Privacy Policy

We collect account information, workspace membership, organization settings, billing identifiers, audit logs, support communications, product analytics, and operational metadata needed to run the service.

Customer-configured AI system records, traces, eval results, incidents, compliance workflows, and evidence artifacts are processed to provide TrustOps features.

Raw trace input and output storage is disabled by default and is controlled by workspace settings. Summaries, metadata, risk flags, costs, latency, provider names, and internal IDs may be stored to power observability and evidence workflows.

LLM analytics content capture remains disabled unless an approved privacy decision, customer disclosure, redaction process, and retention control are in place.

Sentry may receive application errors, route names, release information, and redacted diagnostic context. PostHog may receive product events, masked session replay, structured logs, and LLM analytics metadata when enabled.

Secrets, API keys, bearer tokens, auth cookies, webhook URLs, Lemon Squeezy signatures, database URLs, raw request bodies, prompts, completions, and payment details must not be sent to observability vendors.

We use data to authenticate users, enforce workspace access, provide product features, process billing, detect abuse, debug incidents, improve reliability, and meet security and compliance obligations.

We do not sell customer data. We do not use customer AI trace content to train third-party models.

Workspace data is retained while the workspace is active and according to configured product retention policies. Raw trace payload retention is controlled separately from trace metadata.

Deletion requests should be routed through support. Deletion may exclude records that must be retained for security, audit, billing, fraud prevention, or legal obligations.

AegisRail uses scoped API keys, hashed key storage, organization-scoped authorization, audit logs, encrypted outbound webhook secrets, production security headers, and monitored operational jobs.

Customer administrators are responsible for configuring workspace access, API key rotation, raw trace retention settings, and approved integration destinations.