Aethar — Privacy Policy
Effective date: 2026-03-23
Last updated: 2026-04-05
Provider: Aethar (aethar.dev)
NIP: PL5372459890
Contact: [email protected]
1. Overview
This Privacy Policy explains what data Aethar services collect, how it is used, and your rights. This policy applies to all Aethar products including WageAPI, CostAPI, SkillsAPI, EInvoiceAPI, and any future services. We are committed to minimal data collection: we do not store invoice contents, API request bodies, or personally identifiable information beyond the rate-limit metadata described in Section 2. For the EInvoiceAPI intelligent parse endpoint, customer-supplied PII is anonymized before any data reaches our AI sub-processor (see Section 8).
2. Data We Collect
API Usage Logs
For each API request, we log:
| Field | Example | Purpose |
|---|---|---|
| API key hash (SHA-256) | a1b2c3... | Rate limiting, abuse prevention |
| Endpoint called | /v1/salaries | Service monitoring |
| Timestamp | 2026-03-23T14:22:00Z | Debugging, usage analytics |
| HTTP status code | 200 | Error tracking |
We do not log or store:
- Raw IP addresses
- Personal names, emails, or other PII
- Request bodies or query parameters containing user-specific data
What We Do Not Collect
- No cookies are set by the API.
- No tracking pixels or analytics scripts are embedded in API responses.
- No user accounts exist on our side — authentication is handled entirely by the Aethar Console and Paddle.
3. Demo Dashboard
Aethar product demo dashboards are static web applications. They:
- Does not require login or registration.
- Does not collect PII.
- Does not set tracking cookies.
- May use Cloudflare for CDN and DDoS protection (see Section 6).
4. Data Retention
- API usage logs are retained for 30 days, then permanently deleted.
- Error reports sent to Sentry may be retained per Sentry's data retention policy (typically 90 days).
5. Legal Basis (GDPR)
We process the limited data described above under legitimate interest (Article 6(1)(f) GDPR) for the following purposes:
- Enforcing rate limits and preventing abuse.
- Monitoring service health and debugging errors.
- Maintaining infrastructure security.
Since we do not process PII, GDPR data subject requests (access, deletion, portability) are unlikely to apply. If you believe we hold data related to you, contact us and we will investigate.
6. Third-Party Services
| Service | Purpose | Data shared |
|---|---|---|
| Paddle | Billing, invoicing, sales tax, payment processing | Payment and transaction data (managed by Paddle) |
| Sentry | Error monitoring | Error metadata (no PII) |
| Cloudflare | CDN, DDoS protection (dashboard) | IP addresses (processed by Cloudflare, not stored by us) |
| Hetzner | Server hosting (Falkenstein, Germany, EU) | None beyond standard hosting |
| Anthropic (Claude) | AI parsing sub-processor for EInvoiceAPI intelligent parse endpoint only | Anonymized invoice text (PII replaced with placeholders before transmission — see Section 8) |
7. Data Location
All API data is processed and stored on a Hetzner VPS located in Falkenstein, Germany (EU). Data does not leave the European Union for processing or storage. Third-party services (Paddle, Sentry, Cloudflare) may process data in other jurisdictions per their own policies.
8. AI Processing (EInvoiceAPI Intelligent Parse)
EInvoiceAPI's intelligent parse endpoint uses Anthropic's Claude API as a sub-processor to convert free-form invoice text into structured fields. We anonymize customer PII before any request reaches Anthropic. Only format-preserving placeholders leave EU infrastructure. After Claude returns, we restore the original values in the response inside our EU backend.
The following pipeline is applied to every intelligent parse request:
- Incoming text is scanned for personally identifying elements: personal names, company names, VAT / tax IDs, IBANs, email addresses, phone numbers, and city and location data.
- Each identifier is replaced with a format-preserving placeholder (e.g.
Company0,DE000000000,[email protected]) inside our EU-hosted backend. - Only the anonymized text is transmitted to Anthropic Claude for structural extraction.
- Placeholders are substituted back with the original values in our EU backend before the response is returned to you.
Strict mode (hard guarantee): if our anonymizer detects residual identifiers in the output that it could not replace, the request is rejected with HTTP 422 UNANONYMIZED_PII_DETECTED and you are asked to manually redact the flagged fields before retrying. This is a hard guarantee, not a best-effort promise — we will not forward partially-anonymized text to the AI model.
Cross-border transfer basis: Anthropic, PBC (415 Mission St, San Francisco, USA) processes anonymized text as our sub-processor in the United States. The transfer relies on Anthropic's certification under the EU-US Data Privacy Framework (adequacy decision C(2023) 4745 of 10 July 2023). You can verify Anthropic's DPF status on the official registry at dataprivacyframework.gov.
Retention: Aethar does not store invoice content, request bodies, or parse results on disk. Processing is in-memory only; API usage logs contain only the fields listed in Section 2. Anthropic may retain API requests and responses for up to 30 days for trust and safety purposes under Anthropic's Commercial Terms (API inputs and outputs are not used for model training). By the time text reaches Anthropic it has already been anonymized, so Anthropic never sees the original identifiers — what is retained for up to 30 days is the placeholder-substituted text, not the raw PII.
The anonymization service itself runs inside our Hetzner Falkenstein (Germany) infrastructure. If you require additional contractual documentation for EInvoiceAPI, contact [email protected].
9. Data Processing by Paddle
All payments are processed by Paddle.com Market Limited, who acts as the Merchant of Record for all transactions. Paddle handles billing, invoicing, sales tax, and payment processing. Paddle's own privacy policy governs the data they collect and process. For details, see paddle.com/legal/privacy.
10. Children's Privacy
Aethar services are developer-facing APIs and are not directed at children under 16. We do not knowingly collect data from minors.
11. Changes to This Policy
We may update this Privacy Policy at any time. Material changes will be noted in the API documentation or Aethar Console. Continued use of the API after changes constitutes acceptance.
12. Contact
For privacy-related questions or data requests:
Email: [email protected]
We aim to respond within 14 days.
Governing law: Republic of Poland / European Union.