Ayliea

Privacy Policy

Effective date: February 24, 2026

1. Introduction

Ayliea ("we", "our", "us") operates the Ayliea marketing website at ayliea.com and provides AI Security Assessment consulting services (collectively, the "Service"). This Privacy Policy explains what information we collect, how we use it, how we protect it, and your rights regarding it.

By using the Service, you agree to the collection and use of information in accordance with this policy.

2. Information We Collect

2.1 Contact & Scheduling Data

When you use our contact form or schedule a scoping call, we collect your name, email address, organization, phone number (if provided), and the content of your message. Scheduling is handled through Cal.com; see their privacy policy for their data practices.

2.2 Consulting Engagement Data

During consulting engagements, we collect information about your organization's AI tools, data flows, security controls, and compliance posture as part of the assessment process. This data is covered by the engagement agreement and NDA executed between Ayliea and your organization.

2.3 Technical Data

We automatically collect limited technical data necessary to operate the website:

  • Device type and browser version
  • Pages visited and referral source
  • Crash reports and error logs (sanitized to exclude personal data)

2.4 Newsletter Subscription Data

When you subscribe to our newsletter, we collect your email address. Your email is stored with our email service provider, Resend, as a contact in our subscriber list. We use this email address to send you a one-time welcome email and periodic newsletter content about AI security insights, compliance updates, and risk management guidance.

Unsubscribe and preferences links included in each email contain a cryptographically signed token that embeds your email address. These tokens expire after 90 days and cannot be forged or reused. You can unsubscribe at any time using the link in every email, through the email preferences page, or by contacting us at privacy@ayliea.com.

2.5 Data We Do Not Collect

We do not collect:

  • Location data
  • Contact lists or address books
  • Browsing history outside the Service
  • Financial information (payment processing is handled by third-party processors)
  • Biometric data

3. How We Use Your Information

  • Respond to inquiries — reply to contact form submissions and schedule scoping calls
  • Deliver consulting services — conduct assessments, produce deliverables, and provide advisory support as defined in your engagement agreement
  • Service communications — send essential notifications about your engagement, deliverables, and service updates
  • Newsletter communications — send AI security insights and company updates to subscribers who have opted in
  • Improve the Service — analyze aggregate, anonymized usage patterns on our website to improve content and user experience

4. Data Protection

  • Encryption in transit — all data is transmitted over HTTPS/TLS
  • Non-disclosure agreements — all consulting engagements are conducted under strict NDAs that protect your organization's data
  • Access controls — engagement data is accessible only to authorized Ayliea personnel involved in your assessment
  • Sanitized logging — error logs never contain passwords, tokens, personal data, or raw error objects

5. Data Sharing

We do not sell, rent, or share your personal data with third parties for marketing or advertising purposes.

We share data only in these limited circumstances:

  • Infrastructure providers — our hosting provider processes data on our behalf under a data processing agreement
  • Scheduling provider — Cal.com processes scheduling data when you book a scoping call
  • Email service provider — Resend processes newsletter subscriber email addresses to deliver email communications on our behalf
  • Legal requirements — if required by law, court order, or governmental authority

6. Data Retention

Contact form submissions are retained for the duration of the business relationship. Consulting engagement data is retained as specified in the engagement agreement. You may request deletion of your data at any time by contacting us.

7. Your Rights

You have the right to:

  • Access — request a copy of personal data we hold about you
  • Correction — request correction of inaccurate data
  • Deletion — request deletion of your personal data
  • Portability — receive your data in a structured, machine-readable format

8. Children's Privacy

The Service is not directed to individuals under the age of 16. We do not knowingly collect personal data from children. If you become aware that a child has provided us with personal data, please contact us and we will take steps to delete it.

9. International Data Transfers

Your data may be processed in the United States, where our infrastructure providers operate. By using the Service, you consent to the transfer of your data to the United States. We ensure appropriate safeguards are in place through our providers' data processing agreements.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the effective date. Continued use of the Service after changes constitutes acceptance of the updated policy.

11. Contact

If you have questions about this Privacy Policy or wish to exercise your data rights, contact us at privacy@ayliea.com.