Legal
Privacy Policy
Last Updated: May 26, 2026
This Privacy Policy describes how Aevius Labs, Inc. and its affiliates (“Aevius,” “we,” “us,” or “our”) collect, use, disclose, and protect personal information in connection with our websites, online services, software, APIs, artificial intelligence features, demos, documentation, events, communications, and related services that link to this Privacy Policy (collectively, the “Platform”).
This Privacy Policy is the public baseline privacy notice for the Platform. It does not replace any separate written agreement, order form, data processing addendum, business associate agreement, product-specific notice, customer agreement, or similar written terms that apply to a customer deployment, enterprise workspace, paid product, partner arrangement, or regulated data processing activity. If there is a conflict between this Privacy Policy and a separate written agreement with Aevius, the separate written agreement controls for the data, services, and use cases it covers.
Important Healthcare Data Notice
The publicly available Platform, including websites, demos, forms, emails, chat, free trials, previews, and evaluation environments, is not intended to receive protected health information, patient-identifiable information, regulated health data, financial account information, government identifiers, biometric identifiers, children’s data, or other sensitive personal information unless Aevius has expressly agreed in a separate written agreement to process that data.
If a business associate agreement, data processing addendum, institutional approval, data-use agreement, consent, authorization, or similar safeguard is required, it must be in place before the applicable data is provided to or processed by Aevius.
Aevius is not acting as a business associate under this Privacy Policy or the public Terms of Service alone. Aevius does not agree to receive, create, maintain, or transmit protected health information unless an authorized Aevius representative has signed a business associate agreement or other applicable written agreement.
Our Role
Aevius may act in different roles depending on the context:
- For our websites, events, marketing, account administration, support, billing, security, and business operations, Aevius generally acts as an independent controller or business deciding how personal information is processed.
- For certain enterprise deployments or customer workspaces, Aevius may act as a processor, service provider, contractor, business associate, or similar role only under a separate written agreement.
- For data that remains in a customer-controlled or third-party environment, the customer or data holder may remain responsible for its own privacy notices, legal basis, consents, authorizations, access permissions, retention, and governance controls.
- Customer-regulated data is processed only under the applicable written customer instructions and required data processing addendum, business associate agreement, or similar written terms, including where Aevius creates, receives, maintains, transmits, or otherwise processes such data in a customer-controlled environment.
Changes to This Privacy Policy
We may update this Privacy Policy from time to time. If we make material changes, we will update the “Last Updated” date above and provide any additional notice required by law. Your continued use of the Platform after an updated Privacy Policy is posted means that you acknowledge the updated Privacy Policy to the extent permitted by law.
Personal Information We Collect
“Personal information” means information that identifies, relates to, describes, or can reasonably be linked to an identifiable person. It does not include information that is deidentified, aggregated, or otherwise not protected as personal information under applicable law.
Where we maintain deidentified information, we will maintain and use it in deidentified form and will not attempt to reidentify it except as permitted by law, to test whether our deidentification processes are effective, or as authorized by an applicable written agreement. Limited data sets, pseudonymized data, coded data, tokenized data, and other data that remains reasonably linkable to an individual may still be personal information, protected health information, or regulated data depending on context and applicable law.
Information You Provide
We may collect personal information that you provide to us, including:
- Contact information, such as name, email address, phone number, company, job title, and mailing address.
- Account information, such as username, password, authentication information, account settings, role, permissions, and organization affiliation.
- Professional and organization information, such as employer, department, professional credentials, institutional affiliation, and business relationship details.
- Communications, such as messages, support requests, form submissions, meeting notes, event registrations, survey responses, call notes, and other communications with us.
- Commercial and transaction information, such as records of subscriptions, purchases, invoices, payment status, order forms, procurement transactions, and related business information.
- Payment information, which may be collected and processed by payment processors on our behalf. We generally do not store full payment card numbers.
- Marketing preferences, such as your preferences for receiving communications from us and information about how you engage with our messages.
- Platform inputs and content, such as prompts, uploaded files, datasets, configuration information, feedback, annotations, queries, and other content you submit to or generate through the Platform, subject to any applicable separate written agreement.
- Feedback, such as comments, ideas, requests, bug reports, suggestions, or other information you provide about Aevius or the Platform.
- Other information that you choose to provide or that we identify at the time of collection.
Information Collected Automatically
We, our service providers, and our business partners may automatically collect information about your device and your activity on the Platform, including:
- Device and browser information, such as IP address, device type, operating system, browser type, device identifiers, language settings, screen resolution, and approximate location derived from IP address.
- Usage information, such as pages or screens viewed, features used, access times, referring pages, clickstream information, session duration, search terms, usage metadata, and interactions with emails or other communications.
- Security and diagnostic information, such as log files, authentication events, error reports, performance data, audit information, and information used to detect abuse, fraud, security incidents, or violations of our terms.
- Cookie and similar technology data, as described below.
Customer and Enterprise Data
If you use the Platform through an organization, customer deployment, enterprise workspace, third-party integration, third-party procurement channel, or customer-controlled environment, we may receive or process personal information as instructed or authorized by the applicable customer or data holder and governed by the applicable written agreement.
Depending on the deployment, some data may remain in a customer-controlled or third-party environment, and Aevius may process only limited metadata, logs, support information, configuration information, usage information, or other data needed to provide, secure, support, monitor, meter, or operate the applicable Services.
Cookies and Similar Technologies
We may use cookies, pixels, local storage, software development kits, and similar technologies to operate the Platform, remember preferences, authenticate users, understand usage, improve performance, protect security, measure communications, and support marketing or analytics. You can control cookies through your browser settings. If you disable cookies, some Platform features may not work properly.
We do not knowingly use third-party advertising pixels or similar technologies for cross-context behavioral advertising on the public Platform unless we provide any legally required notice and choices. Where required by law, we will provide additional cookie choices or honor legally required opt-out preference signals, such as Global Privacy Control, for applicable activities.
Information from Third Parties
We may receive personal information from third parties, including:
- Your employer, organization, administrator, customer sponsor, or other customer that authorizes your use of the Platform.
- Identity providers, single sign-on providers, third-party platforms, and other integrations you or your organization use with the Platform.
- Service providers that help us operate, secure, market, sell, support, or improve the Platform.
- Business partners, event sponsors, advisors, investors, and referral sources.
- Public sources, such as professional websites, conference materials, publications, and public social media profiles.
How We Use Personal Information
We may use personal information for the following purposes:
- Provide and operate the Platform, including to create accounts, authenticate users, deliver features, process transactions, provide support, maintain customer relationships, and provide Services requested by you or your organization.
- Administer customer and organization accounts, including to manage users, roles, permissions, security controls, access, support, usage, metering, billing, and compliance with agreements.
- Communicate with you, including to respond to inquiries, provide notices, send administrative messages, provide support, and contact you about the Platform.
- Personalize and improve the Platform, including to understand usage, diagnose issues, develop new features, improve user experience, evaluate product performance, and improve reliability, subject to the Customer Content restrictions described below and any applicable written agreement.
- Provide AI-enabled features, including to process inputs, generate outputs, operate requested features, evaluate system performance, troubleshoot issues, detect abuse, and improve reliability and safety.
- Conduct research and development, including by creating and using Usage Data, aggregated information, deidentified information, and other non-personal information where permitted by law and applicable agreements.
- Market our business, including to send newsletters, event invitations, product updates, and other communications that may interest you.
- Manage events, partnerships, and business development, including to coordinate meetings, evaluate opportunities, and maintain business records.
- Process payments and manage billing, including to invoice customers, process payment status, maintain transaction records, and collect amounts owed.
- Protect security and prevent misuse, including to detect, investigate, and prevent fraud, cyberattacks, unauthorized access, misuse, illegal activity, and violations of our terms.
- Comply with law and legal process, including to respond to lawful requests, enforce agreements, exercise rights, defend claims, and meet regulatory obligations.
- Complete business transactions, including mergers, acquisitions, financings, reorganizations, diligence, or transfers of assets.
- Use personal information with your consent or as otherwise disclosed at the time of collection.
Artificial Intelligence
Aevius may use artificial intelligence systems and related providers to help provide, secure, evaluate, and operate the Platform. When you use AI-enabled features, the information you submit may be processed to generate outputs, operate the requested feature, monitor reliability, prevent misuse, and support metering and auditability.
Unless a separate written agreement says otherwise, you should not submit protected health information, patient-identifiable information, or other sensitive personal information to AI-enabled features. Aevius does not use Customer Content to train, fine-tune, or improve models except as expressly permitted by an applicable written agreement, product-specific terms, or documented consent. Aevius does not disclose protected health information or sensitive Customer Content to third-party AI providers except as authorized under an applicable written agreement and required subprocessor, data processing, or business associate terms.
We may use Usage Data, deidentified information, aggregated information, and other non-personal information for analytics, security, research, development, operations, and business purposes, provided it does not identify you, your organization, or any individual.
How We Disclose Personal Information
We may disclose personal information to the following categories of recipients:
- Affiliates and related companies, for the purposes described in this Privacy Policy.
- Service providers, contractors, and vendors that help us operate our business, including hosting, cloud infrastructure, authentication, security, analytics, communications, support, billing, payment processing, customer relationship management, marketing, and professional services.
- AI, infrastructure, and technical providers that help us provide, secure, evaluate, or operate AI-enabled features and related Platform functionality, subject to applicable written agreements and required data protection terms.
- Customer organizations, administrators, and authorized users, if your account is provided by or associated with an organization, including to manage access, monitor usage, provide support, enforce agreements, and administer customer workspaces.
- Integration partners and platforms, when you or your organization choose to connect, procure, deploy, or use the Platform through a third-party service, identity provider, platform, procurement channel, or customer-controlled environment.
- Professional advisors, such as lawyers, auditors, insurers, bankers, and consultants.
- Business transaction participants, in connection with a merger, acquisition, financing, reorganization, sale of assets, bankruptcy, diligence process, or similar transaction.
- Law enforcement, regulators, courts, and other parties, when we believe disclosure is necessary or appropriate to comply with law, legal process, or lawful requests, or to protect rights, safety, privacy, security, data, systems, or property.
- Business partners, event partners, or referral sources, where relevant to a relationship you requested or where disclosure is otherwise permitted by law and applicable agreements.
- Other recipients with your consent, at your direction, or as authorized by your organization.
We may disclose aggregated, deidentified, or other non-personal information for lawful business purposes.
Personal Information Summary
The table below summarizes the main categories of personal information we may process. Actual processing depends on how you interact with us, the Services you use, and any applicable written agreement.
| Category | Sources | Purposes | Recipients | Sale/Share Status | Retention Criteria |
|---|---|---|---|---|---|
| Identifiers and contact information | You, your organization, public sources, partners | Account administration, communications, support, sales, security, legal compliance | Service providers, customer organizations, professional advisors, business transaction participants, authorities where required | Not sold for money; not knowingly shared for cross-context behavioral advertising | Relationship duration plus legal, security, and business record needs |
| Account, authentication, and organization information | You, your organization, identity providers, Platform use | Authentication, access control, administration, support, security, billing | Service providers, customer administrators, technical providers | Not sold for money; not knowingly shared for cross-context behavioral advertising | Account duration plus legal, security, and operational needs |
| Commercial and transaction information | You, your organization, payment processors, procurement channels | Orders, billing, payment status, tax/accounting, customer management | Service providers, payment processors, professional advisors | Not sold for money; not knowingly shared for cross-context behavioral advertising | Tax, accounting, legal, and business record periods |
| Usage, device, security, and diagnostic information | Your device, browser, Platform use, service providers | Platform operation, security, troubleshooting, support, analytics, metering, abuse prevention | Service providers, technical providers, customer administrators where applicable | Not sold for money; not knowingly shared for cross-context behavioral advertising | Operational and security needs, then deletion or aggregation where appropriate |
| Communications, feedback, and support information | You, your organization, support and communications tools | Responding to requests, support, product feedback, business records, legal compliance | Service providers, professional advisors, business partners where relevant | Not sold for money; not knowingly shared for cross-context behavioral advertising | Relationship duration plus legal, support, and business record needs |
| Customer Content and customer-regulated data | You, your organization, customer-controlled environments, authorized integrations | Provide, secure, support, monitor, meter, and operate the applicable Services under the applicable agreement | Service providers and subprocessors authorized under applicable agreements; customer administrators; others as directed by the customer or required by law | Not sold for money; not knowingly shared for cross-context behavioral advertising | Applicable agreement, customer settings, technical functionality, and legal requirements |
| Sensitive personal information | Only where provided or authorized under a written agreement | Limited to the applicable authorized purpose, legal compliance, security, and support | Recipients authorized by the applicable agreement or required by law | Not used or disclosed for purposes requiring a right to limit unless required notice and choice are provided | Applicable agreement and legal requirements |
Sale or Sharing of Personal Information
We do not sell personal information for money. We do not knowingly sell or share personal information for cross-context behavioral advertising as those terms are defined under California privacy law. If our practices change in a way that requires an opt-out right under applicable law, we will update this Privacy Policy and provide the required choices.
Your Choices
Account Information
If you have an account, you may be able to review and update certain account information through the Platform. You may also contact us using the information below.
Marketing Communications
You may opt out of marketing emails by using the unsubscribe instructions in the email or by contacting us. You may still receive service-related, transactional, legal, or administrative messages.
Cookies
Most browsers allow you to remove or reject cookies. Your browser settings may affect Platform functionality. Some jurisdictions require additional cookie choices, which we will provide where required.
Do Not Track
Some browsers transmit “Do Not Track” signals. There is not a uniform industry standard for responding to those signals. We currently do not respond to Do Not Track signals, but we will honor legally required browser-based opt-out preference signals where applicable.
Privacy Rights
Depending on where you live, you may have rights regarding your personal information, such as the right to:
- Access or know what personal information we have collected about you.
- Correct inaccurate personal information.
- Delete personal information.
- Receive a portable copy of personal information.
- Opt out of certain processing, such as targeted advertising, sale, sharing, or profiling where applicable.
- Limit certain uses or disclosures of sensitive personal information where applicable.
- Object to or restrict certain processing where applicable.
- Withdraw consent where processing is based on consent.
- Appeal a decision we make about a privacy request where applicable.
To exercise privacy rights, contact us at legal@aevius.ai. We may need to verify your identity before processing your request. Authorized agents may submit requests where permitted by law, but we may require proof of authorization and identity verification.
We will respond to privacy requests within the timeframes required by applicable law. If applicable law gives you a right to appeal our decision, you may appeal by replying to our response or contacting legal@aevius.ai with “Appeal” in the subject line.
If your personal information is processed on behalf of a customer, organization, or data holder, we may refer your request to that customer, organization, or data holder or process it according to the applicable agreement. Where required, we will assist the customer, organization, or data holder with privacy requests according to the applicable data processing agreement, business associate agreement, or similar written terms.
We will not discriminate against you for exercising privacy rights, but some Platform features may require certain information to operate.
California Notice at Collection
This section applies to California residents where California privacy law applies to Aevius.
We may collect the following categories of personal information:
- Identifiers, such as name, email address, phone number, IP address, account identifiers, and business contact information.
- California customer records information, such as contact, billing, and transaction information.
- Commercial information, such as records of products or services purchased, obtained, or considered.
- Internet or electronic network activity information, such as device, log, usage, metering, and interaction information.
- Approximate geolocation information, such as location inferred from IP address.
- Professional or employment-related information, such as job title, employer, and professional affiliation.
- Inferences, such as preferences or business interests inferred from interactions with us.
- Sensitive personal information, only where you provide it or where a separate written agreement authorizes processing. The public Platform is not intended for sensitive personal information.
We collect these categories from the sources described above, use them for the purposes described above, and disclose them to the categories of recipients described above. We retain personal information as described in the “Retention” section below.
We do not use or disclose sensitive personal information for purposes that require a right to limit under California privacy law unless we provide the required notice and choice.
California residents may also request information under California’s “Shine the Light” law regarding certain disclosures of personal information to third parties for their direct marketing purposes. To submit such a request, contact us at legal@aevius.ai with “Shine the Light” in the subject line.
Notice to European and UK Users
This section applies to individuals in the European Economic Area, the United Kingdom, and Switzerland where applicable data protection law applies.
Controller
The controller of personal information covered by this Privacy Policy for our websites, events, marketing, account administration, support, billing, security, and business operations is:
Aevius Labs, Inc.
Attn: Privacy
Boston, Massachusetts, United States
legal@aevius.ai
Where Aevius processes personal information on behalf of a customer, organization, or data holder, that customer, organization, or data holder may be the controller and Aevius may act as processor or another legally defined role under the applicable agreement.
Legal Bases
Our legal bases for processing personal information may include:
- Contract, where processing is necessary to provide the Platform or take steps at your request before entering into a contract.
- Legitimate interests, such as operating, securing, improving, and marketing the Platform, managing business relationships, supporting customer deployments, preventing misuse, and protecting rights, provided those interests are not overridden by your rights and interests.
- Consent, where we ask for consent or where consent is required by law.
- Legal obligation, where processing is necessary to comply with applicable law or legal process.
- Vital interests or public interest, where applicable and permitted by law.
European and UK Rights
Subject to applicable law, you may have rights to access, correct, delete, transfer, restrict, or object to the processing of your personal information, and to withdraw consent where processing is based on consent. You may also have the right to lodge a complaint with a supervisory authority in your jurisdiction.
International Transfers
Aevius is based in the United States. If we transfer personal information from the European Economic Area, the United Kingdom, Switzerland, or another jurisdiction that requires transfer safeguards, we will use safeguards recognized by applicable law, such as standard contractual clauses or another lawful transfer mechanism where required.
Additional European and UK Disclosures
Unless we state otherwise, Aevius has not appointed a data protection officer. If we are required to appoint an EU or UK representative, we will provide the representative’s contact information as required by law.
Providing personal information may be necessary to enter into or perform a contract with us, receive requested Services, comply with legal requirements, or use certain Platform features. If you do not provide required information, we may not be able to provide the requested Services or features.
We do not use personal information collected through the public Platform for solely automated decisions that produce legal or similarly significant effects, unless disclosed in separate terms or notices.
Retention
We retain personal information for as long as reasonably necessary for the purposes described in this Privacy Policy, including to provide the Platform, maintain business records, comply with legal obligations, resolve disputes, enforce agreements, protect security, and fulfill the purposes for which the information was collected. Retention periods vary depending on the type of information, our relationship with you, legal requirements, operational needs, and applicable agreements.
For example, we may keep marketing contact information until you opt out and for a reasonable suppression period afterward, account records for the life of the account and a reasonable period afterward, security and diagnostic logs for a rolling operational period unless needed longer for security or legal reasons, billing and transaction records for tax and accounting periods, and communications for support, legal, and business record needs.
Customer Content and data processed on behalf of a customer, organization, or data holder may be retained, deleted, or returned according to the applicable agreement, customer settings, and technical functionality.
Security
We use reasonable administrative, technical, and organizational measures designed to protect personal information, which may include access controls, logging, encryption, vendor review, vulnerability management, and other safeguards appropriate to the nature of the information and Services. However, no method of transmission or storage is fully secure, and we cannot guarantee absolute security. You and your organization are responsible for configuring your accounts, permissions, integrations, customer-controlled environments, and access controls appropriately.
Children
The Platform is not directed to children under 18, and we do not knowingly collect personal information from children under 18 through the Platform. If you believe a child has provided personal information to us, contact us and we will take appropriate steps.
Third-Party Sites and Services
The Platform may link to or integrate with third-party websites, services, platforms, procurement channels, and applications. We are not responsible for the privacy practices of third parties. Their privacy policies govern their collection and use of personal information.
Contact Us
You may contact us about this Privacy Policy or our privacy practices at:
Aevius Labs, Inc.
Attn: Privacy
Boston, Massachusetts, United States
Email: legal@aevius.ai
Phone: (978) 763-4608