Privacy Policy

Last updated: June 30, 2026

Who we are

AITHEOR (an AARTIQ product) provides an AI-assisted ServiceNow delivery platform. This policy explains what personal and customer data we process, why, and your rights. It applies to aitheor.com and the AITHEOR application.

Data we process

We process the minimum data needed to run the service:

  • Account data: name, work email, organisation, and role.
  • Connection credentials: ServiceNow instance OAuth tokens, AI provider keys and chat (Slack/Teams) credentials, stored encrypted (AES-256-GCM) and used only to act on your behalf.
  • Operational content: the stories, plans, code, scans and chat messages you submit to build and troubleshoot, plus audit records of actions taken.
  • Usage and diagnostic data: logs needed to operate, secure and debug the service.

How we use data

We use data to provide, secure, support and improve the service: authenticating you, connecting to your ServiceNow instance, generating and deploying changes you request, metering usage, and maintaining a tamper-evident audit trail. We do not sell your data, and we do not use your content to train foundation models.

AI processing

When you use AI features, the relevant prompt and context are sent to the AI provider you configured (or, on AITHEOR Cloud, to AITHEOR’s managed model provider) to generate a response. On self-hosted or local (Ollama) configurations, content stays within your boundary. Providers act as sub-processors and do not train on your data under our agreements.

Sharing and sub-processors

We share data only with sub-processors that help us run the service (hosting, AI providers, email delivery), each under contract and bound to confidentiality and security obligations. A current sub-processor list and our Data Processing Addendum are available on request.

Security

Secrets and credentials are encrypted at rest and decrypted only server-side, never exposed to the browser. Access is governed by RBAC, traffic is encrypted in transit, and every privileged action is recorded in a hash-chained audit log. See our Trust Center for the full posture.

Retention

We retain account and operational data for as long as your organisation uses the service, and for a limited period afterwards as required for legal, security and audit purposes. You can request export or deletion at any time.

Your rights

Depending on your jurisdiction, you may have rights to access, correct, export or delete your personal data, and to object to or restrict certain processing. AITHEOR supports GDPR-style export and erasure. To exercise a right, contact privacy@aitheor.com.

International transfers

Where data is transferred across borders, we rely on appropriate safeguards (such as Standard Contractual Clauses). Regional data residency options are available for eligible plans.

Changes

We may update this policy as the service evolves. Material changes will be reflected by the “Last updated” date above and, where appropriate, communicated to administrators.