Airefs

Privacy Policy

This Privacy Policy explains how Airefs collects, processes, and protects personal data when you use our API and related services.

1. Introduction

This Privacy Policy explains how Airefs ("we", "us", "our") collects, processes, and protects personal data when you use our API and related services. We are committed to safeguarding privacy, ensuring transparency, and complying with the General Data Protection Regulation (GDPR) and other applicable laws.

2. Data We Collect

When you use our services, we may collect the following:

  • Account data: Name, email address, login credentials.
  • Billing data: Payment information processed securely by third-party providers.
  • Request data: URLs, headers, user-agent strings, and referrer information sent to our API.
  • Traffic information: To generate analytics about AI bot behavior, popular pages, and trends.
  • Technical data: Logs, anonymized IP addresses, and device/browser metadata.

We do not store cookies or authentication headers containing credentials.

3. Legal Basis for Processing

We process data under the following legal bases:

  • Contractual necessity – to deliver Airefs services.
  • Legitimate interests – ensuring secure, effective analytics services (balanced against your rights).
  • Legal obligations – to comply with tax, accounting, and regulatory requirements.
  • Consent – where required, e.g., for optional communications or cookies.

4. How We Use Your Data

We use your information to:

  • Provide analytics and insights into bot activity.
  • Improve our platform and develop new features.
  • Communicate about service updates and provide support.
  • Meet legal and compliance obligations.

We will not use data for incompatible purposes without notifying you.

5. Security & Data Protection

We apply strict security measures, including:

  • Anonymization of IPs and user-agent strings.
  • Encryption of data in transit (TLS) and at rest.
  • Infrastructure protections using Cloudflare and AWS.

6. Data Retention

We keep data only as long as necessary:

  • Account data: retained during the life of the account + 30 days after closure.
  • Analytics/request data: retained for 24 months, then deleted or anonymized.
  • Server logs: retained for 90 days.
  • Billing/legal records: retained for 7 years under Dutch law.

7. Your Rights Under GDPR

You have the following rights:

  • Access – obtain a copy of your personal data.
  • Rectification – correct inaccurate or incomplete data.
  • Erasure – request deletion of data ("right to be forgotten").
  • Restriction – limit how we process your data.
  • Portability – request your data in a machine-readable format.
  • Objection – object to processing in certain circumstances.

To exercise these rights, email us at support@getairefs.com. We will respond within 30 days (extendable to 60 days if necessary).

8. Data Transfers

We primarily store and process data within the European Economic Area (EEA). If transfers outside the EEA occur, we use safeguards such as:

  • Standard Contractual Clauses (SCCs).
  • Adequacy decisions by the European Commission.
  • Binding Corporate Rules, where applicable.

9. Subprocessors

We use vetted third parties to process data securely:

  • Cloudflare – application hosting, data storage, network delivery and security infrastructure.
  • Convex – primary application data storage and processing (all app data except analytics).
  • Tinybird (AWS EU servers) – analytics processing and storage.
  • Polar – payment processing, subscription management, and related financial operations.

All subprocessors are bound by Data Processing Agreements (DPAs) to ensure GDPR compliance.

10. Cookies & Similar Technologies

Our website may use cookies to:

  • Ensure core functionality.
  • Analyze traffic patterns.
  • Improve services.

You may disable cookies in your browser settings, but some site features may be limited.

11. Children's Privacy

Our services are not directed to children under 16 years old. We do not knowingly collect personal data from children. If you believe a child has provided us data, contact us and we will delete it.

12. Data Breach Procedure

In the event of a data breach:

  • We will notify the Dutch Data Protection Authority within 72 hours (if required).
  • We will notify affected individuals without undue delay if the breach poses a high risk.

13. Policy Updates

We may update this Privacy Policy from time to time. Changes will be posted on our website with an updated effective date. For material changes, we will provide additional notice (e.g., email).

15. Contact

For questions, concerns, or rights requests:

Airefs

Box A8379

Keurenplein 41

1069CD Amsterdam

Nederland

Email: support@getairefs.com