Privacy Policy

Effective date: April 17, 2026

AI Workflow Pro ("we", "us", "the site", operated by Aerorise Ltd., UK company 16712410) respects your privacy. This policy explains what data we collect, why we collect it, and the choices you have. If anything here is unclear, email [email protected] and we'll answer in plain English.

We act as a data controller for personal data processed through this site. For the purposes of UK GDPR and EU GDPR, our contact details are at the end of this policy.

1. Data we collect

Category	Examples	Lawful basis / Why
Account	Email, optional name	Contract performance — to create your member account and deliver the service
Payments	Billing name, country, last-4 of card, Stripe customer ID	Contract performance — to process your subscription via Stripe
Site analytics	Page views, referrer, device type, country (IP anonymised)	Consent (cookie banner) — to understand which posts are useful
Technical logs	IP, User-Agent, timestamp	Legitimate interest — abuse prevention and server debugging (kept 30 days)
Communication	Email replies, support requests	Legitimate interest — to respond to you

We never sell your personal data. We do not run third-party advertising, profiling, or automated decision-making with legal effects on you.

2. How we use it

Deliver what you asked for: articles, the newsletter, your paid templates
Keep the site running: error monitoring, abuse detection, fraud prevention on payments
Improve content: aggregate analytics tell us which tutorials land; nothing about you personally is shared with third parties
Required by law: tax reporting on subscription income (HMRC), responses to lawful requests from UK/EU authorities

3. Third-party processors

We rely on a small set of vendors. Each one sees only the data it needs for its job:

Vendor	Purpose	Data shared	Location
Stripe Payments UK Ltd.	Payment processing (PCI-DSS compliant)	Card data, billing info (you enter it on Stripe's domain)	UK / US / global
Ghost (self-hosted)	Content + membership platform	Your account + subscription status	Our server, United States (RackNerd)
Resend	Transactional + newsletter email	Email address, message content	United States
Cloudflare, Inc.	CDN + DDoS protection	IP, User-Agent during page load	Global edge network
Google Analytics 4	Site analytics (IP anonymisation enabled)	Anonymised behavioural events	Google, US/EU

Each processor has its own privacy terms; links are available on their websites.

4. Cookies and tracking

Essential cookies: sign-in session, CSRF protection (cannot be disabled without breaking the site — these do not require consent under UK PECR / EU ePrivacy Directive)
Analytics cookies: Google Analytics 4 with IP anonymisation. These are non-essential and are only set after you give consent via our cookie banner. You can withdraw consent any time by clearing cookies or adjusting your browser settings; we also honor "Do Not Track" and common ad-blockers

We do not use behavioural retargeting, advertising cookies, or cross-site tracking.

5. Your rights

Under UK GDPR, EU GDPR, and the California Consumer Privacy Act (CCPA), you have the right to:

Access the data we hold about you (Art. 15 UK/EU GDPR)
Correct anything inaccurate (Art. 16)
Delete your account (Art. 17 / CCPA deletion right)
Export your data in a portable format (Art. 20)
Opt out of marketing email (every newsletter has a one-click unsubscribe)
Object to processing under Art. 21
Restrict processing under Art. 18
Withdraw consent at any time where processing is based on consent (Art. 7)

To exercise any of these, email [email protected]. We reply within 30 days — usually much faster. We honor all rights above for everyone regardless of your location.

Right to complain:

UK residents: you have the right to lodge a complaint with the UK Information Commissioner's Office (ICO) at ico.org.uk
EU/EEA residents: you have the right to lodge a complaint with your local data protection authority
California residents: you have additional CCPA rights including the right to know and the right to opt out of the sale of personal information (we do not sell)

6. Data retention

Active member account: for as long as you keep your subscription
After cancellation: email kept 90 days for re-activation, then permanently deleted
Payment records: 7 years (UK HMRC tax law requirement)
Server logs: 30 days, then automatically rotated and deleted

7. Children

AI Workflow Pro is directed at adult readers. We do not knowingly collect personal data from children under 18 and do not offer paid memberships to anyone under 18. Users aged 16–17 may create a free account only with parental consent. If you believe we have collected data from a child inappropriately, email us and we'll delete it promptly.

8. International data transfers

Our servers are in the United States. When we transfer personal data outside the UK or EU/EEA to a country without a Commissioner's adequacy decision, we rely on:

For UK-to-US transfers: the UK International Data Transfer Agreement (IDTA) or the UK Addendum to the EU Standard Contractual Clauses (in force since 21 March 2022)
For EU-to-US transfers: the EU Standard Contractual Clauses (2021) or the EU-US Data Privacy Framework where the vendor is certified

All transfers are additionally protected by encryption in transit (TLS 1.2+) and at rest.

9. Security

Authentication uses magic-link sign-in (one-time email links); we do not store user passwords. Payment details are handled entirely by Stripe's PCI-DSS Level 1 certified infrastructure — we never see or store raw card data. All traffic is HTTPS (TLS 1.2+). The server is hardened with fail2ban + UFW firewall + key-only SSH authentication. Backups are encrypted at rest.

If a personal data breach occurs that is likely to result in a risk to your rights and freedoms, we will notify the UK ICO within 72 hours and notify you without undue delay, as required by UK GDPR Art. 33–34.

10. Changes

If we change this policy materially, we'll notify active members by email at least 14 days in advance and update the "Effective date" at the top. Continued use means you accept the updated policy.

11. Contact

Aerorise Ltd. (Data Controller)
Registered office: 71-75 Shelton Street, Covent Garden, London, WC2H 9JQ, United Kingdom
Companies House registration: 16712410
Email: [email protected]

We answer privacy questions personally, not through a ticketing form.

Claude Code Statusline: The 50% Handoff Line

AI Grew Up in 4 Years. Humanity Took 4 Million.

7 Claude Code Prompts That Work (and 3 I Dropped)