Privacy Policy

Last updated 2026-06-06. avenic is operated by Vector Pack LLC. This policy covers the avenic website and API.

Signup asks for nothing about you

Creating an account requires no name, no email, and no identity. Signup returns a random tenant_id and an api_key (only the key's hash is stored). The account is pseudonymous by design.

What we hold, and why

• Account: your tenant_id, the hash of your api_key, account status, and your credit balance.
• Abuse protection: at signup we store a one-way SHA-256 hash of your IP address to rate-limit signups. The raw IP is never written to storage.
• Payments: checkout runs on Stripe. We never see or store your card details. When you buy a pack we store the Stripe customer identifier linked to your account so we can apply credits and reconcile payments. Stripe processes your payment under Stripe's privacy policy.
• Operational telemetry: we use Sentry (error monitoring) and PostHog (product-event counts such as "signup" or "pack purchased", keyed only by the pseudonymous tenant_id) to operate the Service. This is operational only and never part of the verification or trust path; it carries no name, email, or record content.
• Records you submit: the records you send to /v1/record are yours. We process them on your behalf to produce and host receipts — a processor role under GDPR Article 28. You decide what they contain; you are the controller.

What we do not do

We do not sell your data. We do not require or collect your identity. The marketing site you are reading runs no JavaScript, sets no cookies, and loads no third-party trackers (its security policy blocks scripts entirely). We do not build advertising profiles.

Erasure and your rights

You can take any hosted receipt down at any time (DELETE /v1/hosted/...); the address then answers an honest 410 Gone. For the records behind your account, our erasure measure is cryptographic shredding (destroying the keys that decrypt your data), which renders the data permanently unrecoverable. To exercise access, erasure, or other rights under the GDPR, the CCPA, or similar laws, contact us at support@avenic.ai. Because accounts are pseudonymous, we may ask you to prove control of the relevant api_key before acting.

Sub-processors, hosting, and retention

We host on Amazon Web Services (primary region US West). Our sub-processors are AWS (hosting), Stripe (payments), and PostHog and Sentry (operational telemetry). Hosted receipts persist until you take them down or their stated retention window closes; the signup IP hash is kept only for the rate-limit window; the Stripe customer link is kept for payment reconciliation. A Data Processing Addendum with EU Standard Contractual Clauses is available for customers who need one.

Changes and contact

We may update this policy; material changes will be posted here with a new date. Questions: support@avenic.ai.

[Vector Pack: confirm a monitored support@avenic.ai inbox and have counsel review before the live-payment launch; a DPA/SCC pack is drafted in the legal stack.]