Legal

Privacy Policy

How we collect, use and protect your personal and project data.

Last updated: May 29, 2026

1. Introduction

AI Design Network ("we", "us", "our") operates the platform available at aidesign.network (the "Service"), which provides AI-powered tools for telecom network High-Level Design, RFP management, and customer relationship workflows.

This Privacy Policy explains how we collect, use, store and disclose information when you use the Service. We are committed to processing personal data in accordance with applicable data protection laws, including the EU General Data Protection Regulation (GDPR).

2. Data We Collect

2.1 Account information

When you create an account, we collect: username, email address, role (Admin / Technician / Commercial), company affiliation, and a securely hashed password (we never store passwords in plain text).

2.2 Project and business data

While using the Service, you and your team may upload or generate:

  • Network topology and KML/GeoJSON files
  • HLD reports, RACI matrices, financial analyses
  • RFP records, customer information, account plans, pricing data
  • Conversations (RFP comments, notes)

All such content belongs to you and is processed solely on your behalf to provide the Service.

2.3 Technical data

We automatically log: IP address, browser type, operating system, pages visited, session duration, and request timestamps — for security, fraud prevention and service improvement.

2.4 Cookies and similar technologies

We use first-party session cookies strictly necessary to keep you signed in. We do not use third-party advertising cookies or cross-site tracking. Some preferences (e.g. selected KML cables, map settings) are stored in your browser's local storage.

3. How We Use Your Data

  • Provide the Service — authenticate you, store your projects, generate diagrams and reports.
  • Improve the Service — diagnose bugs, analyse usage patterns, optimise performance.
  • Security — detect unauthorised access, prevent abuse, enforce role-based access control.
  • Communication — respond to support requests, notify you of important Service changes.

We do not sell your personal data, your project data, or your customer data to third parties.

4. Legal Basis for Processing (GDPR)

Where GDPR applies, we rely on the following legal bases:

  • Performance of a contract — to provide the features you signed up for.
  • Legitimate interests — to secure the Service and improve our product.
  • Consent — where explicitly requested (e.g. optional analytics).
  • Legal obligation — to comply with applicable laws.

5. Third-Party Services

To deliver certain features, the Service shares strictly necessary data with the following providers:

  • Anthropic (Claude API) — when you generate HLD reports or account plans, the relevant network topology / business prompt is sent to Anthropic's API for AI inference. See Anthropic's privacy policy.
  • n8n workflow engine — used for asynchronous report orchestration. Hosted on a private VPS we operate.
  • Hosting provider — our servers are hosted in the European Union and physical access is controlled.

We do not use Google Analytics, Facebook Pixel, or similar tracking SDKs.

6. Data Storage and Security

Your data is stored on dedicated MySQL/MariaDB databases and the application server, both hosted in the EU. We apply industry-standard measures:

  • HTTPS/TLS for all data in transit
  • Password hashing via PHP password_hash() (bcrypt)
  • Role-based access control on every page and AJAX endpoint
  • Prepared SQL statements to prevent injection
  • Server-side session management with secure cookies

No system is 100% secure. In the event of a personal data breach affecting your rights, we will notify the relevant supervisory authority and affected users within 72 hours as required by GDPR.

7. Data Retention

We retain your account and project data for as long as your account is active. If you delete your account or request deletion, we will permanently erase your data within 30 days, except where retention is required by law (e.g. accounting records).

8. Your Rights

If you are located in the EU/EEA, you have the right to:

  • Access a copy of your personal data
  • Rectify inaccurate or incomplete data
  • Erase your data ("right to be forgotten")
  • Restrict or object to processing
  • Portability — receive your data in a machine-readable format
  • Lodge a complaint with your local data protection authority

To exercise any of these rights, contact us at privacy@aidesign.network. We respond within 30 days.

9. International Transfers

Our servers are located in the EU. When we share data with Anthropic (USA), we rely on Standard Contractual Clauses (SCC) as approved by the European Commission to ensure an adequate level of protection.

10. Children's Data

The Service is a B2B tool intended for telecom professionals and is not directed at children under 16. We do not knowingly collect personal data from children. If you believe a child has provided us with data, please contact us so we can delete it.

11. Changes to This Policy

We may update this Privacy Policy occasionally to reflect changes in our practices or legal requirements. The "Last updated" date at the top of this page indicates the most recent revision. Material changes will be communicated via email or a notice on the Service.

12. Contact

Data controller: AI Design Network
Email: privacy@aidesign.network
Postal: Please use the contact form to request a postal address.