Privacy Policy

1. Scope of Applicability

This Privacy Policy applies to all individuals and corporate entities interacting with the Aerca ecosystem. This includes visitors to our public website, applicants to our waitlist or founding cohort, and registered agencies utilizing the Aerca platform upon public availability.

2. Data Collection and Categorization

2.1. Information Provided Directly by You

2.2. Information Acquired via Authorized Third-Party Integrations

Upon platform launch, linking Aerca to external software providers (such as QuickBooks, Xero, Harvest, or Toggl) requires explicit authorization via secure OAuth protocols. Our system is provisioned with strictly read-only access scopes. We analyze required financial and operational telemetry, including invoice statuses, tracked hours, project scopes, and account balances, to deliver our core automated insights. We never request, intercept, or store your underlying credentials for these third-party platforms.

2.3. Automated Telemetry and Usage Metrics

3. Utilization of Collected Data

We process your data strictly for legitimate commercial and operational purposes, including:

4. Legal Bases for Processing (GDPR and UK GDPR Compliance)

For individuals residing within the European Economic Area (EEA) and the United Kingdom, our processing of your personal data relies on the following lawful bases: Consent (specifically when opting into marketing communications or the waitlist), Contractual Necessity (to fulfill the obligations of the founding access reservation), Legitimate Interests (for the secure administration and enhancement of our business operations), and Legal Obligation (for financial auditing and statutory compliance).

5. Information Sharing and Sub-processors

Aerca categorically does not sell, rent, or lease your personal or corporate data to data brokers or advertisers. Furthermore, your financial data is strictly partitioned and is never utilized to train third-party or public Artificial Intelligence models. We disclose data exclusively to heavily vetted sub-processors bound by strict confidentiality agreements:

We reserve the right to disclose information to public authorities if legally compelled by a valid subpoena, court order, or binding regulatory mandate, or during a formal corporate restructuring, merger, or acquisition (in which case you will receive prior notification).

6. Data Retention Protocols

We retain PII and corporate data only for the duration necessary to fulfill the purposes outlined in this policy or as strictly required by applicable commercial and tax laws. Waitlist registrations and contact records are retained until you execute your right to erasure. Upon account termination or withdrawal, operational data is systematically purged from our active databases and rolling backups.

7. User Rights and Data Subject Access Requests (DSAR)

Depending on your jurisdiction, you possess comprehensive rights concerning your personal data. These include the right to access, rectify, port, or erase your data, as well as the right to restrict processing or withdraw previously granted consent. To execute a Data Subject Access Request, please contact our privacy team via the contact form on our homepage. We are committed to responding to all verified requests within the statutory timeframes mandated by applicable law.

8. Cookies and Session Management

Our platform utilizes localized cookies and equivalent session management technologies to maintain authentication states, secure user sessions, and aggregate anonymous traffic patterns. You maintain full control over non-essential cookies via your browser preferences. Restricting analytics cookies will not impede your access to the core platform functionalities.

9. International Data Transfers

Aerca operates globally. Data processed by Aerca and our sub-processors may be transferred to, and maintained on, servers located outside your state, province, or country, including the United States. When transferring data from the EEA or the UK, we rely on legally validated transfer mechanisms, including Standard Contractual Clauses (SCCs), to ensure equivalent levels of protection.

10. Enterprise Security Posture

We deploy institutional-grade security measures to defend your data against unauthorized access. This includes TLS 1.3 encryption for data in transit, AES-256 encryption for data at rest, and strict zero-trust internal access controls. While no digital infrastructure can guarantee absolute invulnerability, our protocols are aligned with industry best practices and we are actively engineering our architecture to achieve SOC 2 Type II compliance.

11. Children's Privacy

Aerca provides strictly B2B enterprise software. Our Services are not directed at, nor do we knowingly collect personal information from, any individual under the age of eighteen (18).

12. Policy Modifications

We reserve the right to amend this Privacy Policy to reflect technological advancements, regulatory changes, or evolving business practices. Updated iterations will be published on this URL. Material revisions will be communicated directly to registered users via email.

13. Contact Information

For inquiries regarding this Privacy Policy, your data rights, or our security practices, please direct your correspondence to our compliance team using the contact form on our homepage.