Privacy Policy
Last updated: June 12, 2026 · Version v1-2026-06-12
Aldis is operated by Axle Radar LLC, a Delaware limited liability company (“we,” “us,” “Aldis”).
Aldis is a presence router, not a feed and not a messenger. It sorts the people in your contacts into closeness layers — your inner and outer circles — and shows you lightweight signals about where each person is in your life and a few suggested ways to check in. Because of how it’s built, most of what other apps collect, Aldis deliberately never receives. This page explains exactly what does and doesn’t leave your device, in plain language.
What we collect — and what we deliberately don’t
We start with what we don’tcollect, because it’s the more important half.
- We never receive your calendar event titles, descriptions, or attendee names.
- We never receive the plaintext phone numbers, email addresses, or names of the people in your contacts.
- We never see, store, or carry the messages you send.Aldis does not deliver messages (see “Aldis routes; it doesn’t deliver”).
- We don’t collect or track your real-time location.
What we do collect is deliberately narrow:
- Account basics — the email address you use to sign in.
- Hashed identifiersfor the people you’ve added — scrambled, irreversible stand-ins that let Aldis route presence without knowing who anyone actually is (see “How Shutter works”).
- Availability aggregates computed on your devicefrom a calendar you choose to connect — free/busy windows, a co-presence inference, and event counts only (see “Your calendar stays on your device”).
- Age-gate fields— your year of birth (a single number) and the date you confirmed it (see “Age verification”).
- Privacy-preserving analytics— only if you allow them, and never before (see “Analytics”).
How Shutter works
Shutter is the part of Aldis that runs on your device. Before any contact information leaves your phone, Shutter turns each phone number, email address, and name into a stable, salted hash— a fixed, scrambled identifier that cannot be reversed back into the original detail. Aldis’s routing intelligence operates entirely on these hashes. It never sees the plaintext phone number, email, or name behind them. The same person always produces the same hash, so routing stays consistent, but the underlying identity never reaches our servers.
Your calendar stays on your device
If you connect a calendar, Aldis never receives your event titles, descriptions, or attendee names. Those are read and normalized on your device into a few plain values:
- Availability windows — when you are free or busy, with no detail about why.
- A co-presence inference— a signal about whether you’re likely with someone you’ve already added, derived from hashed attendees, never names.
- Event counts — roughly how busy a stretch of time is.
Only those aggregates ever leave your device. The content of your calendar never does.
Aldis routes; it doesn’t deliver
Aldis is a router, not a messenger. It never carries the body of a message, never holds a key that could unlock one, and never operates a relay or inbox. When you decide to reach out, you compose the message yourself and hand it to one of your own apps — iMessage, WhatsApp, Signal, SMS, or email — through the share sheet or a link. Because delivery happens entirely inside your existing apps, Aldis never sees who you contacted, when, or what you said.
Analytics
If you allow it, Aldis uses Google Analytics 4 (GA4) behind Google Consent Mode v2, which defaults to denied. It runs with a cookieless, consent-aware default, and no names, contact data, or relationship information are ever sent to it.
- No analytics request is sent before you grant consent. Nothing fires in the background first.
- Only the `analytics_storage` category is ever turned on. The advertising categories (`ad_storage`, `ad_user_data`, `ad_personalization`) stay denied at all times.
- IP anonymization is on, and query strings are stripped from the recorded page path, so no email address, account ID, or hashed-contact identifier is ever sent to GA4.
- The consent banner offers Accept and Reject with equal prominence — declining is exactly as easy as accepting — and declining analytics never reduces what Aldis does for you.
Age verification
We store only your year of birth (a single integer) and the date you confirmed it. We never store your full date of birth.
You tell us your country from a list, and we apply that country’s own minimum age for digital consent. We do not infer your location from your IP address.
- United States: 13 and over (COPPA).
- European Union: each member state’s own minimum, which is between 13 and 16.
- If your country is unknown, unlisted, or you’d rather not say, we fail safe to a minimum age of 16.
People under the applicable minimum can’t use Aldis. The form simply asks for your year of birth, with nothing pre-filled and no leading “are you over 13?” prompt. Because we keep only the year, your age is known to us only to within a year — that is a deliberate, disclosed trade-off in favor of collecting less.
Your rights — including deletion
Depending on where you live — for example, the EU/EEA under the GDPR, or California under the CCPA/CPRA — you have rights over your personal data, including the right to:
- access a copy of what we hold,
- correct information that’s inaccurate,
- delete your data, and
- withdraw consent you previously gave.
To exercise any of these, contact us at privacy@aldis.app. We aim to respond within the timeframes the law requires (under the GDPR, generally within one month; under the CCPA/CPRA, we acknowledge within 10 business days and respond within 45 days). Declining analytics — or withdrawing that consent later — never reduces Aldis’s functionality.
Retention & security
We keep your account data and the hashed identifiers for the people you’ve added for as long as your account is open, and we delete them when you close your account,except where we’re legally required to retain something. Contact identifiers are stored only as salted hashes; plaintext personal information never reaches our routing layer at all. Data is encrypted in transit and at rest. [Specific security certifications / posture — to be confirmed with counsel.]
A few structural protections are worth stating plainly:
- Your circles are yours alone.They are never combined with anyone else’s data, and Aldis does not share data between users to “improve” routing. Any future change to this would be a separate, clearly-consented choice.
- Closeness is private and asymmetric.The people you add never see which layer you’ve placed them in, and no layer is ever shown more than the layer above it.
- Status links are capabilities, not public pages. Where someone can view your status through a web link, that link carries a per-layer access token, is marked `noindex, nofollow`, requires the token to load, and rotates whenever the layer changes.If such a link leaks, it can only ever reveal that one layer’s coarse view — never anything below it.
Changes & contact
We may update this policy as Aldis evolves. Each version carries a version string and an effective date, and when a change is material, we’ll ask you to re-acknowledge it before you continue. This is version v1-2026-06-12.
Questions, requests, or privacy concerns: privacy@aldis.app. Aldis is operated by Axle Radar LLC, a Delaware limited liability company.