Aethrel
Sign in

Legal

Privacy Policy

This policy explains what information Aethrel collects, how it is used, and the choices you have. We aim to be direct and plain about this — not to bury important details in language designed to discourage reading.

Last updated: April 15, 2026

1. Overview

Aethrel (“we,” “us,” or “our”) operates a done-for-you social engagement platform. This Privacy Policy applies to all information collected through the Aethrel platform, website, and related services (collectively, the “Service”).

By creating an account or using the Service, you agree to the collection and use of information as described in this policy. If you do not agree, please do not use the Service.

The Service is intended for business use. If you are using Aethrel on behalf of a company or organisation, you represent that you have authority to bind that entity to this policy.

2. Information we collect

We collect information in three ways: information you provide directly, information generated by your use of the Service, and information from third-party platforms you connect.

Information you provide

Account information

Name, email address, company name, and password when you register.

Billing information

Payment method details are collected and stored by Stripe, our payment processor. We receive only a tokenised reference and basic billing metadata — we never store full card numbers.

Strategy profile

Brand voice guidance, tone instructions, topic limits, example language, competitor references, and any other strategy inputs you provide during onboarding or subsequent updates.

Communications

The content of emails, support requests, or other messages you send us.

Information generated by your use

Activity logs

Records of pipeline actions: discovery runs, drafts generated, review decisions, posts published. Each entry includes a timestamp, actor, and outcome.

Queue and review data

Draft content, policy scores, reviewer notes, approval and rejection records associated with your workspace.

Analytics data

Discovered threads, published replies, engagement signals, and usage patterns within your workspace.

Usage data

Log data including IP address, browser type, pages visited, and session duration when you access the Aethrel web application.

Information from connected platforms

OAuth tokens

When you connect a Reddit or LinkedIn account, we receive an access token that allows Aethrel to post on your behalf. We do not receive your platform password.

Thread content

The text of threads and replies discovered on connected platforms, used to generate drafts and score policy compliance.

Engagement data

Public engagement signals (upvotes, replies, reactions) on posts published through Aethrel, used to populate your analytics.

3. How we use your information

We use the information we collect to:

  • Provide, operate, and maintain the Service — running the discovery, drafting, review, and publishing pipeline on your behalf
  • Process your subscription and manage billing through Stripe
  • Generate AI-assisted reply drafts using your strategy profile and thread context
  • Score drafts against your policy configuration and surface risk signals to reviewers
  • Populate your client analytics portal with activity and engagement data
  • Send operational communications — account updates, billing notifications, and policy-relevant announcements
  • Send product update emails if you have subscribed to them (unsubscribable at any time)
  • Maintain audit logs that you and your operator team can use to trace decisions and publishing outcomes
  • Detect and prevent misuse, fraud, or violations of our Acceptable Use Policy
  • Improve the Service — we may use anonymised, aggregated activity data to understand how the pipeline performs

We do not sell your personal information. We do not use your strategy profile or draft content to train AI models for general use or share them with third parties for purposes outside the operation of your workspace.

4. How we share information

We do not sell, rent, or share your personal information with third parties for their own commercial purposes. We share information only in the following circumstances:

Service providers

We work with a small number of third-party service providers to operate the platform — including our payment processor (Stripe), email delivery infrastructure, and cloud hosting. These providers process information only on our behalf and under contractual obligations consistent with this policy.

AI model providers

Draft generation uses AI language model services. Thread content and strategy profile excerpts are sent to these providers as part of the generation request. These providers are contractually bound to process this data solely for the purpose of responding to the request and are not permitted to use it for model training.

Connected platforms

When a draft is approved and published, the reply content is transmitted to the connected platform (Reddit, LinkedIn, etc.) via the account's authorised access token. This is the intended function of the Service.

Legal requirements

We may disclose information if required to do so by law, court order, or governmental authority, or if we believe in good faith that disclosure is necessary to protect the rights, property, or safety of Aethrel, our clients, or others.

Business transfers

If Aethrel is acquired, merges with another entity, or transfers substantially all of its assets, your information may be transferred as part of that transaction. We will notify you before your information is transferred and becomes subject to a different privacy policy.

5. Platform credentials

Connecting a platform account to Aethrel involves granting the Service permission to post on your behalf via OAuth. We treat this access with particular care:

  • OAuth access tokens are stored encrypted at rest
  • Tokens are used only to execute approved publish actions — we do not read your direct messages, access your followers, or retrieve any account data beyond what is needed to post and retrieve basic engagement metrics on published replies
  • Token access is scoped to the minimum permissions required for the Service to function
  • You may revoke access at any time by disconnecting the account in your platform settings or from within the Aethrel console — revocation takes effect immediately
  • Revoking access stops future publishing; it does not remove previously published replies from the platform

6. Data retention

We retain your information for as long as your account is active and for a reasonable period thereafter to fulfil the purposes described in this policy, comply with legal obligations, resolve disputes, and enforce our agreements.

Account data

Retained while your account is active. Deleted within 90 days of account closure upon request.

Audit logs

Retained for 24 months from the date of the logged action. Audit logs may be retained longer where required for legal compliance.

Draft and queue data

Retained for 12 months from creation. Older drafts and review records are archived and then deleted on a rolling basis.

Analytics data

Retained for 24 months from collection. Aggregated and anonymised analytics may be retained indefinitely.

Billing records

Retained for 7 years from the date of the transaction in accordance with financial record-keeping requirements.

Platform OAuth tokens

Deleted immediately upon account disconnection or workspace closure.

You may request earlier deletion of your personal data by contacting us. Some categories of data — particularly audit logs and billing records — may be subject to mandatory retention periods that limit our ability to delete them immediately.

7. Security

We implement technical and organisational measures to protect your information against unauthorised access, alteration, disclosure, or destruction. These include:

  • Encryption of sensitive data at rest, including OAuth tokens and API credentials
  • Encryption of all data in transit using TLS
  • Access controls limiting which team members can access client workspace data
  • Tenant isolation at the data layer — client workspaces are separated and cannot access each other's data
  • Regular review of security practices as the platform evolves

No method of transmission over the internet or electronic storage is completely secure. While we use commercially reasonable measures, we cannot guarantee absolute security. In the event of a breach that affects your personal information, we will notify you as required by applicable law.

8. Cookies and tracking

Aethrel uses cookies and similar technologies to operate the Service and understand how it is being used.

Session cookies

Used to keep you logged in during a session. These are essential for the Service to function and are deleted when you close your browser.

Authentication tokens

Persistent tokens used to keep you logged in across sessions. Stored in secure, HTTP-only cookies.

Analytics

We may use lightweight, privacy-respecting analytics to understand page visit patterns and feature usage. We do not use advertising tracking cookies or share analytics data with ad networks.

You can configure your browser to refuse cookies, but doing so may prevent you from using the Service. We do not respond to Do Not Track signals at this time, as there is no consistent industry standard for what a response should look like.

9. Your rights

Depending on where you are located, you may have the following rights with respect to your personal information:

Access

You may request a copy of the personal information we hold about you and your workspace.

Correction

You may request that we correct inaccurate or incomplete personal information.

Deletion

You may request deletion of your personal information, subject to retention obligations described in Section 6.

Portability

You may request your data in a structured, commonly used format where technically practicable.

Restriction

You may request that we restrict processing of your personal information in certain circumstances.

Objection

You may object to processing of your personal information where we rely on legitimate interests as the legal basis.

Withdrawal of consent

Where processing is based on consent, you may withdraw that consent at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, contact us at hello@aethrel.com. We will respond within 30 days. We may need to verify your identity before fulfilling a request.

If you are located in the European Economic Area, United Kingdom, or California, additional rights and protections may apply under GDPR, UK GDPR, or the CCPA respectively. We will honour applicable statutory rights regardless of where requests originate.

10. Children

The Service is not directed to, and we do not knowingly collect personal information from, anyone under the age of 18. If you believe we have inadvertently collected information from a minor, please contact us immediately and we will delete it promptly.

11. Changes to this policy

We may update this Privacy Policy from time to time. When we do, we will revise the “Last updated” date at the top of this page. For material changes — changes that meaningfully affect how your information is used — we will provide notice by email to the address associated with your account at least 14 days before the change takes effect.

Continued use of the Service after a policy update constitutes acceptance of the revised policy.

12. Contact

For questions about this Privacy Policy, to exercise your rights, or to report a concern about how your data is being handled:

Aethrel

hello@aethrel.com

Related documents

Terms of Service

The agreement governing your use of Aethrel.

Acceptable Use Policy

What Aethrel may and may not be used for.