Last updated:
Effective Date: April 12, 2026 Last Updated: May 17, 2026
Airdress, Inc. (“Airdress,” “we,” “us,” or “our”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, and share personal information when you use the Airdress service, website, and related software (collectively, the “Service”).
This policy applies to all users of the Service, including visitors to our website, registered account holders, and API consumers.
1. Information We Collect#
1.1 Information You Provide#
- Waitlist Information. If you join our waitlist before creating an Account, we collect your email address and, optionally, your intended use case. We also record the country derived from your IP address (country-level only; the IP address itself is not stored), any referral code used, and marketing attribution parameters (UTM tags) from the URL. This information is used to manage the waitlist, send you a confirmation and eventual invite email, and understand demand for the Service. Waitlist data is deleted 90 days after you create an Account or upon request at privacy@airdress.co.
- Account Information. When you register, we collect your name, email address, and password (stored in hashed form). If you register on behalf of an organization, we may also collect the organization name and your role.
- Billing Information. If you subscribe to a paid plan or make a one-time payment, we collect billing details such as your name, billing address, and tax identification number where applicable. Payment card details are collected and processed directly by our payment processor (Stripe) and are not stored on our systems. When you initiate a checkout session, we transmit your email address and ZITADEL user ID to Stripe as customer metadata to associate the transaction with your account.
- Communications. When you contact us for support or send us correspondence, we collect the content of those communications and associated metadata.
1.2 Information Collected Automatically#
- Service Metadata. We collect metadata necessary to operate the relay network, including: Endpoint connection timestamps, tunnel establishment and teardown events, protocol-level routing metadata (Airdress Identifier, Endpoint health status, failover events), and aggregate bandwidth usage per Account.
- Log Data. We collect server logs that may include your IP address, request timestamps, API endpoints accessed, HTTP status codes, and Agent version.
- Device Information. The Agent may report the operating system, architecture, Agent version, and a device identifier to the Service for routing and compatibility purposes.
- Analytics Data (with consent). If you consent to analytics cookies, we collect usage data through PostHog, including pages visited, features used, session duration, browser type, and approximate location (country/region level). This data helps us understand how the Site and Service are used so we can improve them. Analytics data is not collected if you do not consent.
- Security Data. Cloudflare, which provides DDoS protection and content delivery for the Site, may process your IP address, browser characteristics, and request metadata to distinguish legitimate traffic from threats. This processing is necessary for the security of the Site.
1.3 Information We Do Not Collect#
- Traffic Payload. We do not inspect, log, or store the contents of traffic transiting the Airdress relay network. All tunnel traffic is encrypted end-to-end using WireGuard.
- DNS Query Content. While we operate DNS-based routing, we process DNS queries only to the extent necessary for routing resolution. We do not log or sell DNS query data.
2. How We Use Your Information#
We use personal information for the following purposes:
- Providing, operating, and maintaining the Service.
- Managing your Account and authenticating access.
- Processing payments and billing.
- Monitoring and maintaining the security and integrity of the Service.
- Detecting and preventing abuse, fraud, and Acceptable Use Policy violations.
- Responding to your support requests and communications.
- Sending service-related notifications such as maintenance windows and security alerts.
- Complying with legal obligations.
- Improving the Service through aggregated, anonymized analytics.
- Understanding how visitors use the Site through product analytics (with your consent).
- Protecting the Site from malicious traffic, DDoS attacks, and automated abuse through Cloudflare’s security services.
We do not use your information for profiling, automated decision-making, or behavioral advertising. We do not sell your personal information.
3. How We Share Your Information#
We share personal information only in the following limited circumstances:
3.1 Service Providers#
We use the following categories of service providers who process data on our behalf under contractual obligations to protect your information:
| Provider | Purpose | Location |
|---|---|---|
| Cloudflare, Inc. | CDN, DDoS protection, DNS, web application firewall | United States (global edge network) |
| Google Cloud Platform (Google LLC) | Infrastructure hosting (Cloud Run, Cloud SQL, Cloud CDN, BigQuery), Workspace email, Cloud Identity | United States / EU (europe-west4) |
| ZITADEL (CAOS Ltd.) | Identity provider, authentication, user management | United States (ZITADEL Cloud) |
| PostHog, Inc. | Product analytics (with user consent) | United States |
| Stripe, Inc. | Payment processing (payment card data, billing address, transaction history, email, account identifier) — legal basis: contract performance | United States |
| Postmark (ActiveCampaign, LLC) | Transactional email delivery | United States |
| Zammad GmbH | Support ticketing platform | Germany |
We maintain a current list of service providers, available upon request at privacy@airdress.co. We will notify you of material changes to this list.
For information on how Stripe processes payment data, see https://stripe.com/privacy.
3.2 Legal Requirements#
We may disclose personal information if required to do so by law, regulation, subpoena, court order, or other governmental request. Where permitted by law, we will notify you of such requests.
3.3 Business Transfers#
In the event of a merger, acquisition, or sale of assets, your personal information may be transferred to the successor entity. We will notify you before your information becomes subject to a different privacy policy.
3.4 With Your Consent#
We may share information for purposes not described here with your explicit consent.
4. Data Retention#
We retain personal information only as long as necessary for the purposes described in this policy:
- Waitlist data: Retained until 90 days after Account creation (conversion) or upon deletion request. If you never create an Account, waitlist data is retained for 12 months after signup, then deleted.
- Account data: Retained for the duration of your Account and for 90 days following Account closure, unless longer retention is required by law.
- Billing records: Retained for the period required by applicable tax law (generally 7 years for US federal tax purposes).
- Server logs: Retained for up to 90 days, unless a longer period is required for ongoing abuse investigation or legal proceedings.
- Support correspondence: Retained for up to 24 months after resolution.
After the applicable retention period, data is deleted or irreversibly anonymized.
5. Data Security#
We implement appropriate technical and organizational measures to protect personal information against unauthorized access, alteration, disclosure, or destruction. These measures include:
- WireGuard encryption for all tunnel traffic.
- Encryption at rest for stored Account data.
- Access controls limiting personnel access to personal information on a need-to-know basis.
- Regular security reviews of our infrastructure and software.
While we take reasonable measures to protect your information, no method of transmission or storage is completely secure. We cannot guarantee absolute security.
6. International Data Transfers#
The Service is operated from the United States, with infrastructure hosted in the European Union (Germany and Finland). If you access the Service from outside the United States, your information may be transferred to, stored, and processed in the United States or other countries where our service providers operate.
Where we transfer personal data from the European Economic Area, United Kingdom, or Switzerland to the United States, we rely on appropriate transfer mechanisms, including the EU-U.S. Data Privacy Framework (where applicable) and Standard Contractual Clauses approved by the European Commission.
7. Your Privacy Rights#
Depending on your location, you may have certain rights regarding your personal information. We honor these rights regardless of where you are located, to the extent practicable.
7.1 All Users#
All users may:
- Access the personal information we hold about them.
- Request correction of inaccurate or incomplete information.
- Request deletion of their personal information, subject to legal retention requirements.
- Request a copy of their information in a portable format.
- Close their Account at any time.
To exercise these rights, contact us at privacy@airdress.co. We will respond within 30 days.
7.2 California Residents (CCPA/CPRA)#
If you are a California resident, you have the following additional rights under the California Consumer Privacy Act, as amended by the California Privacy Rights Act:
- Right to Know. You may request the categories and specific pieces of personal information we have collected about you, the sources, the purposes, and the categories of third parties to whom we disclose it.
- Right to Delete. You may request deletion of your personal information, subject to certain exceptions.
- Right to Correct. You may request correction of inaccurate personal information.
- Right to Opt Out of Sale or Sharing. We do not sell or share your personal information for cross-context behavioral advertising. No opt-out is necessary.
- Right to Non-Discrimination. We will not discriminate against you for exercising your CCPA rights.
To submit a request, contact us at privacy@airdress.co or by mail at the address below. We may verify your identity before fulfilling a request.
In the preceding 12 months, we have collected the categories of personal information described in Section 1 of this policy. We have not sold personal information. We have disclosed personal information to service providers for the business purposes described in Section 3.
7.3 European Economic Area, United Kingdom, and Switzerland (GDPR)#
If you are located in the EEA, UK, or Switzerland, the following applies:
Data Controller. Airdress, Inc. is the data controller for personal data collected through the Service.
Legal Bases. We process your personal data on the following legal bases under Article 6 of the GDPR:
- Performance of contract (Art. 6(1)(b)): Providing the Service, Account management, billing, and support.
- Legitimate interest (Art. 6(1)(f)): Security monitoring (including Cloudflare), abuse detection, and anonymized analytics.
- Consent (Art. 6(1)(a)): Product analytics via PostHog. You may withdraw consent at any time through the cookie preferences on the Site.
- Legal obligation (Art. 6(1)(c)): Tax and regulatory compliance.
Additional Rights. In addition to the rights listed in Section 7.1, you have the right to:
- Restrict processing of your personal data in certain circumstances.
- Object to processing based on legitimate interests.
- Withdraw consent at any time, where processing is based on consent, without affecting the lawfulness of prior processing.
Supervisory Authority. You have the right to lodge a complaint with a data protection supervisory authority in your country of residence.
Data Processing Agreement. If you use the Service to process personal data of third parties and require a Data Processing Agreement under Article 28 of the GDPR, contact us at privacy@airdress.co.
8. Cookies and Tracking#
Our website uses strictly necessary cookies for authentication, session management, and security (including Cloudflare bot management and challenge cookies). We also use PostHog for product analytics; analytics cookies are only set after you provide consent through our cookie banner. We do not use advertising cookies, retargeting pixels, or social media tracking widgets.
For more information, including a full list of cookies and how to manage your preferences, see our Cookie Policy at [URL].
9. Children#
The Service is not directed to individuals under 18 years of age. We do not knowingly collect personal information from children. If we learn that we have collected information from a child under 13 (or under 16 in the EEA), we will delete it promptly. If you believe a child has provided us with personal information, contact us at privacy@airdress.co.
10. Do Not Track#
Some browsers transmit “Do Not Track” (DNT) signals. Because there is no common industry standard for DNT, we do not currently respond to DNT signals. However, analytics cookies are never set without your affirmative consent regardless of DNT settings, and we do not engage in behavioral advertising.
11. Changes to This Policy#
We may update this Privacy Policy from time to time. We will notify you of material changes at least 30 days before they take effect by email or through the Service. The “Last Updated” date at the top of this page reflects the most recent revision.
12. Contact#
For any questions or requests regarding this Privacy Policy or your personal information:
Airdress, Inc. 1111B S Governors Ave # 54153 Dover, DE 19904 United States
Email: privacy@airdress.co Web: https://airdress.co