Privacy policy

Last updated: January 26, 2026

Aero Software, LLC ("we," "us," or "our") operates OurFX (the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

1. Information we collect

We collect information through two channels: information you voluntarily provide and information automatically collected.

Information you provide

Account information: When you create an account, we collect your email address, name, and password (stored securely hashed).

Team and organization data: If you create or join a team, we collect team name, team member information, and role assignments.

Product and RFP data: To provide the Service, we store product information and features you upload, RFP documents and requirements you import, AI-generated matches and responses, and historical RFP data.

Chat and conversation data: When you use our AI chat features, we store your messages, questions, AI-generated responses, and conversation history.

Information automatically collected

We automatically collect usage data including login and authentication events, feature usage patterns, actions taken within the Service, timestamps, IP addresses, browser type, and error logs.

2. How we use your information

We use the collected data for various purposes:

  • To provide and maintain the Service
  • To notify you about changes to our Service
  • To allow you to participate in interactive features of our Service when you choose to do so
  • To provide customer support
  • To gather analysis or valuable information so that we can improve the Service
  • To monitor the usage of the Service
  • To detect, prevent, and address technical issues
  • To process your subscription and payments
  • To provide you with news, updates, and general information about the Service unless you have opted not to receive such information

AI and your data

We do not train AI models on your customer-specific data. Your organization's data, business logic, and content remain isolated from other customers. When we use AI service providers (OpenAI, Anthropic), your data is processed according to their enterprise API terms, which prohibit using customer data for model training.

3. Third-party services

We use the following third-party services that may process your data. These service providers are bound by confidentiality agreements and data processing terms.

Stripe

We use Stripe to process payments. When you subscribe, Stripe collects your payment information directly. We do not store your full credit card number. See Stripe's Privacy Policy.

OpenAI

We use OpenAI's API to power AI features including semantic search and embeddings. Your product features, RFP requirements, and queries may be sent to OpenAI for processing. See OpenAI's Privacy Policy.

Anthropic

We use Anthropic's Claude API to power AI features including answer generation and chat. Your product features, RFP requirements, and queries may be sent to Anthropic for processing. See Anthropic's Privacy Policy.

Supabase

We use Supabase for database hosting and authentication. Your data is stored in Supabase's secure PostgreSQL infrastructure. See Supabase's Privacy Policy.

Notion

Our contact forms may submit data to Notion for internal tracking. See Notion's Privacy Policy.

Other disclosures

We may also share information with legal advisors, auditors, or law enforcement when required by law, or in connection with a merger, acquisition, or sale of assets.

4. Cookies and tracking

We use cookies for essential and functional purposes:

  • Authentication cookies: Supabase Auth session cookies to keep you logged in
  • Security cookies: CSRF protection and session management
  • Functional cookies: To remember your preferences and settings

We do not use third-party analytics cookies, advertising trackers, or social media pixels. You can configure your browser to refuse cookies, though some features may not function properly.

5. Data retention

We retain your information only for as long as necessary to provide the Service and fulfill the purposes described in this policy.

  • Active accounts: We retain your data for as long as your account is active.
  • Soft deletion: When you delete records (products, RFPs, etc.), they are soft-deleted and retained for 30 days before permanent deletion.
  • Account deletion: When you delete your account, we delete your personal data within 30 days, except where required by law.
  • Backup retention: Database backups may retain data for up to 90 days.
  • Legal obligations: We may retain certain information longer if required for legal, accounting, or compliance purposes.

6. Your rights

Depending on your jurisdiction, you have the right to:

  • Access: Request a copy of the personal data we hold about you.
  • Correction: Request correction of inaccurate personal data.
  • Deletion: Request deletion of your account and personal data.
  • Portability: Export your data in a machine-readable format.
  • Restriction: Request restriction of processing of your data.
  • Objection: Object to certain processing of your data.
  • Marketing opt-out: Opt out of marketing communications at any time.

To exercise these rights, contact us at john@aero.ws. We will respond to verified requests within 30 days.

7. GDPR provisions (EU users)

If you are located in the European Union, the following additional provisions apply:

Legal bases for processing

We process your personal data under the following legal bases:

  • Contract performance: To provide the Service you have subscribed to.
  • Legitimate interests: For security, fraud prevention, and service improvement.
  • Consent: Where you have given explicit consent for specific processing.

Data transfers

Your data may be transferred to and processed in the United States. We rely on Standard Contractual Clauses and adequacy decisions where applicable to ensure appropriate safeguards.

Data Protection Officer

For GDPR-related inquiries, contact our Data Protection Officer at john@aero.ws.

Supervisory authority

You have the right to lodge a complaint with your local data protection supervisory authority.

8. California privacy rights

If you are a California resident, you have specific rights under the CCPA/CPRA:

  • The right to know what personal information we collect and how it is used
  • The right to delete your personal information
  • The right to opt out of the sale of personal information (we do not sell personal information)
  • The right to non-discrimination for exercising your privacy rights

9. Data security

When we collect and process personal information, and while we retain this information, we will protect it within commercially acceptable means to prevent loss and theft, as well as unauthorized access, disclosure, copying, use, or modification. If you wish to request the deletion of your personal data, please contact us at john@aero.ws.

While we cannot guarantee absolute data security, as no method of electronic transmission or storage is 100% secure, we apply industry-standard security measures and do our best to protect the personal information you provide to us.

You are responsible for selecting any password and its overall security strength, ensuring the security of your own information within the bounds of our services. For example, ensuring any passwords associated with accessing your personal information and accounts are secure and confidential.

We implement the following technical and organizational measures to protect your data:

  • Row-level security (RLS): Database-level access controls ensure users can only access their own team's data.
  • Encryption in transit: All data is transmitted over HTTPS/TLS.
  • Encryption at rest: Database storage is encrypted.
  • Secure authentication: Passwords are hashed using industry-standard algorithms.
  • Access controls: Internal access to production data is restricted and logged.

10. Children's privacy

The Service is not intended for users under 18 years of age. We do not knowingly collect personal information from children. If you believe we have collected data from a child, please contact us immediately.

11. Changes to this policy

We may update this Privacy Policy from time to time. We will notify you of material changes by:

  • Posting the new Privacy Policy on this page
  • Updating the "Last updated" date
  • Sending an email notification for significant changes

12. Contact us

If you have questions about this Privacy Policy, please contact us at: john@aero.ws