← Back to aeriad

Privacy Policy

Last Updated: April 30, 2026

This Privacy Policy explains how Nicholas Alejandro Perez ("we," "us," or "our") collects, uses, and protects your information when you use the Aeriad application and related services (the "Service"). We are committed to transparency about what we collect, why we collect it, and what rights you have.

1. Information We Collect

Account Information

When you sign up, we collect your email address, name, and profile picture. Authentication is managed by Clerk, our authentication partner. If you use a social login (Google, Apple, Microsoft), we receive basic profile information you authorize that provider to share.

User Content

We securely store the text, tasks, "Brain Dumps," module configurations (Habits, Fitness, Language entries), highlights, and other content you create within the Service. This content is encrypted in transit and at rest.

Behavioral and Usage Data

To provide personalized insights and improve the Service, we collect data about how you interact with the application, including:

  • Energy state selections (when you indicate your energy level via the face selector)
  • Task completion patterns (when you start, pause, complete, or abandon tasks)
  • Time-of-day usage patterns
  • Bucket selection patterns (which energy categories you use most)
  • Module interaction patterns
  • Session durations and focus timer usage
  • Feature usage and navigation patterns

This behavioral data is associated with your account to provide you personalized insights about your work patterns. Aggregated, anonymized versions of this data may be used to improve the Service for all users.

Automated Decision-Making and AI Processing

The Service uses artificial intelligence to categorize tasks, generate insights, and provide recommendations. When you use AI features, your task content is transmitted to our AI providers (currently Google Gemini) for processing. AI providers are contractually restricted from using your data to train their public models. You have the right to request human review of AI-generated decisions affecting you. Contact us at aeriadapp@gmail.com to request review.

Payment Information

If you upgrade to a paid tier, payment details are collected and processed directly by Stripe. We do not store full credit card numbers on our servers. We retain limited transaction information necessary for billing, refunds, and fraud prevention.

Diagnostic Data

We collect anonymous diagnostic data to identify and fix technical issues:

  • Error logs and crash reports via Sentry (may include limited request context, but no task content)
  • Anonymous product analytics via PostHog (page visits, feature usage, button interactions)
  • Performance metrics (load times, response times)

This data does not include your task content or directly identifiable personal information.

2. How We Use Your Information

We use your information to:

  • Provide, operate, and maintain the Service
  • Process your inputs through AI to categorize and organize your tasks
  • Generate personalized insights about your work patterns
  • Manage your account, billing, authentication, and subscription
  • Communicate with you about updates, support, system changes, and service announcements (transactional emails routed via Resend)
  • Detect, prevent, and address technical issues, fraud, or abuse
  • Improve the Service through aggregated, anonymized analysis
  • Comply with legal obligations

We process your data based on the following legal bases:

  • Contract performance: To provide the Service you've signed up for
  • Legitimate interests: To improve the Service, prevent fraud, and ensure security
  • Consent: For optional features and marketing communications, where you have specifically opted in
  • Legal compliance: To meet our legal obligations

3. Third-Party Service Providers

We do not sell your personal data. We share your information only with trusted service providers strictly necessary to operate the Service:

  • Clerk: Identity verification, session management, secure logins
  • Stripe: Payment processing and subscription management
  • Google Gemini (AI Provider): Task categorization and AI-generated insights. Contractually restricted from training on your data.
  • Resend: Transactional email delivery
  • PostHog: Anonymous product analytics
  • Sentry: Error monitoring and application diagnostics
  • Vercel: Application hosting and server infrastructure
  • Supabase: Database infrastructure and storage

Each provider has access only to the data necessary to perform their specific function. All providers are bound by data processing agreements requiring appropriate security and privacy protections.

We may also share information when legally required (subpoena, court order, regulatory request), to protect our rights or the safety of users, or in connection with a business transfer (merger, acquisition, sale) where the receiving party agrees to honor this Privacy Policy.

4. Cookies and Tracking

We use:

  • Essential cookies: Required for authentication and session management (via Clerk). Without these, you cannot use the Service.
  • Analytics cookies: First-party cookies via PostHog to measure feature usage and improve the Service. These do not contain personally identifiable information.

You can configure your browser to refuse cookies, but doing so will prevent you from authenticating and using the Service.

We do not use third-party advertising cookies or tracking pixels for marketing purposes.

5. Data Security

We implement industry-standard security measures to protect your data:

  • HTTPS/TLS encryption for all data in transit
  • Encryption at rest for stored data
  • Secure authentication via Clerk
  • Regular security reviews of our infrastructure and providers
  • Access controls limiting who can view user data internally

However, no method of internet transmission or electronic storage is 100% secure. We cannot guarantee absolute security.

Data Breach Notification

In the event of a data breach affecting your personal information, we will notify you and applicable regulators in accordance with applicable law, typically within 72 hours of discovery. Notifications will describe the nature of the breach, what data was affected, and what steps we are taking to address it.

6. Your Data Rights

Universal Rights (All Users)

  • Access: Request a copy of the personal data we hold about you
  • Correction: Request correction of inaccurate or incomplete data
  • Deletion: Request deletion of your account and associated data
  • Portability: Request your data in a portable, machine-readable format
  • Withdrawal of consent: Where processing is based on consent, withdraw at any time

California Residents (CCPA/CPRA)

You have additional rights under California law:

  • Right to know what categories of personal information are collected, sources, purposes, and third parties with whom data is shared
  • Right to delete personal information
  • Right to opt out of the sale or sharing of personal information (we do not sell or share for cross-context behavioral advertising)
  • Right to limit use of sensitive personal information
  • Right to non-discrimination for exercising your rights
  • Right to opt out of automated decision-making, including AI categorization. Contact us to request human review of AI decisions.

European Economic Area, UK, and Switzerland (GDPR)

You have additional rights under GDPR:

  • Right of access, rectification, erasure, restriction of processing, data portability, and objection
  • Right to lodge a complaint with your local data protection authority
  • Right to information about the legal basis for processing

For international data transfers from the EEA/UK to the United States, we rely on Standard Contractual Clauses and ensure our providers maintain equivalent data protection.

How to Exercise Your Rights

Contact us at aeriadapp@gmail.com with your request. We will respond within 30 days (45 days for complex requests). You may also initiate account deletion through your Clerk user profile settings within the app.

7. Data Retention

We retain your personal data for as long as your account is active. Specific retention periods:

  • Account data: Until account deletion plus 30 days
  • Behavioral data: Linked to your account until deletion; aggregated anonymized data may be retained indefinitely
  • Payment records: 7 years for tax and legal compliance
  • Support communications: 2 years
  • Backup data: Up to 60 days after account deletion, after which permanently purged

If you delete your account, we remove your personal data within 30 days, except where retention is required by law (such as tax records).

8. International Data Transfers

The Service is operated from the United States. Your information may be processed and stored in the US or other countries by our third-party service providers. Some of these countries may have different data protection laws than your country of residence.

For users in the EEA, UK, or Switzerland, we ensure international transfers are protected by Standard Contractual Clauses or other approved transfer mechanisms.

By using the Service, you consent to the transfer of your information to these jurisdictions.

9. Children's Privacy

The Service is not intended for users under the age of 16. We do not knowingly collect personal information from children under 16. If we discover that we have collected information from a child under 16, we will delete it promptly.

If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately at aeriadapp@gmail.com.

10. Beta and Early Access

If you participate in beta or early access programs, you understand that:

  • Features may be experimental, unstable, or removed
  • We may collect additional feedback and usage data to improve features
  • Beta features are provided without warranty
  • Your feedback may be used to improve the Service

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we make significant changes, we will:

  • Update the "Last Updated" date at the top
  • Notify you via email or in-app notification at least 30 days before changes take effect
  • Where required by law, request your renewed consent

Your continued use of the Service after changes constitutes acceptance of the updated policy.

12. Contact Us

If you have questions about this Privacy Policy, your data, or want to exercise your rights, contact us:

For California residents, you may also contact our designated privacy contact at aeriadapp@gmail.com with the subject line "California Privacy Request."