apsera.ai
Sign in
Draft. This privacy policy reflects how apsera.ai actually runs today and is the starting point for our forthcoming reviewed version. It has not been reviewed by a lawyer yet and is not the final, signed agreement. Enterprise customers signing today: ask for the latest reviewed copy at [email protected].

Privacy policy

Effective date: 2026-05-05 (draft) · Operator: APBLD APP BUILD LLP (apsera.ai)

1. What this covers

This policy describes how APBLD APP BUILD LLP (a Limited Liability Partnership registered in India, operating the apsera.ai service) handles personal data when you visit our marketing pages, sign up for an account, and use the AI-coworker product. The technical companion to this document is /trust, which is more specific about where data physically lives.

2. Information we collect

From you when you sign up:

  • Your email and name (for the account record)
  • Workspace / organisation name
  • Optional payment information once billing is enabled (handled by the payment processor; we never store card numbers)

From your use of the product:

  • Tasks you assign to AI workers (titles, descriptions, conversation history)
  • OAuth tokens for third-party services you connect (encrypted at rest)
  • Knowledge-base files you upload (extracted text + vector embeddings)
  • Activity log of every tool call workers make on your behalf

Automatically:

  • Standard server logs (IP, timestamp, route) retained ~30 days
  • Authentication cookies (Supabase session + admin session for staff)
  • No third-party analytics, ad pixels, or session-replay tools today

3. How we use it

  • Operate the product (let workers run tasks, render dashboards, send approvals)
  • Authenticate you and route data to your org and only your org
  • Send transactional email (magic links, support replies, occasional product updates we’d mind landing in spam)
  • Diagnose bugs and security incidents
  • Improve the product — aggregate, non-personal usage signal only

We do not use your data to train the LLM. We do not sell or rent it to anyone.

4. Who we share it with

Only the subprocessors listed at /trust → Subprocessors, each acting under contract on our instructions. The current list:

  • Anthropic (LLM inference)
  • Supabase (database + auth)
  • Render (application hosting)
  • Cloudflare (embeddings, file storage, DNS)
  • Resend (transactional email)

We don’t share with anyone else. Government / law-enforcement requests get the standard treatment: we’ll comply with valid legal process, push back on overbroad requests, and notify you unless legally prohibited.

5. Where it lives

Primarily United States (Render Oregon + Supabase us-west-2). Cloudflare R2 + Workers AI run on the edge close to wherever the request originates. Anthropic processes calls in the US. International customers please consider whether this works for your local regulations; we’re happy to discuss SCCs or a regional deployment if it doesn’t.

6. How long we keep it

  • Your account data: while the account is active, plus 30 days after a deletion request.
  • Activity log: retained for the life of the account so you have a complete audit trail. Hard-deleted on account closure.
  • Backups: rolling 14-day retention after deletion completes.
  • Server logs: ~30 days.

7. Your rights

Wherever you live, you can:

  • Access — ask for a JSON export of your org’s data.
  • Correct — change your name, email, or workspace settings yourself; ask us if you need help.
  • Delete — close the account; we soft-delete immediately and hard-delete within 30 days.
  • Withdraw consent — disconnect any integration from the Apps page.
  • Object / restrict — email us; we’ll work it out.

EU/UK residents: lawful basis for processing is performance of the contract (we provide a service you signed up for) and legitimate interests(running the platform, security, support). California residents: we are not a data broker; we don’t sell personal information.

8. Children

apsera.ai is a B2B product not intended for children under 16. Don’t use it as one.

9. Security

Encryption in transit (TLS 1.2+), encryption at rest (Supabase + R2), row-level security on every customer-data table, SOC 2-style logging of every action. Full details on the trust page. Report security issues to [email protected].

10. Changes

We’ll bump the effective date and notify active customers by email when this policy changes materially.

11. Contact

Email [email protected] for anything related to this policy.

Last revised: 2026-05-05 · Pending lawyer review.