Legal
Privacy Policy
How we handle personal information when you use our website, contact us, or participate in an Aegis design partner pilot.
1. Scope
This policy describes how Salanor Systems, Inc. ("Salanor," "we," "us") processes personal data when you:
- Visit salanor.com and related marketing pages
- Submit the contact or design-partner forms
- Sign in to the Aegis console or Salanor Platform Ops (pilot environments)
- Use the Aegis API and SDKs as a customer or design partner
Customer agreements and data processing addenda (DPAs) govern production tenant data once you sign an order form. This page is the baseline notice for our public surfaces.
2. Data we collect
Website and contact. Name, work email, organization, message content, and technical metadata (hashed IP address, page path, timestamp) when you use the contact form.
Console accounts. Email address, display name, password hash (never stored in plain text), organization membership, role, session identifiers, and audit events related to sign-in and administration.
Aegis product data. Metadata about agent actions (APS-1 events), policy decisions, trace identifiers, and optional redacted tool arguments. Signing keys for events remain under your control (bring-your-own-key). We do not require raw model prompts in the default configuration.
Support and email. If you correspond with us, we retain the content needed to respond.
3. How we use data
- Operate, secure, and improve the website and services
- Respond to sales, support, and security reports
- Provide the Aegis ledger, console, exports, and APIs you configure
- Meet legal obligations and enforce our terms
We do not sell personal information. We do not use contact form data for unrelated advertising lists.
4. Legal bases (EEA/UK visitors)
Where GDPR applies, we rely on:
- Contract — providing services you request or evaluate under a pilot
- Legitimate interests — securing our platform, preventing abuse, and communicating about your account
- Consent — where required (e.g. optional marketing updates you opt into)
- Legal obligation — when law requires retention or disclosure
5. Processors and hosting
We use infrastructure providers (for example cloud hosting, Postgres, email delivery, and observability) under written terms that require appropriate safeguards. A current sub-processor list is available on request for customers under NDA or DPA.
Production regions and exact vendors are listed in customer documentation during onboarding.
6. Retention
- Contact submissions: retained while relevant to active conversations, then archived or deleted
- Console audit and APS-1 events: per your plan retention settings (pilot defaults documented at onboarding)
- Session logs: short operational window unless needed for security investigation
7. Security
We use encryption in transit, access controls, tenant isolation, and signed event verification in the product. Report issues to security@salanor.com or see our security page and security.txt.
8. Your rights
Depending on your location, you may request access, correction, deletion, restriction, or portability of personal data we control. Contact hello@salanor.com. We will verify your request before acting. You may lodge a complaint with your local supervisory authority.
9. International transfers
If we transfer data outside your country, we use appropriate safeguards (such as standard contractual clauses) where required by law.
10. Changes
We will post updates on this page and adjust the effective date. Material changes to customer processing will be communicated through your account team or agreement.