Privacy Policy

This Privacy Policy applies to:

• Marketing Website (aion.xyz): Discovery and information
• Platform (console.aion.xyz): GPU compute services
• Pre-signup Browsing: Anonymous GPU catalog access
• Authenticated Services: Full platform functionality
• Support and Documentation: docs.aion.xyz, status.aion.xyz, api.aion.xyz

We are committed to protecting your privacy while delivering high-performance GPU infrastructure services. This Policy explains our data practices and your rights regarding personal information in the context of cloud computing and AI infrastructure management.

With Consent Only:

• Google Analytics 4 data (page views, session duration)
• Marketing pixel data (Meta, LinkedIn campaigns)
• UTM parameters (source, medium, campaign, term, content) for attribution tracking
• No personal data collected without explicit consent

Anonymous Catalog Access:

• GPU availability viewing patterns
• Pricing calculator usage
• Region and SKU preferences
• No identity or personal data collection

Upon Signup:

• Email address (required for waitlist)
• Company name (optional)
• Workload intent and use case

Enrichment via Folk CRM:

• Firmographic data (company size, industry)
• Technographic signals (current stack)
• Not shared with marketing pixels or third parties

Account Information:

• Name, email address, password (encrypted)
• Organization details, tax ID, billing address
• Verification documents for KYC compliance

Full Platform Telemetry:

• PostHog session recordings and analytics
• Resource usage metrics and patterns
• API call logs and patterns
• Stripe billing and payment data
• Intercom support interactions

Through your use of our GPU compute platform, we collect:

• Resource Usage: GPU hours, compute cycles, storage consumption
• Instance Data: Configuration settings, deployment regions, instance types
• Project Information: Project names, descriptions, resource allocations
• SSH Keys: Public keys for secure instance access
• Firewall Rules: Security configurations for your resources
• API Usage: Endpoint calls, request patterns, rate limits

For billing purposes, we collect:

• Payment Method: Credit card details (processed by Stripe)
• Billing History: Invoices, payment records, usage statements
• Credit Information: Credit limits, payment terms
• Tax Information: VAT numbers, tax exemption certificates

We automatically collect:

• Infrastructure Metrics: Resource performance, availability, latency
• Error Logs: System errors, failed provisioning attempts
• Security Events: Login attempts, access patterns, anomaly detection
• Platform Performance: Response times, throughput, reliability metrics

When you interact with our support team:

• Support Tickets: Issue descriptions, correspondence, resolutions
• Feedback: Feature requests, bug reports, suggestions
• Training Materials: Usage of documentation, tutorials accessed
• Community Participation: Forum posts, knowledge base contributions

We use your information to:

• Provision Resources: Deploy and manage GPU instances
• Manage Access: Authenticate users and enforce permissions
• Process Billing: Calculate usage, generate invoices, process payments
• Provide Support: Resolve technical issues, answer questions
• Maintain Infrastructure: Ensure platform availability and performance

Your data helps us:

• Optimize Performance: Improve provisioning times and resource allocation
• Develop Features: Build new capabilities based on usage patterns
• Enhance Security: Detect and prevent unauthorized access
• Improve Reliability: Identify and resolve infrastructure issues
• Customize Experience: Tailor the platform to your workflow

We communicate with you about:

• Service Updates: Maintenance windows, new features, changes
• Security Alerts: Suspicious activity, required actions
• Billing Notifications: Invoices, payment reminders, usage alerts
• Product Announcements: New GPU types, regions, capabilities
• Educational Content: Best practices, optimization tips (opt-in)

We process data to:

• Meet Legal Obligations: Comply with laws and regulations
• Enforce Terms: Ensure compliance with our Terms of Service
• Prevent Abuse: Detect and prevent fraudulent or harmful activities
• Respond to Legal Requests: Handle subpoenas, court orders
• Protect Rights: Defend our legal interests and intellectual property

• Providing GPU compute services
• Processing payments and billing
• Managing your account and projects
• Delivering customer support

• Platform Analytics: PostHog tracking necessary for performance of our contract with you
• Infrastructure Monitoring: Essential for cloud platform operation
• Security: Threat detection and fraud prevention
• Service Improvements: Performance optimization based on usage patterns

Note: We cannot use legitimate interest for marketing cookies – those require consent.

• Compliance with data protection laws
• Tax and financial reporting requirements
• Responding to legal processes
• Export control and sanctions compliance

• Marketing communications to prospects
• Optional analytics and tracking
• Beta feature participation
• Research and development activities

We do not sell, rent, or trade your personal information. We share data only when necessary for service delivery or legal compliance.

We share data with providers who help us operate:

• Infrastructure Partners: GPU providers, data centers
• Payment Processor: Stripe for all billing operations
• Analytics: PostHog for platform analytics (essential service)
• Support: Intercom for customer service
• CRM: Folk for lead enrichment and segmentation
• Marketing Analytics: Google Analytics, Meta, LinkedIn, Twitter/X (consent-based)
• Security Services: DDoS protection, threat detection
• Consent Management Platform: CookieYes – Google-certified CMP for GDPR compliance

We may share information when required:

• Legal Compliance: To comply with laws and regulations
• Legal Process: In response to subpoenas, warrants, court orders
• Emergency Situations: To protect safety and prevent harm
• Rights Protection: To protect our rights and property
• Breach Notification: To Indian Data Protection Board for all breaches regardless of risk level

We maintain GDPR-compliant DPAs with all sub-processors:

• PostHog: DPA available at posthog.com/dpa
• Stripe: Incorporated in Services Agreement
• Intercom: Standard DPA with EU SCCs
• Folk CRM: GDPR-compliant processor agreement
• CookieYes: DPA available at cookieyes.com/dpa

Enterprise customers may request copies by contacting [email protected].

In the event of a merger, acquisition, or sale:

• Your information may be transferred to the successor entity
• We will notify you before any transfer occurs
• The successor will be bound by this Privacy Policy

We implement industry-standard security measures:

• Encryption: AES-256 encryption at rest, TLS 1.3 in transit
• Access Controls: Role-based access, multi-factor authentication
• Network Security: Firewalls, intrusion detection, DDoS protection
• Infrastructure Security: Isolated environments, secure key management
• Monitoring: 24/7 security monitoring and incident response

Our security program includes:

• Security Policies: Comprehensive data protection procedures
• Employee Training: Regular security awareness training
• Access Restrictions: Limited access on need-to-know basis
• Vendor Management: Security assessments of service providers
• Incident Response: Established breach notification procedures (within 72 hours to authorities per GDPR, without undue delay to users)

You play a crucial role in security:

• Maintaining strong, unique passwords
• Enabling multi-factor authentication
• Protecting API keys and credentials
• Reporting suspicious activities promptly
• Following security best practices

We retain data based on:

• Active Accounts: Throughout your subscription period
• Billing Records: 7 years for tax and accounting purposes
• Consent Records: 2 years from consent date
• Usage Logs: 90 days for operational data
• Security Logs: 1 year for incident investigation
• Support Records: 3 years after ticket closure
• Deleted Projects: 30 days recovery period

Upon account termination:

• Instance data is immediately terminated
• Account data is retained for 90 days for recovery
• Billing records are retained per legal requirements
• You may request immediate deletion (subject to legal obligations)

Depending on your location, you have rights to:

• Access: Request a copy of your personal data
• Correction: Update inaccurate information
• Deletion: Request removal of your data
• Portability: Receive data in machine-readable format
• Restriction: Limit how we process your data
• Objection: Opt-out of certain processing
• Withdraw Consent: Revoke previously given consent

To exercise your rights:

• Dashboard: Access and update most information
• Email: [email protected]
• API: Programmatic data export available
• Support: File a privacy request ticket

We respond to requests within 30 days, or 45 days for complex requests with notice.

California residents have additional rights:

• Right to know categories and sources of data collected
• Right to know business purposes for collection
• Right to non-discrimination for exercising rights
• Right to opt-out of data sales (we don't sell data)

EU/EEA residents have enhanced rights:

• Explicit consent requirements for processing
• Right to lodge complaints with supervisory authorities
• Right to object to automated decision-making
• Enhanced data portability rights

Indian residents have rights under the Digital Personal Data Protection Act:

• Right to access personal data in structured format
• Right to correction and erasure of personal data
• Right to grievance redressal
• Right to nominate a digital nominee
• Consent withdrawal at any time (may affect service availability)

Your data may be processed in:

• United States (primary processing)
• European Union (regional deployments)
• Your selected GPU deployment regions
• Support centers globally

We ensure appropriate protection through:

• Standard Contractual Clauses: EU-approved mechanisms
• Data Processing Agreements: With all sub-processors
• Security Measures: Consistent global security standards
• Access Controls: Regional data isolation where required

We use automated systems for:

• Resource Allocation: Optimizing GPU assignments
• Fraud Detection: Identifying suspicious activities
• Performance Optimization: Workload distribution
• Anomaly Detection: Security threat identification

You can request human review of automated decisions that significantly affect you, such as account suspension or credit limit determinations.

We will notify you of material changes via:

• Email to your registered address
• Platform dashboard notifications
• 30-day advance notice for significant changes

Continued platform use after changes constitutes acceptance of the updated policy.

For privacy-related questions:

Privacy Team
AION Technologies Inc.
Email: [email protected]
Response Time: Within 48 hours

Data Protection Officer
Email: [email protected]

Headquarters
AION Technologies Inc.
1450 Broadway
New York, NY 10018
United States

EU Representative
To be appointed. For EU data protection matters, contact [email protected]

Note: As an infrastructure provider (IaaS), we are not required to appoint a DPO under Article 37 GDPR as our core activities do not involve large-scale systematic monitoring of data subjects. We maintain a dedicated privacy team for all data protection matters.

Data Protection Officer for India
To be appointed when required under DPDPA. Contact [email protected]

To file a privacy complaint:

• Contact [email protected]
• Receive acknowledgment within 48 hours
• Investigation completed within 30 days
• Escalation to DPO if unsatisfied

You may lodge complaints with:

• Your local data protection authority
• California Privacy Protection Agency (CPPA)
• European Data Protection Supervisor

Cookie Policy – Detailed cookie information

Terms of Service – Platform usage terms