Privacy Policy

ASAP RESEARCH LABORATORIES LLC is a Wyoming limited liability company with a registered office at 1603 Capitol Avenue, Suite 413A, 2584, Cheyenne, WY 82001, United States. For all privacy questions, contact privacy@aitelier.org.

When you are the end caller on a call handled by an Aitelier-powered agent, the business that operates the agent is the data controller and Aitelier acts as their processor. When you are the business operator (our customer), Aitelier is the controller for the account, billing, and platform-usage data described below.

Account data: name, email, organisation, role, hashed password / SSO identifiers, communication preferences.

Billing data: company billing details, tax ID, billing email; payment data is collected and stored directly by Stripe — we receive only the last four digits and brand of the card.

Project data: business descriptions, prompts, scenarios, scripts, knowledge base contents, plugin configuration secrets (encrypted at rest).

Session data: phone numbers (caller-side, masked in non-session logs), audio recordings (subject to retention settings), transcripts, structured slots extracted by the agent, tool-call traces, latency metrics, goal outcomes.

Technical data: IP address, user agent, language preference, login timestamps, audit-log entries.

To provide the Service — run inbound and outbound conversations, store scenarios and projects, generate analytics.

To bill for usage and produce compliant invoices from our Wyoming LLC.

To detect and prevent fraud, abuse and breaches of our terms.

To improve the Service — aggregated and de-identified telemetry only.

To comply with applicable law and respond to lawful requests.

Performance of a contract (Art 6(1)(b) GDPR) — for account, project, billing and session data we need to provide the Service.

Legitimate interest (Art 6(1)(f) GDPR) — for fraud prevention, security monitoring, product analytics on aggregated data.

Consent (Art 6(1)(a) GDPR) — when applicable, e.g. for optional marketing communications. You can withdraw consent at any time.

Legal obligation (Art 6(1)(c) GDPR) — for tax, accounting and lawful-request handling.

We use carefully selected sub-processors to deliver the Service. Each is bound by a Data Processing Agreement with confidentiality and security obligations.

Infrastructure: Hetzner Online GmbH (EU data centres), Cloudflare Inc. (CDN, DDoS protection).

Voice & telephony: LiveKit Inc. (real-time media), Twilio Inc. (PSTN connectivity).

AI models: OpenAI, OpenAI Realtime API; Anthropic PBC (Claude); Google LLC (fallback only).

Observability: LangFuse (managed; EU region).

Payments: Stripe Payments Europe Ltd.

Transactional email: Resend Inc. or AWS SES.

A live list of sub-processors is published in our DPA at aitelier.org/dpa.

All primary data — including session data and recordings — is stored in the European Union (Hetzner data centres in Germany / Finland). Backups are kept in the EU. Where a sub-processor processes data outside the EEA (e.g. AI model providers in the United States), we rely on the EU Standard Contractual Clauses (SCCs) plus supplementary measures including encryption in transit and minimal-content prompts.

Account & billing data: for the life of the account plus the retention required by tax and accounting law (typically 7 years).

Project data: for the life of the project; deleted within 30 days of customer deletion.

Session recordings: 90 days by default; configurable per project from 0 (no recording) up to the maximum permitted by law.

Transcripts and structured session metadata: 12 months by default; configurable per project.

Audit logs: 12 months.

Subject to applicable law, you have the right to access, correct, delete, restrict and port your personal data, and to object to processing. To exercise these rights, contact privacy@aitelier.org. We will respond within 30 days.

If you are an EEA / UK / Swiss resident, you also have the right to lodge a complaint with your supervisory authority.

If you are a California resident, you have the rights granted by the California Consumer Privacy Act, including the right to know, the right to delete and the right to opt out of any sale of personal information. We do not sell personal information.

The marketing site (aitelier.org) uses a single first-party local-storage entry to remember your language preference. The platform application (app.aitelier.org) uses essential cookies for authentication and CSRF protection. We do not use third-party advertising or tracking cookies.

We follow a defence-in-depth approach: row-level tenant isolation at the repository layer, encryption in transit (TLS 1.3) and at rest (AES-256), least-privilege access, structured audit logs, mandatory SSO + 2FA for production access. SOC 2 Type I is in progress.

For security questions or to report a vulnerability, write to security@aitelier.org. PGP key available on request.

The Service is not intended for individuals under 16. We do not knowingly collect personal data from children.

We will post material changes to this Policy at aitelier.org/privacy and, where required by law, notify customers by email. Continued use of the Service after the effective date constitutes acceptance.

ASAP RESEARCH LABORATORIES LLC, 1603 Capitol Avenue, Suite 413A, 2584, Cheyenne, WY 82001, United States. Privacy and data protection: privacy@aitelier.org. General legal: legal@aitelier.org.