Skip to content
AethosHub
Support
PricingRequest Demo
PricingRequest Demo

Privacy documentation

Privacy notice

Last updated: 2 July 2026 · Version 2026-07-02

AethosHub builds software whose entire purpose is to keep sensitive data under its owner's control, and we hold ourselves to the same standard. We collect the minimum personal data needed to run this website and respond to you, we do not sell it, we do not run advertising, and we do not use it for marketing without your separate consent.
ProductAethosHub
Version2026-07-02
UpdatedLast updated: 2 July 2026
ContentsScope of this noticeOur commitmentsInformation we collectHow we use it and legal basesSharing and disclosureRetentionYour rightsData inside our productsSecurityInternational transfersChildren's dataThird-party linksLegal disclosures & business transfersChanges to this noticeContact & grievance redressal

Scope of this notice

This notice describes how AethosHub Pvt Ltd (“AethosHub”, “we”, “us”) handles personal data in connection with this website (aethoshub.com), our enquiry forms, and — at a high level — our products, AgentAccessManager and APIKeyOps. For personal data submitted through this site, AethosHub is the data controller under the EU/UK General Data Protection Regulation (GDPR) and the data fiduciary under India's Digital Personal Data Protection Act, 2023 (DPDP Act).

Where a customer runs our products in their own environment, that customer — not AethosHub — controls the data those products process. That distinction is explained in Data inside our products.

Our commitments

  • We collect only what a stated purpose requires, and we say what that purpose is at the point of collection.
  • We do not sell personal data, share it with data brokers, or run third-party advertising or advertising cookies on this site.
  • We do not add you to marketing lists on the back of a sales enquiry. Marketing requires your separate, explicit consent.
  • We do not make automated decisions about you and we do not profile you.
  • We honour verified requests to access, correct, or delete personal data within the timelines the applicable law sets.
Part I — Website visitors and prospective customers

Information we collect

Information you give us

When you submit the Get a Quote or Request a Demo form, we collect your full name, work email address, company name, and anything you optionally write in the message field. Each field exists so that we can reply to you with a relevant answer; we deliberately do not ask for phone numbers, job titles, or company size. If you email us directly, we hold the correspondence you send.

Information collected automatically

Our enquiry forms set no advertising or analytics cookies and attach no tracking identifiers, IP address, or browser fingerprint to your submission. Like nearly all websites, our web servers keep short-lived technical logs (IP address, requested URL, timestamp) for security monitoring and reliability; these logs are routinely rotated, are not used to profile visitors, and are not linked to form submissions.

Information from third parties

We do not buy contact lists or enrich your details from data brokers or social networks.

How we use it and legal bases

We use enquiry data solely to:

  • respond to the request you made — preparing a quote, scheduling a demo, or answering a question;
  • maintain a record of that correspondence while it remains relevant; and
  • protect the site and our systems against abuse.

Under the GDPR we rely on your consent (Article 6(1)(a)), on taking steps you request prior to a contract (Article 6(1)(b)), and — for security logging — on our legitimate interest in keeping the service secure (Article 6(1)(f)). Under the DPDP Act we process enquiry data on the basis of the consent you give via the form checkbox (section 6). You may withdraw consent at any time as easily as you gave it by emailing privacy@aethoshub.com; withdrawal does not affect processing that took place before it.

Sharing and disclosure

Enquiry data is stored on infrastructure we operate and is accessible only to the AethosHub people who handle sales enquiries. We do not pass it to third-party CRMs, mailing platforms, or analytics vendors. It may be disclosed only to professional advisers where necessary, or where the law requires it, as described in Legal disclosures & business transfers.

Retention

  • Enquiry submissions: kept while your request is being handled, and no longer than 12 months from our last contact with you, then deleted.
  • Web server security logs: rotated on a short cycle measured in days to weeks.
  • Consent records: each stored submission carries the consent timestamp and the version of this notice that applied, kept for as long as the submission itself.

Ask us to delete your enquiry sooner and we will, unless a legal obligation requires us to keep it.

Your rights

Depending on the law that applies to you, you have the right to:

  • obtain confirmation that we process your personal data, access it, and receive a summary of the processing (GDPR Art. 15; DPDP s. 11);
  • have inaccurate data corrected, incomplete data completed, and outdated data updated (GDPR Art. 16; DPDP s. 12);
  • have your data erased and your consent withdrawn (GDPR Art. 17; DPDP ss. 6, 12);
  • restrict or object to processing, and receive your data in a portable, machine-readable format (GDPR Arts. 18, 20, 21);
  • nominate another individual to exercise your rights in the event of death or incapacity (DPDP s. 14); and
  • a readily available means of grievance redressal (DPDP s. 13).

To exercise any of these, email privacy@aethoshub.com. We verify the request and respond within the statutory timeline. If you remain unsatisfied, you may complain to the Data Protection Board of India (DPDP Act) or to the supervisory authority in your EU/UK member state (GDPR).

Part II — Data inside our products

Data inside our products

Our products are built so that sensitive data stays with its owner. What flows through them — prompts, model responses, API credentials, usage records, audit trails — belongs to the customer operating them, who acts as the data controller. AethosHub does not see, collect, or receive that data in the ordinary course of business.

  • AgentAccessManager is self-hosted: it runs entirely inside the customer's own infrastructure. Provider keys are encrypted at rest within the customer's deployment, and no telemetry about gateway traffic is sent to AethosHub.
  • APIKeyOps stores API credentials as AES-256-GCM ciphertext within the customer's deployment. Demonstration environments are seeded with fictitious data.
  • Where a customer asks us to assist with support or operations and that involves access to their environment, we act on their documented instructions as a data processor, under our Data Processing Addendum. Countersigned copies are available via privacy@aethoshub.com.
Part III — General

Security

We apply the same engineering discipline to our own systems that we sell to customers: encryption in transit, encrypted storage of secrets, least-privilege access to systems holding enquiry data, and audit trails on administrative access. No method of transmission or storage is perfectly secure, but we design so that a single failure does not expose personal data.

International transfers

Enquiry data is stored on infrastructure we control. Where personal data is transferred across borders, we do so only with safeguards recognised by the applicable law — for the GDPR, standard contractual clauses or an adequacy decision; for the DPDP Act, in accordance with government notifications on permitted transfers.

Children's data

This website and our products are directed at businesses and are not intended for children. We do not knowingly collect personal data from anyone under 18. If you believe a child has provided us personal data, contact us and we will delete it.

Third-party links

This site links to external sites, including our product domains and social networks. Their privacy practices are governed by their own notices, which we encourage you to read.

Legal disclosures & business transfers

We may disclose personal data where a law, regulation, legal process, or enforceable government request requires it, or where disclosure is necessary to investigate fraud or protect the rights and safety of AethosHub, our customers, or the public. If AethosHub is involved in a merger, acquisition, or asset sale, personal data will remain subject to the commitments of this notice, and we will notify you before it becomes subject to a different one.

Changes to this notice

When this notice changes, the version date at the top changes with it, and every stored submission keeps a record of the version that applied when it was made. For material changes we will provide at least 30 days' notice on this page before the change takes effect.

Contact & grievance redressal

Privacy questions, rights requests, and grievances are handled by our Grievance Officer (DPDP Act, s. 13) and data protection contact: privacy@aethoshub.com. We acknowledge grievances promptly and resolve them within the period prescribed by law. Commercial questions belong at Get a quote or Request a demo.

AethosHub

AethosHub builds enterprise AI control infrastructure across API key governance, provider routing, virtual access, audit, and guardrails.

CompanyCompany informationSecurityPricingGet a quoteRequest a demo
ProductsAgent Access ManagerAPIKeyOps30-day evaluation
ServicesImplementationSupport requestSupport SLADocumentation
LegalPrivacy NoticeData Processing AddendumWebsite TermsPaid Software AgreementEvaluation Agreement
Social
© 2026 AethosHub Pvt LtdPrivacy · Terms