Aqta

Legal

Privacy Policy

Last updated: 7 February 2026

Our commitment to privacy

At Aqta, we take your privacy seriously. This Privacy Policy explains how we collect, use, disclose and safeguard your information when you use our zero-trust AI infrastructure platform.

1. Information we collect

Personal information

  • Email address (for account creation and communication)
  • Name (if provided during registration)
  • Payment information (processed securely by third-party providers)
  • Organisation details (if applicable)

Usage information

  • AI request metadata (timestamps, models used, costs)
  • System performance metrics
  • Feature usage analytics
  • Error logs and debugging information

2. How we use your information

We use the collected information to:

  • Provide and maintain our services
  • Process payments and manage subscriptions
  • Monitor and analyse AI request patterns
  • Detect and prevent security threats
  • Improve our platform and develop new features
  • Communicate with you about service updates
  • Provide customer support

3. Data security

We implement industry-standard security measures to protect your information:

  • Encryption in transit and at rest
  • Regular security audits and penetration testing
  • Access controls and authentication
  • Secure data centres with physical security
  • Employee training on data protection

4. AI request data

Important: content privacy

We do not store or log the content of your AI requests. Content is inspected in transit solely to enforce your configured policies (e.g. PHI detection, loop detection, spend limits) and is immediately discarded. We collect only metadata such as timestamps, model names, token counts, policy outcomes, and costs for monitoring, billing, and audit purposes.

Your AI prompts and responses remain private. AqtaCore enforces policy at the boundary without persisting message content. Cryptographic attestation records (audit logs, ZK proofs) contain only metadata and hashes, not raw prompt or response text.

4a. Cryptographic attestation and ZK proofs

AqtaCore produces a cryptographic attestation record for every enforcement decision. These records contain: a timestamp, the policy applied, the outcome (allowed or blocked), a SHA-256 hash of the request metadata, and a digital signature. They do not contain prompt content, model responses, or any personally identifiable information.

Zero-knowledge (ZK) compliance proofs allow regulators and auditors to verify that a policy ran correctly without seeing the underlying request. The proof is generated from the attestation record and shared on your instruction only. Aqta does not share ZK proofs with any third party without your explicit authorisation.

5. Network Intelligence (opt-in pattern sharing)

Value exchange

When you participate in Network Intelligence (Starter and above), your deployment can contribute anonymised threat patterns so that every customer benefits from better detection. Your raw request data never leaves your control. Only anonymised pattern signatures (e.g. hashes of threat signatures, not content) are shared to improve collective detection. Participation is opt-in; you can use Aqta without contributing patterns.

What is shared when you contribute:

  • Anonymised pattern hashes (no prompts, no responses, no PII)
  • Threat type and severity metadata
  • Aggregate counts (e.g. "patterns shared this week")

What is not shared: your organisation name, your request content, user identifiers, or any data that could identify you or your users. This helps the network protect all customers (e.g. "customers protected") while preserving your privacy.

6. Data sharing and disclosure

We do not sell, trade or rent your personal information. We may share information only in these limited circumstances:

  • With your explicit consent
  • To comply with legal obligations
  • To protect our rights and prevent fraud
  • With trusted service providers (under strict confidentiality agreements)
  • In connection with a business transfer or merger

7. Data retention

We retain your information for as long as necessary to provide our services:

  • Account information: until account deletion
  • Usage metadata: 24 months for analytics
  • Billing records: 7 years for tax compliance
  • Security logs: 12 months for incident response

8. Your rights (GDPR)

If you are in the European Union, you have the right to:

  • Access your personal data
  • Correct inaccurate information
  • Delete your data ("right to be forgotten")
  • Restrict processing of your data
  • Data portability
  • Object to processing
  • Withdraw consent at any time

9. Cookies and tracking

We use essential cookies only for:

  • Authentication and session management
  • Security and fraud prevention

We do not use cookies for advertising, marketing or third-party analytics.

10. International transfers

Your data may be processed in countries outside your residence. We ensure adequate protection through standard contractual clauses and other appropriate safeguards as required by applicable law.

11. Changes to this policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by email or through the service. The updated policy will be effective when posted.

12. Contact us

If you have any questions about this Privacy Policy or our data practices, please contact us:

Email: privacy@aqta.ai
Address: Aqta Technologies Ltd.
Dublin, Ireland