§ LEGAL — PRIVACY POLICY
Your data. Your control.
This policy explains what personal data AETHER collects when you visit this site or correspond with us, what we do with it, how long we keep it, and the rights you have to control it. Last updated 2026-06-03.
1. Who we are
AETHER is operated by AETHER Ecosystem and its affiliated legal entities (together, "AETHER", "we", "us"). For the purposes of the GDPR and the UK GDPR, the AETHER entity established in your region is the controller of your personal data when you interact with this site or our APIs.
2. What we collect
- Contact data you give us. Name, work email, organization, role, country, and the message you submit through the contact or sandbox-request forms.
- Operational data from sandbox & production use. API keys, request logs, IP addresses, transaction metadata. We do not store the underlying biometric templates — those remain sealed inside the user's device or HSM.
- Site analytics. Anonymised, aggregated page-view counts. We do not run third-party advertising or behavioural trackers on this site.
- Cookies. Strictly necessary cookies only. No marketing or profiling cookies are set.
3. Why we process it
- Communication
- To respond to your enquiry, provision sandbox credentials, and follow up with appropriate technical and commercial context. Legal basis: legitimate interest and / or pre-contractual steps at your request.
- Service operation
- To operate, secure and improve the AETHER network for institutional customers. Legal basis: contract and legitimate interest.
- Legal & regulatory
- To meet our obligations to financial regulators, tax authorities and other competent bodies. Legal basis: legal obligation.
- Security
- To detect abuse, fraud and unauthorised access. Legal basis: legitimate interest.
4. How long we keep it
Contact-form submissions are retained for up to 24 months from the date of the last meaningful interaction. Operational logs are retained for the periods required by applicable financial regulation and audit standards. We delete or anonymise personal data as soon as it is no longer required for the purpose for which it was collected.
5. Who we share it with
We do not sell personal data. We disclose personal data only to:
- Service providers who help us operate the site and the network (hosting, email, security monitoring), bound by data-processing agreements.
- Regulators, courts and law-enforcement bodies where we are required to do so by law.
- Parties to a corporate transaction (merger, acquisition, restructuring), under confidentiality.
6. International transfers
Where data is transferred outside the EEA, the UK or another protected jurisdiction, we rely on Standard Contractual Clauses, the UK IDTA, or equivalent legal mechanisms, supplemented by technical controls including encryption in transit and at rest.
7. Your rights
Subject to applicable law, you may request access to, rectification of, deletion of, or restriction on the processing of your personal data, and you may object to processing or withdraw consent where it was the legal basis. You may also lodge a complaint with the data-protection authority in your jurisdiction.
8. Contact
Privacy enquiries: please use the contact form on the home page and select "Compliance / Risk" in the role field. We respond within 30 days as required by the GDPR.