📅 Effective Date: May 24, 2026 | This policy applies to aircomply.com and all AirComply products and services.
1. Overview
AirComply Inc. ("AirComply," "we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered air permit compliance platform, including our website at aircomply.com and our web application.
AirComply is a B2B SaaS platform designed for environmental compliance professionals, EHS managers, environmental consultants, and air quality specialists. We understand that the data you entrust to us including air permits, facility information, and compliance records is sensitive and proprietary. We treat it accordingly.
By accessing or using AirComply, you agree to the collection and use of information as described in this policy. If you do not agree, please do not use our services.
Plain English Summary: We collect the information needed to run the service. We use your permit data only to provide compliance analysis to you. We never sell your data. We never use your permit documents to train AI models. Your data is isolated from other customers.
2.1 Account Information
When you register for AirComply, we collect:
- Full name and email address
- Company or organization name
- Job title and role
- Password (stored as a bcrypt hash never in plain text)
- Phone number (if provided)
- Billing information (processed by Stripe we do not store payment card details)
2.2 Facility & Permit Data
In the course of using AirComply, you may upload and create:
- Facility information (name, address, permit numbers, facility type)
- Air permit documents (PDF files and extracted text)
- Compliance tasks and deadlines
- Knowledge base documents (regulations, guidance documents, templates)
- AI chat conversation history
- Emissions data and monitoring records
- Document generation requests and outputs
This data is used exclusively to provide the AirComply service to your organization. It is not shared with other customers, used for marketing, or sold to third parties.
2.3 Usage & Technical Data
We automatically collect certain technical information when you use AirComply:
- IP address and general geographic location (country/state level)
- Browser type and version
- Operating system
- Pages visited and features used within the application
- Date and time of access
- Error logs and crash reports
- API request logs (for security and debugging purposes)
2.4 Communications Data
If you contact us via email, contact form, or other channels, we retain:
- Your contact information
- The content of your communications
- Our responses to you
3. How We Use Your Information
We use the information we collect for the following purposes:
3.1 Providing the Service
- Creating and managing your account
- Processing permit documents and generating AI analysis
- Creating and tracking compliance tasks
- Powering the AI compliance chat assistant
- Generating compliance documents and reports
- Sending deadline reminders and compliance notifications
3.2 Improving the Service
- Analyzing usage patterns to improve product features
- Diagnosing technical problems and bugs
- Developing new features based on user needs
- Improving the accuracy and reliability of AI analysis
Important: We improve our AI models using aggregated, anonymized usage patterns NOT your permit documents or compliance data. Your specific facility data is never used to train AI models.
3.3 Communications
- Sending transactional emails (account confirmations, password resets)
- Compliance deadline reminders you have configured
- Product updates and new feature announcements (you may opt out)
- Responding to your support requests
- Sending invoices and billing notifications
3.4 Legal & Security
- Detecting and preventing fraud, abuse, and security incidents
- Complying with applicable laws and regulations
- Enforcing our Terms of Service
- Protecting the rights, property, and safety of AirComply, our users, and the public
4. AI Processing & Anthropic
AirComply uses Anthropic's Claude AI to analyze permit documents, power the compliance chat assistant, and generate compliance documents. This section explains exactly how your data is handled during AI processing.
4.1 How AI Processing Works
- When you upload a permit document, the text is extracted and sent to Anthropic's Claude API for analysis
- When you use the AI chat, your messages and relevant permit context are sent to Claude API
- Anthropic processes this data to generate responses and analysis
- The results are returned to AirComply and stored in your account
4.2 Zero Data Retention by Anthropic
We use Anthropic's enterprise API, which operates under a zero data retention policy. This means:
- Anthropic does not store your permit documents after processing
- Your data is not used by Anthropic to train their AI models
- Each API request is processed independently and discarded
- Anthropic maintains strict enterprise data handling policies
4.3 What We Send to Anthropic
We send only the minimum data necessary for AI processing:
- Extracted text from permit documents (not the original PDF file)
- Your chat messages and relevant permit context
- Facility information needed for contextual analysis
We do not send: your account credentials, payment information, or any data not directly needed for the AI analysis.
5. Third-Party Service Providers
We work with the following third-party service providers to deliver AirComply. Each provider has been selected for their security and privacy standards:
5.1 Infrastructure & Hosting
- Cloud Infrastructure Provider: SOC 2 Type II certified. Hosts our application servers, database, and file storage. All data stored in US-based data centers.
- Content Delivery: Used to serve our marketing website efficiently.
5.2 AI Processing
- Anthropic (Claude API): Processes permit documents and powers AI features. Enterprise API with zero data retention policy. Subject to Anthropic's privacy policy at anthropic.com/privacy.
5.3 Payments
- Stripe: Processes all payment transactions. AirComply never stores credit card numbers or payment details. Stripe is PCI DSS Level 1 compliant. Subject to Stripe's privacy policy at stripe.com/privacy.
5.4 Email Communications
- Email Service Provider: Used to send transactional emails, deadline reminders, and product communications. Only your email address and communication content are shared.
5.5 Contact Forms
- Formspree: Used to process demo request and contact form submissions on our marketing website. Subject to Formspree's privacy policy.
We do not sell your personal information to any third party. We do not share your data with third parties for marketing purposes.
6. Data Storage & Security
6.1 Where Your Data Is Stored
All AirComply customer data is stored in the United States. We do not transfer personal data outside the United States.
6.2 Data Isolation
Your organization's data is completely isolated from other AirComply customers. Every database query is filtered by your unique organization ID. It is architecturally impossible for one customer to access another customer's data.
6.3 Security Measures
- All data in transit encrypted with TLS 1.3
- Passwords hashed with bcrypt (never stored in plain text)
- Authentication via JWT tokens with automatic expiry
- SOC 2 Type II certified infrastructure
- DDoS protection at the network level
- Automated database backups
- Role-based access controls within your organization
For full details of our security practices, see our Security page.
7. Data Retention
We retain your data for as long as your account is active or as needed to provide services. Specific retention periods:
- Account data: Retained for the duration of your subscription plus 90 days after cancellation
- Permit documents: Retained for the duration of your subscription plus 90 days
- Compliance tasks and history: Retained for the duration of your subscription plus 90 days
- AI chat history: Retained for the duration of your subscription
- Billing records: Retained for 7 years as required by law
- Usage logs: Retained for 12 months for security and debugging purposes
- Support communications: Retained for 3 years
7.1 Data Deletion
Upon account cancellation or written request:
- Your permit documents and compliance data will be permanently deleted within 30 days
- Your account information will be deleted within 30 days
- Billing records are retained as required by law
- Anonymized, aggregated usage statistics may be retained indefinitely
To request data deletion, contact us at privacy@aircomply.com.
8. Cookies & Tracking
8.1 What We Use
AirComply uses minimal cookies and tracking technologies:
- Essential cookies: Required for the application to function. Includes authentication tokens and session management. Cannot be disabled.
- Preference cookies: Remember your settings and preferences within the application.
8.2 What We Do NOT Use
- We do not use advertising cookies or tracking pixels
- We do not use third-party behavioral tracking
- We do not participate in ad networks
- We do not sell cookie data
8.3 Marketing Website
Our marketing website (aircomply.com) may use basic analytics to understand visitor behavior in aggregate. This helps us improve the website experience. No personally identifiable information is collected through website analytics.
9. Your Rights & Choices
You have the following rights regarding your personal information:
9.1 Access & Portability
You may request a copy of all personal data we hold about you and your organization at any time. We will provide this in a machine-readable format within 30 days.
9.2 Correction
You may update or correct your account information at any time through the AirComply application settings, or by contacting us.
9.3 Deletion
You may request deletion of your account and all associated data. See Section 7.1 for details.
9.4 Opt-Out of Communications
- Marketing emails: Unsubscribe at any time using the link in any marketing email
- Deadline reminders: Configurable within the application
- Transactional emails: Cannot be disabled as they are essential to the service
9.5 California Residents (CCPA)
California residents have additional rights under the California Consumer Privacy Act (CCPA), including the right to know what personal information is collected, the right to delete personal information, and the right to opt-out of the sale of personal information. AirComply does not sell personal information. To exercise your CCPA rights, contact us at privacy@aircomply.com.
9.6 European Users
AirComply primarily serves US-based customers. If you are located in the European Economic Area (EEA), you may have additional rights under the General Data Protection Regulation (GDPR). Contact us to discuss your specific situation and we will work with you to accommodate your rights.
10. Children's Privacy
AirComply is a professional B2B platform intended for use by businesses and professionals. We do not knowingly collect personal information from individuals under the age of 18. If we become aware that we have collected personal information from a minor, we will take steps to delete it promptly.
11. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:
- Update the "Last updated" date at the top of this policy
- Notify registered users by email at least 30 days before changes take effect
- Post a notice in the AirComply application
Your continued use of AirComply after the effective date of any changes constitutes your acceptance of the updated policy.