Privacy Policy

Overview

Aqta Technologies Ltd ("we", "us" or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and safeguard your information when you use our AI governance platform.

For customer account, billing and support data, we act as an independent data controller under GDPR. For AI traffic and metadata processed through the Aqta gateway, your organisation remains the data controller and we act as your data processor under a Data Processing Agreement (DPA).

Information We Collect

Account Information

• Email address
• Organisation name
• Billing information
• API usage metadata

Technical Data

• API request metadata (timestamps, model names, token counts)
• Loop detection events
• Cost tracking data
• System performance metrics

Network Intelligence and Data Sharing

To improve threat detection for all customers, we use network intelligence: patterns seen at one deployment can help protect others. Shared data is strictly limited to anonymised metadata and threat fingerprints (e.g. hashed pattern signatures). Your prompts, completions, and user data are never shared across customers or used to train models.

When we have published metrics (e.g. faster threat detection or fewer false positives), we will cite the source here.

What We Don't Store

• Full prompts or responses
• Training data for AI models
• Original API keys (only hashed values)

Full prompt and response content are not logged. If personally identifiable information (PII) or sensitive data is sent inadvertently, it is processed only as transient traffic for routing and loop detection and is not stored.

How We Use Your Information

• Provide and maintain the Aqta service
• Detect and prevent AI agent loops
• Track API usage and costs
• Process billing and payments
• Send service updates and security alerts
• Improve our platform

Data Storage and Security

All data is stored in EU-based infrastructure with encryption at rest and in transit. We implement industry-standard security measures including:

• TLS 1.3 encryption for all data in transit
• AES-256 encryption for data at rest
• Regular security audits and penetration testing
• Access controls and audit logging

Data Retention

• Starter: 30 days
• Pro: 90 days
• Healthcare: 7 years (for regulatory compliance)
• Enterprise: Custom retention periods

Account and billing data is retained for the duration of your subscription plus 7 years for tax and legal compliance.

Cookies

We do not use advertising or cross-site tracking cookies. Some pages may use privacy-friendly, cookieless analytics to understand high-level usage patterns. This analytics data is aggregated and does not track individual users across sites.

Third-Party Services

We use the following third-party services:

• Hosting: EU-based cloud infrastructure with GDPR data-processing commitments
• Analytics: Privacy-friendly, aggregated usage analytics
• Payment processing (Revolut Business): Limited billing information shared for subscription processing

Your Rights (GDPR)

Under GDPR, you have the right to:

• Access your personal data
• Rectify inaccurate data
• Request deletion of your data
• Object to processing
• Data portability
• Withdraw consent

To exercise these rights, contact us at privacy@aqta.ai

International Transfers

All data is processed and stored within the European Union. We do not transfer personal data outside the EU/EEA.

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by email or through the Aqta platform.

Contact Us

For privacy-related questions or to exercise your rights:

Email: privacy@aqta.ai

Data Protection Officer: dpo@aqta.ai