Privacy Policy

Aevonix respects your privacy and is committed to protecting personal information across everything we build, deploy, and operate. This Privacy Policy explains what information we collect, why we collect it, how we use and protect it, and what rights you have over it.

This policy applies to Aevonix and all subsidiaries, affiliates, and legal entities operating under the Aevonix holding company, including our websites, applications, platforms, infrastructure services, advisory engagements, and any other products or services we offer now or in the future (collectively, our "Services").

By using our Services, you agree to the collection and use of information as described in this policy. If you do not agree, please discontinue use of our Services.

Aevonix is a technology holding company headquartered in the United States, with operations in El Salvador and the United Arab Emirates. We develop AI software, provide technology advisory services, deploy high-performance computing infrastructure, and build consumer and enterprise products.

For the purposes of applicable data protection law, Aevonix acts as a data controller with respect to personal information collected through our websites and consumer-facing products, and as a data processor where we handle personal information on behalf of enterprise or government clients under a separate agreement.

Where a specific product or service is subject to a separate privacy notice or data processing agreement, that document supplements and, where it conflicts, takes precedence over this general policy for that product or service.

We collect information in three ways: information you give us directly, information we collect automatically when you use our Services, and information we receive from third parties.

We use personal information only for the purposes described below. We will not use your personal information in a way that is incompatible with the purpose for which it was collected without your consent or another lawful basis.

• Providing and improving our Services — operating, maintaining, personalizing, and enhancing our products, platforms, infrastructure, and advisory services.
• Account management — creating and managing user accounts, authenticating users, and processing account-related requests.
• Communications — responding to inquiries, sending service notifications, providing technical support, and delivering transactional emails required for the Services to function.
• Marketing and product updates — notifying interested parties about product launches, waitlist status, company news, or relevant research, where you have opted in or where a legitimate interest applies. You may opt out at any time.
• AI and machine learning — where explicitly disclosed and permitted, using data to train, evaluate, or improve AI models, automated systems, or intelligent features. We will not use personal health or location data to train general-purpose models without explicit, informed consent.
• Analytics and research — understanding how our Services are used, measuring performance, identifying trends, and informing product development decisions.
• Safety, security, and fraud prevention — detecting, investigating, and preventing unauthorized access, fraudulent activity, abuse, or violations of our terms.
• Legal compliance — complying with applicable laws, regulations, court orders, government requests, and professional obligations.
• Business operations — carrying out ordinary business functions including contracting, invoicing, record-keeping, auditing, and corporate governance.

We do not sell personal information. We do not share personal information with third parties for their own independent marketing or advertising purposes. We share personal information only in the following circumstances:

• Service providers and subprocessors — trusted vendors who process data on our behalf to support our operations, including cloud hosting providers, email delivery platforms, analytics services, customer support tools, and payment processors. These parties are bound by data processing agreements and are not permitted to use your data for their own purposes.
• Enterprise and government clients — where we act as a processor on behalf of a client organization, personal data is handled according to the terms of our agreement with that client and their applicable policies.
• Affiliates and subsidiaries — companies within the Aevonix corporate family, subject to the same privacy standards described in this policy.
• Business transfers — in connection with a merger, acquisition, financing, asset sale, or reorganization, your information may be transferred as a business asset. We will notify you if such a transfer results in a material change to how your information is used.
• Legal requirements and protection of rights — where required by law, legal process, or governmental authority, or where we believe disclosure is necessary to protect the rights, safety, or property of Aevonix, our users, or the public.
• With your consent — in any other circumstance, where you have provided explicit consent.

Aevonix operates in the United States, El Salvador, and the United Arab Emirates, and we engage service providers located in various countries. Your personal information may be transferred to, stored, and processed in countries other than your own, which may have data protection laws that differ from those in your jurisdiction.

When we transfer personal data from the European Economic Area, United Kingdom, or Switzerland to countries not recognized as providing an adequate level of protection, we implement appropriate safeguards such as Standard Contractual Clauses approved by the European Commission, binding corporate rules, or other mechanisms permitted under applicable law.

When we transfer personal data across borders in other jurisdictions, we take steps appropriate under local law to ensure that transferred data receives an equivalent level of protection.

Certain categories of personal information carry heightened sensitivity and receive additional protections under our practices and applicable law. These include:

We use cookies and similar technologies (including local storage and session storage) to operate our Services, remember your preferences, measure performance, and improve user experience.

• Strictly necessary — essential to operate our Services and cannot be disabled. These include authentication tokens, security tokens, and session cookies.
• Analytics and performance — help us understand how visitors use our Services. We prefer privacy-first analytics tools (e.g., Plausible, Fathom) that do not build cross-site advertising profiles and do not require cookie consent banners under most jurisdictions. Where we use tools that do require consent, we obtain it before placing cookies.
• Functional — remember your preferences and settings to improve your experience.

We do not currently use third-party advertising or behavioral tracking cookies. If this changes, we will update this policy and, where required by law, obtain your consent.

Most browsers allow you to control cookies through their settings. Restricting cookies may affect the functionality of certain Services.

Our core business involves the development and deployment of AI systems. We are transparent about how personal data interacts with AI features in our products:

• AI-powered features — many of our products use AI models to analyze data and generate outputs (e.g., biomarker pattern recognition, intelligent workflow automation, model monitoring). These features operate on data you provide to receive the Service.
• Model training — we will not use your personal data to train AI models except where (a) the data is aggregated and de-identified such that it cannot reasonably be re-linked to you, (b) you have provided explicit opt-in consent, or (c) we are legally permitted to do so and have disclosed this clearly.
• Automated decisions with legal or significant effects — where any of our Services make automated decisions that produce legal effects or similarly significant consequences for you, we will disclose this clearly in the relevant product documentation and provide a means to request human review.
• Client AI deployments — where we develop or deploy AI systems on behalf of enterprise or government clients, the use of personal data within those systems is governed by our agreement with the client and their applicable data governance policies.

We retain personal information for as long as necessary to fulfill the purposes for which it was collected, to provide our Services, to comply with legal obligations, to resolve disputes, and to enforce our agreements.

Retention periods vary by data type and the nature of our relationship with you:

• Active account data — retained for the duration of your account and a reasonable period thereafter to allow for account recovery and to comply with legal obligations.
• Marketing contact data (waitlists, early access) — retained until you opt out or request deletion, whichever comes first.
• Health data — retained only as long as you maintain an active account for the relevant health service, or as required by applicable health regulations, and deleted promptly upon account closure or valid deletion request.
• Location and trip data — retained for the period necessary for operational and safety purposes, then aggregated or deleted.
• Financial records — retained for the period required by applicable tax and accounting laws (typically 5 to 7 years).
• Server and system logs — retained for security and diagnostic purposes for a limited period, typically no more than 90 days unless a security incident warrants longer retention.
• Enterprise and advisory engagement records — retained in accordance with our contractual obligations and applicable professional standards.

When data is no longer needed, we securely delete or anonymize it. Anonymized data, which can no longer be linked to you, may be retained indefinitely for analytical and research purposes.

Depending on where you are located, you may have rights under applicable data protection law regarding your personal information. We honor these rights across all jurisdictions where they apply, and we extend equivalent rights to users in jurisdictions where they are not legally mandated as a matter of policy.

• Access — request a copy of the personal information we hold about you.
• Correction — request that inaccurate or incomplete information be corrected.
• Deletion — request that we delete your personal information, subject to legal retention obligations and legitimate operational needs.
• Portability — request your data in a structured, machine-readable format where technically feasible.
• Restriction of processing — request that we limit how we process your data in certain circumstances.
• Objection — object to processing based on legitimate interests or for direct marketing purposes.
• Withdraw consent — where processing is based on consent, withdraw that consent at any time without affecting the lawfulness of prior processing.
• Opt out of sale or sharing — if applicable under laws like the CCPA/CPRA, opt out of the sale or sharing of your personal information. Note: we do not sell personal information.
• Non-discrimination — we will not discriminate against you for exercising any of your privacy rights.

To exercise any of these rights, contact us at privacy@aevonix.com. We will respond within the timeframe required by applicable law (typically 30 days, with an extension of up to 60 additional days for complex requests). We may need to verify your identity before processing your request.

Our Services are not directed to individuals under the age of 13, or under the applicable age of digital consent in your jurisdiction (which may be up to 16 in certain EEA member states). We do not knowingly collect personal information from children.

If we learn that we have collected personal information from a child without verified parental consent, we will delete it promptly. If you believe a child has provided us with personal information, contact us at privacy@aevonix.com.

Where specific products or services are designed for contexts that may involve minors (such as educational programs or family-facing features), those products will include appropriate age verification, parental consent mechanisms, and supplemental privacy notices consistent with applicable law.

We implement administrative, technical, and physical safeguards designed to protect personal information from unauthorized access, disclosure, alteration, and destruction. Our security practices reflect the sensitivity of the data we handle and the nature of our business as an AI infrastructure and software company.

• Encryption in transit (TLS) and at rest for stored personal data.
• Access controls, authentication, and authorization enforced on a least-privilege basis.
• Regular security assessments and vulnerability management.
• Internal policies and training on data handling and incident response.
• Data minimization: we collect only what is necessary for the stated purpose.

No system is perfectly secure. If you believe a security incident has affected your data, contact us immediately at privacy@aevonix.com. Where required by applicable law, we will notify affected individuals and relevant authorities of a data breach within the required timeframe.

Our Services may contain links to third-party websites, platforms, or services that we do not control. This policy does not apply to those third parties. We encourage you to review the privacy policies of any third-party services you access through our Services.

Our inclusion of a link does not imply endorsement of a third-party's privacy practices.

We may update this Privacy Policy from time to time. When we do, we will revise the "Last updated" date at the top of this page. For material changes, we will provide a more prominent notice, such as an email notification (if we have your email address) or a notice on the relevant Service.

Your continued use of our Services after a policy update constitutes your acceptance of the revised policy. If you do not agree to the updated policy, you should discontinue use of the affected Service and contact us to request deletion of your data.

For questions, concerns, or requests relating to this Privacy Policy or our data practices, contact us at:

We aim to respond to all privacy inquiries within 5 business days and to complete rights requests within the timeframe required by applicable law.