Legal

Privacy Policy

Effective: April 24, 2026 · Last updated: April 24, 2026 · AERIOX LLC, Jupiter, FL

AERIOX LLC ("AERIOX," "we," "us," or "our") operates AERIOX Studio, an AI-powered creative operating system, and the website at aeriox.co. This Privacy Policy explains how we collect, use, store, and protect your personal information when you use our Platform (together, the "Services").

We are committed to transparency and minimizing data collection. We only collect what is necessary to provide and improve our service.

Overview
What Data We Collect
How We Use Your Data
Third-Party Services
Data Storage
Cookie Policy
Your Rights
Children's Privacy
Data Retention
Security Measures
International Data Transfers
Changes to This Policy
Contact

1. Overview

This Privacy Policy covers data collected when you visit aeriox.co, use AERIOX Studio at create.aeriox.co, or otherwise interact with the Services.

2. What Data We Collect

2.1 Account Information

Name and email address (required for registration).
Profile picture (optional).
Authentication credentials (managed via Supabase Auth).
Account preferences and settings.

2.2 Generated Content

Scripts, prompts, and text content you create.
Images, videos, and audio files generated through the Platform.
Project metadata (titles, descriptions, tags).
Brand assets and configurations.

2.3 Usage Analytics

Feature usage patterns (which tools you use, session duration).
Credit consumption history.
Error logs and performance data (via Sentry).
Device type, browser, and operating system.

2.4 Payment Information

Billing details are processed and stored by Stripe. We do not store credit card numbers, CVV codes, or full card details on our servers.
We retain transaction records (plan type, amount, date) for billing purposes.

3. How We Use Your Data

Service operation: To provide, maintain, and improve AERIOX Studio's features and functionality.
AI model improvement: Anonymized and aggregated usage data may be used to improve our AI pipelines and generation quality. You can opt out of AI training data contribution at any time through your account settings.
Billing and payments: To process subscriptions, credit purchases, and manage your account balance.
Communication: To send transactional emails (receipts, account changes), security alerts, and product updates. You can unsubscribe from non-essential communications at any time.
Safety and security: To detect and prevent fraud, abuse, and violations of our Terms of Service.
Legal compliance: To comply with applicable laws, regulations, and legal processes.

4. Third-Party Services

AERIOX Studio integrates with the following third-party services to operate. Each service has its own privacy policy:

Service	Purpose	Data Shared
Supabase	Authentication, database, storage	Account data, project data
Stripe	Payment processing	Billing information
FAL.ai	Image & video generation	Prompts, generation parameters
ElevenLabs	Voice synthesis	Text for voice generation
Cloudflare R2	Asset storage & CDN	Generated media files
Sentry	Error tracking & monitoring	Error logs, stack traces
Inngest	Background job processing	Job metadata
Resend	Transactional email	Email address, email content

We do not sell your personal data to any third party. Data shared with these services is limited to what is necessary for their function.

5. Data Storage

Database: Account data, project metadata, and application state are stored in Supabase Postgres with Row Level Security (RLS) ensuring users can only access their own data.
Media assets: Generated images, videos, and audio files are stored in Cloudflare R2 object storage with signed URLs for secure access.
Region: Primary data is stored in US data centers. If you are located in the EU/EEA, see Section 11 regarding international transfers.

6. Cookie Policy

AERIOX Studio uses minimal cookies. We do not use advertising or third-party tracking cookies.

Authentication session cookie: Required to keep you logged in. This is a first-party, secure, HTTP-only cookie that expires when your session ends or after a set period of inactivity.
No tracking cookies: We do not use Google Analytics, Facebook Pixel, or any similar third-party tracking tools.
No advertising cookies: We do not serve ads or share data with advertising networks.

7. Your Rights

We support user data rights in compliance with GDPR (EU), CCPA (California), and similar privacy regulations. You have the right to:

Access: Request a copy of all personal data we hold about you.
Correction: Request correction of inaccurate or incomplete personal data.
Deletion: Request deletion of your personal data and account. We will process deletion requests within 30 days.
Export: Request an export of your data in a portable, machine-readable format (JSON).
Opt out of AI training: Opt out of having your anonymized data used to improve AI models.
Restrict processing: Request that we limit how we process your data.
Withdraw consent: Withdraw consent for data processing at any time where consent is the legal basis.

To exercise any of these rights, contact us at joshua@aeriox.co. We will respond within 30 days.

8. Children's Privacy

AERIOX Studio is not intended for children under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that we have collected data from a child under 13 without parental consent, we will promptly delete that information.

If you are a parent or guardian and believe your child has provided us with personal information, contact us at joshua@aeriox.co.

9. Data Retention

Account data: Retained for the lifetime of your account plus 30 days after deletion.
Generated content: Retained until you delete it or close your account. Permanently removed within 30 days of account deletion.
Usage analytics: Aggregated analytics are retained indefinitely. Individual session data is retained for 90 days.
Payment records: Retained for 7 years as required by tax and financial regulations.
Error logs: Retained for 90 days via Sentry.

10. Security Measures

We implement industry-standard security measures to protect your data:

All data in transit is encrypted via TLS 1.3.
Data at rest is encrypted using AES-256.
Row Level Security (RLS) in Supabase ensures data isolation between users.
API keys and secrets are managed through environment variables and never exposed to clients.
Regular security reviews and dependency audits.
Signed URLs for all media asset access with expiration.
Rate limiting and abuse detection on all API endpoints.

No system is 100% secure. If you discover a security vulnerability, please report it to joshua@aeriox.co.

11. International Data Transfers

If you access AERIOX Studio from outside the United States, your data may be transferred to and processed in the United States. We rely on standard contractual clauses and/or your explicit consent as the legal basis for such transfers, in compliance with GDPR.

12. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email and/or a prominent notice on the Platform at least 30 days before they take effect. The "Last updated" date at the top of this page reflects the most recent revision.

13. Contact

For privacy-related questions, data requests, or concerns, contact us at:

AERIOX LLC

Jupiter, Florida

Email: joshua@aeriox.co

Data Protection Contact: Joshua Henderson