Privacy Policy

1. Information We Collect

We collect information you provide directly to us, including:

• Account Information: Name, email address, and authentication credentials
• Integration Data: Email content, labels, and metadata when you connect Gmail or other services
• Usage Data: Agent execution logs, API usage statistics, and system performance metrics
• Payment Information: Billing details processed securely through our payment providers (we never store complete credit card numbers)
• Technical Data: IP address, browser type, device information, and cookies for authentication and analytics

2. How We Use Your Data

Your data is used exclusively for:

• Executing AI-powered tasks you explicitly request through your agents
• Improving service reliability and performance
• Processing payments and maintaining billing records
• Communicating important service updates and security alerts
• Complying with legal obligations and preventing fraud

We never: Sell your data to third parties, use your email content for advertising, or train AI models on your private information without explicit consent.

3. Data Sovereignty & Storage

At Avelion, we believe your data belongs to you. Email content is processed in real-time and stored only temporarily (up to 30 days) for agent execution history and debugging purposes. You can request immediate deletion of all execution logs at any time through your account settings. All data at rest is encrypted using AES-256 encryption standards.

4. Payment Information Security

Your financial security is our top priority:

• PCI DSS Compliance: We use Stripe and other PCI-compliant payment processors
• No Direct Storage: Credit card numbers are never stored on our servers
• Tokenization: Payment methods are securely tokenized for recurring billing
• Secure Transmission: All payment transactions use TLS 1.3 encryption
• Fraud Detection: Advanced monitoring systems protect against unauthorized charges

Billing statements will appear as "Avelion" on your credit card statement. You can update or remove payment methods anytime from your account settings.

5. Third-Party Integration Permissions

When you connect external services (Gmail, LinkedIn, Slack, etc.), we request only the minimum permissions necessary:

• Gmail: Read messages, send emails, modify labels (only for requested actions)
• LinkedIn: Profile access, connection management for networking agents
• Calendar: Read/write events for scheduling agents

You can revoke these permissions at any time via your Google Account, LinkedIn, or respective service provider settings. Revoking access will immediately stop all related agent activities.

6. Security Infrastructure

We implement industry-leading security measures:

• Encryption: TLS 1.3 for data in transit, AES-256 for data at rest
• Access Control: Multi-factor authentication (MFA) and role-based access
• Infrastructure: Servers hosted in SOC 2 Type II certified facilities
• Monitoring: 24/7 security monitoring and rapid incident response
• Audits: Regular third-party security assessments and penetration testing
• Backups: Automated encrypted backups with 99.9% uptime SLA

7. Data Retention & Deletion

We retain your data according to the following schedule:

• Account Data: Retained while your account is active
• Execution Logs: 30 days by default (configurable from 7 to 90 days)
• Billing Records: 7 years for tax compliance and audit purposes
• Email Content: Processed in memory, not permanently stored

Upon account deletion, all personal data is permanently removed within 30 days, except billing records required by law. You can export your data anytime before deletion.

8. Your Privacy Rights

You have the following rights under GDPR, CCPA, and similar regulations:

• Access: Request a copy of all data we have about you
• Rectification: Correct inaccurate or incomplete information
• Erasure: Request deletion of your personal data ("Right to be Forgotten")
• Portability: Export your data in machine-readable format (JSON/CSV)
• Restriction: Limit how we process your data
• Objection: Opt-out of certain data processing activities
• Withdraw Consent: Revoke previously granted permissions

To exercise these rights, contact us at info@avelion.inor use the data controls in your account settings.

9. Cookies & Tracking Technologies

We use cookies and similar technologies for:

• Essential Cookies: Authentication, security, and core functionality (required)
• Analytics Cookies: Understanding usage patterns to improve service (optional)
• Preference Cookies: Remembering your settings and customizations (optional)

You can control cookie preferences through your browser settings or our cookie consent manager. Disabling essential cookies may limit platform functionality.

10. International Data Transfers

Avelion operates globally. If you access our services from outside the United States, your data may be transferred to and processed in the U.S. or other countries where our service providers operate. We ensure appropriate safeguards through Standard Contractual Clauses (SCCs) and comply with GDPR requirements for international transfers.

11. AI Model Usage & Training

We use third-party AI models (OpenAI, Anthropic, Groq, etc.) to power agent intelligence. Your data is sent to these providers only during active agent executionand under strict data processing agreements. These providers do not use your data to train their models. We continuously evaluate AI providers based on their privacy standards.

12. Billing, Refunds & Cancellation

Transparency in billing:

• Pricing: Clear pricing displayed before purchase, no hidden fees
• Subscriptions: Billed monthly/annually, cancel anytime
• Refunds: 14-day money-back guarantee for new subscriptions
• Usage Overage: Prorated charges for exceeding plan limits, with advance notification
• Cancellation: Effective at end of billing period, retain access until expiration

Contact in@avelion.in for refund requests or billing inquiries. Refunds are processed within 5-10 business days.

13. Children's Privacy

Avelion is not intended for users under 18 years of age. We do not knowingly collect personal information from children. If we discover that a child under 18 has provided personal information, we will promptly delete it. Parents who believe their child has submitted data should contact us immediately.

14. Data Breach Notification

In the unlikely event of a data breach affecting your personal information, we will notify you within 72 hours via email and in-app notification. We will provide details about the breach, affected data, and steps we're taking to resolve the issue. You will also receive guidance on protecting your account.

15. Changes to This Policy

We may update this Privacy Policy periodically to reflect changes in our practices or legal requirements. Significant changes will be communicated via email at least 30 days before they take effect. Continued use of Avelion after changes indicates acceptance of the updated policy. Previous versions are archived and available upon request.

16. Contact Us

For privacy-related questions, concerns, or requests:

We are committed to resolving privacy concerns promptly and will respond to all inquiries within 48 hours (business days).