PRIVACY POLICY

Last Updated: February 28, 2026

This Privacy Policy explains how AStack collects, uses, and protects your information when you use our real-time conversational AI platform and related services. Your privacy is important to us.

INFORMATION WE COLLECT

Account Information

When you create an account, we collect:

  • Email address and password
  • Company name and billing information
  • Contact preferences and profile settings
  • API key usage and permissions

Usage Data

We automatically collect information about how you use our services:

  • API requests, response times, and error logs
  • Session metadata (duration, connection type, timestamps)
  • IP addresses, browser type, and device information
  • Usage patterns and feature adoption metrics

Voice, Video, and Text Data

Important: This is how we handle your session data.
  • Voice, video, and text input is processed in real-time by AI models for speech recognition, language generation, text-to-speech, and facial animation
  • Session content is NOT permanently stored on our servers by default
  • Temporary processing data is automatically deleted after session completion
  • You can optionally enable session recording with explicit consent
  • All processing occurs on dedicated GPU containers with encrypted infrastructure
  • We do not use your session content to train or fine-tune AI models without your explicit consent

HOW WE USE YOUR INFORMATION

Service Provision

  • Process video/audio data to provide AI responses
  • Maintain and improve our AI models and infrastructure
  • Monitor system performance and prevent abuse
  • Provide customer support and technical assistance

Business Operations

  • Process payments and manage billing
  • Send important service announcements and updates
  • Analyze usage patterns to improve our services
  • Comply with legal obligations and enforce our terms

Marketing (Optional)

  • Send product updates and feature announcements (with consent)
  • Provide educational content and best practices
  • Invite you to participate in surveys or beta programs
  • You can opt out of marketing communications at any time

AI PROCESSING AND MODEL USAGE

How AI Processes Your Data

  • Your voice input is processed by speech recognition (ASR) models to generate text transcripts
  • Text is processed by large language models (LLM) to generate conversational responses
  • Responses are converted to speech by text-to-speech (TTS) models and synchronized with facial animation
  • All AI processing occurs within your dedicated session container and data is not shared across sessions

Model Training and Your Data

  • Your session content (voice, text, video) is not used to train or improve AI models without your explicit opt-in consent
  • Anonymized, aggregated performance metrics (latency, error rates) may be used to improve service reliability
  • Session telemetry (timing data, session duration) is collected via Supabase for service monitoring and billing

INFORMATION SHARING

We DO NOT Sell Your Data

We never sell, rent, or trade your personal information to third parties for commercial purposes.

Limited Sharing

We may share information only in these specific circumstances:

  • Service Providers: Cloud infrastructure, payment processing, and analytics partners under strict data protection agreements
  • Legal Requirements: When required by law, court order, or government request
  • Safety and Security: To prevent fraud, abuse, or protect our users and services
  • Business Transfers: In the event of a merger or acquisition (with notice to users)

DATA SECURITY

Security Measures

  • End-to-end encryption for all data transmission
  • AES-256 encryption for data at rest
  • Multi-factor authentication and access controls
  • Regular security audits and penetration testing
  • SOC 2 Type II compliance
  • 24/7 security monitoring and incident response

Infrastructure

  • Hosted on secure cloud infrastructure (AWS/GCP)
  • Geographically distributed with redundancy
  • Network isolation and firewall protection
  • Regular backups with encrypted storage
  • GDPR and CCPA compliant data centers

DATA RETENTION

Retention Periods

Video/Audio Processing DataImmediate deletion
Session Metadata90 days
Account InformationUntil account deletion
Billing Records7 years (legal requirement)
Security Logs1 year

Data Deletion

  • You can request account deletion at any time
  • We will delete your data within 30 days of account closure
  • Some data may be retained for legal compliance (anonymized where possible)
  • Backups are automatically purged according to our retention schedule

YOUR PRIVACY RIGHTS

GDPR Rights (EU Users)

  • Access: Request a copy of your personal data
  • Rectification: Correct inaccurate personal data
  • Erasure: Request deletion of your personal data
  • Portability: Receive your data in a machine-readable format
  • Objection: Object to processing based on legitimate interests
  • Restriction: Limit how we process your data

CCPA Rights (California Users)

  • Know: What personal information we collect and how it's used
  • Delete: Request deletion of your personal information
  • Opt-out: Opt out of the sale of personal information (we don't sell data)
  • Non-discrimination: Equal service regardless of privacy choices

Exercising Your Rights

To exercise any of these rights, please contact us at:

Response Time:We will respond within 30 days of your request

COOKIES AND TRACKING

Types of Cookies

Essential Cookies

Required for authentication, security, and basic functionality. Cannot be disabled.

Analytics Cookies

Help us understand how you use our service to improve performance. Can be disabled in settings.

Preference Cookies

Remember your settings and preferences for a better experience.

Third-Party Services

  • Supabase for database, authentication, and session telemetry
  • PayPal for payment processing
  • AWS for cloud infrastructure and container registry
  • Modal for serverless GPU compute

You can opt out of analytics tracking in your account settings.

INTERNATIONAL DATA TRANSFERS

AStack is based in the United States, and our services are hosted globally. If you're located outside the US, your information may be transferred to and processed in the US and other countries.

  • We ensure adequate protection through EU-US Data Privacy Framework compliance
  • Standard Contractual Clauses (SCCs) are used for EU data transfers
  • All transfers maintain the same level of protection as required by your local laws

AGE REQUIREMENTS & DATA PRACTICES

Our services are not intended for anyone under 18 years of age. We do not knowingly collect personal information from individuals under 18.

AStack is a B2B platform. We do not collect personal data from end consumers interacting with our customers' applications, except for anonymous metadata required for service operation. Only information from our business customers is retained, strictly for financial and compliance purposes.

  • If you believe we have collected information from anyone under 18, please contact us immediately
  • We will promptly delete any information we discover was collected from individuals under 18
  • End consumer interactions are not stored — only anonymous metadata (e.g., session duration, usage counts) is recorded
  • Business customer data is retained solely for billing, invoicing, and regulatory compliance

CHANGES TO THIS POLICY

We may update this Privacy Policy from time to time. When we do:

  • We will notify you via email and through our platform
  • The "Last Updated" date at the top will be revised
  • Changes will take effect 30 days after notification
  • Material changes will require your explicit consent
  • Continued use constitutes acceptance of minor updates

CONTACT US

If you have questions about this Privacy Policy or our privacy practices:

Privacy Officer:privacy@aether-stack.com
General Support:Visit Support Center
VIEW TERMS OF SERVICECONTACT SUPPORT