Aerol
    Sign In

    GDPR Compliance

    Penify Technologies LLC (dba Aerol) is committed to protecting user privacy and handling personal data in accordance with the General Data Protection Regulation (GDPR) and other applicable data protection laws.

    Lawful Basis for Processing

    We process personal data based on the following legal grounds: contractual necessity (to provide our services), legitimate interests (to improve our platform and prevent fraud), and consent (for optional analytics and marketing communications). You may withdraw consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.

    Your Rights Under GDPR

    As a data subject, you have the following rights regarding your personal data:

    • Right of Access — Request a copy of the personal data we hold about you
    • Right to Rectification — Request correction of inaccurate or incomplete data
    • Right to Erasure — Request deletion of your personal data when no longer necessary
    • Right to Restrict Processing — Request that we limit how we use your data
    • Right to Data Portability — Receive your data in a structured, machine-readable format
    • Right to Object — Object to processing based on legitimate interests or direct marketing

    Data We Collect

    Aerol collects and processes the following categories of personal data: account information (name, email address, profile data from OAuth providers), usage data (feature usage, interaction logs), and source code data (temporarily processed for analysis, not retained). We do not collect sensitive personal data such as health information, biometric data, or financial account numbers.

    Data Protection Measures

    We implement appropriate technical and organizational measures to protect personal data, including AES-256-GCM encryption at rest, TLS encryption in transit, access controls with multi-factor authentication, regular security assessments, and employee security awareness training.

    Sub-processors

    We use carefully vetted third-party sub-processors to help deliver our services. A full list is available on our Sub-processors page. We ensure all sub-processors maintain appropriate data protection standards through contractual agreements.

    Data Transfers

    When personal data is transferred outside the European Economic Area, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) approved by the European Commission, or reliance on adequacy decisions where applicable.

    Data Retention

    We retain personal data only for as long as necessary to fulfill the purposes for which it was collected or as required by law. Source code submitted for analysis is processed in ephemeral environments and is not retained after the analysis is complete. Account data is retained for the duration of your account and deleted upon request or account closure.

    Data Protection Officer

    For GDPR inquiries or to exercise any of your rights, please contact our Privacy Officer:

    Email: privacy@aerol.ai
    Address: Penify Technologies LLC, 30 N Gould St, Ste R, Sheridan, WY 82801

    We will respond to all data subject requests within 30 days. If you are unsatisfied with our response, you have the right to lodge a complaint with your local data protection supervisory authority.

    Last updated: March 2026