Legal — AEHQ

Effective: February 13, 2026 · Last updated: February 15, 2026

1. Who We Are

AEHQ (“we,” “our,” or “us”) operates websites, mobile applications, and related services (collectively, the “Services”). For the purposes of the EU General Data Protection Regulation (GDPR), the UK GDPR, and the Digital Markets Act (DMA), AEHQ is the data controller responsible for your personal data.

Data Protection Contact: tobias@aehq.org

2. Information We Collect

We currently do not collect personal data through our Services by default. However, should our data practices evolve, the following categories may apply:

Information you provide: Name, email address, and any content you submit through contact or support forms
Automatically collected data: Device type, operating system, browser type, IP address, approximate location (country/region), access timestamps, referring URLs, and pages visited
Identifiers: Unique device identifiers, advertising identifiers (only with your consent), and session identifiers
Usage data: Feature interactions, crash reports, and diagnostic information necessary for service stability

We do not collect special categories of personal data (e.g., health data, biometric data, religious beliefs, or political opinions) unless explicitly required for a specific service feature and only with your explicit consent.

3. Financial Data We Collect

Certain AEHQ Services enable you to connect your financial accounts through Plaid Inc. (“Plaid”), a third-party financial data aggregation service. When you choose to link a financial account, the following data may be collected and processed:

Data collected via Plaid:

Account identifiers (account name, type, and masked account numbers)
Account balances (current and available balances)
Transaction history (date, amount, merchant name, category, and location where available)
Routing numbers and institution identifiers necessary for account verification
Account holder identity information as provided by your financial institution (name, address, email, phone number)

How this data is collected: When you initiate a financial account connection, you are redirected to Plaid’s secure interface (“Plaid Link”) where you authenticate directly with your financial institution. AEHQ does not have access to your banking credentials at any point. Plaid transmits the authorized data to AEHQ’s systems over encrypted channels.

What we do not collect: We never receive, store, or have access to your bank login credentials, passwords, PINs, or security questions. These are handled exclusively by Plaid and your financial institution.

4. Lawful Basis for Processing (GDPR Article 6)

Where we process personal data, we rely on the following lawful bases:

Consent (Art. 6(1)(a)): For optional analytics, interest based communications, and any non essential cookies or tracking technologies. You may withdraw consent at any time.
Contractual necessity (Art. 6(1)(b)): To provide the Services you have requested, including account creation and support.
Legitimate interests (Art. 6(1)(f)): For security monitoring, fraud prevention, service improvement, and ensuring network integrity. We conduct balancing tests to ensure our interests do not override your fundamental rights.
Legal obligation (Art. 6(1)(c)): To comply with applicable laws, regulations, or enforceable governmental requests.

5. How We Use Information

When personal data is collected, we use it to operate, maintain, and improve the Services; respond to support requests and communications; detect, prevent, and address technical issues and security threats; comply with legal obligations; and communicate with you about service updates (with your consent where required).

6. Interest Based Advertising & Personalization

We do not currently engage in interest based advertising or profiling. Should we introduce such features in the future, they will operate exclusively on an opt in basis and will be fully disclosed in an updated version of this policy. You will always be able to manage your preferences using the controls below.

Your Privacy Preferences

Manage how your data may be used across AEHQ Services. Essential functionality cannot be disabled as it is required for our Services to operate. All optional categories are off by default.

Essential / Strictly Necessary Required for core service functionality, security, and fraud prevention.

Analytics & Performance Helps us understand how you use our Services to improve them.

Interest Based Personalization Allows tailored content and recommendations based on your usage patterns.

Marketing Communications Receive product updates, feature announcements, and promotional content.

Preferences saved.

7. Cookies & Tracking Technologies

Our Services may use cookies and similar technologies. Strictly necessary cookies are used without consent as they are essential for service operation. All other cookies (analytics, functional, marketing) require your prior opt in consent and can be managed through the preference panel above or through your browser settings.

We honor Do Not Track (DNT) signals and Global Privacy Control (GPC) signals sent by your browser.

8. Data Sharing & Third Parties

We do not sell, rent, or trade your personal information. We may share data in the following limited circumstances:

Service providers: Trusted third parties who assist in operating our Services (e.g., hosting, analytics), bound by data processing agreements and confidentiality obligations, including financial data aggregation services (Plaid Inc.) that facilitate secure connections to your financial institutions, bound by data processing agreements requiring equivalent data protection standards
Legal requirements: When disclosure is required by law, regulation, legal process, or enforceable governmental request
Safety: To protect the rights, property, or safety of AEHQ, our users, or the public
Business transfers: In connection with a merger, acquisition, or sale of assets, with notice provided to affected users

We do not share data with gatekeeper platforms as defined under the EU Digital Markets Act (DMA) for the purpose of cross service profiling without your explicit, informed consent.

9. Financial Data Sharing and Plaid

Plaid as a data processor: AEHQ uses Plaid Inc. as a third-party service provider to facilitate financial account connections. Plaid processes your financial data on our behalf and in accordance with Plaid’s End User Privacy Policy. By connecting your financial account through Plaid, you acknowledge and agree to Plaid’s privacy practices as described in their policy.

How Plaid data is used: Financial data retrieved through Plaid is used exclusively to:

Display your account balances and transaction history within AEHQ Services
Provide financial insights, analytics, and aggregation features you have requested
Verify account ownership for account linking purposes
Improve the accuracy and functionality of financial features within the Services

How Plaid data is protected:

All financial data received from Plaid is encrypted at rest using AES-256 encryption
Data in transit between Plaid and AEHQ systems is protected using TLS 1.3
Access to financial data is restricted to authorized systems and personnel through role-based access controls with multi-factor authentication
Financial data is stored in isolated, access-controlled environments separate from other application data

Your control over financial data:

You may disconnect any linked financial account at any time through the AEHQ application settings
Upon disconnection, AEHQ will cease retrieving new data from that account
You may request deletion of all financial data associated with your account by contacting tobias@aehq.org
Deletion requests for financial data will be processed within 30 days

Plaid’s data practices: For detailed information about how Plaid collects, uses, and protects your data, please review Plaid’s End User Privacy Policy. Plaid’s collection and use of your personal information is governed by their own privacy policy, and AEHQ is not responsible for Plaid’s data practices.

10. International Data Transfers

Our Services are operated from the United States. If you are accessing our Services from the European Economic Area (EEA), United Kingdom, or Switzerland, your personal data may be transferred to the United States. Where such transfers occur, we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) approved by the European Commission, or reliance on an adequacy decision where applicable.

11. Data Retention

We retain personal data only as long as necessary to fulfill the purposes described in this policy. When data is no longer needed, it is securely deleted or anonymized. Specific retention periods vary by data type:

Account data: retained while your account is active, plus 30 days after deletion request
Support correspondence: retained for 24 months after resolution
Server logs: retained for a maximum of 90 days
Analytics data (if opted in): retained in aggregated, anonymized form
Financial account data (via Plaid): retained while your account connection is active, plus 90 days after disconnection. Transaction history: retained for 24 months or until deletion is requested, whichever is earlier

12. Your Rights

Depending on your jurisdiction, you have the following rights regarding your personal data. These rights apply under the GDPR, UK GDPR, CCPA/CPRA, and other applicable data protection laws:

Access (Art. 15 GDPR / CCPA §1798.100): Request a copy of the personal data we hold about you
Rectification (Art. 16 GDPR): Request correction of inaccurate or incomplete data
Erasure (Art. 17 GDPR / “Right to Delete”): Request deletion of your personal data, subject to legal retention requirements
Restriction (Art. 18 GDPR): Request that we limit processing of your data in certain circumstances
Portability (Art. 20 GDPR): Receive your data in a structured, commonly used, machine readable format
Objection (Art. 21 GDPR): Object to processing based on legitimate interests, including profiling
Withdraw consent: Where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing
Non discrimination (CCPA §1798.125): We will not discriminate against you for exercising your privacy rights

To exercise any of these rights, contact us at tobias@aehq.org. We will respond within 30 days (or as required by applicable law). We may request verification of your identity before fulfilling your request.

13. Digital Markets Act (DMA) Compliance

In compliance with Regulation (EU) 2022/1925 (the Digital Markets Act), AEHQ does not combine personal data collected through its Services with personal data from third party services without your explicit consent. We do not condition use of our Services on consent to data processing that is not strictly necessary for service provision. Where AEHQ’s Services interact with gatekeeper platforms, we ensure that data sharing complies with DMA obligations regarding interoperability and fair access.

14. Children’s Privacy

Our Services are not directed to children under the age of 16 (or the applicable minimum age in your jurisdiction). We do not knowingly collect personal information from children. If we become aware that we have collected personal data from a child without appropriate parental consent, we will take steps to delete that information promptly. If you believe a child has provided us with personal data, please contact us at tobias@aehq.org.

15. Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include encryption in transit and at rest, access controls, regular security assessments, and incident response procedures. However, no method of transmission or storage is completely secure, and we cannot guarantee absolute security.

Financial data is subject to additional security controls including field-level encryption, access logging, real-time anomaly detection, and segregated storage environments. Our financial data handling practices are reviewed periodically as part of our ongoing security program.

16. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated through our Services or via email (where we have your contact information) prior to the changes taking effect. The “Last updated” date at the top of this page reflects the most recent revision. Continued use of our Services after changes take effect constitutes acceptance of the revised policy.

17. Supervisory Authority

If you are located in the EEA or UK and believe that our processing of your personal data violates applicable data protection law, you have the right to lodge a complaint with your local supervisory authority. A list of EEA supervisory authorities is available at edpb.europa.eu.

18. Contact

For any questions, concerns, or requests regarding this Privacy Policy or your personal data, contact us at:

AEHQ
Email: tobias@aehq.org

Effective: February 13, 2026 · Last updated: February 13, 2026

1. Acceptance of Terms

By accessing or using any AEHQ application, website, API, or related service (collectively, the “Services”), you agree to be bound by these Terms of Service (“Terms”). If you do not agree to these Terms, you must not access or use the Services. If you are using the Services on behalf of an organization, you represent that you have authority to bind that organization to these Terms.

2. Eligibility

You must be at least 16 years of age (or the minimum age required in your jurisdiction) to use the Services. By using the Services, you represent and warrant that you meet this age requirement and have the legal capacity to enter into a binding agreement.

3. Account Responsibilities

Certain features of the Services may require account registration. You agree to provide accurate and complete information during registration, maintain the confidentiality of your account credentials, notify us immediately of any unauthorized access to your account, and accept responsibility for all activity that occurs under your account. We reserve the right to suspend or terminate accounts that violate these Terms.

4. Acceptable Use

You agree to use the Services only for lawful purposes and in compliance with all applicable laws and regulations. You may not use the Services to violate any applicable law, regulation, or third party right; distribute malware, viruses, or other harmful code; attempt to gain unauthorized access to any system, network, or account; engage in any activity that interferes with or disrupts the Services; reverse engineer, decompile, or disassemble any aspect of the Services; scrape, harvest, or collect data from the Services by automated means without our written consent; or impersonate any person or entity or misrepresent your affiliation.

5. Intellectual Property

All content, features, functionality, designs, code, trademarks, and other materials comprising the Services are owned by AEHQ or its licensors and are protected by intellectual property laws. You are granted a limited, non exclusive, non transferable, revocable license to access and use the Services for their intended purpose. You may not reproduce, distribute, modify, create derivative works of, publicly display, or otherwise exploit any part of the Services without our express written permission.

6. User Content

If you submit, upload, or transmit any content through the Services (“User Content”), you retain ownership of your content. By submitting User Content, you grant AEHQ a worldwide, non exclusive, royalty free license to use, process, and store your content solely as necessary to provide and improve the Services. You represent that you have all rights necessary to grant this license and that your content does not violate any law or third party right.

7. Third Party Services

The Services may contain links to or integrations with third party services, applications, or websites. AEHQ does not control and is not responsible for third party services. Your use of any third party service is subject to that service’s own terms and privacy policy. We encourage you to review those terms before engaging with third party services.

8. Service Availability & Modifications

We strive to maintain the availability of our Services but do not guarantee uninterrupted access. We may modify, suspend, or discontinue any aspect of the Services at any time, with or without notice. We will make reasonable efforts to notify users of material changes that affect their use of the Services.

9. Fees & Payments

Certain Services or features may require payment. All fees are stated at the time of purchase and are non refundable except as required by applicable law. We reserve the right to change our pricing with reasonable advance notice. If you are using a paid subscription, you are responsible for ensuring timely payment and may be subject to automatic renewal unless you cancel before the renewal date.

10. Disclaimers

THE SERVICES ARE PROVIDED “AS IS” AND “AS AVAILABLE” WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE, AND NON INFRINGEMENT. WE DO NOT WARRANT THAT THE SERVICES WILL BE UNINTERRUPTED, SECURE, ERROR FREE, OR FREE OF VIRUSES OR OTHER HARMFUL COMPONENTS. YOUR USE OF THE SERVICES IS AT YOUR OWN RISK.

11. Limitation of Liability

TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, IN NO EVENT SHALL AEHQ, ITS OFFICERS, DIRECTORS, EMPLOYEES, OR AGENTS BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, OR PUNITIVE DAMAGES, INCLUDING BUT NOT LIMITED TO LOSS OF PROFITS, DATA, USE, OR GOODWILL, ARISING OUT OF OR RELATED TO YOUR USE OF OR INABILITY TO USE THE SERVICES, WHETHER BASED ON WARRANTY, CONTRACT, TORT (INCLUDING NEGLIGENCE), STATUTE, OR ANY OTHER LEGAL THEORY, EVEN IF WE HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

OUR TOTAL AGGREGATE LIABILITY FOR ALL CLAIMS ARISING FROM OR RELATED TO THE SERVICES SHALL NOT EXCEED THE GREATER OF (A) THE AMOUNT YOU PAID TO AEHQ IN THE TWELVE (12) MONTHS PRECEDING THE CLAIM, OR (B) ONE HUNDRED U.S. DOLLARS ($100).

12. Indemnification

You agree to indemnify, defend, and hold harmless AEHQ and its affiliates, officers, directors, employees, and agents from and against any claims, liabilities, damages, losses, costs, and expenses (including reasonable attorneys’ fees) arising out of or related to your use of the Services, your violation of these Terms, or your violation of any third party right.

13. Termination

We may suspend or terminate your access to the Services at any time, for any reason, with or without notice. You may terminate your use of the Services at any time by ceasing to use them and, if applicable, deleting your account. Upon termination, your right to use the Services ceases immediately. Sections that by their nature should survive termination (including but not limited to intellectual property, disclaimers, limitation of liability, and indemnification) will survive.

14. Dispute Resolution

Any dispute arising out of or related to these Terms or the Services shall first be addressed through good faith negotiation. If the dispute cannot be resolved informally within 30 days, it shall be resolved through binding arbitration administered by a mutually agreed upon arbitration provider, except that either party may seek injunctive or equitable relief in any court of competent jurisdiction. Nothing in this section shall prevent you from bringing issues to the attention of applicable regulatory authorities, or from exercising rights that cannot be waived under applicable law.

15. Governing Law

These Terms are governed by and construed in accordance with the laws of the State of Washington, United States, without regard to conflict of law principles. For users in the European Union, nothing in these Terms affects your rights under mandatory consumer protection laws in your country of residence.

16. Modifications to Terms

We reserve the right to modify these Terms at any time. We will provide notice of material changes through the Services or via email at least 30 days before the changes take effect. Your continued use of the Services after the revised Terms take effect constitutes your acceptance of the changes. If you do not agree to the revised Terms, you must stop using the Services.

17. General Provisions

If any provision of these Terms is found to be unenforceable, the remaining provisions will continue in full force and effect. Our failure to enforce any right or provision of these Terms will not constitute a waiver of that right or provision. These Terms, together with the Privacy Policy, constitute the entire agreement between you and AEHQ regarding the Services and supersede all prior agreements.

18. Contact

For questions about these Terms of Service, contact us at:

AEHQ
Email: tobias@aehq.org