← Home

Privacy Policy

EntityAater.ai
EffectiveMay 2026
Last updatedMay 2026
Contactfounder@aater.ai

1. Overview

Aater.ai ("Aater", "we", "us") operates an AI classification observatory. This policy describes what data we collect, how we use it, and how we protect it. It applies to all users of the Aater platform, including the audit service, Pulse telemetry beacon, and associated infrastructure.

2. What we collect

2.1 Audit data

When you run an audit, we fetch your site's publicly accessible HTML, robots.txt, and HTTP response headers. We store a structural classification of your site — not a copy of your content. The 400-character text sample shown on your report is stored temporarily and used only to generate your report.

2.2 Account data

If you create an account, we store your email address (via magic link), your workspace name, and the domains you choose to track. Authentication is handled via one-time email links. No passwords are stored.

2.3 Pulse telemetry

The Pulse beacon records: the path visited, the User-Agent string of the visiting agent, and the timestamp. It does not track human visitors. Requests identified as human are immediately discarded and are not stored, logged, or analysed.

2.4 AI agent telemetry

Where Pulse is installed, we process the following metadata from automated AI agent requests: HTTP request paths, User-Agent strings, request timestamps, HTTP response codes, and derived classifications (agent type, access frequency, crawl depth estimates). This data is associated with the domain being monitored, not with individual human users. No human session data, cookies, or browser fingerprints are collected through Pulse.

2.5 Request metadata

IP addresses may be processed transiently for abuse prevention, request validation, bot verification, and application error monitoring. Raw infrastructure logs are retained for a limited period and are not used for advertising purposes. IP addresses captured through error monitoring are scrubbed before retention and are not linked to user accounts beyond what is necessary for security and fraud prevention.

3. How we use data

  • To generate and display your site's participation state classification
  • To detect and classify AI agent activity on sites you own or manage
  • To send notifications you have opted into (first-signal alerts, weekly digest)
  • To improve classification accuracy over time
  • To operate, maintain, and improve the service

Aater does not sell personal information in exchange for monetary compensation. Certain infrastructure providers may process limited technical data necessary to operate the service. We do not share personal data with third parties for advertising, profiling, or resale purposes.

4. Lawful basis for processing

Where applicable under GDPR and equivalent regulations, our processing relies on the following lawful bases:

  • Legitimate interests — operating, securing, and improving the service
  • Performance of a contract — delivering classification and telemetry services you have subscribed to
  • Legal obligations — retaining records required by applicable law
  • Consent — where explicitly required (e.g. optional communications)

5. Data retention

Retention periods vary depending on data category, operational necessity, and legal obligations. Current practices:

  • Pulse raw events: 7 days maximum, then aggregated and deleted
  • Pulse aggregates: retained for the duration of your account
  • Audit classifications: retained indefinitely (structural data, not content)
  • Account data: retained until you delete your account
  • Infrastructure logs including IP addresses: limited transient retention for security purposes

6. Tracking & monitoring

Aater does not use advertising tracking, cross-site profiling, or behavioural targeting. No tracking scripts run on your site until you explicitly choose to install Pulse. We do not sell personal data or share it with advertising networks.

We use product analytics software (PostHog) to understand how users interact with the Aater platform — for example, which features are used, where errors occur, and how the audit and Pulse flows are completed. PostHog processes page path data, interaction events, and session metadata within the Aater product only. All form inputs are masked and no session recordings are made. Data processed through PostHog is not used for advertising or shared with third parties for profiling.

We use application error monitoring software (Sentry) to detect and respond to technical failures. This service processes limited technical metadata at the point of an error — including the page path, error message, browser type, and operating system. No session recordings are made. IP addresses captured by error monitoring are scrubbed and not retained in identifiable form.

7. Subprocessors and data sharing

We share limited data with the following infrastructure providers as necessary to operate the service:

  • Supabase — database hosting and authentication infrastructure
  • Vercel — hosting and edge delivery infrastructure
  • Resend — transactional email delivery
  • Paddle — payment processing (minimal billing data only)
  • Sentry — application error monitoring and performance observability (no session recording)
  • PostHog — product analytics and interaction event tracking within the Aater platform (no advertising; inputs masked; no session recording)

Infrastructure providers and subprocessors may change as the service evolves. Material changes will be reflected in an updated version of this policy. We do not sell, rent, or trade personal data with any third party.

8. Security

We implement reasonable technical and organisational measures to protect data against unauthorised access, disclosure, alteration, or destruction. These include encrypted data storage, access controls, and infrastructure-level security provided by our hosting partners. No system can guarantee absolute security. Users are responsible for maintaining the confidentiality of their account credentials.

9. Cookies

We use a limited set of cookies necessary to operate the service:

  • Essential cookies — session authentication tokens required to maintain your logged-in state
  • Functional cookies — preferences and temporary state storage necessary for service operation
  • Security cookies — CSRF protection and request validation tokens

We do not use advertising cookies, tracking cookies, or third-party analytics cookies. No behavioural profiling is conducted through cookies.

10. International compliance and automated processing

Aater operates as an observability and analytics layer. We are not an automated decision-maker in the GDPR sense. Classification results are provided as structural assessments, not as decisions with legal effect.

Certain classifications and derivations are generated automatically based on observable structural and technical signals — including reachability, content legibility, and authority markers. These automated classifications reflect technical structure only. No individual human user data enters the classification derivation process.

For users in the European Economic Area, United Kingdom, or other regions with applicable data protection law, you may have rights including access, rectification, erasure, restriction, portability, and objection. To exercise these rights, contact us at founder@aater.ai.

11. Minors

The Aater service is not directed toward children under the age of 16 (or 13 where applicable under local law). We do not knowingly collect personal data from minors. If you believe a minor has provided personal data to Aater, contact us at founder@aater.ai and we will take appropriate steps to remove it.

12. Your rights

You may request deletion of your account and all associated data at any time by emailing founder@aater.ai. We will process deletion requests within 30 days. A domain's participation state may remain in the public Participation Ledger after account deletion, as it describes the domain's public technical structure rather than personal data. To request removal of a domain from the public ledger, contact founder@aater.ai.

13. Changes to this policy

We may update this policy as the service evolves. We will notify active subscribers of material changes by email with reasonable notice before changes take effect. The effective date at the top of this page reflects the most recent revision.

14. Contact and governing law

For privacy questions, data requests, or to exercise your rights:

founder@aater.ai

This policy is governed by the laws of India. Aater.ai operates from Mumbai, Maharashtra, India. Disputes arising from this policy are subject to the exclusive jurisdiction of the courts of Mumbai, Maharashtra, India, consistent with the Terms of Use.

Reviewed the policy and ready to proceed?

Get started →