← Back to Home

Privacy Policy

Last updated: 30 January 2026

Overview

Aqta Technologies Ltd ("we", "us", or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and safeguard your information when you use our AI governance platform.

Aqta Technologies Ltd is a company registered in Ireland with company number 807530. For customer account, billing and support data (for example, your login details, contact information, and subscription records), we act as an independent data controller under GDPR. For AI traffic and metadata processed through the Aqta gateway, your organisation remains the data controller and we act as your data processor, processing data only on your instructions under a Data Processing Agreement (DPA).

Information We Collect

Account Information

  • Email address
  • Organisation name
  • Billing information
  • API usage metadata

Technical Data

  • API request metadata (timestamps, model names, token counts)
  • Loop detection events
  • Cost tracking data
  • System performance metrics

What We Don't Store

  • Full prompts or responses
  • Training data for AI models
  • Original API keys (only hashed values)

We design Aqta so that full prompt and response content are not logged and we instruct customers not to send personally identifiable information (PII) or special-category/sensitive data through the service. If such data is sent inadvertently, it is processed only as transient traffic for routing and loop detection and is not stored in our logs.

How We Use Your Information

  • Provide and maintain the Aqta service
  • Detect and prevent AI agent loops
  • Track API usage and costs
  • Process billing and payments
  • Send service updates and security alerts
  • Improve our platform

Data Storage and Security

All data is stored in EU-based infrastructure with encryption at rest and in transit. We implement industry-standard security measures including:

  • TLS 1.3 encryption for all data in transit
  • AES-256 encryption for data at rest
  • Regular security audits and penetration testing
  • Access controls and audit logging

Data Retention

  • Starter: 30 days
  • Pro: 90 days
  • Healthcare: 7 years (for regulatory compliance)
  • Enterprise: Custom retention periods

Account and billing data is retained for the duration of your subscription plus 7 years for tax and legal compliance.

Cookies

We do not use advertising or cross-site tracking cookies. Some pages may use privacy-friendly, cookieless analytics (for example, Plausible) to understand high-level usage patterns. This analytics data is aggregated and does not track individual users across sites.

Third-Party Services

We use the following third-party services to operate Aqta:

  • Hosting: EU-based cloud infrastructure providers that offer strong security and GDPR data-processing commitments.
  • Analytics: Privacy-friendly, aggregated usage analytics to understand product performance. We do not use third-party advertising networks.
  • Payment processing (Stripe): We share limited billing and payment information with Stripe to process subscriptions and prevent fraud. Stripe acts as an independent data controller for these activities under its own Privacy Policy and Data Processing Agreement.

All third-party processors we engage as processors are subject to data-processing agreements and appropriate safeguards under GDPR.

Your Rights (GDPR)

Under GDPR, you have the right to:

  • Access your personal data
  • Rectify inaccurate data
  • Request deletion of your data
  • Object to processing
  • Data portability
  • Withdraw consent

To exercise these rights, contact us at privacy@aqta.ai

International Transfers

All data is processed and stored within the European Union. We do not transfer personal data outside the EU/EEA.

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by email or through the Aqta platform.

Contact Us

For privacy-related questions or to exercise your rights: