similar tracking technologies.

5. Data Retention

We retain personal data only as long as necessary for the purpose it was collected:

• Email subscribers: until you unsubscribe or request deletion.
• Contact form data: up to 12 months after the last interaction, unless an ongoing business relationship exists.
• Business partner data: for the duration of the business relationship, plus any legally required retention period.
• Analytics data: anonymized and aggregated; no personal data is retained.
• App usage data: retained for the duration of your account, deleted within 30 days of account deletion.

6. Your Rights (under GDPR)

As a data subject under GDPR, you have the following rights:

• Right of access (Art. 15): request a copy of the personal data we hold about you.
• Right to rectification (Art. 16): request correction of inaccurate data.
• Right to erasure (Art. 17): request deletion of your data ("right to be forgotten").
• Right to restriction (Art. 18): request that we limit how we process your data.
• Right to data portability (Art. 20): receive your data in a machine-readable format.
• Right to object (Art. 21): object to processing based on legitimate interest.
• Right to withdraw consent (Art. 7): withdraw consent at any time (e.g., unsubscribe from emails).

To exercise any of these rights, contact us at info@AITourPilot.com. We will respond within 30 days.

You also have the right to lodge a complaint with the Danish Data Protection Agency (Datatilsynet).

7. Data Transfers Outside the EU/EEA

Some of our service providers may process data outside the EU/EEA:

• Vercel Inc. (hosting): US-based, covered by the EU-US Data Privacy Framework.
• AI service providers: we use AI models for our tour guide functionality. Interactions are processed in real-time with minimal data retention. We ensure all providers meet GDPR requirements through Standard Contractual Clauses (SCCs) or adequacy decisions.

We do not transfer personal data to countries without adequate data protection safeguards unless appropriate legal mechanisms are in place.

8. Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include:

• HTTPS/TLS encryption for all data in transit.
• Encrypted storage for sensitive data at rest.
• Access controls limiting data access to authorized personnel only.
• Regular security reviews of our infrastructure and code.
• Secure hosting on Vercel with automatic SSL certificate management.

9. Third-Party Links

Our website may contain links to third-party websites (e.g., Google Calendar for demo bookings, YouTube for video content, LinkedIn, Instagram). We are not responsible for the privacy practices of these external sites. We encourage you to read their respective privacy policies before providing any personal data.

10. Children's Privacy

Our website and services are not directed at children under 13. We do not knowingly collect personal data from children under 13. If you become aware that a child has provided us with personal data, please contact us and we will delete it promptly.

11. Policy Updates

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. The updated policy will be posted on this page with a revised "Effective Date." We encourage you to review this page periodically. Material changes will be communicated via email to subscribers or through a prominent notice on our website.

12. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us: