Legal

Data Processing Agreement

Last updated: May 11, 2026

What this is

When you use Aerys Software, you're trusting us with data about your business, your customers, and your operations. This Data Processing Agreement explains how we handle that data on your behalf — who can access it, where it lives, and what we do with it.

Roles

You (the Aerys customer) are the data controller. We (Aerys Software) are the data processor. We process your data on your instructions to deliver the services you signed up for.

What we process

• Your customers' contact information (names, phone numbers, email addresses)
• Estimates, invoices, and job records you create in Aerys
• Communications (emails sent through us, SMS messages, AI conversations)
• Operational data (crew schedules, payments, reviews)

Sub-processors

To deliver our services we use these sub-processors:

• Stripe (payments) — SOC 2, PCI DSS Level 1
• Twilio (SMS) — SOC 2, ISO 27001
• Resend (transactional email) — SOC 2
• Vercel (hosting) — SOC 2
• Anthropic (AI processing for advisor + Operator AI) — SOC 2
• Google Cloud / AWS (database hosting) — depending on service
• Smartlead, Hunter, Serper (only if you subscribe to Cold Email System)

If we add or change a sub-processor, we'll update this list and notify customers in advance.

Security

We use industry-standard security practices: encrypted connections (HTTPS), encrypted data at rest, access controls, and audit logging. Customer data is logically separated. We do not access customer data except as needed to operate the service or troubleshoot issues you report.

Data location

Data is stored in the United States. If you require EU-only storage, contact us — we can accommodate on the enterprise plan.

Data retention and deletion

We retain your data for the duration of your subscription. If you cancel, we keep your data for 90 days in case you reactivate, then it's deleted. You can request earlier deletion by email.

Data subject requests

If one of your customers (the data subject) requests access to, correction of, or deletion of their data, you can fulfill that request from your Aerys dashboard. If you need our help, email cj@aeryssoftware.com and we'll respond within 5 business days.

Breach notification

If we have a security incident that affects your data, we'll notify you within 72 hours of becoming aware.

End of contract

When your subscription ends, we'll export your data on request (CSV or JSON) within 30 days. After 90 days, your data is permanently deleted unless legal retention requirements apply.

Terms of Service  ·  Privacy Policy