Aeon

Privacy Policy

Last updated: 02/03/2026

This Privacy Policy ("Policy") governs the processing of personal data by Aeon ("Aeon," "we," "us," or "our") in connection with the use of our Software-as-a-Service (SaaS) platform, applications, and related services (collectively, the "Service"). Aeon is committed to ensuring that all personal data is processed lawfully, fairly, and transparently, in accordance with applicable data protection laws, including the EU General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA).

1. Data Controller

Aeon acts as the Data Controller in respect of personal data collected from Users through the Service. For data protection inquiries, please contact:

support@withaeon.com

2. Categories of Personal Data

Aeon collects the following categories of personal data, either directly from Users or automatically through their interaction with the Service:

  • Identification Data: name, email, username, credentials
  • Contact Information: address, phone number, communication details
  • Billing and Payment Data: payment details and records
  • Technical and Usage Data: IP address, browser type, access logs
  • Service Data: configurations, AI agent data, and metadata
  • Support Communications: customer service requests and feedback
  • Conversation Analytics Data:
    • Conversational message data from third-party AI platforms (with personally identifiable information masked or pseudonymized)
    • User identifiers as defined by the Customer (e.g., email addresses, user IDs)
    • AI provider and model information (e.g., provider name and model version used in conversations)

3. Legal Basis for Processing

  • Performance of a Contract: to provide and maintain the Service.
  • Legitimate Interests: for security, analytics, and service improvement.
  • Consent: where explicit consent is obtained.
  • Legal Obligation: to comply with statutory duties.

4. Purpose of Processing

Aeon processes personal data to provide the Service, manage user accounts, process payments, maintain security, improve performance, comply with applicable legal requirements, and analyze conversational AI interactions to identify user friction points, measure user satisfaction, generate insights, and provide analytics dashboards to our business customers.

5. Conversational AI Analytics

As part of our Service, Aeon collects and processes conversation data from third-party AI platforms on behalf of our business customers ("Customers") to provide conversational analytics and insights.

Data Collected:

  • Message content from AI conversations (with personally identifiable information automatically masked or removed prior to storage)
  • User identifiers as specified by the Customer (e.g., user IDs, email addresses)
  • Technical metadata including AI provider name and model version (e.g., "OpenAI GPT-4", "Anthropic Claude")

Purpose:

This data is processed solely to generate analytics reports, identify user experience issues, measure conversation quality, and provide actionable insights to our Customers.

Data Controller Relationship:

For conversation data provided by Customers, Aeon acts as a Data Processor on behalf of the Customer. The Customer remains responsible for ensuring they have appropriate legal basis and user consent to share conversation data with Aeon.

Privacy Protections:

  • PII masking is applied to conversation content before storage
  • Data is encrypted in transit and at rest
  • Access is restricted to authorized personnel only
  • Data is retained only as long as necessary to provide analytics services

6. Data Retention

Personal data shall be retained only for as long as necessary to fulfill the purposes for which it was collected, unless a longer period is required by law. Data is securely deleted or anonymized thereafter.

7. Data Sharing and Disclosure

Aeon may disclose personal data to:

  • Service Providers under data processing agreements
  • Affiliates and subsidiaries within the Aeon group
  • Legal authorities when required by law
  • Successors in business transfers, under appropriate safeguards

Aeon does not sell or rent personal data to third parties. Under the CCPA, we do not "sell" or "share" personal information.

8. International Data Transfers

Where personal data is transferred outside the European Economic Area (EEA), Aeon ensures appropriate safeguards such as Standard Contractual Clauses (SCCs) or other lawful mechanisms.

9. Data Subject Rights

Users have the right to access, rectify, delete, restrict, and port their data, as well as to object to processing and withdraw consent. California residents have additional rights under the CCPA, including the right to know what personal information is collected and the right to opt-out of sales (though we do not sell data). Requests may be sent to: support@withaeon.com

10. Security of Processing

Aeon implements technical and organizational measures to ensure a level of security appropriate to the risks involved, including encryption, access control, and regular audits.

11. Children's Data

The Service is not intended for individuals under 16 years of age. Aeon does not knowingly collect or process minors' data.

12. Changes to this Policy

Aeon reserves the right to update this Policy periodically. Material changes will be communicated via notice within the Service. Continued use of the Service constitutes acceptance of any such changes.

13. Contact and Complaints

For questions or concerns, contact:
Email: support@withaeon.com

Users may also lodge a complaint with their local Data Protection Authority (for GDPR) or the California Attorney General (for CCPA) if they believe their rights have been infringed.