Aerethis
Aerenium Home Log in Backstage Account Log out

Privacy Policy

Effective Date: May 27, 2026

In short: Aerenium is local-first. Your conversations stay on your device. We only store what is necessary for licensing and billing. We do not sell, share, or monetize your data.

1. Our Approach

Aerenium is designed as a local-first desktop application. Your conversations, memory matrices, settings, and logs are stored on your own device. We do not have access to this data unless you explicitly choose to share it with us for support purposes.

Our business model is straightforward: you pay for the software, and we provide the service. We do not mine your data, show ads, or train models on your content.

2. What We Collect

  • Account information: If you create an account, we store your email address and a hashed password (or OAuth identity from Google/GitHub). We do not store passwords in plain text.
  • License data: For license enforcement, we store your hardware ID (HWID), subscription tier, activation status, seat count, and credit balance. This is necessary to prevent unauthorized use.
  • Token data: For anonymous token accounts, we store a randomly generated 16-character token that links your device to your subscription. No email or identity is required.
  • Payment data: Processed entirely by Stripe. We do not store your full credit card number, CVV, or bank details. We only retain the last 4 digits of your card and the payment timestamp for billing support.
  • Contact submissions: If you use the contact form, we store your name, email, and message to respond to you.

3. What We Do NOT Collect

  • Your conversation logs, prompts, or AI outputs.
  • Your files, documents, screenshots, or local data.
  • Your browsing history, search history, or desktop activity.
  • Biometric data, voice recordings, or camera footage.
  • Telemetry, analytics, or crash reports (unless you explicitly opt in).

4. Third-Party Services

When you use LLM features, your prompts are sent directly from your device to third-party AI providers (e.g., OpenRouter, OpenAI, Anthropic). These providers have their own privacy policies. We do not intermediate, log, or store these requests on our servers.

We use the following third-party services:

  • Stripe — payment processing
  • Resend — transactional emails (activation codes, receipts, password resets)
  • Cloudflare — DNS and DDoS protection

5. Cookies

Our website uses only essential session cookies for authentication. These cookies are necessary for you to log in and manage your account. We do not use tracking cookies, advertising cookies, or third-party analytics cookies.

6. Data Retention

6.1 Account-Based Users

We retain your account and license data as long as necessary to provide the service. If you delete your account, we remove your personal data within 30 days. License records may be retained longer for fraud prevention and legal compliance.

6.2 Token Accounts

Token accounts are anonymous by design. Because we cannot contact you, we apply automatic cleanup policies:

  • Inactive tokens (90 days): Token accounts with no active subscription and zero credit balance are automatically deleted.
  • Old credits (10 years): Purchased credits on token accounts that have been inactive for over 10 years are reclaimed.

If you convert your token account to an account-based subscription, these automatic deletion policies no longer apply.

6.3 Payment Records

Stripe retains payment records according to their own policies (typically 7+ years for tax and compliance). We retain minimal payment metadata (amount, date, last 4 digits) for the same period.

7. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access the personal data we hold about you
  • Correct inaccurate or incomplete data
  • Delete your account and associated data
  • Export your data
  • Object to certain processing activities

To exercise these rights, email support@aerethis.com. We will respond within 30 days.

8. Security

We use industry-standard security measures:

  • TLS 1.3 for all data in transit
  • RSA-2048 for license key signing
  • SQLite with WAL mode for database integrity
  • Rate limiting and fail2ban for API protection

However, no system is completely secure. You are responsible for safeguarding your token and account credentials.

9. Children's Privacy

Aerenium is not intended for children under 13. We do not knowingly collect data from children under 13. If you believe we have collected data from a child, contact us immediately.

10. Changes to This Policy

We may update this Privacy Policy periodically. Material changes will be posted on this page and, for account holders, notified via email.

11. Contact

For privacy-related questions, data deletion requests, or concerns, email support@aerethis.com.

© Aerethis
HomeAereniumTerms