Privacy Policy

Final Phase Solutions, Inc. ("Final Phase Solutions," "we," "our," or "us") operates AetherFlow, an enterprise ECM (Enterprise Content Management) migration platform. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website at aetherflow.app or use the AetherFlow platform.

By accessing or using AetherFlow, you agree to the collection and use of information in accordance with this policy. If you do not agree with the terms of this policy, please do not access the site or platform.

This policy covers information we collect from:

• Visitors to our marketing website
• Users who create an AetherFlow account
• Administrators who configure and run migration workflows
• Enterprise customers and their authorized personnel

Account & Registration Information

When you create an AetherFlow account, we collect:

• Full name and email address
• Company name and job title
• Password (stored as a bcrypt hash — never in plaintext)
• Billing information (processed and stored by Stripe; we do not store raw card data)
• Subscription plan selection and trial start date

Usage & Platform Activity

When you use the AetherFlow platform, we automatically collect:

• Migration job configuration, run history, and completion status
• Connector configuration metadata (credentials are encrypted at rest)
• API requests and response codes (for debugging and reliability)
• Feature usage patterns to improve product experience
• Error logs and crash reports
• IP address, browser type, and operating system
• Session duration and navigation paths within the platform

Customer Migration Data

AetherFlow processes content and metadata from your source and target ECM systems to perform migrations. This data is processed in-transit according to your configured workflows. We do not read, analyze, index, or use your business content for any purpose beyond executing your migration jobs. Customer data is never used to train AI/ML models or sold to third parties.

Communications

If you contact us via email, support tickets, or our contact form, we retain those communications to resolve your inquiry and improve our support.

AetherFlow takes the security of your data seriously. We implement industry-standard technical and organizational safeguards:

Infrastructure

• All data is stored in Supabase (PostgreSQL), hosted on AWS infrastructure in the United States
• Data is encrypted at rest using AES-256 encryption
• All data in transit is protected with TLS 1.2 or higher
• Connector credentials and API keys are encrypted using envelope encryption before storage
• Production databases are access-restricted to authorized engineering staff only

Access Controls

• Role-based access control (RBAC) within the platform and internally
• Multi-factor authentication required for all internal production access
• Regular access reviews and least-privilege principles
• Automated threat detection and anomaly alerting

Incident Response

In the event of a data breach that affects your personal data, we will notify affected customers within 72 hours of becoming aware of the breach, as required by applicable law. Notification will include the nature of the breach, data affected, and remediation steps taken.

We use the following third-party services to operate AetherFlow. Each service has its own privacy policy and data processing terms:

We do not sell, rent, or trade your personal information to third parties for their marketing purposes. We may share aggregated, anonymized usage statistics that do not identify individual users.

We may disclose your information if required to do so by law, court order, or in response to a valid government request — and will notify you of such requests to the extent permitted by law.

We use cookies and similar tracking technologies to operate and improve AetherFlow. Here is what we use:

Essential Cookies

These are required for the platform to function. They maintain your session, authentication state, and security tokens. You cannot opt out of these without losing access to authenticated features.

Preference Cookies

These remember your settings such as UI preferences and notification configuration. Stored locally and not shared with third parties.

Analytics Cookies

We use first-party analytics to understand how the platform is used — which features are most utilized, where users encounter friction, and where we should invest engineering effort. This data is aggregated and does not identify individual users.

Managing Cookies

You can control cookies through your browser settings. Note that disabling essential cookies will prevent you from logging into AetherFlow. We do not respond to Do Not Track (DNT) browser signals at this time, as there is no consistent industry standard for DNT compliance.

Regardless of where you are located, you have the following rights with respect to your personal data:

To exercise any of these rights, contact us at privacy@aetherflow.app. We will respond within 30 days.

GDPR (European Union)

If you are located in the European Economic Area (EEA), the United Kingdom, or Switzerland, we process your personal data under the following legal bases:

• Contract performance — to provide the AetherFlow service you subscribed to
• Legitimate interests — to operate, improve, and secure our platform
• Legal obligation — to comply with applicable law
• Consent — for marketing communications (you may withdraw consent at any time)

For customers in the EEA, we act as a data processor for your migration content and a data controller for your account data. We offer Data Processing Agreements (DPAs) for Enterprise customers. Contact privacy@aetherflow.app to request a DPA.

Data transfers outside the EEA are covered by Standard Contractual Clauses (SCCs) with our infrastructure providers.

CCPA (California)

If you are a California resident, you have the following additional rights under the California Consumer Privacy Act:

• Right to know what personal information we collect, use, and disclose
• Right to delete personal information (subject to certain exceptions)
• Right to opt out of the sale of personal information — note: we do not sell personal information
• Right to non-discrimination for exercising your privacy rights

To submit a CCPA request, email privacy@aetherflow.app with the subject line "CCPA Request." We will verify your identity and respond within 45 days.

We retain your data for as long as necessary to provide the AetherFlow service and comply with our legal obligations:

Customer migration content (documents, metadata processed during migration) is not retained by AetherFlow beyond what is needed for the active migration job. It flows through our infrastructure to your target system and is not stored long-term.

AetherFlow is an enterprise B2B platform not directed at individuals under the age of 18. We do not knowingly collect personal information from children. If you believe we have inadvertently collected such information, please contact us at privacy@aetherflow.app and we will delete it promptly.

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:

• Post the updated policy on this page with a new "Last Updated" date
• Send an email notification to registered users at least 30 days before changes take effect
• Display an in-app banner for changes that significantly affect your rights

Your continued use of AetherFlow after the effective date of any changes constitutes your acceptance of the revised policy. If you disagree with the changes, you may close your account before the effective date.

If you have questions, concerns, or requests regarding this Privacy Policy or your personal data, please reach out:

We aim to respond to all privacy inquiries within 5 business days and resolve them within 30 days.

You also have the right to lodge a complaint with your local data protection authority if you believe we have not handled your data appropriately.