Privacy Policy

Last updated: July 2026

Aegis is built on the principle that your data belongs to you. We collect the minimum necessary to operate the Service, we never sell your personal information, and we never use your data to train AI models.

1. Who We Are

Aegis ("we", "us", "our") operates the warranty tracking application and website at ae-gis.app. For any privacy-related enquiries, contact us via our support form.

2. Information We Collect

Account information: When you create an account, we collect your email address. If you sign in with Google, we receive only your email address and display name from Google's OAuth service. If you register with email/password, we collect your name and email. Passwords are never handled or stored by Aegis. They are managed entirely by Google's Firebase Authentication infrastructure.

Warranty data: The product names, brands, retailers, purchase dates, expiry dates, prices, serial numbers, notes, and any other information you voluntarily enter into the Service.

Receipt images: If you use AI receipt scanning, the image you upload is temporarily processed to extract warranty fields. The image is stored in Vercel Blob storage during processing and is not retained after extraction is complete.

Claim chat messages: When you use the AI claim assistant, your messages and the relevant warranty details (product name, brand, expiry date, retailer) are sent to an AI model to generate responses. This conversation is not retained by Aegis beyond your active session unless you choose to save it.

Payment information: We do not collect or store your payment card details. All payment processing is handled directly by Paddle, our payment processor. We receive only transaction metadata (plan type, subscription status, billing dates) from Paddle.

Usage and technical data: We collect minimal technical data necessary to operate the Service, such as authentication tokens and session identifiers. We do not use third-party analytics scripts or advertising trackers.

3. How We Use Your Information

We use your information solely to:

We do not use your data for advertising, behavioural profiling, or to train AI models. We do not sell, rent, or trade your personal information to any third party for any purpose.

4. Legal Basis for Processing (UK/EEA Users)

Where applicable data protection law requires a legal basis for processing, we rely on the following:

5. Data Storage and Security

Your warranty data is stored in Google Firestore, a Google-operated cloud database. All data is encrypted in transit using TLS and encrypted at rest using AES-256. Access is governed by strict Firebase Security Rules. Only your authenticated account can read or write your records. Receipt images are stored temporarily in Vercel Blob storage, which provides server-side encryption at rest.

Authentication tokens are short-lived (1-hour validity), cryptographically signed by Google's identity infrastructure, and automatically rotated. Aegis servers verify these tokens on every request. We never have access to your raw password at any point.

While we implement industry-standard security measures, no method of internet transmission or electronic storage is 100% secure. We cannot guarantee absolute security.

6. AI Features and Data Processing

AI receipt scanning and the claim assistant are powered via Vercel's AI Gateway using language models. When you use these features, the relevant data (receipt image URL or claim conversation context plus warranty details) is transmitted to the AI provider for processing. This data is not retained by the AI provider beyond the immediate request and is not used to train AI models. We select AI providers whose data processing agreements include zero data retention and no training-use provisions.

7. Third-Party Services

Aegis relies on the following third-party sub-processors:

Each sub-processor is subject to contractual data processing agreements. Data transfers to the USA are covered by appropriate transfer mechanisms (Standard Contractual Clauses where applicable).

8. Cookies and Local Storage

Aegis uses browser local storage to persist your authentication session between visits. This stores only a session token and contains no personal data. We do not use advertising cookies, tracking pixels, or third-party analytics scripts. No cookie consent banner is necessary because we only use technically essential storage.

9. Data Retention

Your account data and warranty records are retained for as long as your account is active. If you delete your account, we will delete your personal data within 30 days, except where retention is required by law (e.g. payment records which Paddle retains per applicable financial regulations). Receipt images are automatically deleted after AI processing is complete, typically within minutes. You may delete individual warranty records at any time within the app.

10. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

To exercise any of these rights, submit a support request. We will respond within 30 days. You also have the right to lodge a complaint with your local supervisory authority (in the UK, the Information Commissioner's Office at ico.org.uk).

11. Children's Privacy

Aegis is not directed at children under the age of 16. We do not knowingly collect personal information from children under 16. If we become aware that a child under 16 has provided personal information, we will delete it promptly. If you believe a child under 16 has created an account, contact us via our support form.

12. Changes to This Policy

We may update this Privacy Policy periodically. If we make material changes, we will notify you by email or via a notice within the Service at least 14 days before the changes take effect. The date at the top of this page reflects the most recent revision. Your continued use of the Service after changes take effect constitutes your acceptance of the updated Policy.

13. Contact

For all privacy-related questions or requests, contact us via our support form. We aim to respond to all enquiries within 5 business days.