Aether

Privacy Policy

Last updated: March 2026

This privacy policy explains how Aether ("we", "us", "our") collects, uses, and protects information when you use our website at aethergraph.io and the Aether API service.

Aether is a UK-based service. We process data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

Who we are

Aether provides a structured product data API for AI agents. Our service normalises product and pricing information from UK retailers and makes it available through a REST API.

Data controller: Aether
Contact: hello@aethergraph.io

What data we collect

We collect different types of data depending on how you interact with Aether.

Website visitors

When you visit aethergraph.io, we may collect:

  • Pages visited and time spent on each page
  • Referring website or source
  • Browser type and version
  • Device type and screen resolution
  • Approximate geographic location (country/region level, derived from IP address)
  • IP address (see "How we use IP addresses" below)

This data is collected through our website analytics service for the purpose of understanding how visitors use the site and improving its content and performance.

API users (developers)

When you register for and use the Aether API, we collect:

  • Name and email address (provided during API key registration)
  • API key and associated account identifiers
  • API request logs, including: endpoints called, query parameters, timestamps, response codes, and IP address of the requesting server
  • Rate limit usage data

Purchase link click-throughs

When a user clicks a purchase link generated by the Aether API, our redirect service logs:

  • The Aether product ID associated with the link
  • Timestamp of the click
  • Referring source (which agent or application generated the link)

We do not collect the identity of the end user who clicks a purchase link. We do not store personally identifiable information from click-through events.

What we do not collect

We do not collect or process:

  • Payment or financial information
  • Information about purchases made after click-through (this is handled by the retailer and affiliate network)
  • Special category data as defined by UK GDPR (racial or ethnic origin, political opinions, religious beliefs, trade union membership, genetic or biometric data, health data, sex life or sexual orientation)
  • Data from children (our service is not directed at individuals under 18)

How we use your data

We process personal data only where we have a lawful basis to do so under UK GDPR.

  • Providing and maintaining the API service - Account details, API keys, request logs. Lawful basis: performance of a contract (Article 6(1)(b)).
  • Monitoring API usage and enforcing rate limits - Request logs, IP addresses. Lawful basis: legitimate interests (Article 6(1)(f)) - maintaining service quality and preventing abuse.
  • Website analytics - Page visits, browser/device data, approximate location. Lawful basis: legitimate interests (Article 6(1)(f)) - understanding how visitors use the site to improve it.
  • Affiliate click tracking - Product ID, timestamp, referring source. Lawful basis: legitimate interests (Article 6(1)(f)) - operating our revenue model.
  • Responding to enquiries - Name, email address, message content. Lawful basis: legitimate interests (Article 6(1)(f)) - responding to your request.
  • Complying with legal obligations - As required. Lawful basis: legal obligation (Article 6(1)(c)).

How we use IP addresses

IP addresses collected through website analytics and API request logs are used for approximate geographic analysis (country/region level), security monitoring, and abuse prevention. We do not use IP addresses to identify individual visitors. API request IP addresses are retained in server logs for a limited period for security and debugging purposes.

Cookies and similar technologies

Essential cookies

We do not currently use cookies that are essential to the functioning of the website.

Analytics cookies

We use analytics tools to understand how visitors use the site. These may set cookies on your device. Where analytics cookies are used, we will provide controls for you to accept or reject them in accordance with the Privacy and Electronic Communications Regulations (PECR).

Third-party cookies from affiliate networks

When a user clicks a purchase link generated by the Aether API, the destination retailer's website and/or the affiliate network may set their own cookies. These cookies are not set by Aether and are governed by the respective retailer's and affiliate network's privacy policies. Aether has no control over these third-party cookies.

Data sharing

We share data with the following categories of third party:

Hosting and infrastructure providers - Our website and API are hosted on cloud infrastructure. These providers process data on our behalf under data processing agreements.

Analytics providers - Website usage data is processed by our analytics provider.

Affiliate networks - When a purchase link is clicked, the affiliate network receives referral data necessary to attribute the transaction. This is limited to the product and merchant identifiers required for tracking. We do not share the personal information of end users with affiliate networks.

We do not sell personal data to any third party. We do not share personal data for marketing purposes.

Data retention

  • API account information - Duration of the account plus 12 months
  • API request logs - 90 days
  • Website analytics data - 26 months
  • Click-through logs - 12 months
  • Contact enquiries - 24 months or until resolved, whichever is longer

After the retention period, data is deleted or anonymised. Anonymised data that cannot be used to identify individuals may be retained indefinitely for statistical analysis.

Data security

We take appropriate technical and organisational measures to protect personal data against unauthorised access, alteration, disclosure, or destruction. These include:

  • Encryption of data in transit (HTTPS/TLS)
  • Access controls limiting who can access personal data
  • Regular review of security practices

No system is completely secure. If you believe your data has been compromised, please contact us immediately at hello@aethergraph.io.

International data transfers

Our hosting infrastructure may process data in locations outside the United Kingdom. Where personal data is transferred outside the UK, we ensure that appropriate safeguards are in place in accordance with UK GDPR, such as the use of providers certified under recognised data protection frameworks or the application of UK International Data Transfer Agreements.

Your rights

Under UK GDPR, you have the following rights in relation to your personal data:

  • Right of access - You can request a copy of the personal data we hold about you.
  • Right to rectification - You can ask us to correct inaccurate or incomplete data.
  • Right to erasure - You can ask us to delete your personal data in certain circumstances.
  • Right to restrict processing - You can ask us to limit how we use your data in certain circumstances.
  • Right to data portability - You can request your data in a structured, commonly used, machine-readable format.
  • Right to object - You can object to processing based on legitimate interests. We will stop processing unless we have compelling legitimate grounds that override your interests.
  • Rights related to automated decision-making - Aether does not make decisions based solely on automated processing that produce legal or similarly significant effects on individuals.

To exercise any of these rights, contact us at hello@aethergraph.io. We will respond within one month, as required by UK GDPR. There is no fee for making a request, though we may charge a reasonable fee for manifestly unfounded or excessive requests.

Complaints

If you are unhappy with how we have handled your personal data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):

Information Commissioner's Office
Wycliffe House, Water Lane
Wilmslow, Cheshire SK9 5AF

Website: ico.org.uk
Telephone: 0303 123 1113

We would appreciate the opportunity to address your concerns directly before you contact the ICO. Please reach out to us at hello@aethergraph.io in the first instance.

Changes to this policy

We may update this privacy policy from time to time to reflect changes in our practices or legal requirements. When we make material changes, we will update the "Last updated" date at the top of this page. For significant changes affecting API users, we will notify registered users by email.

Contact

For any questions about this privacy policy or how we handle your data:

Email: hello@aethergraph.io