Skip to main content
AIRIN
PricingSign in

Privacy Processing Record

A public RoPA-style record of AIRIN's processing activities, data categories, processors, legal bases, retention posture, and rights paths. This is operational transparency, not a legal opinion.

Scope

This record covers AIRIN's own processing at airinetwork.com: accounts, purchases, reports, subscriptions, inquiries, Ask AI, and first-party telemetry. It does not describe the AI platforms AIRIN analyzes.

The canonical privacy policy remains /privacy. This record gives procurement, privacy, and security reviewers a more structured view of the same operating facts.

Processing activities

ActivityData categoriesPurposeBasisProcessorsRetention / rights path
Newsletter and policy-change email subscriptionsEmail address and optional professional role.Send the alerts, weekly briefings, or launch updates the subscriber requested.Consent. The unsubscribe link withdraws consent.KitUntil unsubscribe or deletion request. Unsubscribe link in every email; privacy@airinetwork.com for access, correction, deletion, or portability. Kit subscriber email/role corrections are handled manually in Kit, with a fresh confirmation link when consent needs to be reconfirmed.
Optional user accountsEmail address, OAuth name/avatar if provided by Google, saved stack, watched platforms, alert inbox rows, and API key metadata. API keys are stored only as one-way hashes.Provide saved stacks, My Reports, watch alerts, API access, account export, and account deletion.Performance of the service requested by the user.SupabaseUntil account deletion; account deletion removes profile, stack, watches, alerts, reports, and keys through scoped account controls. Self-serve export and deletion in Settings; privacy@airinetwork.com for correction or other DSAR requests.
Stack Audit and report purchasesStripe checkout/payment identifiers, purchased order metadata, selected platform slugs, and report-delivery metadata. AIRIN never receives card numbers.Process payment, fulfill the purchased Stack Audit, recover purchase access, and attach reports to the buyer's account.Performance of the purchase contract.Stripe and SupabasePurchase/report records are retained for purchase history, redownload, and audit-custody unless deletion is requested where legally available. Purchase recovery flow, My Reports redownload, account export, and privacy@airinetwork.com.
Ask AIThe question typed by the user plus retrieved published AIRIN clauses/findings relevant to the answer. Account identity is not sent to the model provider.Generate cited, evidence-bound answers and refuse unsupported questions.Performance of the feature requested by the user.AnthropicAIRIN stores saved Ask sessions only when the user saves them to an account. Anthropic does not use API inputs to train its models. Delete saved account data through account deletion; privacy@airinetwork.com for DSAR requests.
First-party usage telemetryPath, coarse client class, event type, anonymous per-tab session id, referrer host, UTM tags, and non-identifying detail fields. For consented page views, AIRIN also stores IP address, IP prefix, approximate IP-derived location, network/ASN, and coarse device/browser/OS fields. No cookie, fingerprint, account id, or email is stored with usage events.Understand which public evidence surfaces, citations, and machine endpoints are useful; attribute campaigns; and detect automated or fraudulent traffic.Legitimate interest in operating, securing, and improving the service, with consent where required for analytics storage.Supabase and Vercel hosting logsRaw IP addresses and raw event rows are retained for a maximum of 90 days before deletion or irreversible aggregation. privacy@airinetwork.com for access, deletion, objection, or other questions about IP-associated usage data.
Public inquiry and submission formsInformation the submitter provides, such as work email, organization, role, inquiry details, suggested platform, correction request, or audit request.Respond to the inquiry, review the submitted platform/correction, or route the requested audit workflow.Consent and/or pre-contractual steps requested by the submitter.Supabase, Resend, Kit where the submitter opts into email, and Vercel.Retained as an operational inquiry record until resolved or deletion is requested where legally available. privacy@airinetwork.com for access, correction, deletion, and objection requests.

Processor inventory

ProcessorRole
SupabaseAuthentication, account storage, report history, watch alerts, API key metadata, and first-party operational tables.
StripeHosted checkout, payment processing, checkout session metadata, purchase fulfillment, and receipt/payment records.
KitNewsletter subscription form, consent confirmation, subscriber tags, and unsubscribe handling.
ResendTransactional and operational email delivery, including inquiry notifications and guarded draft workflows.
VercelHosting, edge delivery, build/deploy platform, and transient request logs.
AnthropicAsk AI reasoning over the user's question and retrieved published AIRIN evidence.

Safeguards

  • No third-party analytics, advertising pixels, session replay, or cross-site tracking.
  • Content-Security-Policy blocks third-party scripts from loading on the public site.
  • Usage telemetry is not tied to accounts, emails, cookies, fingerprints, or cross-site identifiers; consented IP-derived fields are retention-bounded to a maximum of 90 days.
  • API keys are stored as hashes, not recoverable plaintext.
  • Account tables use row-level security and scoped account deletion/export routes.
  • Ask answers retrieve from verified AIRIN evidence and include the informational-only, not-legal-advice boundary.

User rights path

Account holders can export or delete account data from Settings. Email subscribers can unsubscribe from any message. Privacy, correction, deletion, access, portability, or objection requests go to privacy@airinetwork.com.

For Kit newsletter records, AIRIN handles rectification manually: the operator updates the subscriber email or role in Kit, or sends a new confirmation flow if the requested change requires renewed consent. This covers subscriber profile fields that are not self-service beyond unsubscribe.

Generated from live pipeline data. Informational only, not legal advice.

📢 POLICY UPDATES ALERT

AIRIN Brief

Built for compliance officers, legal counsel, and SaaS founders. Subscribe to the email digest — one short brief when a tracked vendor materially changes its terms, training policy, or risk rating. Prefer in-app? Watch platforms in your alerts inbox instead.