Legal

Privacy Policy

Last updated: June 2025

1. What We Collect

We collect information you provide directly: your email address, name, organization name, and payment information (processed by Paddle — we never store card numbers). We also collect data generated by your use of the Service: agent records, token events, audit log entries, API call metadata, and session information.

We use standard server logs (IP addresses, request timestamps, user-agent strings) for security monitoring and abuse prevention. These are retained for 90 days.

2. How We Use It

  • To operate and improve the Service
  • To send transactional emails (billing, security alerts, trial reminders)
  • To enforce our Terms of Service and detect abuse
  • To comply with legal obligations

We do not sell your personal data. We do not use your data to train machine learning models.

3. Data Storage and Security

Your data is stored on servers in the European Union. We use encryption at rest (AES-256) and in transit (TLS 1.3+). Access to production data is restricted to authorised personnel and logged. We maintain a tamper-evident audit trail of all access.

4. Third-Party Services

We use Paddle for payment processing (subject to Paddle's privacy policy), Sentry for error tracking (anonymised), and Cloudflare for DDoS protection and CDN. We do not use third-party analytics tools that track individual users across sites.

5. Your Rights

If you're in the EEA, UK, or California, you have the right to access, correct, delete, or export your personal data. You can export your agent and audit data via the API at any time. To request deletion, email privacy@authrai.tech — we'll process it within 30 days.

6. Data Retention

We retain your account data while your account is active and for 30 days after deletion. Audit logs are retained for the period specified by your plan (7 days for Trial, up to 5 years for Enterprise). Payment records are retained for 7 years for tax/legal compliance.

7. Cookies

The marketing site uses no tracking cookies. The application (app.authrai.tech) uses a session cookie strictly necessary for authentication — no advertising or analytics cookies.

8. Contact

Privacy questions: privacy@authrai.tech