1. Introduction
Liberato Aguilar Business Software LLC d/b/a Aguilabs ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website (aguilabs.com), use the Aguilabs client dashboard, or interact with any Aguilabs-powered application.
2. Information We Collect
Account Information
When you create an account or are invited as a client, we collect:
- Name, email address, and company/organization name
- Account credentials (passwords are hashed and never stored in plain text)
- Legal consent records (timestamps for Terms of Service, Privacy Policy, and EULA acceptance)
Payment Information
Billing details (card number, expiration, billing address) are collected and processed by Stripe. We do not store your full payment card details on our servers. We retain transaction records, invoice history, and subscription status.
Dashboard Data
When you use the Aguilabs client dashboard, we collect and store:
- Project communications and messages between you and our team
- Files, images, and assets you upload
- Feature requests and project specifications
- Invoice and payment history
Usage and Analytics Data
We automatically collect:
- IP address and approximate location
- Browser type, operating system, and device information
- Pages visited, time spent, and interaction patterns
- Referring URLs and search terms
3. Aguilabs Network Data
Aguilabs operates a shared authentication system called the Aguilabs Network. When you create an account on any Aguilabs-powered application:
- Shared identity: Your email address and authentication identity are shared across all Aguilabs-powered applications to enable single sign-on.
- Isolated business data: All business data (project files, messages, invoices, customer records) is strictly isolated per tenant using database-level row security policies. No business can access another business's data.
- Dedicated auth option: Pro and Enterprise plans may use dedicated authentication infrastructure, fully separating their auth namespace from the shared network.
4. Data We Process on Behalf of Clients
When you are an Aguilabs client, some data we handle is data you collect from your own customers and end users — for example, names, phone numbers, WhatsApp or in-app messages, or payment records flowing through an application we host for you. For that data you are the data controller and Aguilabs acts as your data processor: we process it only to provide the services and on your instructions. This processing may also be governed by a separate Data Processing Agreement (aguilabs.com/dpa).
5. How We Use Your Information
We use the information we collect to:
- Provide, operate, and maintain your subscription services and hosted applications
- Process payments and manage your billing
- Communicate with you about your projects, account, and support requests
- Send transactional emails (invoices, password resets, project updates)
- Improve our website, dashboard, and services
- Comply with legal obligations and enforce our Terms of Service
6. Third-Party Processors
We rely on third-party subprocessors to operate our platform, including providers of database/authentication, payment processing, cloud hosting, AI inference, and email delivery. A current, named list is maintained at aguilabs.com/subprocessors. Each processor operates under its own privacy terms and data-processing agreements, and we share only the minimum data necessary for each to function.
7. AI and Automated Processing
Aguilabs builds and operates software that uses artificial intelligence and automated processing, including large language models and AI agents. Where AI features are part of your application or our services:
- Providers. AI processing may be performed by Anthropic, OpenAI, Google, and Amazon Web Services (Bedrock). For some Enterprise deployments, AI processing runs within a designated region or within your own cloud account to meet data-residency requirements.
- No training on your data. We do not permit these providers to use your business data, your end users' data, or your project content to train their models. We use API or enterprise service tiers configured for zero or limited data retention wherever available.
- Accuracy and human oversight. AI-generated outputs (for example, route suggestions, estimated arrival times, summaries, or drafted messages) may be incomplete or incorrect. Where AI supports operational decisions, our systems are designed to keep a human in the loop. You should not rely on AI output as the sole basis for a decision with legal, financial, or safety consequences.
8. International Data Transfers
Aguilabs is based in the United States and serves clients on both sides of the US–Mexico border. Your information, and information about your end users, may be transferred to, stored in, and processed in the United States and other countries where our subprocessors operate. Where we process personal data originating in Mexico, we handle it consistent with applicable Mexican data-protection law. For Enterprise clients with data-residency requirements, we can deploy within a designated cloud region or within your own cloud account.
9. Marketing Communications
If you subscribe to Aguilabs Signal or other marketing emails, we process your email address through our newsletter provider (Beehiiv) to send those communications. Marketing emails are separate from transactional emails such as invoices and account notices. You can unsubscribe from marketing emails at any time via the link in each message; unsubscribing does not affect transactional emails required to operate your account.
10. Data Sharing and Disclosure
We may share your information in the following situations:
- With the third-party processors listed above, as necessary to provide our services
- When required by law, subpoena, or other legal process
- To protect our rights, safety, or property, or those of our users
- With your explicit consent or at your direction
We do not sell your personal information to third parties. We do not use your data for advertising or share it with ad networks.
11. Data Security
We implement industry-standard security measures to protect your data:
- Row-level security: All tenant data is isolated at the database level via enforced row security policies
- Encryption in transit: All data transmitted between your browser and our servers is encrypted using TLS
- Encryption at rest: Database data is encrypted at rest via our managed cloud infrastructure
- Access controls: Internal access to production data is restricted and audited
- Breach notification: If we become aware of a data breach affecting your personal data or that of your end users, we will notify you without undue delay and provide the information you reasonably need to meet your own notification obligations
However, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security.
12. Data Retention
We retain your account and business data while your subscription is active. After cancellation, your hosted application is taken offline at the end of your billing period, and we retain associated data for up to 90 days to allow for reactivation, source release, or export, after which it is deleted from active systems. Backups are purged on a rolling 7-day cycle. We retain limited records (invoices, consent logs) longer where required for legal, tax, or accounting purposes.
13. Your Rights
Depending on your location, you may have the following rights regarding your personal information:
- Access: Request a copy of the personal data we hold about you
- Correction: Request that we correct inaccurate or incomplete information
- Deletion: Request that we delete your personal information (subject to legal retention requirements)
- Portability: Request a copy of your data in a structured, machine-readable format
To exercise any of these rights, contact us at [email protected]. We will respond within 30 days.
14. Cookies
We use cookies and similar technologies for authentication, session management, and analytics. Essential cookies are required for the dashboard to function. Analytics cookies help us understand how users interact with our website. You can instruct your browser to refuse non-essential cookies, though this may affect some functionality.
15. Children's Privacy
Our services are not intended for individuals under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that we have collected personal information from a child under 13, we will take steps to delete such information promptly.
16. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the "Last updated" date. For significant changes, we may also notify you via email or dashboard notification. Continued use of our services after changes are posted constitutes acceptance of the updated policy.
17. Contact Us
If you have any questions about this Privacy Policy, please contact us:
- Email: [email protected]
- Liberato Aguilar Business Software LLC, El Paso, TX, USA