Aphelion · Legal

Privacy Policy

Effective 11 June 2026 · Last updated 11 June 2026
Privacy PolicyTerms of ServiceAcceptable Use PolicyDisclaimerPair Privacy SupplementIris Content & AI Policy

01Who we are

This Privacy Policy explains how Aphelion ("Aphelion", "we", "us", "our") collects, uses, and protects your information when you use the Aphelion Account and our family of products and websites (together, the "Services").

Aphelion is operated as a sole proprietorship based in India. For the purposes of applicable data-protection law, Aphelion is the data controller (or equivalent) for personal data processed through the Services. You can reach us at privacy@aphelion.world.

02Scope & the products this covers

One Aphelion Account opens every product. This policy applies across the suite, including Andromeda, Pair, Pulse, Tribes, Zeus, Iris, Easel, Maven, Vade, Loom, Polaris, and Aphelion Tools, together with aphelion.world and related subdomains.

Two products handle data in distinctive ways and have their own supplements that add to (and, where they conflict, override) this policy: the Pair Privacy Supplement (end-to-end encryption) and the Iris Content & AI Policy (AI image generation).

03Information we collect

Information you provide

  • Account information — when you create an Aphelion Account, your authentication is handled by our identity provider (Clerk). This typically includes your name, email address, and login credentials.
  • Content you create — notes, tasks, messages, photos, images, prompts, posts, and other material you add to a product.
  • Payment information — where paid features are offered, billing is handled by a third-party payment processor; we do not store full card numbers.
  • Communications — messages you send us for support or feedback.

Information collected automatically

  • Usage & device data — limited technical information such as device/browser type, approximate region, pages viewed, and timestamps, used to operate and secure the Services.
  • Cookies & local storage — see Cookies & local storage below.

04How we use information

We use personal data to:

  • provide, maintain, and improve the Services;
  • authenticate you and keep your account secure;
  • personalise your experience (for example, ranking your Pulse feed);
  • operate AI features you choose to use;
  • communicate with you about updates, security, and support;
  • detect, prevent, and address fraud, abuse, and security issues; and
  • comply with legal obligations.
Where the EU/UK GDPR applies, our legal bases are: performance of a contract (to provide the Services), legitimate interests (to secure and improve them), consent (for optional features such as certain analytics, which you may withdraw), and legal obligation.

05AI features & how your inputs are handled

Several products use artificial intelligence. When you use an AI feature, the inputs you submit (such as a prompt, an image, or a question) are sent to the compute or model provider that powers that feature — for example serverless GPU infrastructure (Modal) for Iris, or large-language-model providers for assistant and summarisation features.

We use these providers to process your request and return a result. We do not use the private content you create in the Services to train our own foundation models, and we ask our providers not to use it to train theirs except as needed to deliver the feature. AI output can be inaccurate or unexpected — see the Disclaimer.

06Local-first & encrypted products

Andromeda is local-first: much of your productivity data is stored on your own device or browser and is not necessarily transmitted to or held by us.

Pair is end-to-end encrypted: your messages and photos are encrypted on your device, and we store only encrypted data we cannot read. See the Pair Privacy Supplement.

07How we share information

We do not sell your personal information. We share it only:

  • with service providers (sub-processors) who operate the Services under contract;
  • to comply with the law or a valid legal request, and to protect rights, safety, and security;
  • in a business transfer (e.g. merger or acquisition), with notice; and
  • in aggregated or de-identified form that cannot reasonably identify you.

Our sub-processors

ClerkAccount authentication & identity
Amazon Web ServicesCloud storage & hosting (incl. encrypted Pair media)
RailwayApplication hosting
ModalServerless GPU compute for Iris image generation
LLM providers (e.g. Anthropic)AI assistant, summarisation & generation features
Payment & email providersBilling and transactional email, where applicable

08Cookies & local storage

We use cookies and similar technologies (including browser local storage) to keep you signed in, remember preferences, and understand usage.

  • Essential — required for sign-in, security, and core functionality. These cannot be switched off.
  • Preferences — remember choices such as theme.
  • Analytics — help us understand usage in aggregate; used only where permitted.

You can control cookies through your browser settings. Blocking essential cookies may break parts of the Services.

09Data retention

We keep personal data for as long as your account is active or as needed to provide the Services, then for a reasonable period to meet legal, accounting, security, or dispute-resolution needs. You can ask us to delete your data as described below; some records may be retained where the law requires.

10Security

We use technical and organisational measures appropriate to the risk — including encryption in transit, encrypted storage for sensitive content, access controls, and reputable infrastructure providers. No method of transmission or storage is perfectly secure, and we cannot guarantee absolute security.

11International data transfers

We operate from India and use providers that may process data in other countries, including the United States and the European Union. Where personal data is transferred across borders, we rely on appropriate safeguards (such as standard contractual clauses) where required by law.

12Your rights & choices

Subject to applicable law, you may have the right to:

  • access the personal data we hold about you;
  • correct inaccurate data;
  • delete your data;
  • port your data to another service;
  • object to or restrict certain processing; and
  • withdraw consent where processing is based on consent.

By region

  • India (DPDP Act, 2023) — you may exercise the rights of a Data Principal, including access, correction, and erasure, and may nominate another person to act on your behalf. Our Grievance Officer can be reached at privacy@aphelion.world.
  • EU / UK (GDPR) — you have the rights listed above and may lodge a complaint with your local supervisory authority.
  • California (CCPA/CPRA) — you may request access and deletion and may opt out of "sale" or "sharing" of personal information. We do not sell your personal information.

To exercise any right, email privacy@aphelion.world. We will verify your request and respond within the timeframe the law requires.

13Children

The Services are not directed to children. You must be at least 13 years old (or the minimum age of digital consent in your country) to use the Services, and at least 18 to use mature features such as those in Iris. We do not knowingly collect personal data from children below the applicable age; if you believe we have, contact us and we will delete it.

14Changes to this policy

We may update this Privacy Policy from time to time. When we make material changes, we will revise the date below and, where appropriate, notify you. Your continued use of the Services after an update means you accept the revised policy.

15Contact us

Questions, requests, or grievances about privacy can be sent to:

Privacy & Grievance Officerprivacy@aphelion.world
General legallegal@aphelion.world
EntityAphelion (sole proprietorship), India