Privacy Policy
Effective: January 1, 2026 | Updated: April 19, 2026
1. Data Controller
AegisTrust AI, Inc. ("AegisTrust") is the data controller. Contact: privacy@aegistrust.ai.
2. Information We Collect
We collect the minimum data necessary:
- Contact: Corporate email during Pre-Clearance submission.
- Architecture Docs: System diagrams and whitepapers uploaded for analysis.
- Usage Metadata: Browser type, anonymized IP, page interaction data.
3. How We Use Your Data
- Security architecture assessments against SOC2 Type II, ISO 27001, and financial regulatory frameworks.
- Delivering risk blind-spot briefs to your email address.
- Maintaining audit trails for our own SOC2 compliance.
4. Encryption & Storage
All uploads are AES-256 encrypted at rest and TLS 1.3 in transit. We enforce Zero Data Retention: files are purged within 30 days of assessment completion unless explicitly retained under a signed DPA.
5. Sub-Processors
| Processor | Purpose | Jurisdiction |
|---|---|---|
| Cloudflare R2 | Encrypted file storage | US / EU |
| Resend | Transactional email | US |
| Vercel | Hosting & edge compute | US / Global Edge |
6. Your Rights (GDPR / CCPA)
You may exercise the right to access, rectify, erase, restrict processing, or port your data. Email privacy@aegistrust.ai. Response within 30 days.
7. Cookies
We use strictly necessary first-party cookies only. No third-party advertising cookies. No data is sold to third parties.
8. Policy Updates
Material changes will be communicated via email. Continued use constitutes acceptance.
AegisTrust AI, Inc. · Delaware, US · privacy@aegistrust.ai