Aldwin is the AI marketing teammate that runs your whole marketing engine, coordinates every channel into one campaign, and compounds from what actually drove pipeline.

Privacy Policy

Privacy Policy

Last updated: July 20, 2026 Effective: July 20, 2026

Aldwin, Inc. (“Aldwin,” “we,” “us,” “our”) provides an agentic marketing platform. This Privacy Policy explains what personal data we collect, how we use it, who we share it with, and the choices and rights you have. It covers our website (aldwin.io) and the Aldwin platform (the “Service”).

If you have questions about this policy or how we handle your data, contact us at privacy@aldwin.io.


 

1. Who this policy applies to

This policy applies to:

  • Website visitors: anyone who visits aldwin.io.
  • Customers and their authorized users: people at companies that use the Service.
  • Prospects: people who contact us, join a waitlist, or engage with our outreach.

For our own website and account data, Aldwin acts as a business and data controller. For the customer data that flows through the Service, Aldwin acts as a service provider and data processor on behalf of the customer. See Section 7.

2. The data we collect

Data you give us

  • Account and contact data. When you create an account, we collect your name, work email address, and profile image. We associate your account with your company and workspace. Authentication is handled by our provider, Clerk.
  • Company and workspace data. Your company name, and the marketing context you provide to the Service (such as industry, company size, website, brand voice, and goals).
  • Billing data. Subscription billing is handled by our payment processor, Stripe. Card details are entered on Stripe’s hosted checkout, not on Aldwin. We never store, log, or have access to your full card number.
  • Communications and inquiries. Emails, support requests, and information you submit through forms on our website (such as a contact, demo, or newsletter form). We manage these inquiries and our marketing contacts using tools on our website, and where you opt in, we may send you marketing you can unsubscribe from at any time.
  • Legal acceptance records. When you accept our Terms or this Privacy Policy, we record the version accepted, the timestamp, and the IP address and browser user agent at the time of acceptance.

Data we collect automatically

  • Website usage data (aldwin.io). We may collect usage and device data on our marketing website, such as pages visited, referral source, browser and device type, and IP address. The specific tools, and your cookie choices, are described in Section 9.
  • Product usage data (the Service). How you use the application, which we use to operate, secure, and improve the Service. This may include inferred preferences and usage patterns that personalize your experience.

Customer-provided content (processed on behalf of the customer)

When you use the Service, you connect or import marketing data, and Aldwin generates and (on your instruction) publishes content for you. This includes:

  • CRM and marketing automation data from connected systems such as Salesforce, Pardot, and HubSpot: contacts and leads (including names, email addresses, company, job title, lifecycle stage, lead scores), campaigns, opportunities, and engagement activity.
  • Advertising and analytics data from connected platforms such as Google Ads, LinkedIn Ads, Meta Ads, Google Analytics, and Google Search Console: campaign, performance, and traffic data.
  • Messaging and publishing data from connected platforms such as Slack and your CMS, where you enable those integrations.
  • Brand corpus, templates, and the content Aldwin produces at your direction.

Aldwin processes this data for you, under your instructions and the applicable subscription or pilot agreement. See Section 7.

3. How we use data

We use personal data to:

  • Provide, operate, secure, and improve the Service.
  • Authenticate users and protect accounts.
  • Process payments, through Stripe.
  • Communicate with you: service messages, support, and, where permitted, marketing you can opt out of at any time.
  • Comply with law and enforce our terms.

Our commitment on AI and model training

We do not use your business data to train AI models, and the AI providers that process your data on our behalf do not train their models on it. Content sent to our language model and embedding providers (including Anthropic, OpenAI, and Voyage AI) is processed under terms that do not permit using it to train their models, and our embedding provider deletes the content immediately after it is processed. Each customer’s data is isolated to that customer’s workspace.

Some of the specialized providers we use to generate media (such as images, video, and voice) operate under their own terms. Where we use such a provider, we send only the content needed to perform the task you requested. The itemized list at https://aldwin.io/subprocessors/ identifies the providers we use.

This commitment concerns the business data customers process through Aldwin. It is separate from the ordinary website analytics described in Section 9, which we use only to understand and improve our own marketing site.

4. How we share data

We share personal data only as described here:

  • Sub-processors and service providers who help us operate the Service (hosting, AI model providers, payments, authentication, email, analytics, and the integrations you connect), under contract and only as needed. See Section 6.
  • Legal and safety: to comply with law, respond to lawful requests, enforce our terms, or protect rights and safety.
  • Business transfers: in connection with a merger, acquisition, financing, or sale of assets, with notice as required by law.

We do not sell your personal data, and we do not share it for cross-context behavioral advertising. We do not run third-party advertising pixels (such as a Meta Pixel or LinkedIn Insight Tag) on our website. The only measurement pixel on our website is our own first-party analytics pixel, described in Section 9.

5. Security

Security is foundational to Aldwin. Our current measures include:

  • Workspace isolation. Customer workspaces and their data are isolated from one another, enforced at the database level through row-level security on workspace-scoped data.
  • Encryption in transit. Connections to our website and Service are protected with HTTPS, with HSTS enabled.
  • Encryption. Data is encrypted in transit using TLS. Customer data is stored with our managed database provider’s encryption at rest, and sensitive credentials such as the access tokens for the integrations you connect receive additional application-layer encryption using per-workspace derived keys, so that access to one workspace’s tokens does not expose another’s.
  • Authentication and access control. Access is authenticated through our provider, Clerk. Multi-factor authentication is available to all users through Clerk and is enforced on owner and administrative routes with recent-authentication freshness checks; it is available but not required for standard user access. Sessions are subject to an absolute time limit.
  • AI model training. Our core language model providers do not train on the data we send them, as described in Section 3.
  • Logging and monitoring. System and security events are logged.

SOC 2 is in progress. Until our report is available, we describe our controls to customers’ security teams directly on request.

No system is perfectly secure. We work hard to protect your data but cannot guarantee absolute security.

6. Sub-processors

We use the following categories of third-party providers to operate the Service. A current, itemized sub-processor list is maintained at https://aldwin.io/subprocessors/, and customers can subscribe to be notified of changes.

ProviderPurposeData involved
RailwayCloud hosting, database, and queuesAll Service data
AnthropicCore AI generationPrompts and content processed, with personal identifiers redacted before sending
OpenAIAI generation (embeddings fallback, image generation, audio transcription)Text, prompts, and audio processed
Voyage AIText embeddingsText content processed
StripeSubscription billing and paymentsName, email, billing and tax address
ClerkAuthenticationName, email, user identifiers, session data
ResendTransactional and lifecycle emailRecipient email addresses and message content
SentryError monitoringDiagnostic data, with sensitive content scrubbed
PostHogProduct analyticsProduct usage events and user identifiers
ConvexReal-time collaboration featuresChat, presence, and canvas state
Cloudflare R2File and media storageUploaded files and generated assets
AI media providers (fal.ai, HeyGen, ElevenLabs, Replicate, Deepgram, DeepL, RunwayML)Image, video, voice, transcription, and translation generationGeneration inputs you provide
SendBlueMessaging, where enabledPhone numbers and message content
Connected integrations you enable (Salesforce, Pardot, HubSpot, Google Ads, LinkedIn Ads, Meta Ads, Google Analytics, Google Search Console, Slack, Microsoft Teams, your CMS, and others)Syncing your marketing and CRM data, at your directionThe data categories described in Section 2

We may also use optional providers for web search, data warehousing, and SEO data where a customer enables those features. The itemized list at https://aldwin.io/subprocessors/ reflects the current set.

7. Customer data: our role as processor

For the data a customer connects or imports into the Service, the customer is the controller and Aldwin is the processor and service provider. We process that data only to provide the Service, under the customer’s instructions and the applicable agreement, and we do not use it for our own purposes or to train external models.

When a customer deletes their workspace, the customer’s data in our systems is deleted (see Section 10). Deleting data within Aldwin does not delete or modify data held in the customer’s own connected systems (such as their CRM or advertising accounts); the customer controls that data directly in those systems.

For enterprise customers, this section is supplemented by our Data Processing Agreement.

8. Your rights and choices

We make the following choices available to everyone who uses Aldwin:

  • Access and correction: you can request a copy of the personal data we hold about you, and ask us to correct it if it is inaccurate.
  • Deletion: you can request that we delete your personal data, subject to records we are required to keep.
  • Marketing opt-out: use the unsubscribe link in any marketing email, or contact us, to stop receiving marketing.

If you are a California resident, you have rights under the California Consumer Privacy Act, including the right to know what personal information we collect and how we use it, the right to request deletion, the right to correct inaccurate information, and the right not to be treated differently for exercising these rights. We do not sell your personal information, and we do not share it for cross-context behavioral advertising. [COUNSEL: confirm the California rights language and the verified-request mechanism, and confirm whether any other US state privacy laws (such as Virginia, Colorado, Connecticut, Texas) apply based on where your customers are.]

To exercise any of these rights or ask a question, email privacy@aldwin.io. We will verify your request and respond within the timeframe required by applicable law. We will not treat you differently for exercising your rights.

Residents of other regions, including the EU and UK, may have additional rights. We do not currently target or knowingly serve users in those regions; if that changes, we will update this policy to describe those rights and the applicable safeguards.

9. Cookies and website analytics

Aldwin operates two separate web properties, and they handle cookies differently.

Our marketing website (aldwin.io)

Our marketing website runs on WordPress. It uses cookies that are necessary for the site to function, and the following analytics and measurement tools:

  • Google Analytics (via Google Site Kit), which sets analytics cookies and helps us understand how visitors find and use the site.
  • Aldwin’s own analytics pixel, our first-party measurement tool, which we use to understand and improve our own marketing.

We also use forms and a customer relationship tool on the site to respond to inquiries and, where you opt in, to send you marketing. See Section 2 for the contact data this collects.

You can control cookies through your browser settings. We do not currently display a cookie-consent banner on the marketing website. Because we operate in the United States and do not target users in regions that require prior cookie consent, this is permissible today; if we begin serving users in such regions, we will add a consent banner before relying on these analytics for them.

Our application (app.aldwin.io)

When you use the Aldwin application, we use cookies and similar technologies that are necessary to operate the Service, keep you signed in, and secure your account. The application also collects product usage data to operate and improve the Service, as described in Section 2.

The application presents a consent banner, and any non-essential analytics load only after you accept. You can change your choice at any time through your account settings or your browser.

10. Data retention and deletion

We keep personal data for as long as needed for the purposes described in this policy, and then delete or anonymize it.

  • Account and customer data. When you request deletion of your workspace, deletion is scheduled after a short cancellation window and then permanently removes your workspace data from our systems. You can cancel the deletion during the window.
  • Individual data requests. We honor verified requests to delete or restrict an individual contact’s data, removing or anonymizing that data within our systems.
  • Records we retain. We retain certain records, such as billing records and append-only audit logs, as required for legal, accounting, and security purposes; where we retain audit logs, we scrub personal identifiers when fulfilling a deletion request.

Deleting data within Aldwin does not delete data held in your own connected systems. See Section 7.

11. International data transfers

Aldwin is based in the United States, and our production infrastructure uses US-hosted managed providers. Certain storage regions may be configurable, but we do not currently target or knowingly serve users outside the United States. If we begin serving users in regions that restrict international data transfers, such as the EU or UK, we will update this policy to describe the safeguards we use for those transfers.

12. Children

The Service is intended for businesses and is not directed to children under 16. We do not knowingly collect personal data from children.

13. Changes to this policy

We will update this policy as our practices or applicable law change, and we will revise the effective date above. We will provide additional notice of material changes as required.

14. Contact us

Aldwin, Inc. 131 Continental Dr, Suite 305 Newark, DE 19713 privacy@aldwin.io

Aldwin is the AI marketing teammate that runs your whole marketing engine, coordinates every channel into one campaign, and compounds from what actually drove pipeline.

Aldwin, your AI marketing teammate.

Give Aldwin a job description and watch it own the role.

Scroll to Top