AerodesignAI
Log inBook demo

Privacy Policy

Last updated: January 23, 2026

1. Overview

Aerodesign AI is built around a two-plane architecture: a SaaS control plane for authentication and tenant administration, and a customer-plane connector that runs inside the customer environment. Where possible, customer content remains on the customer plane and is not stored in the control plane by default.

2. Controller / contact

Replace the placeholders below with your legal entity information before going live.

Controller
[Company legal name]
[Address]
[Postal code, City, Country]
Email: privacy@aerospaceai.com

3. Categories of data

  • Account data: email address, user ID, tenant membership, and role assignments.
  • Operational data: security logs, timestamps, and service diagnostics.
  • Admin configuration: connector metadata and optional settings chosen by tenant admins.
  • Support communications: information you choose to share when contacting support.
  • Demo request data: name, work email, company, role, and notes submitted through the public demo request form.
  • Customer-plane content: documents, database content, and indices that remain inside the customer environment under the customer's control.

4. Purposes and legal bases

  • Provide the service: Art. 6(1)(b) GDPR.
  • Security and abuse prevention: Art. 6(1)(f) GDPR.
  • Support requests: Art. 6(1)(b) and/or Art. 6(1)(f) GDPR.
  • Demo requests: Art. 6(1)(f) GDPR and/or Art. 6(1)(b) GDPR where discussions are pre-contractual.
  • Optional marketing or analytics, if enabled: Art. 6(1)(a) GDPR.

5. Subprocessors / recipients

Aerodesign AI uses infrastructure providers to run the control plane. Some providers are headquartered outside the EU and may be considered third-country recipients under GDPR. See the current Subprocessors list for provider details.

  • Vercel: hosting for the control plane.
  • Supabase: authentication and database services.
  • Resend or similar provider: optional transactional email delivery.
  • AWS S3 or similar storage: optional connector installer distribution.

6. International transfers

If personal data is transferred to recipients outside the EU/EEA, we rely on appropriate safeguards such as EU Standard Contractual Clauses and, where applicable, the EU-US Data Privacy Framework.

7. Retention

Account data is retained for the duration of the customer relationship and as required for legal obligations. Operational logs are retained for a limited period necessary for security and reliability, then deleted or anonymized.

8. Your rights

Depending on the circumstances and applicable law, you may have the right to access, rectify, erase, restrict, and port your data, and to object to certain processing. You also have the right to lodge a complaint with a supervisory authority.

9. Cookies

We use essential cookies for authentication. See Cookies for details.