Privacy Policy
Aerca ("Aerca", "we", "us", or "our") develops autonomous finance-operations software tailored for agencies and professional service firms. This Privacy Policy outlines our robust protocols regarding the collection, processing, protection, and retention of Personally Identifiable Information (PII) and corporate financial data. We maintain strict compliance with global data protection standards to ensure your information is safeguarded.
1. Scope of Applicability
This Privacy Policy applies to all individuals and corporate entities interacting with the Aerca ecosystem. This includes visitors to our public website, applicants to our waitlist or founding cohort, and registered agencies utilizing the Aerca platform upon public availability.
2. Data Collection and Categorization
2.1. Information Provided Directly by You
- Account and Registration Data: When you join the waitlist or reserve a founding seat, we collect your full name, corporate email address, agency name, and operational metrics including team size, operational challenges, software stack, and estimated revenue leakage.
- Payment and Billing Information: Securing a founding reservation requires a one-time $79 USD fully refundable deposit. Payment processing is exclusively handled by Stripe, a Level 1 PCI-DSS certified provider. Aerca receives cryptographic confirmation tokens and limited billing metadata (such as the last four digits of the card and expiration date) but never processes or stores your full primary account number (PAN) on our servers.
- Communications Data: We securely log and retain correspondence initiated through our contact forms, direct emails, or customer support channels to facilitate issue resolution and quality assurance.
2.2. Information Acquired via Authorized Third-Party Integrations
Upon platform launch, linking Aerca to external software providers (such as QuickBooks, Xero, Harvest, or Toggl) requires explicit authorization via secure OAuth protocols. Our system is provisioned with strictly read-only access scopes. We analyze required financial and operational telemetry, including invoice statuses, tracked hours, project scopes, and account balances, to deliver our core automated insights. We never request, intercept, or store your underlying credentials for these third-party platforms.
2.3. Automated Telemetry and Usage Metrics
- Technical Infrastructure Data: We automatically log infrastructure metrics including IP addresses (which are anonymized prior to storage), browser user-agent strings, referring URLs, and device identifiers to ensure platform security and optimize performance.
- Marketing Attribution: We utilize standard UTM parameters and campaign identifiers to accurately measure the efficacy of our marketing and acquisition channels.
- Cookies and Tracking Technologies: Please refer to Section 8 for detailed disclosures on our deployment of essential and analytics cookies.
3. Utilization of Collected Data
We process your data strictly for legitimate commercial and operational purposes, including:
- Facilitating waitlist management, processing founding cohort applications, and delivering initial Cash-Flow Teardown analyses.
- Engineering, securing, and deploying the core Aerca software platform and algorithmic models.
- Processing financial transactions, issuing refunds, and maintaining auditable billing records.
- Providing technical support, responding to inquiries, and issuing critical administrative notices.
- Aggregating anonymized usage telemetry to iteratively improve platform architecture and user experience.
- Monitoring against fraudulent activities, unauthorized access attempts, and ensuring strict regulatory compliance.
4. Legal Bases for Processing (GDPR and UK GDPR Compliance)
For individuals residing within the European Economic Area (EEA) and the United Kingdom, our processing of your personal data relies on the following lawful bases: Consent (specifically when opting into marketing communications or the waitlist), Contractual Necessity (to fulfill the obligations of the founding access reservation), Legitimate Interests (for the secure administration and enhancement of our business operations), and Legal Obligation (for financial auditing and statutory compliance).
5. Information Sharing and Sub-processors
Aerca categorically does not sell, rent, or lease your personal or corporate data to data brokers or advertisers. Furthermore, your financial data is strictly partitioned and is never utilized to train third-party or public Artificial Intelligence models. We disclose data exclusively to heavily vetted sub-processors bound by strict confidentiality agreements:
- Payment Gateways: Stripe for secure financial transaction processing.
- Communication Infrastructure: Formspree for the secure routing of contact inquiries.
- Analytics Providers: Google Analytics for anonymized traffic analysis and platform diagnostics.
- Cloud Infrastructure: Vercel and similar top-tier cloud providers for secure application hosting and data storage.
- Authorized Integrations: Accounting and time-tracking providers explicitly connected by your agency administrators.
We reserve the right to disclose information to public authorities if legally compelled by a valid subpoena, court order, or binding regulatory mandate, or during a formal corporate restructuring, merger, or acquisition (in which case you will receive prior notification).
6. Data Retention Protocols
We retain PII and corporate data only for the duration necessary to fulfill the purposes outlined in this policy or as strictly required by applicable commercial and tax laws. Waitlist registrations and contact records are retained until you execute your right to erasure. Upon account termination or withdrawal, operational data is systematically purged from our active databases and rolling backups.
7. User Rights and Data Subject Access Requests (DSAR)
Depending on your jurisdiction, you possess comprehensive rights concerning your personal data. These include the right to access, rectify, port, or erase your data, as well as the right to restrict processing or withdraw previously granted consent. To execute a Data Subject Access Request, please contact our privacy team via the contact form on our homepage. We are committed to responding to all verified requests within the statutory timeframes mandated by applicable law.
8. Cookies and Session Management
Our platform utilizes localized cookies and equivalent session management technologies to maintain authentication states, secure user sessions, and aggregate anonymous traffic patterns. You maintain full control over non-essential cookies via your browser preferences. Restricting analytics cookies will not impede your access to the core platform functionalities.
9. International Data Transfers
Aerca operates globally. Data processed by Aerca and our sub-processors may be transferred to, and maintained on, servers located outside your state, province, or country, including the United States. When transferring data from the EEA or the UK, we rely on legally validated transfer mechanisms, including Standard Contractual Clauses (SCCs), to ensure equivalent levels of protection.
10. Enterprise Security Posture
We deploy institutional-grade security measures to defend your data against unauthorized access. This includes TLS 1.3 encryption for data in transit, AES-256 encryption for data at rest, and strict zero-trust internal access controls. While no digital infrastructure can guarantee absolute invulnerability, our protocols are aligned with industry best practices and we are actively engineering our architecture to achieve SOC 2 Type II compliance.
11. Children's Privacy
Aerca provides strictly B2B enterprise software. Our Services are not directed at, nor do we knowingly collect personal information from, any individual under the age of eighteen (18).
12. Policy Modifications
We reserve the right to amend this Privacy Policy to reflect technological advancements, regulatory changes, or evolving business practices. Updated iterations will be published on this URL. Material revisions will be communicated directly to registered users via email.
13. Contact Information
For inquiries regarding this Privacy Policy, your data rights, or our security practices, please direct your correspondence to our compliance team using the contact form on our homepage.