Log inBook a demo
legal · privacy policy

Privacy policy

Last updated · 2026-04-12 · v3.2

This privacy policy describes how Aleq, Inc. ("Aleq", "we", "us") collects, uses, and protects information when you use our products and services. This policy applies to aleq.com and the Aleq application.

What we collect

We collect three categories of data:

  • Customer financial data — your accounting ledger, bank feeds, customer + vendor records, contracts, and related materials you authorize Aleq to access. This is required for Aleq to function as your AI CFO.
  • Account data — name, email, role, company, billing details. Used for authentication and billing.
  • Usage data — actions taken in the product, error reports, performance metrics. Used to improve reliability and to debug.

How we use it

Customer financial data is used solely to operate Aleq for that customer's account. We do not use customer financial data to train shared models, generate marketing assets, or share with any third party except as required by law or to operate the service (e.g., sending an email through SES on your behalf).

Per-tenant isolation

Each customer's data is stored in a per-tenant database with a per-tenant encryption key. Aleq runtime processes are isolated per tenant. There are no cross-tenant queries, no shared embeddings, and no shared model fine-tunes.

Data residency

By default, US customers are hosted in AWS us-west-2 and us-east-1. EU customers are hosted in eu-central-1. AU customers are hosted in ap-southeast-2. Data does not cross regions without explicit contractual agreement.

Subprocessors

We use the following subprocessors to operate Aleq. Each is bound by a Data Processing Agreement that meets or exceeds GDPR and CCPA requirements:

  • Amazon Web Services — infrastructure, storage, encryption
  • Anthropic, OpenAI — language model inference (zero-retention agreements in place)
  • Bland.ai — telephony for outbound voice (where customer enables)
  • ElevenLabs — voice synthesis (where customer enables)
  • Deepgram — speech-to-text (where customer enables)
  • Stripe — billing and metering
  • Drata — compliance monitoring
  • Postmark, AWS SES — transactional email

The current list of subprocessors is also published at aleq.com/subprocessors and updated 30 days before any change.

Your rights

You have the right to access, correct, export, or delete your data. Customer admins can do most of this self-serve in the product. To exercise rights you can't perform yourself, contact privacy@aleq.com and we will respond within 30 days.

Retention

While your account is active, we retain your data indefinitely so the service can function. After account closure, we retain data for 90 days (for backup and recovery) and then permanently delete it. You can request immediate deletion in writing.

Contact

Questions, complaints, or rights requests: privacy@aleq.com

Aleq, Inc. · Delaware corporation · principal place of business in San Francisco, CA