Legal

Privacy Policy

Effective date: June 17, 2026 · Last updated: June 17, 2026

AetherOps ("we", "us", or "our") operates the AetherOps platform. This policy explains what data we collect, how we use it, and what rights you have over it.

Short version: We collect only what is necessary to run the service. We do not sell your data. Log data you send is yours and is scoped strictly to your tenant.

1. Data we collect

When you register and use AetherOps, we collect:

Account data: Email address, hashed password, tenant membership, and role.
Log event data: The log events you send via API. Secrets (passwords, JWT tokens, API keys) are masked before storage.
Usage data: Request counts, AI analysis counts, and retention metrics used to enforce plan limits.
Audit logs: Timestamped records of AI operations and key account events, retained permanently for your security.
Technical data: IP addresses and request metadata used for rate limiting and abuse prevention.

2. How we use your data

To operate and improve the AetherOps service.
To perform AI-powered incident analysis on log data you explicitly submit.
To enforce usage limits and prevent abuse.
To send transactional emails (email verification, password reset). We do not send marketing emails without explicit consent.
To comply with legal obligations.

3. Data isolation and multi-tenancy

Every piece of data in AetherOps is scoped to your tenant. Our queries are structured so that cross-tenant data access is architecturally impossible — not just policy-restricted. Your incidents, analyses, and log events are never visible to other tenants.

4. AI and third-party providers

When you request an AI analysis, your log event data (with secrets already masked) is sent to our AI provider for processing. We do not send account data, email addresses, or tenant names to the AI provider. We may change AI providers; the masking guarantee holds regardless of provider.

5. Data retention

Log events and incidents are retained according to your plan (7 to 90 days by default) and deleted automatically by our retention service. Audit logs are retained permanently. You may request deletion of your account and associated data by contacting us.

6. Security

API keys are stored as SHA-256 hashes. Raw keys are shown only once at creation.
Passwords are hashed with BCrypt. We never store or transmit plaintext passwords.
All data in transit is encrypted via TLS.
Rate limiting and brute-force protection are active on all authentication endpoints.

7. Your rights

You have the right to access, correct, or delete your personal data. To exercise these rights, contact us at zeytates@gmail.com. We will respond within 30 days.

8. Cookies

AetherOps does not use tracking cookies. We use only session-required storage (e.g., a refresh token stored in memory on the client) that is strictly necessary to operate the service.

9. Changes to this policy

We may update this policy. When we do, we will revise the "Last updated" date above. Continued use of the service after a change constitutes acceptance of the updated policy.

10. Contact

Questions about this policy? Contact us at zeytates@gmail.com.