aqili next
Operator sign in

Privacy Policy

Last updated June 20, 2026

Template — pending counsel review. This document is a working draft tailored to Aqili Next and is provided for informational purposes only. It is not legal advice and should be reviewed and approved by qualified legal counsel before it is relied upon.

This Privacy Policy explains how Aqili, Inc. (“Aqili,” “we,” “us”) collects, uses, discloses, and safeguards information in connection with Aqili Next, our accounts-receivable platform for parking operators, and the related websites, applications, and APIs (collectively, the “Services”).

1. Overview

Aqili Next is sold to businesses (“Operators”) that use it to bill and collect from their own customers (“Parkers”). We process two broad categories of data: information about the people who administer and use the Services, and information our Operators load into the platform to run their accounts receivable. This policy describes both.

2. Our role: controller and processor

For account, billing, and website data, Aqili acts as a controller — we determine why and how the data is processed. For the operational data an Operator loads into the platform (accounts, parkers, invoices, payments, and related records), Aqili acts as a processor that handles the data on the Operator's instructions under our customer agreement and Data Processing Addendum. If you are a Parker, the Operator is the controller of your data; please direct privacy requests to them, and we will support them in responding.

3. Information we collect

Information you provide

  • Account and contact details — name, work email, phone number, company, and role when you register, request a demo, or contact us.
  • Operator-loaded data — locations, accounts, parkers, rate codes, invoices, payments, deposits, and ledger entries that Operators import or create.
  • Support and communications — messages, attachments, and call notes when you reach out to us.

Information collected automatically

  • Usage and device data — log data, IP address, browser type, pages viewed, and feature interactions, collected to operate and secure the Services.
  • Cookies and similar technologies — described in our Cookie Policy.

Information from third parties

  • Payment processors — confirmation, status, and reconciliation data from ACH and card processors (such as Stripe). We do not store full payment card numbers.
  • Identity providers — profile attributes shared via SSO (SAML/OIDC) when an Operator enables single sign-on.

4. How we use information

  • Provide, maintain, secure, and improve the Services.
  • Authenticate users, enforce tenant isolation, and prevent fraud and abuse.
  • Process billing, payments, and reconciliation on behalf of Operators.
  • Respond to support requests and send service and security communications.
  • Produce aggregated, de-identified analytics that do not identify any individual.
  • Comply with legal obligations and enforce our agreements.

Where the GDPR or similar laws apply, we rely on the following bases: performance of a contract (to provide the Services); legitimate interests (to secure and improve the Services); compliance with legal obligations; and consent (where required, such as certain cookies or marketing). For operational data processed as a processor, the Operator establishes the legal basis.

6. How we share information

We do not sell personal information. We share information only as follows:

  • Sub-processors — vetted service providers who process data on our behalf under contract (see our Sub-processors page).
  • At an Operator's direction — for example, payment processors and integrations the Operator enables.
  • Legal and safety — to comply with law, valid legal process, or to protect rights, property, and safety.
  • Business transfers — in connection with a merger, acquisition, or sale of assets, subject to this policy.

7. Sub-processors

We use a limited set of sub-processors for hosting, payments, email, and analytics. The current list and their functions are published at aqilinext.com/subprocessors, and Operators may subscribe to change notifications under the Data Processing Addendum.

8. AI features and human approval

Aqili Next includes AI agents (a Copilot and specialist agents for collections, reconciliation, onboarding, late-fee review, and audit). These agents read live tenant data to draft suggestions and answer questions. Any action that would change data is presented as a proposal that a human approves before it is applied, and every agent run is recorded for audit. We do not use Operator or Parker data to train third-party general-purpose models, and we configure our AI providers to disallow training on Service data.

9. Data retention

We retain account and operational data for as long as an Operator's account is active and as needed to provide the Services. Following termination, we delete or return operational data in accordance with the customer agreement, subject to legal retention requirements and backups that expire on a rolling schedule.

10. Security

We protect data with multi-tenant isolation enforced by Postgres row-level security, encryption in transit and at rest, scoped API keys, single sign-on, least-privilege access controls, and a comprehensive audit log. No system is perfectly secure, but we maintain administrative, technical, and physical safeguards designed to protect your information. See our Security page for more detail.

11. International transfers

We operate on Google Cloud and Microsoft Azure and may process data in the United States and other countries. Where required, we rely on appropriate transfer mechanisms, such as the Standard Contractual Clauses, to safeguard cross-border transfers.

12. Your privacy rights

Depending on your location, you may have rights to access, correct, delete, port, or restrict the processing of your personal information, and to object to certain processing. Account users may exercise many of these rights directly in the product or by contacting us. If you are a Parker, please contact the Operator that manages your account; we will assist them as their processor. We will not discriminate against you for exercising your rights.

13. Children's privacy

The Services are intended for business use and are not directed to children under 16. We do not knowingly collect personal information from children.

14. Changes to this policy

We may update this policy from time to time. We will revise the “Last updated” date above and, for material changes, provide additional notice through the Services or by email.

15. Contact us

Questions about this policy or our data practices? Email privacy@aqilinext.com, or reach our team at support@aqilinext.com. Aqili, Inc..