Privacy Policy

1. Information we collect

Personal information

• Email address (for account creation and communication)
• Name (if provided during registration)
• Payment information (processed securely by third-party providers)
• Organisation details (if applicable)

Usage information

• AI request metadata (timestamps, models used, costs)
• System performance metrics
• Feature usage analytics
• Error logs and debugging information

2. How we use your information

We use the collected information to:

• Provide and maintain our services
• Process payments and manage subscriptions
• Monitor and analyse AI request patterns
• Detect and prevent security threats
• Improve our platform and develop new features
• Communicate with you about service updates
• Provide customer support

3. Data security

We implement industry-standard security measures to protect your information:

• Encryption in transit and at rest
• Regular security audits and penetration testing
• Access controls and authentication
• Secure data centres with physical security
• Employee training on data protection

4. AI request data

Your AI conversations and prompts remain private between you and the AI providers (OpenAI, Anthropic, etc.). Aqta acts as a secure gateway without inspecting message content.

5. Network Intelligence (opt-in pattern sharing)

What is shared when you contribute:

• Anonymised pattern hashes (no prompts, no responses, no PII)
• Threat type and severity metadata
• Aggregate counts (e.g. "patterns shared this week")

What is not shared: your organisation name, your request content, user identifiers, or any data that could identify you or your users. This helps the network protect all customers (e.g. "customers protected") while preserving your privacy.

6. Data sharing and disclosure

We do not sell, trade or rent your personal information. We may share information only in these limited circumstances:

• With your explicit consent
• To comply with legal obligations
• To protect our rights and prevent fraud
• With trusted service providers (under strict confidentiality agreements)
• In connection with a business transfer or merger

7. Data retention

We retain your information for as long as necessary to provide our services:

• Account information: until account deletion
• Usage metadata: 24 months for analytics
• Billing records: 7 years for tax compliance
• Security logs: 12 months for incident response

8. Your rights (GDPR)

If you are in the European Union, you have the right to:

• Access your personal data
• Correct inaccurate information
• Delete your data ("right to be forgotten")
• Restrict processing of your data
• Data portability
• Object to processing
• Withdraw consent at any time

9. Cookies and tracking

We use essential cookies only for:

• Authentication and session management
• Security and fraud prevention

We do not use cookies for advertising, marketing or third-party analytics.

10. International transfers

Your data may be processed in countries outside your residence. We ensure adequate protection through standard contractual clauses and other appropriate safeguards as required by applicable law.

11. Changes to this policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by email or through the service. The updated policy will be effective when posted.

12. Contact us

If you have any questions about this Privacy Policy or our data practices, please contact us: