Skip to content
AperioTry FP&A free

Legal

Privacy Policy

Last updated: April 25, 2026

Your data is yours. This policy explains what we collect, how we use it, and the controls you have over it. We've optimized for clarity over legalese.

1. What we collect

Account data: name, email, company, and billing information.

Usage data: how you interact with the services — pages visited, features used, device and browser metadata. We use this to improve the product.

Customer data: the financial information, models, and content you upload. We treat this as your data, not ours.

2. How we use it

To provide, maintain, and improve the services. To communicate with you about your account, billing, and product updates. To comply with legal obligations.

We do not sell your data. We do not use your customer data to train public AI models. Model-finetuning on customer data, if any, is opt-in at the workspace level and always documented.

3. Who we share with

Infrastructure subprocessors: Supabase (database, auth), Vercel (hosting), Resend (transactional email), Lemon Squeezy (billing). Each operates under binding data-processing terms.

AI subprocessors: Anthropic and OpenAI for model inference. Customer data sent to these providers is processed under their respective DPAs and is not retained for training.

We will disclose data when legally required. When we receive a lawful request, we will notify the affected customer unless prohibited.

4. How we store it

Data is encrypted in transit (TLS 1.2+) and at rest (AES-256). Access is limited to employees with a need to know, subject to role-based access controls and audit logs.

Data residency: production data is stored in US regions by default. EU residency is available for Team and enterprise customers.

5. How long we keep it

For active accounts, as long as the account is active.

After account closure, we retain data for 30 days to enable export, then delete it from production. Backup purges complete within 90 days. Legal/financial records may be retained longer where required by law.

6. Your rights

Access, correct, or delete your personal information at any time through workspace settings or by contacting us.

Data export is available in JSON or CSV format on request.

EU/UK residents have additional rights under GDPR, including the right to object to processing and to lodge a complaint with a supervisory authority.

7. Cookies and tracking

We use first-party cookies for authentication and preference storage. We use product analytics (PostHog) and minimal error monitoring to improve the services. No third-party advertising cookies.

You can opt out of analytics from your workspace settings.

8. Children

Aperio is not intended for users under 16. We do not knowingly collect data from children.

9. Changes

Material changes to this policy will be communicated by email and notice in-product at least 30 days before taking effect.

Questions?

Contact us at privacy@aperio.finance.