Privacy Policy

This Privacy Policy describes how Aevix Technologies ("Aevix," "we," "us," or "our") collects, uses, and shares information in connection with the Aevix platform ("Service"). By using the Service, you agree to the practices described in this policy.

1. Information We Collect

Information you provide

• Registration information: Name, email address, phone number, and password when you create an account.
• Profile information: Job title, certifications, rank, and other professional details you add to your profile.
• Organization information: Agency name, department details, and configuration settings provided by administrators.

Information generated through use

• Activity data: Schedules, vehicle check records, inventory transactions, training completions, timecard entries, and other operational data created through normal use of the Service.
• Survey responses: Responses to surveys created and distributed within the Service.
• AI interaction data: Prompts and responses when using the AI assistant feature (opt-in only).
• Cookies and session data: Session tokens, authentication cookies, and CSRF tokens necessary for secure operation.

2. How We Use Your Information

• Service delivery: To provide, maintain, and improve the Service and its features.
• Security: To detect, prevent, and respond to security incidents, fraud, and abuse.
• AI features: To power optional AI-assisted features such as the in-app assistant and report generation.
• Analytics: To generate aggregated, anonymized analytics and insights for your Organization.
• Support: To respond to your support requests and communicate service updates.
• Legal compliance: To comply with applicable laws, regulations, and legal processes.

3. Legal Bases for Processing

We process your information based on the following legal grounds:

• Contract performance: Processing necessary to provide the Service under our Terms of Service.
• Legitimate interests: Processing for security, fraud prevention, and service improvement where your rights do not override our interests.
• Consent: Processing of AI interaction data and optional features that you affirmatively opt into.
• Legal obligation: Processing required to comply with applicable laws and regulations.

4. How We Share Your Information

We do not sell your personal information. We do not share your information with third parties for advertising purposes. We share information only with the following categories of service providers ("subprocessors") necessary to deliver the Service:

• Infrastructure and database hosting
• Application hosting and content delivery
• Payment processing
• AI model processing (for opt-in AI features)
• Error monitoring and observability
• Mapping and geolocation services
• Transactional email and notification delivery

The current vendors in each category, along with their locations and the data they process, are maintained in our Subprocessor List. All subprocessors are bound by written data processing agreements.

5. AI and Automated Processing

• AI features are powered by a third-party AI model provider listed in our Subprocessor List and are opt-in at the Organization level.
• Per our data processing agreement with the AI provider, Customer Data sent to the AI is not used to train their models.
• Organization administrators can enable or disable AI features at any time.
• Aevix does not use AI to make automated decisions that produce legal effects or similarly significant effects on individuals.

6. Cookies and Tracking Technologies

We use the following categories of cookies and similar technologies. For full details, see our Cookie Policy.

• Strictly necessary: Authentication session cookies, CSRF tokens, and load-balancing cookies required to operate the Service. These are always on and cannot be disabled.
• Analytics and product usage: We use Vercel Analytics and Vercel Speed Insights to measure aggregate page performance, and PostHog to understand how authenticated users interact with the application so we can improve it. These set first-party identifiers and may persist data across sessions.
• Marketing attribution:On our public marketing pages, we capture UTM parameters in your browser's local storage so we can attribute sign-ups to the campaigns that referred them.

We do not sell your personal information, and we do not use third-party advertising cookies or cross-site advertising pixels (e.g., Meta Pixel, Google Ads, TikTok Pixel). Visitors in the EEA, UK, and Switzerland will see a consent banner before any non-essential cookies are set. Visitors in California can exercise their CPRA rights via our Do Not Sell or Share My Personal Information page.

The full list of vendors that may process data on our behalf is maintained in our Subprocessor List.

7. Data Retention

• Active account data is retained for the duration of your subscription.
• Organization administrators can configure retention periods for operational data (typically 90 days to 2 years depending on data type).
• Upon account termination, Customer Data is retained for 90 days to allow retrieval, then permanently deleted.
• We may retain anonymized, aggregated data indefinitely for analytics purposes.

8. Your Privacy Rights

Depending on your jurisdiction, you may have the right to:

• Access: Request a copy of the personal information we hold about you.
• Correction: Request correction of inaccurate personal information.
• Deletion: Request deletion of your personal information, subject to legal retention requirements.
• Portability: Request your data in a structured, commonly used, machine-readable format.
• Opt-out of AI processing: Disable AI features for your Organization at any time through settings.

To exercise these rights, contact us at privacy@aevix.app.

9. CCPA Disclosures

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

• Categories of personal information collected: Identifiers (name, email), professional information (job title, certifications), and internet activity (usage logs, session data).
• No sale of personal information: We do not sell or share personal information for cross-context behavioral advertising.
• Right to know: You may request details about the categories and specific pieces of personal information we have collected.
• Right to delete: You may request deletion of your personal information.
• Non-discrimination: We will not discriminate against you for exercising your CCPA rights.

10. Children's Privacy

The Service is not directed to children under the age of 13, and we do not knowingly collect personal information from children under 13. If we become aware that we have collected information from a child under 13, we will promptly delete it.

11. Data Security

We implement industry-standard security measures to protect your information, including:

• Row-level security (RLS) policies ensuring tenant data isolation.
• Encryption of data in transit (TLS) and at rest.
• CSRF protection using double-submit cookie pattern.
• Secure session management with HttpOnly cookies and Content Security Policy headers.
• Regular security reviews and monitoring.

While we strive to protect your information, no method of transmission or storage is 100% secure, and we cannot guarantee absolute security.

12. International Data

The Service is hosted and operated in the United States. If you access the Service from outside the United States, your information will be transferred to and processed in the United States. By using the Service, you consent to this transfer.

13. Changes to This Policy

We may update this Privacy Policy from time to time. For material changes, we will provide at least 30 days' advance notice via email. The "Last Updated" date at the top of this policy indicates the most recent revision.

14. Contact

For questions about this Privacy Policy or to exercise your privacy rights, contact us at privacy@aevix.app.