Skip to content
Pending legal review. This document is a working draft. Final language will be published before general availability.

Legal

Privacy Policy

Effective April 29, 2026

Summary

Aperture Labs LLC (“Aperture Labs,” “we,” “us”) operates this website and related services. We collect the minimum information needed to respond to inquiries, deliver our products, and improve our offerings. We do not sell personal data.

Information we collect

Information you provide

  • Form submissions: name, email, company, role, phone, free-text messages and any attachments you send through inquiry forms.
  • Account data: when you create an admin account or sign in, we store your email, a one-way password hash, and (if MFA is enabled) an encrypted authenticator secret.
  • Direct correspondence: emails or messages you send us are kept for the duration needed to respond and follow up.

Information collected automatically

  • Request metadata: browser user-agent, referrer, the URL you landed on, and a salted hash of your IP address (we do not store raw IPs).
  • Marketing attribution: UTM parameters present on the URL when you submit a form.
  • Strictly-necessary cookies: session cookie for the admin console, CSRF cookie tied to that session, and an optional 90-day device token if you check “Remember this device.” We do not currently set marketing or third-party tracking cookies.

How we use information

  • To respond to inquiries you initiate.
  • To deliver, support, and improve our products and services.
  • To detect and prevent abuse (rate-limiting, spam filtering, security monitoring).
  • To meet legal, accounting, and regulatory obligations where they apply.

Third-party processors

We use the following service providers under written data-processing terms. Each receives only the data needed for its function.

  • Resend (email delivery): your email address + message content for transactional notifications.
  • Apollo.io (B2B enrichment): your business email and company name for lookup of professional context such as job title and company size.
  • Cloudflare (CDN, DNS, bot mitigation, Turnstile): request metadata and Turnstile challenge tokens.
  • Neon Postgres (managed database): persistent storage of the data described above.
  • Railway (application hosting): operational logs and request metrics.

Third-party analytics and visitor identification

To understand how visitors use this site and to qualify inbound interest, we use the following US-based providers. Each is described with what it collects, how long it keeps it, and how to opt out.

  • PostHog (product analytics, US). PostHog records page views, click events, and short anonymized session replays of page interactions. Form input fields are masked by default in replays so values you type are never captured. Person profiles are created only after you identify yourself (for example, by submitting an inquiry form). Replay and event data is retained for up to one year. PostHog respects browser Do Not Track signals; if DNT is on, no events or replays are sent.
  • RB2B (visitor identification, US). RB2B resolves anonymous business visitors to a company name using their IP address. On the free tier we use, no individual identification is performed and no personal information about individual visitors is shared with us. To remove your information from RB2B at any time, visit app.retention.com/optout.

Data retention

  • Inquiry records are retained for as long as a relationship is active and for a reasonable archival period thereafter.
  • Spam-flagged submissions are retained briefly to inform anti-abuse heuristics and then purged.
  • Audit log entries are retained for compliance recordkeeping.

Your rights

Depending on your jurisdiction, you may have rights to access, correct, export, or delete your personal data. Email pm@aperturelabs.dev with your request and we will respond within a reasonable timeframe.

Security

We use HTTPS in transit, strong password hashing, AES-256-GCM at-rest encryption for sensitive secrets, and TOTP multi-factor authentication for admin accounts. No system is perfectly secure; if you observe a vulnerability, please contact us responsibly via the email above.

Children

Our services are intended for business users; we do not knowingly collect data from children under 13.

Updates

We may update this policy from time to time. Material changes will be posted on this page with a new effective date. Continued use of the site after an update constitutes acceptance.

Contact

Aperture Labs LLC pm@aperturelabs.dev