Last updated:
Airdress — Privacy Policy
Effective Date: April 12, 2026 Last Updated: April 12, 2026
Airdress, Inc. (“Airdress,” “we,” “us,” or “our”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, and share personal information when you use the Airdress service, website, and related software (collectively, the “Service”).
This policy applies to all users of the Service, including visitors to our website, registered account holders, and API consumers.
1. Information We Collect
1.1 Information You Provide
- Account Information. When you register, we collect your name, email address, and password (stored in hashed form). If you register on behalf of an organization, we may also collect the organization name and your role.
- Billing Information. If you subscribe to a paid plan, we collect billing details such as your name, billing address, and tax identification number where applicable. Payment card details are collected and processed directly by our payment processor (Stripe) and are not stored on our systems.
- Communications. When you contact us for support or send us correspondence, we collect the content of those communications and associated metadata.
1.2 Information Collected Automatically
- Service Metadata. We collect metadata necessary to operate the relay network, including: Endpoint connection timestamps, tunnel establishment and teardown events, protocol-level routing metadata (Airdress Identifier, Endpoint health status, failover events), and aggregate bandwidth usage per Account.
- Log Data. We collect server logs that may include your IP address, request timestamps, API endpoints accessed, HTTP status codes, and Agent version.
- Device Information. The Agent may report the operating system, architecture, Agent version, and a device identifier to the Service for routing and compatibility purposes.
1.3 Information We Do Not Collect
- Traffic Payload. We do not inspect, log, or store the contents of traffic transiting the Airdress relay network. All tunnel traffic is encrypted end-to-end using WireGuard.
- DNS Query Content. While we operate DNS-based routing, we process DNS queries only to the extent necessary for routing resolution. We do not log or sell DNS query data.
2. How We Use Your Information
We use personal information for the following purposes:
- Providing, operating, and maintaining the Service.
- Managing your Account and authenticating access.
- Processing payments and billing.
- Monitoring and maintaining the security and integrity of the Service.
- Detecting and preventing abuse, fraud, and Acceptable Use Policy violations.
- Responding to your support requests and communications.
- Sending service-related notifications such as maintenance windows and security alerts.
- Complying with legal obligations.
- Improving the Service through aggregated, anonymized analytics.
We do not use your information for profiling, automated decision-making, or behavioral advertising. We do not sell your personal information.
3. How We Share Your Information
We share personal information only in the following limited circumstances:
3.1 Service Providers
We use the following categories of service providers who process data on our behalf under contractual obligations to protect your information:
| Provider | Purpose | Location |
|---|---|---|
| Hetzner Online GmbH | Infrastructure hosting | Germany / Finland |
| Stripe, Inc. | Payment processing | United States |
| [Email provider] | Transactional email | [Location] |
We maintain a current list of service providers, available upon request at privacy@airdress.co. We will notify you of material changes to this list.
3.2 Legal Requirements
We may disclose personal information if required to do so by law, regulation, subpoena, court order, or other governmental request. Where permitted by law, we will notify you of such requests.
3.3 Business Transfers
In the event of a merger, acquisition, or sale of assets, your personal information may be transferred to the successor entity. We will notify you before your information becomes subject to a different privacy policy.
3.4 With Your Consent
We may share information for purposes not described here with your explicit consent.
4. Data Retention
We retain personal information only as long as necessary for the purposes described in this policy:
- Account data: Retained for the duration of your Account and for 90 days following Account closure, unless longer retention is required by law.
- Billing records: Retained for the period required by applicable tax law (generally 7 years for US federal tax purposes).
- Server logs: Retained for up to 90 days, unless a longer period is required for ongoing abuse investigation or legal proceedings.
- Support correspondence: Retained for up to 24 months after resolution.
After the applicable retention period, data is deleted or irreversibly anonymized.
5. Data Security
We implement appropriate technical and organizational measures to protect personal information against unauthorized access, alteration, disclosure, or destruction. These measures include:
- WireGuard encryption for all tunnel traffic.
- Encryption at rest for stored Account data.
- Access controls limiting personnel access to personal information on a need-to-know basis.
- Regular security reviews of our infrastructure and software.
While we take reasonable measures to protect your information, no method of transmission or storage is completely secure. We cannot guarantee absolute security.
6. International Data Transfers
The Service is operated from the United States, with infrastructure hosted in the European Union (Germany and Finland). If you access the Service from outside the United States, your information may be transferred to, stored, and processed in the United States or other countries where our service providers operate.
Where we transfer personal data from the European Economic Area, United Kingdom, or Switzerland to the United States, we rely on appropriate transfer mechanisms, including the EU-U.S. Data Privacy Framework (where applicable) and Standard Contractual Clauses approved by the European Commission.
7. Your Privacy Rights
Depending on your location, you may have certain rights regarding your personal information. We honor these rights regardless of where you are located, to the extent practicable.
7.1 All Users
All users may:
- Access the personal information we hold about them.
- Request correction of inaccurate or incomplete information.
- Request deletion of their personal information, subject to legal retention requirements.
- Request a copy of their information in a portable format.
- Close their Account at any time.
To exercise these rights, contact us at privacy@airdress.co. We will respond within 30 days.
7.2 California Residents (CCPA/CPRA)
If you are a California resident, you have the following additional rights under the California Consumer Privacy Act, as amended by the California Privacy Rights Act:
- Right to Know. You may request the categories and specific pieces of personal information we have collected about you, the sources, the purposes, and the categories of third parties to whom we disclose it.
- Right to Delete. You may request deletion of your personal information, subject to certain exceptions.
- Right to Correct. You may request correction of inaccurate personal information.
- Right to Opt Out of Sale or Sharing. We do not sell or share your personal information for cross-context behavioral advertising. No opt-out is necessary.
- Right to Non-Discrimination. We will not discriminate against you for exercising your CCPA rights.
To submit a request, contact us at privacy@airdress.co or by mail at the address below. We may verify your identity before fulfilling a request.
In the preceding 12 months, we have collected the categories of personal information described in Section 1 of this policy. We have not sold personal information. We have disclosed personal information to service providers for the business purposes described in Section 3.
7.3 European Economic Area, United Kingdom, and Switzerland (GDPR)
If you are located in the EEA, UK, or Switzerland, the following applies:
Data Controller. Airdress, Inc. is the data controller for personal data collected through the Service.
Legal Bases. We process your personal data on the following legal bases under Article 6 of the GDPR:
- Performance of contract (Art. 6(1)(b)): Providing the Service, Account management, billing, and support.
- Legitimate interest (Art. 6(1)(f)): Security monitoring, abuse detection, and anonymized analytics.
- Legal obligation (Art. 6(1)(c)): Tax and regulatory compliance.
Additional Rights. In addition to the rights listed in Section 7.1, you have the right to:
- Restrict processing of your personal data in certain circumstances.
- Object to processing based on legitimate interests.
- Withdraw consent at any time, where processing is based on consent, without affecting the lawfulness of prior processing.
Supervisory Authority. You have the right to lodge a complaint with a data protection supervisory authority in your country of residence.
Data Processing Agreement. If you use the Service to process personal data of third parties and require a Data Processing Agreement under Article 28 of the GDPR, contact us at privacy@airdress.co.
8. Cookies and Tracking
Our website uses only strictly necessary cookies required for authentication and session management. We do not use advertising cookies, tracking pixels, or third-party analytics that track individual users.
For more information, see our Cookie Policy at [URL].
9. Children
The Service is not directed to individuals under 18 years of age. We do not knowingly collect personal information from children. If we learn that we have collected information from a child under 13 (or under 16 in the EEA), we will delete it promptly. If you believe a child has provided us with personal information, contact us at privacy@airdress.co.
10. Do Not Track
Some browsers transmit “Do Not Track” (DNT) signals. Because there is no common industry standard for DNT, we do not currently respond to DNT signals. However, we do not engage in tracking or behavioral advertising regardless of DNT settings.
11. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes at least 30 days before they take effect by email or through the Service. The “Last Updated” date at the top of this page reflects the most recent revision.
12. Contact
For any questions or requests regarding this Privacy Policy or your personal information:
Airdress, Inc. 1111B S Governors Ave # 54153 Dover, DE 19904 United States
Email: privacy@airdress.co Web: https://airdress.co