Aestera← Back to home

Legal

Privacy Policy

Last updated May 1, 2026

Aestera ("we", "us") is operated by IKUBIX Nathalie Chikhi, the data controller responsible for the personal data processed through this website and the Aestera service. This page explains what we collect, why, the legal basis we rely on, how long we keep it, and the choices you have.

What we collect

  • Waitlist & contact data. Email address, the form you submitted on, and a basic device user-agent string.
  • Account & studio data. If you become a customer: your name, login credentials, profile details, and the information you create or connect inside Aestera (works, collectors, sales, drafts, support messages).
  • Usage data. Standard request metadata such as IP address, page visited, referrer, and basic telemetry, used to operate the service and prevent abuse.
  • Payment data. When you purchase a plan, payment is processed by Stripe, our payment service provider (see "Sharing" below). We receive limited transaction metadata such as country, plan, amount, and the last four digits of the card — we never see or store your full card details.

How we use it & legal basis

  • To provide and operate the service, including authentication and account management — performance of a contract.
  • To send transactional messages (receipts, security alerts, service notifications) — performance of a contract and legal obligation.
  • To send product updates and waitlist emails you have asked for — consent, which you can withdraw at any time.
  • To keep the service secure, prevent fraud and abuse, and improve reliability and features — legitimate interests.
  • To comply with tax, accounting, and other legal obligations — legal obligation.

We do not sell your personal information, and we do not use your private studio data to train public AI models.

Sharing

We share data only with vetted providers acting on our behalf, or when required by law. Categories of recipients include:

  • Hosting & database — to run the service and store your data securely.
  • Email delivery — to send the messages you receive from us.
  • Stripe — our payment service provider. Stripe processes card payments, manages recurring billing, and provides fraud prevention. Stripe acts as an independent controller for the payment data it collects under its own privacy policy.
  • Professional advisers (legal, accounting) and authorities where required by law.

Data retention

  • Waitlist emails: kept until you unsubscribe or ask us to delete them.
  • Account & studio data: kept for the lifetime of your account and deleted within 90 days of account closure, except where we must retain it to comply with legal obligations (e.g. invoicing records, kept for up to 10 years as required by French and EU law).
  • Server logs & security data: kept for up to 12 months, then deleted or anonymised.
  • Payment records: retained by Stripe and by us for the period required by tax and accounting law.

Security

We apply appropriate technical and organisational measures to protect your data, including encryption in transit (TLS), encryption at rest for our databases and backups, role-based access controls, audit logging, and regular review of our suppliers and infrastructure. No system is perfectly secure, but we work continuously to reduce risk.

International transfers

Some of our providers process data outside the EEA. Where this happens, we rely on appropriate safeguards such as the European Commission's Standard Contractual Clauses, or adequacy decisions where they apply.

Your rights

Under the GDPR and applicable law you have the right to access, rectify, erase, restrict, port, and object to the processing of your personal data, and to withdraw consent at any time without affecting the lawfulness of processing already carried out. You also have the right to lodge a complaint with a supervisory authority — in France, the CNIL (cnil.fr).

To exercise any of these rights or to delete your email from our waitlist, write to privacy@aestera.ai. We aim to respond within one month.

Cookies

We use a small number of essential cookies needed to keep you signed in and to keep the service secure. We do not use advertising cookies. If we add analytics cookies in the future, we will ask for your consent before setting them.

Changes

We may update this policy as the product evolves. Material changes will be communicated on this page with a new "last updated" date.

Contact

Data controller: IKUBIX Nathalie Chikhi. For any privacy question, contact privacy@aestera.ai.

← Back to home