LAST UPDATED: JUNE 15, 2026

Privacy Policy

At AIDR, we design security tools that protect your data without compromising your privacy. Learn how we process, protect, and handle information across our platform.

Our Privacy Guarantee

AIDR operates on a local-first architecture. Our agent classifies clipboard content, file uploads, and screenshot OCR locally on your devices. Your raw text, secrets, and prompts are never uploaded to our servers for analysis.

1. Introduction

This Privacy Policy describes how AIDR ("we," "our," or "us") collects, processes, protects, and handles your information when you use our software applications, desktop security agents, browser proxy integrations, and the AIDR website (collectively, the "Service").

We prioritize minimizing data transmission. By choosing AIDR, you are adopting a platform designed to keep compliance, auditability, and data security locally managed within your organization's administrative perimeter.

2. Local-First Processing

To provide real-time Data Loss Prevention (DLP) without creating external risk, the AIDR Endpoint Agent does the heavy lifting directly on your endpoint devices:

  • Clipboard Hook: Inspects copied content locally on the client system before allowing execution. Data is scored and redacted in memory, then immediately cleared from agent cache.
  • Local Custom AI/ML Model: Classifies your data in under 10 milliseconds using a quantized transformer model running on the host CPU/GPU. No remote API call is initiated for this classification.
  • Image & OCR Redaction: When a user copies or uploads an image, the OCR engine extracts text and redacts sensitive areas locally on the workstation.

3. Data We Collect

Depending on how your organization configures the Service, we process the following types of information:

Telemetry & Performance Data

We collect basic diagnostic data, usage frequency, rule version triggers, latency metrics, and error logs to ensure client stability and optimize performance.

Cryptographic Audit Logs

When a violation occurs (e.g., a blocked password paste), the agent records metadata including timestamp, rule name, risk level, anonymized username, and a hash of the content. Under no circumstances do we upload the raw sensitive text to our cloud unless explicitly configured by your team's custom dashboard forwarding rules.

Account Information

We collect billing details, admin contact names, corporate email addresses, and passwords hashed on client-side creation for dashboard authentication.

4. How We Use Data

We use the collected information for the following specific purposes:

  • To deliver real-time DLP blocks and populate the administrator dashboard.
  • To sync compliance reports and generate audit logs required for standards like SOC 2, ISO 27001, HIPAA, and GDPR.
  • To update local machine learning weights and regular expression signatures.
  • To troubleshoot client agent issues and maintain reliability.

5. Data Sharing & Storage

We do not sell, rent, or trade your data to third parties.

For cloud-hosted customers, we store audit metrics on encrypted cloud infrastructure. For self-hosted (on-premise) enterprise deployments, all audit logs and dashboard databases remain completely within your network walls, and no communication with AIDR infrastructure is required except for license validation.

6. Security & Cryptographic Integrity

To guarantee that security alerts are not modified or tampered with, AIDR uses a cryptographically signed audit ledger.

Every interception log includes an asymmetric cryptographic signature generated by the device's secure enclave, and entries are chained using cryptographic hashing (hash-chains). Any attempt to modify compliance records will break the chain validation, alerting the security dashboard instantly.

7. Data Retention

We retain account credentials and configuration files for as long as your service subscription is active. Cryptographic audit logs are retained in accordance with your organization's custom retention policies. If you terminate your subscription, we will delete or anonymize your telemetry within 30 days unless legal compliance requires retention.

8. Contact Us

If you have questions regarding this Privacy Policy or wish to request data access or deletion under your local privacy regulations (such as GDPR or CCPA/CPRA), please contact us:

security@tryaidr.com

AIDR Security & Compliance Team

Have compliance questions?

Our security architects are ready to help clarify how AIDR deploys in your network.

Contact Security Team →