Aexy
Get Started
Privacy

Privacy Policy

Last updated: April 2026

Notice: This is a starter privacy policy. Before relying on it for production, please have it reviewed by qualified legal counsel for your jurisdiction (GDPR, CCPA, DPDP Act, etc.).

Who we are

Aexy provides an open-source engineering operations platform. This policy explains what data we collect when you use our cloud product at aexy.io, how we use it, and the rights you have over it. If you self-host Aexy, this policy does not apply — you are the data controller.

What we collect

We collect three categories of data:

  • Account data — your name, email, profile photo, and authentication identifiers from your OAuth provider (Google, Microsoft, GitHub).
  • Workspace data — the content you and your team create in Aexy: sprints, tickets, performance reviews, CRM records, documents, and similar artifacts.
  • Connected-tool data — when you connect GitHub, Jira, Linear, Gmail, or Calendar, we sync the data needed for the features you enable, with the scopes you approve.
  • Usage and diagnostics — server logs, error reports, and product analytics (page views, feature usage) to operate and improve the service.

How we use it

  • To provide the features you sign up for.
  • To communicate about your account, billing, and important updates.
  • To diagnose problems, prevent abuse, and improve reliability.
  • To run AI features you enable. We do not train our models on your proprietary code or content without explicit opt-in.

Sub-processors

We use a small set of trusted vendors to operate the service — for cloud hosting, email delivery, error reporting, and AI inference (Anthropic, Google). We share only the minimum data each vendor needs and require them to handle it under appropriate data-processing terms. A current list is available on request to privacy@aexy.io.

Your rights

Depending on where you live, you may have the right to access, correct, export, or delete personal data we hold about you, and to object to certain processing. Email privacy@aexy.io and we will respond within 30 days.

Retention

We keep your data for as long as your account is active. If you delete a workspace, we remove its content within 30 days, except where we're required to retain something for legal or accounting reasons.

Security

Data is encrypted in transit (TLS) and at rest. Access to production systems is limited to a small set of staff and audited. See our security page for details.

Changes

We'll post material changes to this policy on this page and notify customers by email when appropriate.

Contact

Privacy questions: privacy@aexy.io.