Back to homeAethelLayer

Legal document

Privacy Policy

How AethelLayer collects, uses, and protects information. Last updated: June 1, 2026.

Important: These terms are drafted to protect AethelLayer. Have qualified counsel review before relying on them in production or regulated industries.

1. Introduction and acceptance

This Privacy Policy ("Policy") describes how AethelLayer ("AethelLayer," "we," "us," or "our") processes personal data when you access our website, apply for the Private Pilot program, use our platform, or otherwise interact with us.

BY ACCESSING OUR SERVICES OR SUBMITTING INFORMATION, YOU ACKNOWLEDGE THAT YOU HAVE READ THIS POLICY AND CONSENT TO OUR DATA PRACTICES AS DESCRIBED HEREIN. IF YOU DO NOT AGREE, YOU MUST NOT USE OUR SERVICES.

We may update this Policy at any time by posting a revised version. Continued use after changes constitutes acceptance. Material changes may be communicated where required by law; absence of notice does not limit our right to update this Policy.

2. Data controller

AethelLayer is the data controller for personal data described in this Policy, unless we state otherwise in a separate data processing agreement ("DPA") with your organization.

Contact: privacy@aethellayer.com | [Registered Office Address , update before publication]

3. Information we collect

  • Identity and contact data: name, work email, phone, company, role, company size.
  • Application and commercial data: pilot applications, billing details, contracts, communications.
  • Technical data: IP address, device identifiers, browser type, logs, cookies (see Cookie Policy).
  • Usage data: feature interaction, session metadata, diagnostics, security events.
  • Customer content: data you connect via integrations (e.g., HR, finance, messaging) when you use the platform under a separate agreement.
  • Inferences: operational scores, risk signals, and AI-generated summaries derived from permitted inputs.

4. Sources of data

We collect data directly from you, automatically through your device, from integrated third-party systems you authorize, and from service providers assisting our operations.

You represent that any data you provide about third parties (employees, candidates, vendors) is collected lawfully and that you have authority to share it with us.

5. How we use personal data

LEGAL BASES (where applicable): contract performance, legitimate interests (including fraud prevention and service improvement), consent, and legal obligation. We may rely on multiple bases simultaneously.

  • Provide, operate, secure, and improve the Services.
  • Evaluate pilot applications and communicate about programs.
  • Perform analytics, benchmarking (in anonymized/aggregated form where applicable), and product development.
  • Comply with law, enforce agreements, and protect rights, safety, and integrity of our systems.
  • Send service-related notices; marketing only where permitted or with consent.

6. AI and automated processing

Our platform uses artificial intelligence, retrieval-augmented generation (RAG), and automated agents. Outputs are probabilistic and may be incomplete or inaccurate. YOU ARE SOLELY RESPONSIBLE FOR REVIEWING AI OUTPUTS BEFORE RELYING ON THEM FOR BUSINESS, LEGAL, FINANCIAL, OR HR DECISIONS.

We do not guarantee that automated processing will be free from bias, error, or hallucination. You must implement human oversight appropriate to your risk profile.

Unless expressly agreed in writing, we do not use your Customer Content to train generalized models available to other customers.

7. Disclosure of data

WE DO NOT SELL PERSONAL DATA. We may share aggregated or de-identified data that cannot reasonably identify you.

  • Infrastructure and subprocessors (hosting, email, analytics) under contractual confidentiality and security obligations.
  • Professional advisers (legal, accounting) under privilege where applicable.
  • Authorities when required by law or to protect vital interests and our legal rights.
  • Successors in connection with merger, acquisition, or asset sale, subject to this Policy or successor notice.

8. International transfers

Data may be processed in the United Kingdom, European Economic Area, United States, or other locations where we or subprocessors operate. We implement appropriate safeguards (e.g., UK IDTA, EU SCCs) where required.

You instruct us to transfer data as necessary to deliver the Services when you use cross-border integrations.

9. Retention

We retain personal data only as long as necessary for the purposes described, including legal, accounting, and dispute resolution requirements.

Pilot application data may be retained if you are not accepted, to manage waitlists and prevent abuse. You may request deletion subject to exceptions in Section 10.

Backup copies may persist for a limited period after deletion.

10. Your rights and limitations

Depending on jurisdiction, you may have rights to access, rectify, erase, restrict, object, portability, and withdraw consent. Submit requests to privacy@aethellayer.com.

WE MAY DENY OR LIMIT REQUESTS where exempt (e.g., legal privilege, third-party rights, manifestly unfounded or excessive requests, or retention required for legal claims). We may charge reasonable fees where permitted.

You may lodge a complaint with a supervisory authority; we encourage you to contact us first.

11. Security

We implement administrative, technical, and organizational measures described in our Security page. No method of transmission or storage is 100% secure; WE DISCLAIM LIABILITY FOR UNAUTHORIZED ACCESS BEYOND OUR REASONABLE CONTROL.

12. Children

Services are not directed to individuals under 18. We do not knowingly collect children's data. Contact us to request deletion if discovered.

13. Limitation

To the maximum extent permitted by law, our liability arising from this Policy is subject to the limitations in our Terms & Conditions. Nothing herein expands our liability beyond those caps.

14. Contact

Questions: privacy@aethellayer.com. AethelLayer, [Registered Office Address , update before publication].