Privacy Policy

Last updated: March 2026

1. Introduction

Aegori ("we", "us", "our") is committed to protecting your privacy. This policy explains what data we collect, how we use it, and your rights. Aegori is a zero-knowledge platform — we cannot access your encrypted data.

2. Data We Collect

We collect your email address and name (for account creation and communication), payment information (processed by Paddle or Mercado Pago — we do not store card details), usage data such as login timestamps and activity status (for the inactivity detection system), and the names and email addresses of trusted contacts you designate.

3. Data We Cannot Access

Due to our zero-knowledge architecture, we have no access to your encryption password or master key, the contents of your vaults (passwords, notes, seed phrases), your uploaded files (encrypted before upload), or your recovery key. We only store encrypted blobs. Your data is encrypted and decrypted entirely on your device.

4. Cookies

We use only essential cookies required for the service to function. These include authentication session cookies (managed by Supabase Auth, httpOnly, secure) and locale preference. We do not use tracking cookies, analytics cookies, or third-party advertising cookies. No cookie consent banner is required because we only use strictly necessary cookies.

5. Third-Party Data Processors

We use the following services to operate Aegori: Supabase (database, authentication, file storage — hosted in AWS), Paddle (international payment processing), Mercado Pago (payment processing for Argentina), Resend (transactional emails such as inactivity warnings and trusted contact notifications), and Vercel (hosting and serverless functions). These processors only receive the minimum data necessary to provide their services.

6. Data Retention

Your encrypted data is retained as long as your account is active. Upon subscription cancellation, you have 90 days of read-only access. After that, your account is frozen but data is preserved. You may request complete account deletion at any time, which permanently removes all your data from our systems.

7. Your Rights

You have the right to access the personal data we hold about you, request deletion of your account and all associated data, export your unencrypted data (while your encryption keys are active), and withdraw consent for non-essential data processing.

8. Security Measures

We implement industry-standard security measures including AES-256-GCM encryption for all vault data, Argon2id key derivation for password hashing, HTTPS/TLS for all data in transit, Row Level Security (RLS) on all database tables, rate limiting on all public endpoints, and Content Security Policy (CSP) with per-request nonces.

9. Children's Privacy

Aegori is not intended for users under 18 years of age. We do not knowingly collect data from minors.

10. Changes to This Policy

We may update this policy periodically. Material changes will be communicated via email or in-app notification. Continued use after changes constitutes acceptance.

11. Contact

For privacy-related questions or to exercise your rights, contact us at contact@aegori.com.

Privacy Policy - Aegori — Secure Digital Legacy Vault