Privacy Policy

Last updated: July 11, 2026

This policy explains what personal data Aethve ("we", "us") collects, why, and how it is handled when you use our IT asset management platform (the "Service").

1. Data we collect

  • Account data — name, email address, password hash, role, organization membership.
  • Customer data — the content your organization puts into the Service: assets, serial numbers, users, licenses, contracts, vendors, budgets, notes, and uploaded documents. Your organization is the controller of this data; we process it on your behalf.
  • Usage data — log and device information (IP address, browser, pages viewed, actions taken) used for security auditing and product improvement.
  • Billing data — subscription status and invoices. Card details are handled by Stripe and never touch our servers.

2. How we use data

  • to provide, secure, and maintain the Service (contract performance);
  • to process payments and manage subscriptions (contract performance);
  • to send transactional email — invites, notifications, digests (contract performance / legitimate interest);
  • to power AI features you invoke — relevant workspace data is sent to our AI subprocessor to answer your request (contract performance);
  • to monitor errors and abuse (legitimate interest);
  • to comply with legal obligations.

We do not sell personal data and do not use Customer Data for advertising.

3. Subprocessors

We rely on the following subprocessors to run the Service:

  • Supabase — database, authentication, file storage
  • Vercel — application hosting
  • Stripe — payment processing
  • Resend — transactional email delivery
  • Anthropic — AI model provider for AI features
  • Upstash — rate limiting infrastructure
  • Sentry — error monitoring

Each subprocessor is bound by a data processing agreement. We will update this list before adding subprocessors that process personal data.

4. International transfers

Where personal data is transferred outside the EEA/UK, we rely on adequacy decisions or Standard Contractual Clauses with our subprocessors.

5. Retention

  • Account and Customer Data: for the life of the account, plus a 30-day export window after termination.
  • Audit and security logs: up to 12 months.
  • Billing records: as required by tax and accounting law.

6. Your rights

Depending on your jurisdiction (including under GDPR), you may have the right to access, correct, export, delete, or restrict processing of your personal data, and to object to certain processing. Organization members should direct requests to their administrator where the organization is the controller; you can also contact us directly at privacy@aethve.com. You have the right to lodge a complaint with your supervisory authority.

7. Security

Data is encrypted in transit (TLS) and at rest. Access is scoped per organization with row-level security, protected by role-based access control, audit logging, and rate limiting. No method of transmission or storage is 100% secure; we will notify affected users of a personal data breach as required by law.

8. Cookies

We use strictly necessary cookies for authentication and session management. We do not use advertising or cross-site tracking cookies.

9. Changes

We may update this policy. Material changes will be announced by email or in-app notice at least 14 days before they take effect.

10. Contact

Privacy questions or requests: privacy@aethve.com.