Privacy Policy
1. Information We Collect
We collect the information you provide when creating an account — your email address — and the warranty data you choose to enter, including product names, brands, purchase and expiry dates, prices, retailers, serial numbers, and notes. If you sign in with Google, we receive only your email address and display name from Google's identity platform. If you use the AI receipt scanning feature, the receipt image you upload is temporarily processed to extract warranty information.
2. How We Use Your Information
Your information is used solely to operate the Aegis warranty tracking service — to authenticate your account, store your warranty records, and send expiry notifications if you enable them. Receipt images are processed only to extract warranty fields and are not retained after extraction. We do not use your data for advertising or sell it to any third parties.
3. Data Storage and Security
All data transmitted between your device and our services is encrypted in transit using TLS (Transport Layer Security). Your warranty data is stored in a Google-operated cloud database and encrypted at rest using AES-256 encryption. Access to your data is governed by strict server-side security rules that ensure only your authenticated account can read or write your records — no other user can access your data.
Aegis does not handle, receive, or store your password in any form. All credential management — including secure password storage and verification — is performed entirely by Google's cloud identity infrastructure. Aegis never has access to your raw password at any point. If you sign in with Google, no password is involved at all; authentication is handled entirely via Google's OAuth 2.0 flow.
Upon authentication, your session is represented by a short-lived, cryptographically signed identity token (valid for one hour) that is automatically refreshed by the authentication layer. These tokens are verified server-side on every request and cannot be forged or tampered with.
4. AI Features and Data Processing
Aegis offers two AI-powered features: receipt scanning and a claim filing assistant. When you use receipt scanning, the receipt image is uploaded to a temporary image host and the resulting URL is sent to an AI model to extract warranty fields. When you use the claim assistant, your message history and the relevant warranty details (product name, brand, expiry date, retailer) are sent to an AI model to generate responses. Neither feature stores your data beyond the immediate processing request. No personally identifiable information beyond what is necessary to answer your query is sent to AI services.
5. Data Retention
Your data is retained as long as your account exists. You may delete individual warranties at any time from within the app.
6. Cookies and Local Storage
Aegis uses browser-local storage mechanisms to persist your authentication session so you remain signed in between visits. This is managed by the underlying identity platform and stores only your session token — no personal data. No tracking cookies or third-party analytics scripts are used anywhere on Aegis.
7. Third-Party Infrastructure
Aegis is built on Google's cloud platform for authentication and database storage. This infrastructure is subject to Google's own security certifications and compliance programs (including SOC 2, ISO 27001, and others). Receipt images are temporarily hosted via a third-party image service solely for AI processing and are not retained. AI features are powered via a managed API gateway using Mistral's language models. No personal data is shared with or sold to advertising platforms or data brokers.
8. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of significant changes by posting the updated policy on this page with a revised date.