Aethera

Legal

Privacy Policy

Last updated 1 June 2026

PrivacyTermsAcceptable UseCookies

1. Who we are

Aethera ("Aethera", "we", "us", or "our") provides an AI-powered productivity workspace that includes conversational AI ("chat"), document drafting and editing ("compose"), image generation ("studio"), knowledge retrieval, third-party integrations, and related team and organization features (collectively, the "Service"). The Service is available on the web at https://aethera.ai and through a desktop application.

This Privacy Policy explains what personal data we collect, how we use it, who we share it with, and the rights you have over it.

The data controller responsible for your personal data is:

  • Legal entity: Numena LLC-FZ
  • Registered address: The Meydan Hotel, Grandstand, 6th floor, Meydan Road, Nad Al Sheba, 417541 Dubai, United Arab Emirates
  • Privacy contact: help@aethera.ai
  • Data Protection Officer / EU-UK representative: Not appointed

If you access the Service as part of an organization or team (for example, your employer), that organization may be the controller of the content you submit, and we process that content as a processor on their behalf and under their instructions. In that case, the organization's own privacy policy may also apply to you.

2. The personal data we collect

2.1 Data you give us directly

  • Account and profile data: name, email address, password (stored in hashed form by our authentication provider), profile picture, and any profile or settings you configure.
  • Organization and team data: organization name, team membership, roles, invitations, and seat assignments.
  • Billing data: subscription plan, credit balances and usage, and billing contact details. Card and payment details are collected and processed directly by our payment processor (Stripe); we do not store full card numbers on our systems.
  • Content you submit ("Customer Content"): chat prompts and messages, documents you create or upload, files and images, knowledge-base / corpus material you ingest, personas, workflows, voice recordings you choose to transcribe, and any other content you put into the Service.
  • Support and contact data: messages you send us (for example via help@aethera.ai or a contact form), feedback, and survey responses.

2.2 Data we collect automatically

  • Usage and product analytics: pages and features used, actions taken, session activity, and interaction events, collected through PostHog, Google Analytics, and Microsoft Clarity (which may include session-replay-style interaction recording). See our Cookie Policy for details and controls.
  • Device and technical data: IP address, browser type and version, operating system, device identifiers, language, and, for the desktop app, application version and auto-update status.
  • Diagnostics and error data: crash reports, error traces, and performance data collected through Sentry to keep the Service reliable.
  • Cookies and similar technologies: see the separate Cookie Policy.

2.3 Data from connected third-party accounts

If you choose to connect a third-party account, we access only the data needed to provide the feature you enabled, using the permissions (scopes) you grant at the time of connection:

  • Google (via OAuth / Composio): Gmail (read and modify), Google Calendar, and Google Drive, where you connect them.
  • Microsoft (via OAuth): basic profile (User.Read) and mail (Mail.Read), where you connect it.

You can disconnect these integrations at any time from within the Service or from your Google/Microsoft account security settings. Our use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

2.4 Data we do not intentionally collect

We do not seek to collect special-category (sensitive) personal data. Please do not submit sensitive data into the Service unless it is necessary for your use case and you have a lawful basis to do so. If you use Aether Claims or similar features, you are responsible for ensuring you may lawfully process the content you upload.

3. How we use your data and our legal bases

Where the EU/UK GDPR applies, we rely on the following legal bases:

PurposeExamplesLegal basis
Provide the ServiceAuthentication, running chats, generating documents and images, storing your content, integrationsPerformance of a contract
Process AI requestsSending your prompts and content to AI model providers to generate responsesPerformance of a contract
Billing and subscriptionsManaging plans, credits, payments, invoicesPerformance of a contract / legal obligation
Communicate with youService emails, security notices, support repliesPerformance of a contract / legitimate interests
Marketing emailsProduct updates and offers (where you have signed up or not opted out)Consent / legitimate interests
Product analytics and improvementUnderstanding usage, fixing bugs, improving featuresConsent (where required) / legitimate interests
Security, fraud prevention, reliabilityError monitoring, abuse prevention, loggingLegitimate interests / legal obligation
Comply with lawResponding to lawful requests, record-keepingLegal obligation

Where we rely on consent (for example non-essential cookies or marketing), you can withdraw it at any time without affecting prior processing.

3.1 AI model providers and your content

To generate responses, your prompts and the relevant content are transmitted to third-party AI model providers (see Section 5). Your Customer Content is used only to generate the responses you request. We do not use your Customer Content to train any AI models, and we use providers through their business or API services, which do not use content sent to them to train their models.

4. How we share your data

We share personal data only as described here:

  • Service providers / subprocessors who process data on our behalf to run the Service (hosting, database, AI inference, email, analytics, payments). See Section 5.
  • Within your organization: content and activity may be visible to other members and administrators of your organization or team, according to the sharing and permission settings you use.
  • At your direction: with third-party services you connect (Google, Microsoft, etc.).
  • Legal and safety: where required by law, regulation, legal process, or to protect the rights, property, or safety of Aethera, our users, or the public.
  • Business transfers: in connection with a merger, acquisition, financing, or sale of assets, subject to this Policy.

We do not sell your personal data, and we do not "share" it for cross-context behavioral advertising as those terms are defined under U.S. state privacy laws.

5. Subprocessors and third-party services

The Service relies on the following categories of third parties. The specific providers listed are those identified in the Aethera codebase as of the date above; the live list may change and is kept current.

Infrastructure, hosting, and storage

  • Vercel for application hosting
  • Cloudflare for content delivery and network security
  • Supabase for authentication, database, and file storage

Payments

  • Stripe for subscription billing and payment processing

AI model and inference providers

  • Anthropic, OpenAI, Google (Gemini), Cohere, Groq, Together AI, xAI, OpenRouter, Fal.ai (image generation)

Voice and transcription

  • Deepgram, AssemblyAI

Search, retrieval, and vector storage

  • Pinecone (vector database), Exa, Firecrawl, SearXNG

Productivity integrations

  • Composio (integration layer), Google (Gmail, Calendar, Drive), Microsoft (mail, profile)

Collaboration

  • Tiptap Cloud for collaborative document editing

Email and CRM/marketing

  • Postmark, Resend, Loops, ActiveCampaign

Analytics and monitoring

  • PostHog, Google Analytics, Microsoft Clarity, Sentry

A current, itemized subprocessor list with the data processed and processing locations is available on request from help@aethera.ai.

6. International data transfers

We and our subprocessors may process personal data in countries outside your own, including the United States and other jurisdictions. Where we transfer personal data out of the EEA, the UK, or other regulated regions, we rely on appropriate safeguards such as the European Commission's Standard Contractual Clauses (and the UK Addendum), adequacy decisions where available, or equivalent mechanisms. You can request more information at help@aethera.ai.

7. Data retention

We retain personal data for as long as your account is active and as needed to provide the Service, then for the period required to meet the purposes described here, including legal, accounting, and security obligations.

  • Account and Customer Content: retained while your account/organization is active.
  • After deletion or account closure: we delete or de-identify your Customer Content within 30 days, except where retention is required by law or for legitimate business records (e.g. billing).
  • Backups: residual copies may persist in backups for a limited period before being overwritten.
  • Analytics and logs: retained for up to 30 days.

You can request deletion as described in Section 9.

8. How we protect your data

We use technical and organizational measures appropriate to the risk, including encryption in transit, access controls, authentication, network protections, and monitoring. No system is perfectly secure, so we cannot guarantee absolute security. If we become aware of a personal data breach affecting you, we will notify you and the relevant authorities as required by law.

9. Your rights

Depending on where you live, you may have some or all of the following rights:

  • Access a copy of your personal data.
  • Rectify inaccurate or incomplete data.
  • Erase your data ("right to be forgotten").
  • Restrict or object to certain processing.
  • Portability to receive your data in a structured, machine-readable format.
  • Withdraw consent at any time where processing is based on consent.
  • Opt out of marketing communications.
  • Lodge a complaint with your local data protection authority.

For users in the EEA/UK, these rights arise under the GDPR. For California residents, the CCPA/ CPRA provides rights to know, delete, correct, and opt out of "sale"/"sharing" (we do neither); we will not discriminate against you for exercising your rights.

To exercise any right, contact help@aethera.ai. We will verify your identity and respond within the timeframe required by applicable law (generally one month under the GDPR, 45 days under the CCPA). If your data is controlled by your organization, we may direct your request to them.

10. Children's privacy

The Service is not directed to children under 16 (or the minimum age in your jurisdiction), and we do not knowingly collect their personal data. If you believe a child has provided us personal data, contact us and we will delete it.

11. Automated decision-making

The Service uses AI models to generate content at your request. We do not use your personal data to make decisions that produce legal or similarly significant effects about you without human involvement.

12. Changes to this Policy

We may update this Privacy Policy from time to time. We will post the updated version here with a new "Last updated" date and, for material changes, provide additional notice (for example by email or in-product). Your continued use of the Service after changes take effect constitutes acceptance.

13. Contact us

  • General: help@aethera.ai
  • Privacy requests: help@aethera.ai
  • Postal: The Meydan Hotel, Grandstand, 6th floor, Meydan Road, Nad Al Sheba, 417541 Dubai, United Arab Emirates

This Privacy Policy is governed by the laws of the United Arab Emirates.