Privacy Policy
Last updated: February 12, 2026
1. Introduction
Aetherio LLC ("Aetherio," "Company," "we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our websites, SaaS products (including but not limited to dickless.io), APIs, and IT consulting services (collectively, the "Services").
By using the Services, you consent to the practices described in this Privacy Policy. If you do not agree, please discontinue use of the Services.
2. Information We Collect
2.1 Information You Provide
- Account information: name, email address, password (hashed), and organization name.
- Billing information: processed and stored by Stripe. We do not store full credit card numbers on our servers.
- Customer Data: content you submit through our APIs (e.g., text for moderation, prompts for the AI gateway).
- BYOK credentials: third-party API keys you choose to store with us, encrypted at rest using AES-256.
- Support communications: messages, feedback, and attachments sent to us via email or support channels.
- Consulting engagement data: project specifications, source code, documents, and communications related to IT consulting engagements.
2.2 Information Collected Automatically
- Usage data: API call volumes, endpoint patterns, response times, error rates.
- Device & browser data: IP address, browser type, operating system, screen resolution, and referring URL.
- Cookies & similar technologies: session cookies for authentication and analytics cookies (see Section 8).
3. How We Use Your Information
- Provide, operate, and maintain the Services.
- Process transactions and send billing-related communications.
- Respond to support requests and communicate about your account.
- Monitor and analyze usage to improve the Services.
- Detect, prevent, and address fraud, abuse, and security incidents.
- Comply with legal obligations and enforce our Terms of Service.
- Deliver IT consulting services as described in the applicable SOW.
4. Customer Data Processing
When you use our SaaS products, we process Customer Data solely to provide the requested service (e.g., content moderation analysis, PII redaction, AI gateway routing).
- Real-time processing: Content submitted to moderation, PII, and gateway endpoints is processed in memory and not persistently stored unless logging is explicitly enabled by you.
- Logs (when enabled): Stored in encrypted databases and retained according to your plan settings.
- AI Gateway: Prompts and responses routed to third-party AI providers are subject to those providers' privacy policies. In BYOK mode, we act as a pass-through.
- We do not use Customer Data to train machine learning models or for any purpose other than providing the Services.
5. Data Retention
| Data Type | Retention Period |
|---|---|
| Account information | Duration of account + 30 days post-deletion |
| Billing records | 7 years (tax compliance) |
| API usage logs (when enabled) | Configurable: 7 / 30 / 90 days per plan |
| Real-time processed data | Not stored (in-memory only) |
| BYOK credentials | Until removed by user or account termination |
| Support communications | 3 years |
| Consulting engagement data | Per SOW terms; default 1 year post-engagement |
| Analytics / device data | 26 months |
6. Data Sharing & Third Parties
We do not sell your personal information. We share data only as follows:
| Third Party | Purpose | Data Shared |
|---|---|---|
| Stripe | Payment processing | Name, email, payment method |
| Cloudflare | Hosting, CDN, DDoS protection | IP address, request metadata |
| AI Providers (OpenAI, Anthropic, Google) | AI Gateway routing | Prompts & responses (in gateway mode) |
| Law enforcement | Legal compliance | As required by valid legal process |
7. Data Security
- All data in transit is encrypted using TLS 1.2+.
- Data at rest is encrypted using AES-256.
- BYOK credentials are encrypted with an additional application-layer key.
- API keys are hashed; we cannot retrieve your full API key after creation.
- We conduct regular security reviews and follow OWASP best practices.
- Access to production systems is restricted to authorized personnel with multi-factor authentication.
Despite these measures, no method of electronic storage or transmission is 100% secure. We cannot guarantee absolute security.
8. Cookies & Tracking
We use the following types of cookies:
- Essential cookies: Required for authentication and core functionality. Cannot be disabled.
- Analytics cookies: Help us understand usage patterns. Can be opted out via browser settings or our cookie banner.
We do not use advertising cookies or third-party tracking pixels. We do not participate in cross-site behavioral advertising.
9. Your Rights
Depending on your jurisdiction, you may have the following rights:
- Access: Request a copy of the personal data we hold about you.
- Correction: Request correction of inaccurate data.
- Deletion: Request deletion of your personal data (subject to legal retention requirements).
- Portability: Request your data in a structured, machine-readable format.
- Objection: Object to processing of your personal data for specific purposes.
- Restriction: Request restriction of processing in certain circumstances.
- Withdraw consent: Where processing is based on consent, withdraw at any time.
To exercise any of these rights, contact us at privacy@aetherio.io. We will respond within 30 days (or sooner if required by applicable law).
10. GDPR (EEA Users)
If you are located in the European Economic Area, our legal bases for processing your personal data are:
- Contract performance: Processing necessary to provide the Services you have requested.
- Legitimate interests: Fraud prevention, security, and service improvement.
- Consent: Where you have given explicit consent (e.g., analytics cookies).
- Legal obligation: Compliance with tax, accounting, and reporting requirements.
You may lodge a complaint with your local data protection authority if you believe your rights have been violated.
11. CCPA (California Residents)
Under the California Consumer Privacy Act (CCPA), California residents have additional rights:
- Right to know what personal information is collected, used, and disclosed.
- Right to delete personal information.
- Right to opt-out of the sale of personal information. We do not sell personal information.
- Right to non-discrimination for exercising your CCPA rights.
To submit a CCPA request, contact us at privacy@aetherio.io.
12. Children's Privacy
The Services are not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If we learn that we have collected personal information from a child under 18, we will promptly delete it.
13. International Data Transfers
Our Services are primarily hosted on Cloudflare's global network. Your data may be processed in the United States or other jurisdictions where our infrastructure providers operate. We rely on Standard Contractual Clauses (SCCs) and other appropriate safeguards for international data transfers where required.
14. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify registered users of material changes via email at least 30 days before the effective date. The "Last updated" date at the top of this page indicates when the policy was last revised.
15. Contact
If you have questions about this Privacy Policy, please contact us:
Aetherio LLC — Privacy
Email: privacy@aetherio.io
General: hello@aetherio.io
Commonwealth of Pennsylvania, United States