Privacy Policy
Last updated: 18 March 2026
1. Who we are
Aletis (“Aletis”, “we”, “us”, or “our”) operates the Aletis AI research platform accessible at aletis.ai. We are the data controller for personal data processed through this service.
Our legal entity details will be updated here once formally incorporated. Until then, the data controller is the operator of aletis.ai.
Privacy contact: For all data protection enquiries, please write to [email protected].
2. Personal data we collect
We collect the following categories of personal data:
Account data
Email address (required), display name (optional), profile image (optional, from OAuth). Collected when you create an account.
Research data
Research criteria and prompts you enter, AI-generated research files, session metadata (model used, timestamps, status). Collected when you use the research service.
Billing data
Stripe customer ID, subscription ID, and plan status. Payment card details are held exclusively by Stripe — we never see or store your full card number.
Usage data
Number of research sessions used per billing period, for plan limit enforcement. We do not collect behavioural analytics, page views, or usage telemetry beyond this.
We do not collect IP addresses for tracking purposes, do not use cookies beyond those strictly necessary for authentication, and do not use any third-party analytics or advertising trackers.
3. How and why we process your data
Under the General Data Protection Regulation (GDPR), we must have a lawful basis for each processing activity. Here is our basis for each:
| Purpose | Data used | Lawful basis |
|---|---|---|
| Create and manage your account | Email, name, image | Contract (Art. 6(1)(b)) |
| Deliver research sessions and store results | Research criteria, AI output, session data | Contract (Art. 6(1)(b)) |
| Process payments and manage subscriptions | Email, Stripe IDs, plan status | Contract + Legal obligation (Art. 6(1)(b)+(c)) |
| Send transactional emails (login links, receipts) | Contract (Art. 6(1)(b)) | |
| Enforce usage limits per plan | Usage count, billing period | Contract (Art. 6(1)(b)) |
| Security monitoring and fraud prevention | Account activity | Legitimate interests (Art. 6(1)(f)) |
| Retain billing records for tax compliance | Transaction records | Legal obligation (Art. 6(1)(c)) |
We do not use your data for direct marketing or profiling. We rely on consent only where no other basis applies; we do not bundle consent with account creation.
4. AI processing and Anthropic
Aletis is powered by Claude Code, an AI system developed by Anthropic, PBC. When you start a research session, your research criteria and any follow-up messages are sent to Anthropic's API to generate responses.
Model training: Anthropic does not use API customer data to train or fine-tune its AI models. Your research content is not used to improve Claude. This is governed by Anthropic's API usage policy.
AI accuracy: AI-generated research output may be incomplete, inaccurate, or outdated. We do not review or verify the content of AI-generated reports before they are delivered to you. You should independently verify any factual claims before relying on them. AI output does not constitute professional legal, financial, medical, or other regulated advice.
No automated decisions: Aletis does not make automated decisions that produce legal or similarly significant effects on you within the meaning of Article 22 GDPR. The AI generates research content for your review; all decisions based on that content are made by you.
5. Third-party processors
We share personal data with the following processors who act on our instructions. We have or will have Data Processing Agreements in place with each.
| Processor | Role | Location | Transfer basis |
|---|---|---|---|
| Anthropic | AI inference (Claude API) | USA | Standard Contractual Clauses |
| Stripe | Payment processing | USA | EU-US Data Privacy Framework |
| Resend | Transactional email delivery | USA | Standard Contractual Clauses |
| OAuth authentication (optional) | USA | EU-US Data Privacy Framework | |
| Supabase | Database hosting (PostgreSQL) | EU (eu-central-1) | Standard Contractual Clauses / DPA |
| Railway | Application infrastructure and file storage | USA | Standard Contractual Clauses |
We do not sell your personal data to third parties. We do not share your data with advertisers.
6. International data transfers
Some of our processors are based in the United States. We transfer personal data to the US on the following bases:
- EU-US Data Privacy Framework (DPF): For processors certified under the DPF adequacy decision adopted by the European Commission on 10 July 2023 (currently Stripe, Google).
- Standard Contractual Clauses (SCCs): For processors not covered by the DPF adequacy decision, we rely on the European Commission's standard contractual clauses (Commission Implementing Decision 2021/914) incorporated into Data Processing Agreements with those processors.
7. How long we keep your data
| Category | Retention period |
|---|---|
| Account data (email, name, image) | Duration of account. Deleted within 30 days of account deletion. |
| Research files and criteria | Duration of account. You may delete individual sessions at any time. All research deleted within 30 days of account deletion. |
| Billing and transaction records | 7 years from date of transaction, as required by applicable tax law. |
| Authentication sessions and tokens | Expire automatically per session. Cleared immediately on logout. |
| Usage records | Duration of account. Deleted with account. |
8. Your rights
Under GDPR, you have the following rights with respect to your personal data. To exercise any of these rights, email us at [email protected]. We will respond within one calendar month.
Right of access
Request a copy of the personal data we hold about you.
Right to rectification
Request correction of inaccurate or incomplete personal data.
Right to erasure
Request deletion of your personal data where it is no longer necessary for its original purpose, or where you withdraw consent. Some data may need to be retained for legal obligations (e.g., billing records).
Right to restriction
Request that we restrict processing of your data while its accuracy or our lawful basis is contested.
Right to data portability
Receive your personal data in a structured, machine-readable format and transfer it to another controller, where processing is based on contract or consent and carried out by automated means.
Right to object
Object to processing based on our legitimate interests. We will cease unless we can demonstrate compelling legitimate grounds that override your interests.
Rights regarding automated decisions
Not be subject to decisions based solely on automated processing that produce legal or similarly significant effects. Aletis does not make such decisions.
Right to complain
Lodge a complaint with a supervisory authority. You may contact the data protection authority in your country of residence.
You may also delete your account and all associated data at any time through your profile settings, without needing to contact us.
9. Cookies and tracking
We use only strictly necessary cookies: a session cookie to keep you logged in. We do not use analytics cookies, advertising cookies, tracking pixels, or any third-party behavioural tracking. No cookie banner is required because we do not use non-essential cookies.
10. Children
Aletis is intended for professional use by adults. We do not knowingly collect personal data from individuals under the age of 16. If you are under 16, do not use this service without parental or guardian consent. If you believe we have inadvertently collected data from a minor, please contact us and we will delete it promptly.
11. Changes to this policy
We may update this Privacy Policy from time to time. We will notify you by email at least 30 days before any material change takes effect. The current version is always available at this page. Continued use of the service after the effective date constitutes acceptance of the updated policy.
12. Contact us
For any questions about this Privacy Policy or to exercise your rights, contact us at:
Aletis
Email: [email protected]
See also: Terms of Service