import Layout from "@/components/Layout"; export default function Privacy() { return (

Privacy Policy

Effective date: 2025-01-21

This Privacy Policy explains how AeThex ("we", "us") collects, uses, shares, and protects information when you use our products, sites, and services (the "Services").

Information We Collect

  • Account data: name, username, email, profile details, social links.
  • Content: posts, comments, projects, teams, endorsements, activity metadata.
  • Usage data: device/browser information, pages visited, interactions, approximate location.
  • Cookies & similar: session and preference cookies for authentication and settings.

How We Use Information

  • Provide and improve the Services, including social, projects, teams, and notifications.
  • Security, abuse prevention, fraud detection, and diagnostics.
  • Personalization (e.g., recommendations, feed ranking) and aggregated analytics.
  • Communications: transactional emails (verification, invites, alerts) and product updates.

Discord Integration

When you link your Discord account, we collect and store your Discord user ID, username, profile picture, and email. We use this data to enable account linking, execute Discord bot commands (/verify, /set-realm, /profile, /unlink), assign Discord roles based on your AeThex realm, and display your profile in Discord Activities. Discord-related data is processed under Discord's Privacy Policy. You can unlink your Discord account at any time.

Web3 & Ethereum Wallet Integration

When you connect an Ethereum wallet (via MetaMask or similar), we collect and store your wallet address. We use this data for Web3 authentication and identity verification. We never store private keys, seed phrases, or transaction history. Signature verification is performed locally on your device. Your wallet address is public blockchain data.

Roblox Integration

When you link your Roblox account via OAuth, we collect your Roblox user ID, username, profile details, and game session data. We use this data to enable account linking, track game development activities, and display your Roblox portfolio. Roblox data is processed under Roblox's Terms of Service.

Game Authentication & Server Integration

For game developers using AeThex authentication (Unity, Unreal, Godot, etc.), we collect game session tokens, player IDs, and game-specific authentication data. This data is used to verify player identity, manage game sessions, and provide analytics. Game developers can request deletion of their game data in accordance with data retention policies.

AeThex Sentinel & Warden (Browser Extension)

Our browser extension provides real-time Data Loss Prevention (DLP) security scanning. To provide this protection, the extension processes:

  • User Input & Website Content: We scan text entered into input fields (forms, chat boxes) to detect sensitive information (passwords, API keys, PII patterns).
  • Financial & Personal Information: We temporarily process patterns resembling credit card numbers, social security numbers, and other PII solely to redact or block them before transmission.
  • Browser Events: We monitor specific events (paste, form submit) to prevent accidental data leakage.
  • Device Data: IP address for location-based security policies (geofencing).

Important: Scanned text is processed locally in your browser's memory and is NOT transmitted to our servers unless a security policy violation is triggered. If a violation occurs, we store only a redacted audit log (User ID, timestamp, rule broken) - never the sensitive data itself.

Chrome Web Store Limited Use Disclosure

The AeThex Warden extension's use of information received from Google APIs adheres to the{" "} Chrome Web Store User Data Policy , including the Limited Use requirements.

  • Minimal Permissions: We only request browser permissions strictly necessary for DLP security scanning functionality. We do not request access to browsing history, bookmarks, or other unrelated data.
  • No Human Review of Personal Data: User data processed by the extension is NOT subject to human review except in cases of: (a) explicit user consent, (b) security investigations for abuse/fraud prevention, or (c) legal compliance requirements.
  • No Advertising or Profiling: We do not use extension data for advertising, user profiling, creditworthiness assessment, or sale to third parties.
  • Automated Processing Only: DLP pattern matching is performed by automated systems. Human operators only access aggregated, anonymized audit logs for security purposes.

OAuth Providers

We support multiple OAuth providers including GitHub, Google, Discord, Roblox, and Web3 authentication methods. When you authorize through any provider, we receive and store the data they share (typically ID, email, profile info). You can manage linked accounts in your profile settings and unlink them at any time. Each provider has its own privacy policy governing how they handle your data.

Data Controller & Data Protection Officer

Data Controller: AeThex Inc., 123 Innovation Drive, Phoenix, AZ 85001, United States. We are responsible for deciding how we collect, hold, and use your personal information.

Data Protection Officer (DPO): For questions about data protection or to exercise your rights, contact our DPO at{" "} dpo@aethex.dev .

Legal Bases (EEA/UK)

We process data under: (i) Performance of a contract (providing core features), (ii) Legitimate interests (security, analytics, product improvement), (iii) Consent (where required), and (iv) Compliance with legal obligations.

Sharing & Service Providers

We do not sell your personal information. We use trusted sub-processors to operate the platform: Supabase (auth, database, storage), Vercel/Netlify (hosting/CDN), and Resend (email). These providers process data on our behalf under appropriate agreements.

International Transfers

Data may be processed in the United States and other countries. Where applicable, we rely on appropriate safeguards (e.g., SCCs) for cross-border transfers.

Data Retention Schedule

We retain data for as long as needed to provide Services, comply with law, resolve disputes, and enforce agreements. Specific retention periods include:

  • Account Data: Retained while your account is active and for 30 days after deletion request to allow recovery.
  • Server Logs & Analytics: Retained for 90 days, then aggregated or deleted.
  • Security Violation Records: Retained for 2 years for abuse prevention and legal compliance.
  • Backups: Retained for 30 days in encrypted form, then permanently deleted.
  • Financial/Transaction Records: Retained for 7 years as required by tax and accounting regulations.

You may request deletion of your account data, subject to legal holds and regulatory requirements.

Your Rights

  • Access, correction, deletion, and portability of your data.
  • Object to or restrict certain processing; withdraw consent where applicable.
  • Manage notifications and email preferences in-app.

California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

  • Right to Know: Request disclosure of personal information we collect, use, disclose, and sell.
  • Right to Delete: Request deletion of your personal information, subject to certain exceptions.
  • Right to Correct: Request correction of inaccurate personal information.
  • Right to Opt-Out of Sale/Sharing: We do not sell or share your personal information for cross-context behavioral advertising. If this changes, you will have the right to opt out.
  • Right to Limit Use of Sensitive Data: Request limitations on processing of sensitive personal information.
  • Right to Non-Discrimination: You will not receive discriminatory treatment for exercising your rights.

Do Not Sell or Share My Personal Information: AeThex does not sell personal information and does not share personal information for cross-context behavioral advertising purposes.

To exercise any of these rights, contact us at{" "} privacy@aethex.dev {" "} or submit a request through your account settings. We will verify your identity before processing your request.

Right to Appeal

If we deny your data rights request (such as access, deletion, or correction), you have the right to appeal our decision. To appeal:

  1. Email{" "} dpo@aethex.dev {" "} with the subject line "Privacy Appeal".
  2. Include your original request reference number and explain why you believe our decision was incorrect.
  3. We will review your appeal within 45 days and provide a written response explaining our final decision.
  4. If you are unsatisfied with our appeal decision, you may file a complaint with your local data protection authority (for EEA/UK residents) or the California Attorney General (for California residents).

Security

We use industry-standard measures to protect data in transit and at rest. No method of transmission or storage is 100% secure; you are responsible for safeguarding credentials.

Children

Our Services are not directed to children under 13 (or as defined by local law). We do not knowingly collect data from children. If you believe a child has provided data, contact us.

Changes

We may update this Policy. Material changes will be announced via the app or email. Your continued use after changes constitutes acceptance.

Contact

For privacy inquiries: privacy@aethex.dev. For support: support@aethex.dev. For security issues: security@aethex.dev.

); }