Privacy Policy
1. Scope
This Policy explains how we collect, use, and share personal data when you visit our website, create an account, or use the AugmentEV / Paseo services (the "Service"). For personal data contained in the workloads you submit to run on the Service ("Customer Job Data"), we generally act as a processor on your behalf, and our handling is governed by your agreement and our Data Processing Agreement (DPA) — see Section 4. For website visitors and account holders, we act as a controller.
2. Who we are & how to contact us
Controller: AugmentEV, Inc., a Delaware corporation. Registered office (for formal legal notices): c/o A Registered Agent, Inc., 8 The Green, Suite A, Dover, DE 19901, USA. Privacy contact: privacy@augmentev.com. We have not appointed a Data Protection Officer (not required for our current processing). Where required, we will appoint an EU/UK Article 27 representative and identify them here before offering the Service to data subjects in those regions.
3. Information we collect
| Category | Examples | Source |
|---|---|---|
| Account & contact | Name, work email, company | You, at signup / via our forms |
| Billing | Billing contact, plan, usage; card data is handled by Stripe — we do not store full card numbers | You / Stripe |
| Website & marketing | Form submissions, communications, marketing preferences, cookie/usage data | You / our forms (HubSpot) / cookies |
| Service usage & logs | API usage, job metadata, Proof-of-Task-Execution records, IP address, timestamps, security logs | Automatically, in operating the Service |
| Customer Job Data | Inputs/outputs you submit for a job, which may contain personal data you control | You (processed on your behalf — Section 4) |
4. Customer Job Data & the Confidential tier
You decide what data to submit for processing. We process Customer Job Data only to provide the Service and per your instructions and DPA.
Standard tier
Jobs run on standard cloud infrastructure. Our authorized personnel may access Customer Job Data where necessary to operate, support, secure, or troubleshoot the Service.
Confidential tier
Jobs execute inside a hardware-attested secure enclave designed so that inputs and outputs are isolated from the host and from our operators during execution. Execution is fail-closed: a job is rejected if its environment cannot be cryptographically verified.
Proof-of-Task-Execution (PoTE)
For each job we generate and retain a post-quantum-signed, tamper-evident PoTE record (job metadata, timing, and context — not necessarily the full payload) for at least six (6) months to support audit and record-keeping needs (e.g., EU AI Act Article 12 workflows). Using the Service does not by itself make you compliant with any law; you remain responsible for your own obligations.
5. How we use information, and our legal bases
| Purpose | GDPR legal basis |
|---|---|
| Provide, operate, and support the Service; create accounts | Performance of a contract |
| Bill and collect payment | Performance of a contract |
| Secure the Service, prevent abuse/fraud, maintain logs | Legitimate interests |
| Improve and develop the Service (aggregated/limited) | Legitimate interests |
| Marketing communications and analytics cookies | Consent (where required) |
| Comply with legal, tax, and accounting obligations | Legal obligation |
6. Sub-processors & sharing
We do not sell personal data. We share it with service providers ("sub-processors") who process it on our behalf under contract, in the following categories:
| Category | Purpose |
|---|---|
| Cloud infrastructure & key management | Compute, storage, and hardware-backed key management, including Confidential-tier secure enclaves |
| Payment processing | Billing and metered payments |
| Customer-relationship & web forms | Intake forms and communications |
| Hosting, CDN & security | Website delivery and protection |
A current list of the specific named sub-processors is available to customers on request and under our Data Processing Agreement. We may also disclose personal data to comply with law or legal process, to protect rights and safety, or in connection with a merger or asset sale.
7. International data transfers
We are based in the United States, and our providers may process data in the United States and other countries. Where we transfer personal data out of the EEA, UK, or Switzerland, we rely on the EU Standard Contractual Clauses (and the UK International Data Transfer Addendum) as our transfer mechanism, supported by additional safeguards as appropriate. A copy of the relevant clauses is available on request.
8. Data retention
We keep personal data only as long as needed for the purposes above: account data for the life of your account and a reasonable period afterward; billing records as required by law; security logs for a limited period; and signed PoTE records for at least six (6) months to support audit and statutory record-keeping (for example, EU AI Act Article 12) — a retention we and our customers rely on for compliance and dispute-resolution, which may continue notwithstanding a deletion request to the extent permitted by law. Customer Job Data is retained per your instructions and DPA.
9. Your rights
EEA / UK (GDPR): you may have the right to access, rectify, erase, restrict, or object to processing of your personal data, to data portability, and to withdraw consent at any time. You may also lodge a complaint with your local supervisory authority.
California (CCPA/CPRA): you may have the right to know, delete, and correct your personal information, and to opt out of "sale" or "sharing." We do not sell personal information. We will not discriminate against you for exercising your rights.
Delaware & other U.S. states: Depending on your state of residence, you may have comparable rights under the Delaware Personal Data Privacy Act and similar laws in states such as Virginia, Colorado, Connecticut, Utah, Texas, and others — including rights to access, correct, delete, and obtain a copy of your personal data, and to opt out of targeted advertising, "sale," or certain profiling. We honor these rights where they apply; contact us to exercise them.
To exercise any right, contact privacy@augmentev.com. We will verify your identity before responding, and may decline, or charge a reasonable fee for, requests that are manifestly unfounded, excessive, or repetitive, as permitted by law. For Customer Job Data, please direct requests to the customer (controller); we will assist them as their processor.
10. Cookies & tracking
Our site uses strictly necessary cookies and, where you consent, functional and analytics cookies (including those that may be set by our forms or CDN providers). Visitors are shown a cookie-consent banner on first visit; we do not load non-essential (analytics or marketing) tools unless you accept, and you can change your choice at any time.
11. Security
We use technical and organizational measures appropriate to the risk, including encryption in transit (TLS), encryption at rest and key management using FIPS 140-3, Level 3 validated hardware security modules, hardware-attested isolation for the Confidential tier, access controls, and logging. No method of transmission or storage is perfectly secure. The Service currently operates in a single-availability-zone, early-access configuration without a financially-backed uptime SLA.
12. Children
The Service is for businesses and is not directed to children. We do not knowingly collect personal data from anyone under 18.
13. Changes to this Policy
We may update this Policy from time to time. We will post the updated version with a new effective date and, for material changes, provide additional notice where required.
14. Contact
Privacy questions or requests: privacy@augmentev.com. DPA requests: privacy@augmentev.com. Controller: AugmentEV, Inc., c/o A Registered Agent, Inc., 8 The Green, Suite A, Dover, DE 19901, USA.