Privacy Policy

Overview

Aqta Technologies Ltd ("we", "us" or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and safeguard your information when you use our privacy-preserving AI platform.

For customer account, billing and support data, we act as an independent data controller under GDPR. For AI traffic and metadata processed through the Aqta gateway, your organisation remains the data controller and we act as your data processor under a Data Processing Agreement (DPA).

Information We Collect

Account Information

• Email address
• Organisation name
• Billing information
• API usage metadata

Technical Data

• API request metadata (timestamps, model names, token counts)
• Real-time request protection events
• Cost tracking data
• System performance metrics

Network Intelligence and Data Sharing

To improve threat detection for all customers, we use network intelligence: patterns seen at one deployment can help protect others. Shared data is strictly limited to anonymised metadata and threat fingerprints (e.g. hashed pattern signatures). Your prompts, completions, and user data are never shared across customers or used to train models.

When we have published metrics (e.g. faster threat detection or fewer false positives), we will cite the source here.

What We Don't Store

• Full prompts or responses
• Training data for AI models
• Original API keys (only hashed values)

Full prompt and response content are not logged. If personally identifiable information (PII) or sensitive data is sent inadvertently, it is processed only as transient traffic for routing and real-time request protection and is not stored.

How We Use Your Information

• Provide and maintain the Aqta service
• Protect against AI agent loops and runaway costs
• Track API usage and costs
• Process billing and payments
• Send service updates and security alerts
• Improve our platform

Data Storage and Security

All data is stored in EU-based infrastructure with encryption at rest and in transit. We implement industry-standard security measures including:

• TLS 1.3 encryption for all data in transit
• AES-256 encryption for data at rest
• Regular security audits and penetration testing
• Access controls and audit logging

Data Retention

• Starter: 30 days
• Pro: 90 days
• Enterprise: Custom retention periods

Account and billing data is retained for the duration of your subscription plus 7 years for tax and legal compliance.

Cookies & Tracking

We use two analytics tools: Plausible (cookieless, no personal data, no consent required) and Vercel Web Analytics (aggregated, anonymous). Vercel Analytics is only loaded after you accept via our cookie banner. No advertising cookies, no cross-site tracking, no session cookies. You can decline analytics at any time and the site works identically.

Third-Party Services

We use the following third-party services:

• Hosting: EU-based cloud infrastructure with GDPR data-processing commitments
• Analytics: Plausible and Vercel Web Analytics : cookieless, aggregated, no personal data collected
• Payment processing: Limited billing information shared with our payment processor for subscription processing

Your Rights (GDPR)

Under GDPR, you have the right to:

• Access your personal data
• Rectify inaccurate data
• Request deletion of your data
• Object to processing
• Data portability
• Withdraw consent

To exercise these rights, contact us at privacy@aqta.ai

International Transfers

All data is processed and stored within the European Union. We do not transfer personal data outside the EU/EEA.

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by email or through the Aqta platform.

Contact Us

For privacy-related questions or to exercise your rights:

Email: privacy@aqta.ai