Privacy Policy

Last updated: December 12, 2025

1. Introduction

AOS Marketplace ("AOS," "we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website and use our services.

2. Information We Collect

2.1 Personal Information

We may collect personal information that you voluntarily provide, including:

  • Name and email address
  • Account credentials
  • Payment information (processed securely through Stripe)
  • Business information (company name, role)
  • Communication preferences

2.2 Automatically Collected Information

When you access our Service, we may automatically collect:

  • Device and browser information
  • IP address and location data
  • Usage patterns and preferences
  • Cookies and similar tracking technologies

2.3 Seller Information

If you are a seller on our platform, we additionally collect:

  • Stripe Connect account information for payments
  • Agent files and configurations you upload
  • Sales and performance metrics

3. How We Use Your Information

We use the information we collect to:

  • Provide, operate, and maintain our services
  • Process transactions and send related information
  • Send administrative information, updates, and security alerts
  • Respond to inquiries and provide customer support
  • Analyze usage to improve our services
  • Detect, prevent, and address technical issues or fraud
  • Comply with legal obligations

4. BYOK Policy & API Keys

Bring Your Own Keys (BYOK)

AOS operates on a Bring Your Own Keys model. This means:

  • We do NOT store your API keys (OpenAI, Anthropic, Twilio, etc.)
  • API keys are entered directly into your automation platforms (Make.com, n8n, etc.)
  • Sellers never have access to buyer API keys
  • You maintain full control over your credentials at all times

5. Information Sharing

We may share your information in the following situations:

5.1 With Service Providers

We share information with third-party vendors who perform services on our behalf, including:

  • Stripe: Payment processing
  • Supabase: Database and authentication
  • Vercel: Hosting and deployment

5.2 Between Buyers and Sellers

When a purchase is made, limited information is shared between parties to facilitate the transaction and support (e.g., buyer email for support tickets).

5.3 Legal Requirements

We may disclose information if required by law or in response to valid legal requests.

6. Data Security

We implement appropriate technical and organizational security measures to protect your data:

  • Encryption of data in transit (HTTPS/TLS)
  • Secure password hashing
  • JWT-based authentication
  • Regular security audits
  • Access controls and monitoring

However, no method of transmission over the Internet is 100% secure. We cannot guarantee absolute security of your data.

7. Cookies & Tracking

We use cookies and similar technologies to:

  • Keep you logged in
  • Remember your preferences
  • Analyze site traffic and usage
  • Improve user experience

You can control cookies through your browser settings. Disabling cookies may affect certain features of our Service.

8. Analytics

We may use analytics and traffic measurement tools to understand how the site is used and to improve reliability. These tools may collect information such as pages viewed, device/browser type, and approximate location derived from IP address.

Note: this is not a consent/opt-in banner implementation. If you need a formal consent flow (e.g., EU/UK), contact privacy@aos-ai.com.

9. Your Rights

Depending on your location, you may have the right to:

  • Access the personal information we hold about you
  • Request correction of inaccurate data
  • Request deletion of your data
  • Object to or restrict processing of your data
  • Data portability
  • Withdraw consent at any time

To exercise these rights, contact us at privacy@aos-ai.com

10. Data Retention

We retain your personal information for as long as necessary to provide our services and fulfill the purposes outlined in this policy. When you delete your account, we will delete or anonymize your personal information within 30 days, except where retention is required by law.

11. International Transfers

Your information may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place to protect your data in accordance with this Privacy Policy.

12. Children's Privacy

Our Service is not intended for individuals under 18 years of age. We do not knowingly collect personal information from children. If we learn we have collected information from a child, we will delete it promptly.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new policy on this page and updating the "Last updated" date. Continued use of the Service after changes constitutes acceptance of the updated policy.

Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us: