Privacy Policy
Effective Date: January 16, 2026
Version: 2.1 (Compliant with EU AI Act 2026 & UK GDPR)
Identity of Controller: Aethonix Ltd
1. Our Approach to Data in the "Deep Work" Era
Aethonix respects the privacy of our clients in the industrial and agricultural sectors. We collect only what is necessary to build intelligent systems.
2. Data We Collect
- Technical Telemetry: IP addresses, API usage logs, latency metrics (collected via Sentry/Datadog).
- Input Data: Text, documents, and database records you provide for processing by our AI systems.
- Contact Data: Name, email, and billing details for contract administration.
3. How We Use Your Data (Legal Basis)
We process your personal data under the following lawful bases of the UK GDPR:
| Purpose | Legal Basis | Details |
|---|---|---|
| Service Delivery | Performance of Contract (Art. 6(1)(b)) | To architect databases, debug APIs, and deploy software. |
| AI Model Optimization | Legitimate Interest (Art. 6(1)(f)) | We use anonymized and aggregated data to refine our Background IP and optimize system performance (e.g., reducing query latency). We conduct a Legitimate Interest Assessment to ensure this does not override your rights. |
| Safety & Security | Legal Obligation (Art. 6(1)(c)) | To comply with the EU AI Act and UK safety laws regarding content moderation (e.g., CSAM detection). |
4. AI Training and Data Retention
4.1 Non-Training Guarantee
We adhere to the enterprise policies of our API providers (OpenAI/Anthropic). By default, we do not use your identifiable Personal Data or specific Business Logic to train foundation models shared with other customers.
4.2 Service Improvement
We may retain anonymized, aggregated statistical data (which is no longer Personal Data) indefinitely for the purpose of benchmarking and service improvement (e.g., "Average query time for inventory systems in Lancashire").
4.3 Retention Periods
- Raw Input Data: Deleted 30 days after processing, unless required for legal compliance.
- API Logs: Retained for 90 days for security auditing and debugging.
5. Automated Decision Making
Our systems may use AI to provide recommendations (e.g., predictive maintenance alerts). However, Aethonix does not engage in solely automated decision-making that produces legal effects concerning you (Article 22 UK GDPR). All high-stakes decisions require your human intervention ("Human-in-the-Loop").
6. Third-Party Processors (API Pass-Through)
We transfer data to the following sub-processors to deliver AI services:
- OpenAI, L.L.C. (USA): For generative text/code.
- Anthropic, PBC (USA): For complex reasoning tasks.
- Vercel/AWS: For hosting and database infrastructure.
Data transfers to the USA are protected via the UK Extension to the EU-US Data Privacy Framework or Standard Contractual Clauses (SCCs).
7. Your Rights
You have the right to object to the processing of your data for "Service Improvement" purposes. To exercise this right, contact us at privacy@aethonix.co.uk.
8. Implementation Roadmap and Conclusion
The legal framework outlined in this report transforms the regulatory burden of the EU AI Act and UK GDPR into a competitive advantage. By proactively addressing transparency, IP reuse, and data governance, Aethonix positions itself not just as a coder, but as a sophisticated, risk-aware partner for the North's ambitious enterprises.