Legal & Security overview

Quick links

• Terms of Service — the contract you accept by signing up
• Privacy Policy — what we collect, why, who we share with, your rights
• Data Processing Agreement — auto-effective for Team+ tiers; counter-signable on request
• Sub-processors — every third-party that handles your data, named

Built in the open

We publish a changelog. We run a status page. We have a security mailbox.

• Public changelog — aeoniti.com/changelog
• Status page — aeoniti.com/status
• Security disclosure — [email protected] (we respond within 1 business day; we won't pursue legal action against good-faith researchers)

Your data, your control

We treat customer data the way we'd want our own treated.

• SOC 2 Type II — in progress; report expected Q1 2027. Evidence packages available on request to enterprise prospects via [email protected].
• DPA — auto-effective for Team+ tiers; counter-signable on letterhead within 5 business days. See DPA.
• EU + US data residency — Q4 2026. Until then all tenants live in our primary EU region (Paris).
• Encryption at rest + transit — TLS 1.3 everywhere; AES-256-GCM for sensitive tokens; daily encrypted backups.
• Multi-tenant isolation — Postgres row-level security enforced at the database layer.

Bring your own data

Read-only integrations and exportable data, at every tier. No lock-in, ever.

• Read-only Google Search Console integration (OAuth refresh tokens encrypted at rest)
• Export everything via API at any tier
• Account closure: 30 days to export, 90 days backup expiry, then everything but tax records is deleted

Contact

Built in Mumbai + Paris. A small team that takes pricing honestly.

• General — [email protected]
• Security — [email protected]
• Legal & DPA — [email protected]
• Privacy & DPO — [email protected]