Privacy policy

What we collect

When you create an account, we collect your email address and the name you provide. When you use the Platform, we collect usage data: agent activity, session metadata, tool invocations, and aggregate token consumption for billing and operations.

How we use it

We use your data to operate the Platform, process billing, monitor reliability, and communicate with you about your account. We do not sell your personal data. We do not use your agent conversations to train models.

Subprocessors

We use the following third-party services to operate the Platform:

• Stripe — billing and payment processing. Card details are handled by Stripe and never reach our servers.
• OpenRouter — LLM routing layer. Agent prompts and responses transit OpenRouter to the underlying model provider selected for your agent. Retention and processing are governed by the provider terms that apply to the selected model.
• Resend — transactional email delivery (verification, invitations, billing receipts).
• Hetzner — infrastructure hosting (Germany-based EU data centre).
• Plausible (self-hosted) — privacy-first usage analytics on the marketing site. No third-party tracking, no fingerprinting, no cross-site cookies.

LLM data

Agent conversations are sent to the model provider only as required to generate the response. We do not retain your conversation content for any purpose other than your own access (chat history, ideas, quests). Provider list above; we keep this current as we add or remove routing options.

On-chain data

Some ownership, wallet, and governance features may write data to a public chain. Any on-chain data is immutable and cannot be deleted. Do not put private information in on-chain fields.

Data retention

We retain your data for as long as your account is active. Upon account deletion, we remove your data within 30 days, except where required by law (e.g. invoice records), where data exists on-chain, or where data is needed to defend a claim.

Security

All traffic is TLS 1.2+; data at rest is on encrypted volumes. Each Company runs in its own isolated runtime with a dedicated database; no tenant can read another tenant's data. Access to operational systems is restricted to a minimum personnel set with audited credentials.

Cookies

We use a single first-party authentication cookie (your session JWT). Marketing-site analytics via self-hosted Plausible run only after you accept analytics cookies; rejection means no analytics script loads.

Your rights

Under GDPR (EU/UK/Switzerland), you have the right to access, correct, export, or delete your personal data, and to object to or restrict processing. Email 0x@aeiq.ai — we respond within 30 days.

Changes

We may update this policy. Material changes are announced via email and via a banner on the Platform; the "Last updated" date above always reflects the current version.