Privacy Policy

Aktara (“we”, “our”, “us”) operates the Aktara quantitative decision simulator at aktara.ai. This policy explains what personal data we collect, why we collect it, how we use it, and what rights you have over it.

For privacy inquiries or to exercise your rights, contact us at privacy@aktara.ai.

We collect the following categories of personal data:

• Identity and contact data — your name, email address, and profile image, depending on how you choose to log in (Google OAuth, email one-time code). We do not store passwords.
• Workspace data — workspace name, industry, business context, team membership, and roles (owner, admin, member, viewer).
• Simulation inputs — business details, pricing parameters, product catalogues, customer metrics, and decision descriptions you enter when running simulations.
• Simulation results — the probability distributions, percentile estimates, behavioural flags, and scenario comparisons generated from your inputs.
• Outcome records — actual results you voluntarily record against past simulations, used to compute your personal calibration (Brier) score.
• Integration data — when you connect a third-party service (Stripe, Shopify, QuickBooks, HubSpot, BigCommerce, Chargebee, Mixpanel, WooCommerce, Segment, Snowflake, or CSV upload), we fetch a minimal set of business metrics to enrich simulations. See Section 6 for how this data is used.
• Integration credentials — OAuth access and refresh tokens, API keys, or equivalent credentials required to maintain each connection. Stored encrypted at rest using AES-256-GCM.
• Usage data — pages visited, features used, and session duration, collected via server logs.
• Payment data — billing details are processed directly by Stripe and are never stored on our servers.

We use your data only for the following purposes:

• To authenticate you and maintain your session
• To run simulations and return results to you
• To compute and display your personal Brier calibration score
• To aggregate anonymised outcomes into our benchmark dataset (no personal identifiers are included)
• To send transactional messages — sign-in codes, billing receipts
• To investigate abuse, enforce our Terms, and comply with legal obligations

We do not sell your personal data. We do not use your simulation inputs to train models that are shared with other customers without your explicit consent.

For users in the EEA, UK, or Switzerland, we process personal data under the following legal bases:

• Contract — processing your account and simulation data is necessary to deliver the service you signed up for.
• Legitimate interests — improving the product, preventing abuse, and maintaining security, where these do not override your rights.
• Consent — for optional analytics or marketing communications, where we ask for it explicitly.
• Legal obligation — where we are required to process data by law.

We share data with the following sub-processors solely to deliver the service. Each is bound by a data processing agreement and is prohibited from using your data for their own purposes.

When data is transferred outside the EEA or UK, we rely on the EU Standard Contractual Clauses or an adequacy decision as the transfer mechanism.

When you connect an external service (Stripe, Shopify, QuickBooks, HubSpot, BigCommerce, Chargebee, Mixpanel, WooCommerce, Segment, Snowflake, or CSV upload), we fetch a minimal set of business metrics to enrich your simulations. You are always asked to authorize each connection and can revoke it at any time.

How we use integration data:

• Per-customer simulations — raw values pulled from your integrations (e.g., exact MRR, customer count, churn rate) are used as inputs to your own simulations. They are never shared with other customers.
• Model calibration across customers — only bucketed, non-personally- identifiable features derived from your data (e.g., industry vertical, size tier, churn bucket) may be pooled with other customers’ features to tune our simulation model. This applies only to integrations whose providers permit consent-based AI training (Mixpanel, Segment, Snowflake, WooCommerce, CSV) and only when you explicitly opt in under Settings → Training consent. Default is opt-out. Stripe, Shopify, QuickBooks, HubSpot, BigCommerce, and Chargebee restrict AI training under their developer agreements, so data from those integrations is never included in training datasets regardless of your setting. Raw transactional records are never included in training datasets from any provider.
• Outcome pairs — when you record an actual outcome, the pair of (predicted, actual) is used as a calibration signal. This pair contains no raw integration data.
• Disconnect — revoking an integration deletes the stored access token and associated credentials immediately. Derived bucketed features already contributed to past calibration runs cannot be individually withdrawn, but you can email privacy@aktara.ai to request exclusion from future calibration runs.

We comply with each provider’s developer terms. Providers that prohibit the use of their data for cross-customer AI training are fully supported because we never train on raw integration data — only on bucketed, derived features.

We retain your account and simulation data for as long as your account remains active. If you request account deletion, we will remove your personal data within 30 days. Anonymised aggregate benchmark data derived from your simulations may be retained indefinitely as it contains no personal identifiers.

Financial records related to Stripe transactions may be retained for up to 7 years to meet legal and accounting obligations.

You can opt out of data collection and processing at any time:

• Account settings — log in to your account settings and update your user account to manage communication preferences and optional data processing.
• Delete your account — removing your account stops all data collection. Contact privacy@aktara.ai to request deletion.
• Email opt-out — unsubscribe via the link in any email we send, or update preferences in account settings.
• Demo mode — use Aktara without logging in to avoid any personal data being collected.

Depending on your location, you may have the right to:

• Access a copy of the personal data we hold about you
• Correct inaccurate or incomplete data
• Request deletion of your personal data
• Restrict or object to certain processing
• Data portability — receive your data in a structured, machine-readable format
• Withdraw consent for optional processing at any time
• Lodge a complaint with your local data protection authority

To exercise any of these rights, email privacy@aktara.ai. We will respond within 30 days. The same address can be used to appeal any decision we make about your request.

We use strictly necessary session cookies to maintain your signed-in state. These cannot be opted out of while using the service. For full details, see our Cookie Policy.

Aktara is not directed at children under 16. We do not knowingly collect personal data from anyone under 16. If you believe a child has provided us with personal data, contact privacy@aktara.ai and we will delete it promptly.

All data is encrypted in transit using TLS 1.2 or higher. Session tokens are signed with a server-side secret. We perform periodic security reviews and welcome responsible disclosure at security@aktara.ai.

No method of transmission or storage is 100% secure. We will notify affected users without undue delay in the event of a personal data breach.

We will notify you of material changes via email or an in-app notice at least 14 days before they take effect. The effective date at the top of this page will always reflect the latest version. Continued use of the service after changes take effect constitutes acceptance of the updated policy.

For any questions about this policy: privacy@aktara.ai

For security disclosures: security@aktara.ai

Or use our contact form.