Privacy Policy

Avonair is an AI agency that digitalises and centralises businesses. This privacy policy explains which personal data we process when you visit our website, contact us, or use Avonair Cockpit and our other services. We comply with the General Data Protection Regulation (GDPR).

Who Avonair is

Avonair is established in the Netherlands: Cruquiuskade 251, 1018AM Amsterdam, Chamber of Commerce 91401283, VAT NL004889881B44, email info@avonair.ai, phone +31 6 15562782.

Two different situations

It is important to keep two situations apart.

1. You as a visitor or prospective client. You visit our website or get in touch. For that data, Avonair is the data controller itself.
2. Client data within an Avonair service. When we set up a Cockpit or a project for a client, Avonair processes personal data on behalf of that client. The client is then the data controller and Avonair is the processor. That processing is governed by the Avonair Cooperation Agreement and the accompanying quote, together with the Cockpit-specific sections further down in this document.

Which personal data we process as a visitor

As a visitor or prospective client we process only what is needed:

• Contact details you provide yourself (name, company name, email address, phone number).
• The content of your message.
• Limited technical data from your website visit, such as an anonymised IP value and general visit statistics.

Avonair Cockpit — what it is

Avonair Cockpit is a custom business dashboard that brings a company's separate tools and data together on one screen. A dedicated Cockpit is built per client with the modules required — including an overview module, a social analytics module, a finance module, a clients-and-projects module, a team-and-agenda module and an AI assistant. The sections below describe what Avonair Cockpit does with the data within those modules.

Account data within a Cockpit

• Your email address and encrypted password.
• Your role within your own Cockpit environment (admin or team member).
• Login and activity timestamps (only for security and audit purposes).

Module data per connected source

A Cockpit consists of modules. Which modules are active in your Cockpit is set per client in the Avonair Cooperation Agreement and the quote. Per module:

• You connect the source yourself via OAuth or a comparable secure method at the provider itself. Avonair Cockpit never receives the password of a connected service.
• Avonair Cockpit only receives what the chosen module needs to populate its tiles, graphs and AI-assistant answers.
• You retain the right to revoke the connection at any time.

OAuth scopes for the social module

The social module is universally available and has pre-approved OAuth integrations with YouTube (Google), Instagram (Meta) and TikTok. Per platform we request the following permissions, and only these.

• YouTube via Google OAuth — youtube.readonly. Channel name, channel ID, subscribers, total views, video count, list of public videos with title, thumbnail and publish date. Used for KPI tiles and the top-video list.
• YouTube via Google OAuth — yt-analytics.readonly. Views per day, watch time per day, watch time per video, high-level demographics. Used for trend graphs and period comparisons.
• Instagram via Meta OAuth — instagram_business_basic. Account ID, username, profile picture, follower count, total media count. Used for account identification and KPI tiles.
• Instagram via Meta OAuth — instagram_business_manage_insights. Reach, impressions and profile visits at account level; views, likes, comments, saves and shares per post or reel. Used for trend graphs and the top-content list.
• TikTok via TikTok Display API — user.info.basic. Open ID, display name, avatar. Used for account identification.
• TikTok via TikTok Display API — user.info.stats. Follower count, following count, total likes, video count. Used for KPI tiles.
• TikTok via TikTok Display API — video.list. User's public videos with title, thumbnail, views, likes, comments and shares. Used for the top-video list.

Other integrations — Gmail, Drive, CRM and more

Avonair Cockpit centralises. One screen for all the tools your business uses. Alongside the social module, integrations can be activated on your request with, for example, Gmail or comparable business email, storage services like Drive or OneDrive, calendar tools, accounting or invoicing software, CRM systems, and other business sources you want to see centralised. For each integration we record in your Cooperation Agreement which data is fetched, for what purpose, and which pre-approved scopes at the relevant provider are used.

What we do not do

General for your Cockpit:

• We never receive your passwords.
• We do not sell data and we do not use your data for advertising.
• We do not use your data to train AI models.
• We do not share your data with third parties beyond the necessary sub-processors.

Specifically for the social module:

• We do not read private messages (DMs).
• We do not fetch contact lists or friend lists beyond what the platform returns at aggregate level (such as general demographics).

Security of your Cockpit

• Data in the EU. Stored in a data centre within the European Union.
• Encrypted at rest. Database rows at disk level, OAuth tokens additionally at application level.
• Encrypted in transit. HTTPS with modern TLS.
• Row-level security. Users only see data from their own Cockpit environment.
• Limited access. Avonair employees only where operationally needed, with audit logging.
• No data export outside the EU.

Retention for your Cockpit data

• Account data (email, role): while the account is active, plus 30 days after a deletion request.
• Connection tokens (OAuth tokens): until you revoke, then deleted immediately.
• Module data: until you revoke, then deleted or anonymised within 30 days.
• Audit logs: 12 months, then deleted.

Sub-processors for Avonair Cockpit

To run a Cockpit environment we work with the following sub-processors. Additional sub-processors can be activated per client for specific modules.

• Vercel Inc. — hosting (EU region).
• Supabase Inc. — database, authentication, token storage (EU Frankfurt).
• Google LLC — YouTube data via OAuth (only when you connect your channel).
• Meta Platforms Inc. — Instagram via OAuth (only when you connect your account).
• TikTok Pte. Ltd. (Europe) — TikTok via OAuth (only when you connect your account).

Your rights

Under the GDPR you have the right to access, rectification, erasure, restriction, data portability, objection and withdrawal of consent. To exercise a right, email info@avonair.ai. You can also lodge a complaint with the Dutch Data Protection Authority.

Data security at a high level

• Your data stays in the EU.
• A separate environment per client. No data pooled together.
• AI providers do not train on your data. Secured contractually via the chosen EU route.
• The AI reads, the team decides. No automatic actions on your connected systems.
• Access is limited. Audit logging on internal access.
• Clear arrangements on paper. On termination you receive a package with what we delivered for you, in line with section 8 of the terms of service.
• If something does go wrong. Fixed procedure in line with the Cooperation Agreement.

Cookies

On our website and in Avonair Cockpit we use functional cookies only. No advertising or tracking cookies.

Changes

We may adjust this privacy policy from time to time. The current version is always available at avonair.ai/en/privacy and at this URL — that online version is the governing version.

Contact

Email: info@avonair.ai
Phone: +31 6 15562782