Back

Privacy Policy

Last updated: April 2026

1. Introduction

Ardaven ("we", "our", or "company") respects your privacy and is committed to protecting your personal data. This policy explains how we collect, use, and protect your information when you visit our website and use our AI agent platform.

2. Data We Collect

  • Account data: name, email, company name, and workspace details you provide at signup.
  • Content data: documents, instructions, and configuration you upload to a bot's knowledge base, and the system prompts you author.
  • Conversation data: messages exchanged between the bot and end users, including model responses, tool-call traces, and audit metadata (model used, tokens, latency).
  • Usage data: which pages you visit on this website and how you interact with the dashboard.
  • Technical data: IP address, browser type, operating system, and device information.
  • Billing data: subscription status and billing details, processed by our payment partner.

3. How We Use Your Data

  • Provide the platform and run the bots you configure.
  • Ground bot responses in the knowledge base you upload and the connectors you enable.
  • Process LLM inference requests (prompts are sent to your chosen model provider via OpenRouter).
  • Keep an audit log of every bot response for EU AI Act transparency and human oversight.
  • Communicate service updates and respond to support requests.
  • Comply with legal and regulatory obligations.

4. Legal Basis for Processing

  • Contract performance: when necessary to deliver the platform.
  • Consent: when you have explicitly consented, e.g. to marketing communications.
  • Legitimate interest: for security, fraud prevention, and product improvement.
  • Legal obligation: when required by law.

5. Sub-processors and Data Sharing

We do not sell your personal data. We share data with the following sub-processors, all bound by a DPA and aligned with our GDPR commitments:

  • Railway — hosting and infrastructure (EU region).
  • Plausible Analytics — cookieless, self-hosted website analytics (EU).
  • Resend — transactional email delivery.
  • OpenRouter — LLM inference, which in turn calls OpenAI, Anthropic, Google Gemini, or another provider you select per bot.

We may also disclose data to legal authorities when required by law.

6. Storage and Security

Your data is processed and stored within the European Union. We implement encryption at rest and in transit, strict access controls, and regular security audits. LLM inference requests may transit the model provider's region as part of delivering a response; under our agreements, model providers do not retain your data for training.

7. Your Rights

Under the GDPR you have the right to access, rectify, erase, restrict, port, or object to the processing of your personal data. We expose two self-service endpoints on the platform:

  • Data export: request a structured copy of your data (Art. 15).
  • Deletion: request erasure of your data (Art. 17).

Consent events are recorded in an append-only log. To exercise any right, contact gm@layerx.xyz.

8. Data Retention

We retain your data only as long as necessary. Each workspace has a configurable retention period for conversation logs (3 months, 12 months, or custom, depending on plan). Account data is kept while your subscription is active and deleted 30 days after cancellation, unless longer retention is legally required.

9. Changes to This Policy

We may update this policy from time to time. Material changes will be communicated by email; the "Last updated" date reflects the most recent revision.

10. Contact

Questions about this policy or your data: gm@layerx.xyz.