Privacy Policy

Last Updated: March 18, 2026

AO Cyber Systems, LLC (“AO Cyber Systems,” “we,” “us,” or “our”) is headquartered in Brunswick, Maine. We build privacy-first technology and believe your data is sacred. This Privacy Policy describes how we collect, use, store, and protect your information when you use our websites, products, and services, including AODex, AOSentry, Eden Platform, AOFamily, and DevFlow (collectively, the “Services”).

Our core commitment: We never train on your data. We never monetize your data. We never sell your data. When you pay for our products, you are the customer, not the product.

Information We Collect

Information You Provide Directly

Account Information. When you create an account, we collect your name, email address, and payment information necessary to provide the Services.
Profile and Workspace Data. Content you create within our Services, including conversations, knowledge bases, documents, personas, and configurations. This data belongs to you.
Communications. Information you provide when you contact us for support, request data room access, submit inquiries, or otherwise communicate with us.
Investor Inquiries. If you request access to our investor data room, we collect your name, email address, firm name, and role.

Information Collected Automatically

Usage Data. We collect anonymized, aggregate usage metrics such as feature usage frequency, session duration, and error rates. These metrics contain no personally identifiable information and are used solely to improve product reliability and performance.
Log Data. Our servers automatically record information including IP address, browser type, operating system, referring URL, pages visited, and timestamps. Log data is retained for security and operational purposes only.
Cookies. Our website uses only essential cookies required for site functionality, such as session management and security tokens. We do not use advertising cookies, tracking pixels, or third-party analytics that profile user behavior.

Information We Do Not Collect

We do not collect biometric data.
We do not collect geolocation data beyond what is present in standard server logs.
We do not use third-party advertising or behavioral tracking technologies.
AOFamily does not collect data from children for any purpose other than delivering the requested service to the parent account holder.

How We Use Your Information

We use the information we collect for the following purposes and no others:

Providing the Services. Operating, maintaining, and delivering the features and functionality of the products you subscribe to.
Account Administration. Managing your account, processing payments, and communicating with you about your subscription.
Security and Fraud Prevention. Detecting, investigating, and preventing security incidents, fraud, and abuse.
Product Improvement. Using anonymized, aggregate usage data to improve reliability, performance, and user experience. Individual user data is never used for this purpose.
Legal Compliance. Complying with applicable laws, regulations, and legal processes.
Customer Support. Responding to your requests, questions, and feedback.

We do not use your data to:

Train artificial intelligence or machine learning models
Build user profiles for advertising or behavioral targeting
Sell, rent, or trade your personal information to third parties
Conduct surveillance or behavioral analysis of individual users

How We Protect Your Data

Security is foundational to our architecture, not an afterthought.

Post-Quantum Cryptography. AOSentry implements CNSA 2.0 compliant cryptography using ML-KEM for key encapsulation and ML-DSA for digital signatures, protecting data against both current and future quantum computing threats.
PII Tokenization. AOSentry automatically detects and tokenizes personally identifiable information before it reaches any third-party AI provider, then reverse-tokenizes in responses. PII never leaves your perimeter.
Encryption. All data is encrypted in transit using TLS 1.3 and at rest using AES-256 or equivalent post-quantum algorithms.
Access Controls. We implement role-based access controls, audit logging, and the principle of least privilege across all systems.
Infrastructure Security. Our infrastructure is hosted in secure, SOC 2 compliant environments with continuous monitoring, intrusion detection, and incident response procedures.

We do not sell, rent, or trade your personal information. We share data only in the following limited circumstances:

AI Model Providers. When you use AI features, your prompts are routed through AOSentry’s security gateway to third-party AI model providers. All prompts are scrubbed of PII through tokenization before reaching any provider. We select providers based on their data handling commitments and contractual obligations not to train on customer inputs.
Payment Processors. We use third-party payment processors to handle billing. We do not store full credit card numbers on our servers.
Service Providers. We engage a limited number of service providers who assist with infrastructure hosting, email delivery, and customer support. All service providers are bound by contractual obligations to protect your data and use it only for the purposes we specify.
Legal Requirements. We may disclose information if required to do so by law, regulation, subpoena, court order, or other governmental request. Where permitted, we will notify you before making such disclosures.
Business Transfers. In the event of a merger, acquisition, or sale of assets, your information may be transferred. We will provide notice before your data becomes subject to a different privacy policy.

We will never share your data for advertising, marketing, or profiling purposes.

Data Retention

Account Data. We retain your account information for as long as your account is active or as needed to provide the Services. Upon account deletion, we permanently delete your personal data within 30 days, except where retention is required by law.
Workspace Content. Conversations, knowledge bases, documents, and other content you create within the Services are retained only while your account is active. You may export or delete this data at any time.
Log Data. Server logs are retained for up to 90 days for security and operational purposes, then permanently deleted.
Anonymized Data. Aggregate, anonymized usage statistics that cannot be linked to any individual may be retained indefinitely.

Your Rights and Choices

Regardless of your location, we provide the following rights to all users:

Access. You may request a copy of the personal data we hold about you.
Correction. You may request correction of inaccurate or incomplete personal data.
Deletion. You may request deletion of your personal data, subject to legal retention requirements.
Data Portability. You may export your data at any time in standard formats including Markdown, PDF, and JSON. Your data is always portable and accessible.
Objection. You may object to specific uses of your data where applicable.
Account Closure. You may close your account at any time. Upon closure, all personal data and workspace content will be permanently deleted within 30 days.

To exercise any of these rights, contact us at privacy@aocyber.com. We will respond to all requests within 30 days.

For California Residents (CCPA)

Under the California Consumer Privacy Act, California residents have additional rights including the right to know what personal information is collected, the right to delete personal information, and the right to opt out of the sale of personal information. We do not sell personal information.

If you are located in the European Economic Area, the United Kingdom, or Switzerland, we process your personal data on the legal bases of contract performance, legitimate interest, and your consent where applicable. You have the additional right to lodge a complaint with your local data protection authority.

For Users Under 18 (AOFamily)

AOFamily is designed to be managed by parents and guardians. Children’s accounts are created and controlled by the parent account holder. We do not knowingly collect personal information directly from children under 13 without verified parental consent. All data generated through AOFamily is accessible to and controlled by the parent account holder.

Self-Hosted Deployments

Certain products, including AOSentry and Eden Platform, offer self-hosted deployment options. When you self-host, your data resides entirely on your own infrastructure. AO Cyber Systems has no access to self-hosted data unless you explicitly grant access for support purposes. This Privacy Policy applies only to data processed through our cloud-hosted Services.

Third-Party Links

Our website and Services may contain links to third-party websites or services. We are not responsible for the privacy practices of third parties. We encourage you to review the privacy policies of any third-party services you access.

Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. We will notify you of material changes by posting the updated policy on our website and updating the “Last Updated” date. For significant changes, we will provide additional notice through email or in-product notification.

Your continued use of the Services after changes become effective constitutes your acceptance of the revised policy.

Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, contact us at:

AO Cyber Systems, LLC Brunswick, Maine

Privacy inquiries: privacy@aocyber.com
General inquiries: contact@aocyber.com
Legal inquiries: legal@aocyber.com