Privacy Policy

Aevrum is an operational intelligence platform provided by Black Line Ops LLC (“Aevrum,” “we,” “us”). Aevrum helps businesses upload operational data and view dashboards, AI assistants, and recommendations grounded in that data.

Contact for privacy matters: privacy@blacklineops.ai

Account data (you provide)

• Your email address and chosen full name
• Your organization name, industry, and business type
• Authentication credentials (password hash; we never store the raw password)

Operational data (you upload)

• CSV files, webhook payloads, and integration data you connect
• Recommendations, dashboards, and configuration you create
• Notification preferences and scheduled-report settings

Automatically collected

• IP address and user-agent (recorded in the audit log)
• Page-view and feature-use telemetry (aggregated, not sold)
• Service worker / PWA install events (when applicable)

• To deliver Aevrum’s core features (dashboards, Kirk AI, recommendations, alerts, scheduled reports)
• To send service email (invites, alerts, weekly digest, scheduled reports — controllable per-user under Settings → Notifications)
• To maintain a security audit trail of who did what and when
• To improve the product based on aggregate usage patterns — we do not sell or rent your data, and we do not use it to train external models

When you use Kirk (Q&A) or the AI custom-widget generator, the request plus a structured summary of your organization’s data is sent to Anthropic’s Claude API. Anthropic does not train on customer API traffic.

• You can disable real AI globally (Settings → AI → Provider) — Aevrum falls back to a deterministic mock that runs entirely on our servers
• Per-user and per-organization daily rate limits prevent runaway use
• Obvious PII (email addresses, phone numbers, API keys) is redacted from prompts before they leave our servers
• Operator-typed values are sanitized and isolated inside untrusted-data delimiters so prompt-injection payloads cannot pivot to other organizations’ data

We use the following subprocessors to deliver Aevrum. We notify customers in advance of any addition or change.

• Supabase — Postgres database, authentication, file storage (us-east-1)
• Vercel — Application hosting and edge network (United States)
• Anthropic — Claude API for Kirk + custom widget generation (United States)
• Resend — Transactional email delivery (United States)

We do not sell personal data. We share data with subprocessors only as necessary to deliver the service, under written DPAs binding them to equivalent protections.

All data sits in United States regions today. Customers based in the EU/UK who require regional residency can contact us — we evaluate Supabase EU regions on a per-customer basis.

We retain operational data for as long as your account is active. On account deletion, we remove your data within 30 days. Backups roll off within 90 days of deletion. The audit log retains who-did-what records for compliance purposes (default 90 days; configurable per plan).

You have the right to:

• Access the personal data we hold about you
• Correct inaccurate or incomplete data
• Delete your account and all personal data we hold about you
• Export your organization’s data in a portable format (Settings → Data Export)
• Object to processing or restrict it
• Lodge a complaint with a supervisory authority

Request handling lives under Settings → Data Subject Requests (DSR). Direct requests can also go to privacy@blacklineops.ai.

Encryption in transit (TLS 1.2+) and at rest (AES-256). Row-Level Security enforced at the database for every table. Strict role model inside each organization (Owner / Admin / Analyst / Viewer). Every privileged action recorded in the audit log. Full security overview at aevrum.vercel.app/trust.

Aevrum is built for business users and is not directed to children under 13 (or under 16 in the EU/UK). We do not knowingly collect data from children.

We’ll post material changes here and notify account owners by email before they take effect. The “Effective” date at the top indicates when the current version became active.

Black Line Ops LLC
privacy@blacklineops.ai · security@blacklineops.ai