§ Legal
What we collect, why we collect it, and what rights you have over your data.
Effective April 20, 2026
Aktara (“we”, “our”, “us”) operates the Aktara quantitative decision simulator at aktara.ai. This policy explains what personal data we collect, why we collect it, how we use it, and what rights you have over it.
For privacy inquiries or to exercise your rights, contact us at privacy@aktara.ai.
We collect the following categories of personal data:
We use your data only for the following purposes:
We do not sell your personal data. We do not use your simulation inputs to train models that are shared with other customers without your explicit consent.
For users in the EEA, UK, or Switzerland, we process personal data under the following legal bases:
We share data with the following sub-processors solely to deliver the service. Each is bound by a data processing agreement and is prohibited from using your data for their own purposes.
| Processor | Purpose | Data shared | Location |
|---|---|---|---|
| OAuth sign-in | Name, email, Google account ID | USA | |
| Neon | Primary database host (serverless Postgres) | All application data — account, workspaces, uploaded files, pilot runs, outcomes | USA |
| Upstash | Redis — rate limiting and transient storage of email sign-in OTP codes | Email address, OTP code (TTL-limited), request IP for rate limits | USA |
| Resend | Transactional email (OTP codes, receipts, contact form) | Email address | USA |
| Anthropic | AI inference — file classification, analyst chat | Parsed file contents and descriptions you submit to the chat | USA |
| OpenAI | AI inference — reasoning composer inside the decision engine | World-model JSON derived from your uploaded data | USA |
| Inngest | Background job queue for long-running decision runs | Run metadata (workspace id, run id); the input payload is durably stored only for the duration of the job | USA |
| Stripe | Payment processing (billing only) | Billing details (processed directly by Stripe) | USA |
| Vercel | Hosting and edge infrastructure | All data in transit; server logs | USA / Global edge |
| Vercel Blob | Object storage for uploaded files | Files you upload (CSV, XLSX, PDF, etc.) | USA / Global edge |
When data is transferred outside the EEA or UK, we rely on the EU Standard Contractual Clauses or an adequacy decision as the transfer mechanism.
All customer data enters Aktara through files you upload directly — financial statements, customer/team data, and qualitative notes. We do not connect to or pull data from any third-party SaaS provider (Stripe, Shopify, QuickBooks, etc.). This is an intentional choice: it keeps you in full control of what we see, and keeps us outside the developer-terms regimes that restrict how AI may use that data.
How we use uploaded data:
We retain your account and simulation data for as long as your account remains active. If you request account deletion, we will remove your personal data within 30 days. Anonymised aggregate benchmark data derived from your simulations may be retained indefinitely as it contains no personal identifiers.
Financial records related to Stripe transactions may be retained for up to 7 years to meet legal and accounting obligations.
You can opt out of data collection and processing at any time:
Depending on your location, you may have the right to:
To exercise any of these rights, email privacy@aktara.ai. We will respond within 30 days. The same address can be used to appeal any decision we make about your request.
We use strictly necessary session cookies to maintain your signed-in state. These cannot be opted out of while using the service. For full details, see our Cookie Policy.
Aktara is not directed at children under 16. We do not knowingly collect personal data from anyone under 16. If you believe a child has provided us with personal data, contact privacy@aktara.ai and we will delete it promptly.
All data is encrypted in transit using TLS 1.2 or higher. Session tokens are signed with a server-side secret. We perform periodic security reviews and welcome responsible disclosure at security@aktara.ai.
No method of transmission or storage is 100% secure. We will notify affected users without undue delay in the event of a personal data breach.
We will notify you of material changes via email or an in-app notice at least 14 days before they take effect. The effective date at the top of this page will always reflect the latest version. Continued use of the service after changes take effect constitutes acceptance of the updated policy.
For any questions about this policy: privacy@aktara.ai
For security disclosures: security@aktara.ai
Or use our contact form.