Aetheris LeadAIby Aetheris Innovations

Privacy Policy

Last updated: April 24, 2026

This policy explains what Aetheris Innovations (“Aetheris”, “we”) collects, why we collect it, and who we share it with. It applies to the Aetheris LeadAI operator platform and the Aetheris Professional Website service.

1. What we collect

Account information. Name, email, hashed password, brand name, and — for paid subscribers — a Stripe customer ID.

Lead data. When you search for leads in Aetheris LeadAI, we receive publicly-listed business information from Google Places (name, address, phone, website, hours, reviews) and store it so the dashboard stays responsive without hitting Google every page load.

Brief and asset data. When you or your customer fills out a site brief, we store the answers, uploaded images, and any metadata the brief editor captures (design variant, lock-in status, timestamps).

Customer inbox messages. If a visitor uses the AI Sales Assistant or contact form on a Professional Website, we store the message and any structured fields (name, email, phone) so the owner can triage it.

Billing data. Stripe handles payments. We store only the last 4 digits of the card, the brand (e.g. Visa), and the Stripe identifiers needed to reconcile invoices and subscriptions. We never see or store full card numbers.

Technical data. Standard server logs (IP, user agent, request path, response code, timestamp) kept for up to 30 days for debugging and abuse detection.

Cookies. We use first-party cookies to keep you signed in and remember your preferences. We do not use advertising or cross-site tracking cookies.

2. Why we collect it

  • To operate the platform (authenticate you, run searches, deliver websites, send email).
  • To bill subscriptions and produce tax records.
  • To detect and prevent abuse (rate limiting, fraud checks, Stripe Radar signals).
  • To improve the product (aggregate metrics, error rates — never readable content in analytics).
  • To communicate with you about your account, invoices, and material changes.

3. Who we share it with

We share only what is necessary to run the service, with the following sub-processors:

  • Stripe, Inc. — payment processing, subscription management, tax calculation.
  • An AI inference provider — for AI scoring, brief analysis, and AI sales assistant responses. Prompts and outputs are processed under the provider's zero-retention commercial terms where enabled. The specific vendor may change over time; the up-to-date name is available on request.
  • Google LLC — Google Places / Maps data, used only to render and cache lead information you explicitly search for.
  • Resend.com, Inc. — transactional email delivery (invoice emails, review-request emails, password reset).
  • Vercel Inc. — frontend hosting and Vercel Blob for uploaded images.
  • Railway Corp. — backend hosting and the managed Postgres database.
  • Cloudflare, Inc. — DNS and DDoS protection for our domains.

We do not sell or rent personal information. We do not share data with advertisers.

4. How long we keep it

  • Account and brief data: while your account is active, plus 90 days after closure for support and reversal.
  • Billing records: 7 years (required for tax recordkeeping in the US).
  • Server logs: 30 days.
  • Uploaded assets: deleted within 30 days of subscription cancellation, unless you export them sooner.

5. Your rights

Regardless of where you live, you can email frezer@aetherisinnovations.com to:

  • Get a copy of the personal data we hold about you.
  • Correct inaccurate data.
  • Delete your account and associated data (subject to the billing retention period above).
  • Object to or restrict certain uses.
  • Export your data in a portable format (JSON or CSV).

We will respond within 30 days. If you are in the EU, UK, or California, you have additional rights under GDPR, UK GDPR, and the CCPA respectively; the same email address handles those requests.

6. Security

Data is encrypted in transit (TLS) and at rest (disk-level encryption on Railway and Vercel). Passwords are hashed with bcrypt. Access to production infrastructure is restricted to the Aetheris founder and logged. We do not store payment card details — Stripe does.

7. Children

The services are not intended for anyone under 16. We do not knowingly collect personal information from children. If you believe a child has given us their information, email us and we will delete it.

8. International transfers

Aetheris operates from the United States. If you access the service from outside the US, your data will be transferred to, and processed in, the US. Our sub-processors (Stripe, our AI inference provider, Vercel, Railway, Cloudflare, Resend) operate globally and may process your data in other jurisdictions where they maintain infrastructure.

9. Changes to this policy

We may update this policy. Material changes will be announced by email to the address on your account at least 14 days before they take effect.

10. Contact

Privacy questions or requests: email frezer@aetherisinnovations.com. Data controller: Aetheris Innovations, Harrisburg, Pennsylvania, USA.