AesirAesir

Aesir EHS — Privacy Policy

Effective date: May 7, 2026 Last updated: May 7, 2026

This Privacy Policy describes how Aesir Services Inc ("Aesir," "we," "us," or "our") collects, uses, and protects information in connection with the Aesir EHS web application and related websites (the "Service"). It applies to information about people who interact with us — including visitors to our website, individuals who sign up for the Service, and authorized users of a customer account.

If you have any questions about this Policy, contact support@aesir.services.

1. Our approach in plain language

We try to keep this simple:

  • We collect the minimum information needed to run the Service. Account info, company info, and what you upload to your workspace.
  • We do not sell your information. Not now, not ever.
  • We do not share one customer's data with another customer. We use commercially reasonable measures to keep companies' data isolated from each other.
  • We do not want personal data beyond company contacts. Please do not upload personal information about employees, customers, or third parties beyond legitimate business contact information.
  • You use the Service at your own risk. No system is perfectly secure; you should keep this in mind when deciding what to upload.

2. Information we collect

2.1 Information you give us

  • Account information: name, email address, password (hashed), role, and the company you're associated with.
  • Company information: legal name, mailing address, billing contact, and similar details needed to set up and bill your subscription.
  • Customer Data: information you upload to your workspace — facility locations, outfalls, points of interest, permits, files, notes, photos, and similar EHS-program records. This is your data and you control what goes in.
  • Communications: if you email us at support@aesir.services or contact us through the website, we keep that correspondence to respond to you.

2.2 Information collected automatically

  • Usage data: pages visited, features used, timestamps, and similar product analytics.
  • Device and connection data: IP address, browser type, operating system, and approximate location derived from IP.
  • Authentication signals: sign-in attempts, magic-link issuance, and similar events used to keep your account secure.
  • Cookies: the Service uses session cookies that are required for sign-in to work. We do not use third-party advertising cookies.

2.3 Information from third parties

We do not buy personal data from data brokers. If you sign up using a third-party identity provider in the future (for example, Google or Microsoft single sign-on), that provider will share basic profile information with us as authorized by you.

3. How we use information

We use the information we collect to:

  • Provide, operate, and improve the Service.
  • Authenticate users and protect against unauthorized access, fraud, and abuse.
  • Send transactional messages (sign-in links, account notices, billing notices, security alerts).
  • Provide customer support.
  • Bill for the Service and collect payment.
  • Comply with legal obligations and enforce our Terms of Service and Acceptable Use Policy.

We do not use your Customer Data to train artificial-intelligence or machine-learning models.

4. Sharing of information

We share information only as described below. We do not sell personal information.

  • With your authorized users. Information you upload is visible to people you authorize within your company's workspace.
  • With service providers ("sub-processors") that help us run the Service. These providers are contractually limited to using information only to perform services for us. Our current sub-processors are: - Supabase (database, authentication, file storage, backups). - Netlify (web hosting and content delivery). - Zoho Mail (transactional email delivery — sign-in links, system notices). - We will keep this list current. If we add or change a material sub-processor, we will update this Policy.
  • For legal reasons. We may disclose information if we have a good-faith belief that it is necessary to comply with a legal obligation, respond to lawful government requests, protect the rights, property, or safety of Aesir or others, or enforce our agreements.
  • In a corporate transaction. If Aesir is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you (for example, by email or in-app notice) and provide options to the extent required by law.

5. Cookies and tracking

The Service uses cookies and similar technologies that are strictly necessary to keep you signed in and to operate the Service securely. We may use a small amount of first-party analytics to understand how the Service is used in aggregate. We do not run advertising on the Service, do not sell ad space, do not use cross-site advertising trackers, and do not participate in any advertising-identity or audience-targeting networks. We do not respond to "Do Not Track" browser signals, but we don't track you across other websites in the first place.

6. Data retention and backups

  • Account and Customer Data: retained for the life of your subscription. After cancellation or termination, the retention timeline in Section 9 of the Terms of Service applies — generally a 30-day restore period, hard deletion at 60 days, and backup purge thereafter as described below.
  • Database backups: the production database is automatically backed up daily by our infrastructure provider, with point-in-time recovery available for the most recent 7 days. We additionally export weekly snapshots that we retain for up to 90 days.
  • File backups: files you upload (PDFs, photos, attachments) are mirrored on a periodic basis to an encrypted off-site backup bucket with versioning enabled. Backed-up file versions are retained for up to 90 days following deletion of the live copy, after which they are purged in the ordinary course.
  • Billing records: retained for as long as required by tax and accounting law (typically 7 years).
  • Support correspondence: retained for up to 3 years after the last interaction.
  • Security and audit logs: retained for up to 2 years.

No backup system is perfect, and you should not rely on our backups as your only copy of mission-critical data. You can export your data at any time from your account; see Section 8.

7. Security

We use commercially reasonable administrative, technical, and physical safeguards designed to protect information, including:

  • TLS/HTTPS encryption in transit.
  • Encryption at rest for the database and file storage (provided by our sub-processors).
  • Role-based access controls and tenant isolation in the application.
  • Limited employee access to production systems on a need-to-know basis.
  • Routine encrypted backups.

No security program is perfect, and you accept this residual risk by using the Service. Please do not upload sensitive personal data, payment card numbers, government identifiers, or protected health information into the Service. The Service is not designed for those use cases.

If you become aware of a security issue, please contact support@aesir.services.

8. Your choices and rights

Wherever practical, we extend the following choices to all users regardless of where you live. Some are also legal rights under U.S. state laws (for example, the California Consumer Privacy Act / CPRA).

  • Access and correction. You can view and correct most account and company information from your account settings, or by contacting us.
  • Export. You may export your Customer Data from your account at any time.
  • Deletion. You may delete your account from your account settings, or by emailing support@aesir.services. Deletion follows the timeline described in the Terms of Service.
  • Opt out of non-essential email. You may unsubscribe from optional product or marketing emails using the link in any such message. We will continue to send transactional and security messages.
  • No sale of personal information. We do not sell or "share" personal information for cross-context behavioral advertising.
  • Authorized agent / verification. If you submit a request through an authorized agent, we may require reasonable verification of identity and authorization.
  • Geographic scope. We do not knowingly serve customers or users located in California or outside the United States. The Service is not designed for, and is not directed to, individuals subject to the California Consumer Privacy Act / CPRA, the EU General Data Protection Regulation, the UK GDPR, or comparable non-U.S. privacy laws. If you are located in California or outside the United States, please do not use the Service.

To exercise any of these rights, email support@aesir.services. We will respond within the timeframe required by applicable law.

9. Children

The Service is intended for use by businesses and is not directed to children under 13. We do not knowingly collect personal information from children. If you believe a child has provided information to us, please contact support@aesir.services.

10. United States only; not for California or international users

The Service is operated from the United States and is intended exclusively for U.S.-based businesses with a principal place of business outside the State of California. We do not market to, and do not knowingly accept customers or users located in, California or any country outside the United States. The Service is not designed to comply with the California Consumer Privacy Act / California Privacy Rights Act, the EU General Data Protection Regulation, the UK GDPR, Canada's PIPEDA, Brazil's LGPD, or any other non-U.S. data-protection law.

If you access the Service from outside the United States, you do so on your own initiative and at your own risk, you understand your information will be transferred to and processed in the United States, and you accept that the Service may not be lawful for you to use in your jurisdiction. We may suspend or terminate any account we determine is being used in violation of this Section.

11. Changes to this Policy

We may update this Privacy Policy from time to time. If we make a material change, we will provide reasonable notice — for example, by email, by a notice in the application, or by updating the "Last updated" date above. Your continued use of the Service after an update constitutes acceptance of the updated Policy.

12. Contact us

For privacy questions, requests, or complaints:

Aesir Services Inc PO BOX 548 Petal, MS 39465 support@aesir.services