Privacy Policy

When you register for an Aerostack account we collect:

• Name and email address
• Password (hashed with PBKDF2 at 600,000 iterations; never stored in plaintext)
• Profile avatar (stored in Cloudflare R2)
• Optional: GitHub or Google OAuth identity linked to your account

As you use the Platform we automatically collect:

• API request logs (endpoint, method, response code, latency, timestamp)
• IP address and approximate geographic region (derived from Cloudflare headers)
• Browser type, operating system, and referrer for dashboard sessions
• Usage metrics: request counts, token consumption, storage used, realtime connections
• Error traces and performance telemetry

Data you create or upload through the Platform:

• Projects, API configurations, schema definitions, and environment variables
• Community listings: functions, MCP servers, skills, and agents you publish
• Files, media, and documents stored in project R2 buckets
• Database records stored in project-scoped D1 databases
• AI knowledge base documents indexed for retrieval-augmented generation (RAG), stored as vector embeddings in Cloudflare Vectorize and raw documents in R2

Subscription payments are processed by Razorpay. We do not store full card numbers or CVV codes. We retain Razorpay customer IDs, subscription status, billing interval, and invoice history for accounting and support purposes. We plan to add Stripe as an additional payment option in the future; this policy will be updated accordingly.

If you contact us via email or Discord, we retain the contents of those communications to respond to your request and improve support quality.

This is the most important section for users of the AI agent gateway and OpenClaw bridge. When an AI agent (such as Claude Code, Cursor, or any MCP client) connects to Aerostack and executes tool calls, we store the following in our D1 database:

• Tool call name — e.g., shell_exec, read_file, query_db
• Full tool call parameters — this may include file paths, file contents, shell commands, database queries, API request bodies, and any other data the agent passes to a tool
• Execution outcome — whether the call was auto-approved, blocked pending your approval, approved by you, or denied by you
• Approval metadata — who approved or denied, timestamp, and any notes
• Risk level — the classification assigned by our Guardian engine (low / medium / high / critical)

Why we store this: The audit trail and approval system are core features of the platform. Without storing tool call data, we cannot show you what your agent did, enforce approvals, or let you review past activity.

Staff access: Aerostack staff can access stored tool call logs, including parameters, for purposes of customer support, debugging, abuse investigation, and legal compliance. We do not routinely review your agent's activity. Access is logged and limited to authorised personnel. We do not use your agent's tool call data to train AI models.

Retention: See Section 5 for plan-based retention periods. You can delete your activity log at any time from the dashboard — see Section 8.

When you connect third-party services (such as GitHub, Google, Slack, Notion, Linear, or other OAuth providers) to your workspace, we store encrypted OAuth access and refresh tokens in Cloudflare KV using AES-GCM encryption. These tokens are used solely to perform actions you explicitly authorise — for example, allowing your AI agent to read a GitHub repository or create a Notion page on your behalf.

• Tokens are never logged, never sent to AI model providers, and never shared with third parties
• Tokens are injected at call time only — they are not included in tool call logs
• You can revoke any connected account at any time from the dashboard; revocation immediately deletes the stored token

If you create an AI bot connected to Discord, Telegram, WhatsApp, Slack, or Web Chat, messages sent to your bot by end users are processed through the Platform to generate AI responses. Specifically:

• Message content is passed to your configured AI model provider (e.g., Azure OpenAI, Google Gemini) to generate a response
• Conversation history is stored in D1 per the retention periods in Section 5, subject to your plan
• Aerostack does not use bot conversation data to train AI models
• End users of your bot are subject to the privacy practices of the messaging platform they use (e.g., Telegram's Privacy Policy, WhatsApp's Privacy Policy) in addition to this policy

If you are building a bot for end users, you are responsible for informing those users that their messages are processed by an AI system.

The Aerostack mobile app (iOS and Android) uses Firebase Cloud Messaging (FCM) to send push notifications for approval requests and activity alerts. We store your device's FCM push token to deliver notifications. We do not use this token for any purpose other than sending you notifications you have enabled. You can revoke notification permissions at any time through your device settings or the app settings screen.

When you store third-party API keys or secrets in your workspace (for injection into MCP server calls), they are encrypted with AES-GCM and stored in Cloudflare KV. Secrets are:

• Never stored in plaintext
• Never included in tool call logs or audit trails
• Never sent to AI model providers
• Injected into MCP calls at runtime only, in memory
• Permanently deleted when you remove a secret from the dashboard

Retention is based on your subscription plan:

Regardless of your plan, you can delete your activity log at any time from the dashboard — see Section 8. Deletion is immediate and permanent.

• Account data — retained while your account is active. Deleted within 30 days of account closure, except where required by law.
• API request logs — 90 days on Starter; configurable on Pro and above.
• Billing records — retained for 7 years for tax and accounting compliance (legally required).
• Project data (D1 databases, R2 files) — retained until you delete the project or close your account. Cloudflare Time Travel (30-day point-in-time restore) applies.
• OAuth tokens — retained until you revoke the connection.
• FCM device tokens — retained until you disable notifications or uninstall the app.
• Encrypted backups — retained for up to 30 days.

• Delete activity log entries — go to Settings → Data & Privacy → Activity Log. Delete individual entries or all activity in bulk. Deletion is immediate and permanent.
• Set activity retention — choose to retain less data than your plan maximum.
• Revoke OAuth connections — go to Settings → Connections. Revocation immediately deletes the stored token.
• Revoke API keys — go to Settings → API Keys.
• Export your data — go to Settings → Data & Privacy → Export. Download your activity logs, project configs, and account data as JSON.
• Delete your account — go to Settings → Personal Info → Danger Zone. All data is deleted within 30 days, except billing records required by law.

To exercise any right not available in the dashboard, email privacy@aerostack.dev. We respond within 30 days.

• Access — request a copy of all personal data we hold about you.
• Correction — update inaccurate information.
• Portability — receive your data in a machine-readable format.
• Objection / Restriction — object to or restrict certain processing activities.
• Withdraw Consent — where processing is based on consent (e.g., marketing emails), withdraw at any time.