Privacy Policy

Last updated: March 21, 2026

1. Introduction

Acalytica ("we", "us", "our") operates Aha, an AI-powered agency operating system. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

2. Information We Collect

Account Information

Name, email address, organization name, role, and profile picture provided during registration during registration.

Content You Provide

Campaign briefs, brand guidelines, creative assets, copy, workflow configurations, and other materials you upload or create within the Service.

Usage Data

Pages visited, features used, AI agent interactions, search queries, and performance metrics to improve the Service.

Technical Data

IP address, browser type, device information, and cookies for authentication and analytics purposes.

3. How We Use Your Information

  • Provide, maintain, and improve the Service
  • Process AI agent requests using your briefs and brand guidelines as context
  • Send transactional emails (approvals, assignments, campaign alerts)
  • Analyze usage patterns to improve features and performance
  • Detect and prevent fraud or abuse
  • Comply with legal obligations

4. AI Processing & Your Data

When you use AI agents, your briefs, brand guidelines, and conversation context are sent to Anthropic's Claude API for processing. Key commitments:

  • No training: Your data is not used to train AI models. Anthropic's API usage policy prohibits training on API inputs.
  • Data isolation: Each organization's data is isolated. Your brand guidelines and creative are never shared with other organizations.
  • Audit logging: All AI agent interactions are logged for your review in the audit trail.
  • Retention: AI conversation data is retained for 90 days for debugging and audit purposes, then deleted.

5. Data Storage & Security

Your data is stored securely using:

  • Database: Neon PostgreSQL with encryption at rest and in transit
  • File storage: Cloudflare R2 with server-side encryption
  • Authentication: Better Auth with secure session management
  • Hosting: Vercel with automatic SSL/TLS

All data is transmitted over HTTPS. We implement organization-level data isolation at the database query level — every query is scoped by organization ID.

6. Data Sharing

We do not sell your personal information. We share data only with:

  • Service providers: Anthropic (AI), Neon (database), Cloudflare (storage), Vercel (hosting), Sentry (error tracking)
  • Connected platforms: Ad platforms (Meta, Google, etc.) only when you explicitly connect them and authorize data exchange
  • Legal requirements: When required by law, subpoena, or to protect our rights

7. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access and receive a copy of your personal data
  • Rectify inaccurate personal data
  • Request deletion of your personal data
  • Object to or restrict processing of your personal data
  • Data portability — export your data in a machine-readable format
  • Withdraw consent at any time

To exercise these rights, contact privacy@acalytica.com.

8. Cookies

We use essential cookies for authentication (session cookie) and optional analytics cookies (PostHog). You can disable analytics cookies in your browser settings without affecting Service functionality.

9. Data Retention

We retain your data for as long as your account is active. Upon account deletion, we remove your personal data within 30 days. Some data may be retained longer for legal compliance or legitimate business purposes (e.g., billing records for 7 years).

10. Children's Privacy

The Service is not intended for users under 16 years of age. We do not knowingly collect personal information from children.

11. Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of material changes via email or in-app notification at least 30 days before the changes take effect.

12. Contact

For privacy-related inquiries:
Acalytica
Email: privacy@acalytica.com