Privacy Policy

1. Introduction

The Aelira platform and website are operated by Aelira AI Pty Ltd (an Australian proprietary company), referred to in this Policy as “Aelira,” “we,” “us,” or “our.”

At Aelira, we take your privacy seriously. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service.

We are committed to protecting your personal data and your right to privacy. If you have any questions or concerns about our policy or our practices, please contact us at [email protected].

2. Information We Collect

2.1 Information You Provide

• Email Address: When you join our waitlist or create an account
• Account Information: Username, password, and profile information
• Payment Information: Processed securely through third-party payment processors (we do not store credit card details)
• Communication Data: Your interactions with our support team

2.2 Scan Data and Uploaded Documents

When you submit a website URL or upload a document (PDF, Word, PowerPoint, Excel, LaTeX, or other supported formats) to Aelira for accessibility scanning or remediation, we collect and process the following data:

• URLs and Uploaded Documents: The web addresses and files you submit for accessibility scanning and remediation
• Scan Results: Accessibility issues detected, WCAG 2.1 AA compliance scores, and the page or document elements analysed
• Remediated Output Files: Where remediation is performed, the resulting accessible version of your document
• HTML/CSS Data (web scans): Temporarily processed during web scans to detect accessibility issues; not stored permanently
• Stored Documents: Files you upload are stored on our servers — protected by access controls, OS-level isolation, and security monitoring — for the period set out in Section 7 (Data Retention) so we can scan them, remediate them, and let you re-download the result. They are not used to train AI models, sold or shared with third parties for marketing, or used for any purpose other than providing the Service to you.
• Scan History: Date/time of scans, compliance scores over time, issue tracking
• User-controlled: You can view, export, or delete your scan results, uploaded files, and remediated outputs at any time from your dashboard
• Encrypted in transit: All scan data is transmitted over HTTPS/TLS

2.3 Automatically Collected Information

• Usage Data: How you interact with Aelira (features used, frequency, session duration)
• Device Information: Browser type, operating system, device identifiers
• Log Data: IP address, timestamps, error logs for debugging
• Cookies: Small data files to maintain sessions and preferences

2.4 Device Recognition for Demo Rate Limiting

For our free demo feature, we use privacy-preserving device recognition to limit scans to 3 per device. This helps us prevent abuse while allowing legitimate users to try our service.

• Browser Identifier: A randomly generated identifier stored in your browser's local storage
• Hashed Browser Characteristics: We collect and hash (one-way encrypt) browser rendering characteristics. We never store or transmit the raw data—only a cryptographic hash
• Purpose: Used solely for rate limiting demo scans. Not used for tracking, advertising, or any other purpose
• No Cross-Site Tracking: This identifier is unique to Aelira and cannot be used to track you across other websites

Legal Basis (GDPR): Legitimate interest in preventing abuse of our free service. You can clear this data by clearing your browser's local storage.

3. How We Use Your Information

We use your information to:

• Provide, operate, and maintain the Aelira service
• Improve and personalize your experience
• Process transactions and manage subscriptions
• Send you updates, newsletters, and marketing communications (with your consent)
• Respond to support requests and customer inquiries
• Monitor and analyze usage patterns to improve our service
• Detect, prevent, and address technical issues or security vulnerabilities
• Comply with legal obligations

4. Data Sharing and Disclosure

We do not sell, trade, or rent your personal information to third parties. We may share your information only in the following circumstances:

4.1 Service Providers

We may share data with trusted third-party service providers who assist us in operating our service:

• Cloud infrastructure providers (database hosting, storage)
• Payment processors (Stripe, PayPal)
• Email service providers (for transactional and marketing emails)
• Analytics providers (aggregated, anonymized data only)

4.2 Legal Requirements

We may disclose your information if required by law, court order, or governmental authority, or to protect our rights, property, or safety.

4.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity.

5. Data Security

We implement enterprise-grade security measures to protect your data:

• Secure transmission: HTTPS/TLS encryption for all data in transit
• Encrypted storage: All scan results and user data stored with encryption
• Access controls: Strict internal access policies with audit logging
• Per-user isolation: Your scan data is stored separately and never mixed with other users
• Regular security monitoring: Continuous monitoring and vulnerability assessments
• Secure infrastructure: Hosted on enterprise-grade cloud providers with SOC 2 certification
• Data minimisation: For web scans we keep only the scan results, not the full HTML/CSS. For uploaded documents we keep the file for the retention window in Section 7 — long enough for you to scan, remediate, and re-download the output — and delete it automatically when that window ends.

We follow industry-standard security practices for SaaS applications. While we implement industry-leading security measures, no method of transmission over the internet is 100% secure.

6. Your Privacy Rights

Depending on your location, you have the following rights:

• Access: Request a copy of the personal data we hold about you
• Correction: Update or correct inaccurate information
• Deletion: Request deletion of your account and associated data
• Data Portability: Export your data in a machine-readable format
• Objection: Object to processing of your personal data for certain purposes
• Withdraw Consent: Opt out of marketing communications at any time

To exercise these rights, contact us at [email protected]. We will respond within 30 days.

7. Data Retention

We retain your data for as long as your account is active or as needed to provide our service. Specific retention periods:

• Scan results and issue history: Retained for the duration of your subscription or until you delete them
• Original uploaded documents — free tier: Automatically deleted 30 days after upload
• Original uploaded documents — paid tiers: Automatically deleted 90 days after upload
• Remediated output documents: Retained until you delete them, your account is closed, or your subscription is cancelled
• Account information: Retained for 30 days after account deletion (for recovery purposes)
• Transaction records: Retained for 7 years (legal/tax requirements)
• Log data: Retained for 90 days

Right to erasure. You can delete any uploaded document, remediated output, or scan result at any time from your dashboard, or by emailing [email protected]. On-demand deletions are permanent and complete within 24 hours. Automatic deletions run daily.

8. International Data Transfers

Your data may be transferred to and processed in countries other than your country of residence. We ensure appropriate safeguards are in place, including standard contractual clauses approved by the European Commission.

9. Children's Privacy

Aelira is not intended for users under 13 years of age (or 16 in the EU). We do not knowingly collect personal information from children. If we become aware that a child has provided us with personal data, we will delete it immediately.

10. Third-Party Services

Aelira uses the following services to provide our accessibility compliance platform:

• Axe-core: Open-source accessibility testing engine (runs in our infrastructure; no data shared with third parties)
• Google Gemini API (paid tier): Used for selected AI tasks such as image alt-text generation, where excerpts of your uploaded content (for example, an image, or a snippet of document text) are sent to Google for processing. We use Gemini on the paid tier; under Google's Generative AI APIs Additional Terms, Google does not use paid-tier content to train its models or for advertising. See Google's API Terms.
• Ollama (self-hosted): Local AI models running on our own infrastructure for accessibility tasks. Content processed by Ollama never leaves our servers.
• Payment processors: Stripe for secure payment processing (subject to their privacy policy)
• Cloud hosting: Vultr Cloud Compute. Our primary infrastructure is hosted in Sydney, Australia.
• Email services: Self-hosted Mailcow / Postfix on our infrastructure for transactional emails (account confirmations, magic-link sign-in, scan notifications). Outbound delivery is relayed via MXroute.
• Analytics: Umami (self-hosted at analytics.aelira.ai) — privacy-focused, no third-party data sharing

We do not sell or share your website URLs, uploaded documents, scan results, or any personal data with third parties for marketing or advertising purposes.

11. Cookies and Tracking

We use cookies and similar tracking technologies to:

• Essential cookies: Required for authentication and security
• Functional cookies: Remember your preferences (theme, language, region)
• Analytics: Understand how you use our service (see details below)

11.1 Umami Analytics

We use Umami, a privacy-focused, self-hosted analytics platform. Umami is specifically designed to respect user privacy:

• Self-hosted: All analytics data is stored on our own servers at analytics.aelira.ai—not shared with third parties
• No cookies: Umami itself does not use cookies or collect personal identifiers
• Consent-based: Analytics only load after you consent via our cookie banner
• Anonymised data: No IP addresses or personal information are stored
• GDPR compliant: Designed to comply with GDPR, CCPA, and other privacy regulations

11.2 Data Collected by Analytics

When you consent to analytics, we collect:

• Page views: Which pages you visit on our site
• Referrer: How you arrived at our site (e.g., search engine, direct link)
• Device information: Browser type, operating system, screen size (anonymised)
• Country/Region: General geographic location (not precise location)
• Session duration: How long you spend on the site
• Custom events: Feature usage (e.g., "demo started", "signup clicked")

11.3 Cookie Consent

When you first visit our site, we display a cookie consent banner. You can accept all cookies, reject optional cookies, or customise your preferences. You can change your preferences at any time by clicking "Manage Preferences" in the cookie banner or contacting us. Disabling analytics cookies will not affect site functionality.

12. Updates to This Policy

We may update this Privacy Policy periodically. We will notify you of significant changes via email or through the service. The "Last updated" date at the top indicates when the policy was last revised.

13. Contact Us

If you have questions about this Privacy Policy or our data practices, contact us:

• Email: [email protected]
• Website: https://aelira.ai

14. GDPR Compliance (EU Users)

If you are located in the European Economic Area (EEA), you have additional rights under the General Data Protection Regulation (GDPR):

• Right to be informed about data processing
• Right to restrict processing
• Right to lodge a complaint with a supervisory authority

Our legal basis for processing your data is your consent, contractual necessity, and legitimate interests.

15. CCPA Compliance (California Users)

If you are a California resident, you have rights under the California Consumer Privacy Act (CCPA):

• Right to know what personal information is collected
• Right to know if personal information is sold or disclosed
• Right to opt-out of the sale of personal information (we do not sell your data)
• Right to non-discrimination for exercising your rights