AI WorksAI Works

Privacy Policy

Last updated: 12 May 2026 (v2)

AI Works (also known as "Aiwa", the "Service") is operated by AI Works AS (org. no. 930998907), a Norwegian limited company with its registered office at Brusdalsvegen 465, 6260 Skodje, Norway ("we", "us", "our"). This policy explains what personal data we collect when you use AI Works, how we use it, who we share it with, and the rights you have over it. If anything below is unclear, write to stian@databank.no.

1. Who this applies to

This policy applies to people who create an AI Works account at aiworks.no and use the Service to run their own personal AI assistant. AI Works is a single-tenant tool: each account operates its own isolated agent and connects to its own external accounts (email, calendar, cloud storage, etc.). We do not sell access to third parties or aggregate user data across accounts.

2. Data we collect

We collect and process the following categories of data:

  • Account data — name, email address, password hash, company information you provide, and basic profile settings.
  • Integration credentials — OAuth access tokens, refresh tokens, IMAP/SMTP passwords, API keys, and SSH keys that you choose to connect to AI Works. These are stored encrypted at rest and used only to act on your behalf inside the Service.
  • Content you and your agent generate — chat transcripts, notes, project files, scheduled task definitions, memory entries, brain-dump entries, and attachments you upload.
  • Third-party content you authorise us to read — for example, the content of emails when you authorise an email integration, or files in connected cloud storage. This data is fetched on demand to fulfil the actions you ask the agent to perform.
  • Operational logs — request timestamps, IP addresses, error reports, and performance metrics used to keep the Service running.

3. Google user data — specific disclosures

When you connect a Gmail account, you grant AI Works access to your Gmail mailbox via the scope https://mail.google.com/ (full IMAP and SMTP access via OAuth 2.0 / XOAUTH2). We use this access strictly to:

  • read, search, send, and manage email inside your own mailbox, when you ask the agent to do so;
  • monitor specific inboxes or labels if you have explicitly opted in to that on the integration's settings page.

We do not:

  • transfer Google user data to third parties except as needed to provide the Service (see Section 5) or as required by law;
  • use Google user data to train, fine-tune, or otherwise develop generalised AI/ML models;
  • use Google user data for advertising of any kind;
  • allow humans to read your email except where (a) you have given explicit consent, (b) it is necessary for security or to comply with applicable law, or (c) it is aggregated and de-identified for internal operations.

AI Works' use of information received from Google APIs adheres to the Google API Services User Data Policy , including the Limited Use requirements.

4. How we use your data

  • To operate the Service — run your agent, execute tools, store conversations and memories, and surface results back to you.
  • To send the system notifications you opt into (e.g. summaries, reminders, monitor alerts).
  • To diagnose and fix bugs, monitor uptime, and improve reliability.
  • To prevent abuse and enforce the Terms of Service.
  • To comply with legal obligations.

5. Sub-processors

AI Works uses carefully selected third-party service providers to operate the Service. Each operates under its own privacy policy and security terms. Categories include:

  • AI / LLM providers — used to power the agent's reasoning, language generation, embeddings, transcription, and image processing.
  • Cloud infrastructure providers — used to host the Service and store data.
  • Operational services — used for error monitoring, deliverability, analytics, and similar back-office functions.
  • Services you choose to connect — such as Google (Gmail / Calendar), or any other third-party account you authorise an integration for. Requests to those services are made on your behalf using the credentials you grant.

On request we will provide a current list of the specific sub-processors we use. We do not sell personal data to anyone, ever.

6. Where data is stored

Account data, content, and credentials are stored on servers located within the European Union, and backups remain in the EU. Outbound API calls to AI / LLM providers may be routed to data centres outside the EU; where the provider offers zero-retention or limited-retention modes we use them.

7. How long we keep data

  • Active account data is kept for as long as your account exists.
  • Chat transcripts and agent memory are kept until you delete them or close your account.
  • Integration credentials are kept until you disconnect the integration or close your account. On disconnect they are deleted within 24 hours.
  • Operational logs are kept for up to 90 days.
  • Backups are kept on a 30-day rolling window.

8. Your rights

You have the following rights under the EU General Data Protection Regulation (GDPR) and the Norwegian Personal Data Act:

  • Access — get a copy of the personal data we hold about you.
  • Rectification — correct inaccurate data.
  • Erasure — ask us to delete your data ("right to be forgotten").
  • Restriction — limit how we use your data.
  • Portability — receive your data in a machine-readable format.
  • Objection — object to processing where it is based on legitimate interests.
  • Withdraw consent — for any processing that depends on consent.
  • Complain to the Norwegian Data Protection Authority (Datatilsynet) at datatilsynet.no.

To exercise any of these rights, email stian@databank.no. We aim to respond within 30 days.

9. Disconnecting and revoking access

You can disconnect any integration at any time from Settings → Integrations. You can additionally revoke Google's grant directly at myaccount.google.com/permissions.

10. Security

We use industry-standard practices: TLS in transit, encryption at rest for credentials, isolated per-user agent runtimes, and the principle of least privilege for internal access. No system is perfect — if you suspect a security issue, please email stian@databank.no and we will respond promptly.

11. Children

AI Works is not directed to children under 16 and we do not knowingly collect data from them.

12. Changes to this policy

If we make material changes to this policy we will notify you via email and post the new version here with an updated "Last updated" date. Continuing to use the Service after the change means you accept the new policy.

13. Contact

AI Works AS
Org. no. 930998907
Brusdalsvegen 465, 6260 Skodje, Norway
stian@databank.no