Privacy Policy
Effective date: May 25, 2026 · Last updated: May 25, 2026
Aquila Strategies LLC (“we”, “us”) operates Aquila OS (the “Service”). This policy explains what we collect, how we use it, who we share it with, and the choices you have. We are based in Florida, USA, and we follow this policy globally.
1. Information we collect
- Account information — email address, hashed password, profile name, and authenticated session tokens.
- Workspace content — anything you create inside the Service: notes, tasks, agent runs, tool inputs and outputs, integration data you connect.
- Billing metadata — subscription state, plan tier, and transaction identifiers. Payment card details are handled entirely by Stripe; we never see or store full card numbers.
- Automatic data — IP address, approximate geolocation (city/region), browser and OS type, pages viewed, timestamps, and session duration. Used for security and operations.
2. How we use information
- To provide, operate, and maintain the Service.
- To process subscriptions and send transaction confirmations.
- To authenticate you and keep your account secure.
- To detect, prevent, and address fraud, abuse, and incidents.
- To respond to your questions and provide support.
- To comply with legal obligations.
We do not sell personal information, we do not use your content to train third-party AI models, and we do not use your data for advertising.
3. Who we share information with
We share data only with the service providers we need to operate the Service. Each receives only what its function requires and is bound by its own privacy terms.
- Vercel — hosting and infrastructure (all data the Service handles transits Vercel).
- Convex — application database (workspace content, account metadata).
- NextAuth (Auth.js) — authentication library running on our infrastructure (no third-party identity provider unless you connect one).
- Stripe — payment processing (name, billing address, payment details, subscription state).
- Law enforcement — only when legally compelled (subpoena, court order, lawful request), and only what the order requires.
In the event of a merger, acquisition, or sale of assets, information may transfer to the successor entity subject to this policy.
4. Cookies & tracking
We use strictly-necessary cookies for login sessions and CSRF protection. We do not run third-party advertising, marketing, or analytics cookies on the Service. We honor the Global Privacy Control (GPC) signal and browser Do Not Track signals.
5. Your rights
You may request access, correction, or deletion of your personal information by emailing eron@aquilastrategies.xyz. We respond within 30 days (45 days for CCPA requests).
California residents (CCPA/CPRA): you have the right to know, delete, correct, and opt out of sale or sharing. We do not sell personal information.
EU/UK residents (GDPR/UK GDPR): you have rights of access, rectification, erasure, restriction, portability, objection, and the right to withdraw consent. Lawful bases we rely on: contract performance, legitimate interest (security, fraud prevention), and legal obligation.
6. Data retention
Account data is retained for the life of your account plus 30 days after deletion. Transaction records are retained for 7 years for tax and accounting law. Server logs are retained for 90 days. Backups roll every 30 days.
7. Security
We protect your data with TLS 1.2+ for data in transit, encryption at rest at the database layer, hashed passwords (argon2id or bcrypt), least-privilege access controls, and provider-side automated backups. No system is 100% secure; if we confirm a breach affecting your personal information we will notify you within 72 hours.
8. Children
The Service is not directed to children under 13. We do not knowingly collect personal information from anyone under 13. If we discover that we have collected such information we will delete it within 30 days. Parents who believe their child has provided personal information should email eron@aquilastrategies.xyz.
9. International transfers
The Service is hosted in the United States. If you access it from outside the US, your information will be transferred to and processed in the US. For EU/UK transfers we rely on the Standard Contractual Clauses adopted by our processors.
10. Changes to this policy
Material changes will be communicated by updating the “Last updated” date above and, where the change affects your account, by email.
11. Contact
Privacy questions, rights requests, and security disclosures: eron@aquilastrategies.xyz. Operating entity: Aquila Strategies LLC (Florida, USA).