Legal

Privacy Policy

Effective date: 1 January 2026  ·  Last updated: 1 March 2026

1. Introduction

AegisOS Comply ("we", "us", "our") is committed to protecting your personal data. This Privacy Policy explains what information we collect when you use our platform, how we use it, and the rights you have over your data. It applies to all users of the AegisOS Comply platform, dashboard, SDKs, and website.

2. Information We Collect

We collect the following categories of information:

  • Account data: Name, email address, organisation name, and password hash when you register.
  • Usage data: API calls made, intent volumes, policy configurations, and audit log entries generated by your AI agents.
  • Transaction data: Spend intent details submitted via SDK — amounts, currency, merchant, agent ID, and policy decision outcomes. We do not store actual payment credentials.
  • Technical data: IP addresses, user agent strings, session tokens, and access timestamps for authentication and security purposes.
  • Communications: Email or support messages you send to us.

3. How We Use Your Information

  • To provide and operate the AegisOS Comply platform.
  • To evaluate AI spend intents against your organisation's policies.
  • To generate and maintain immutable audit trails on your behalf.
  • To send transactional emails (approval notifications, account security alerts).
  • To improve platform performance, security, and reliability.
  • To comply with applicable laws and regulatory obligations.

We do not sell your personal data to third parties. We do not use your spend intent data to train AI models or for any purpose outside providing the service.

4. Data Retention

Audit log data is retained for the duration of your subscription plus a mandatory 7-year retention period in accordance with financial record-keeping regulations. Account data is retained for 90 days after account deletion before permanent erasure. You may request earlier deletion of non-audit data at any time by contacting privacy@aegis-os.com.

5. Data Sharing

We share your data only with:

  • Service providers: Infrastructure and hosting providers bound by confidentiality agreements.
  • Payment processors: Only to the extent necessary to process your subscription billing.
  • Regulatory authorities: When required by law, court order, or to protect our legal rights.

We do not share audit trail data with any third party without your explicit authorisation, except as required by law.

6. International Transfers

Your data may be processed in jurisdictions outside your home country. Where this occurs, we ensure appropriate safeguards are in place — including Standard Contractual Clauses under GDPR and equivalent mechanisms under applicable laws.

7. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access a copy of the personal data we hold about you.
  • Correct inaccurate data.
  • Request deletion of your account and associated personal data.
  • Object to or restrict certain processing activities.
  • Data portability — receive your data in a structured, machine-readable format.
  • Withdraw consent where processing is based on consent.

To exercise these rights, contact privacy@aegis-os.com.

8. Cookies

Our website uses essential cookies for session management and security. We do not use advertising or tracking cookies. You may disable non-essential cookies in your browser settings without affecting platform functionality.

9. Changes to This Policy

We will notify registered users of material changes to this Privacy Policy by email at least 30 days before they take effect. Continued use of the platform after that date constitutes acceptance of the updated policy.

10. Contact

For privacy-related enquiries: privacy@aegis-os.com
AegisOS Comply, Data Protection Officer, 42 Compliance Lane, Bengaluru, Karnataka 560001, India.