Privacy Policy
Effective Date: March 14, 2026 · Last Updated: March 14, 2026
01Introduction
Aion Development Partners (“Aion,” “we,” “us,” or “our”) operates the Operational Bleed Scanner at aionscanner.com (the “Service”). This Privacy Policy explains what information we collect when you use the Service, how we use and protect that information, and the choices available to you.
By accessing or using the Service, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with the practices described herein, please do not use the Service.
02Information We Collect
2.1 Information You Provide Directly
When you complete the Operational Bleed Diagnostic and choose to unlock your full results, we collect the following information through the email gate form:
| Full Name | To personalise your diagnostic report and any follow-up communications |
| Email Address | To deliver your PDF report and, if applicable, follow-up communications |
| Company Name | To personalise your diagnostic report with company-specific context |
In addition, the answers you provide during the seven-question diagnostic are used to calculate your operational bleed score. These answers include your industry, company size, estimated manual work hours, response times, reporting frequency, onboarding duration, and AI readiness level.
2.2 Information Generated by the Service
Based on your diagnostic answers, the Service generates the following derived data:
| Operational Bleed Score | Estimated annual, monthly, daily, and per-minute financial loss from operational inefficiency |
| Category Breakdown | Allocation of bleed across manual work waste, slow response cost, intelligence gap, and decision delay |
| Industry Benchmark Comparison | How your bleed compares to industry averages for companies of similar size |
| Personalised Insights | Tailored recommendations based on your specific answer combinations |
| Severity Classification | A severity rating (Minimal, Moderate, Significant, Critical) based on your total bleed |
2.3 Information Collected Automatically
We use Umami Analytics, a privacy-focused, cookie-free analytics platform, to collect aggregated usage data. Umami does not use cookies, does not collect personal data, and does not track users across websites. The data collected is limited to:
- Page views and referral sources
- Browser type and device category (aggregated, not individually identifiable)
- Country-level geographic data (derived from anonymised IP addresses)
We do not use Google Analytics, Facebook Pixel, or any other tracking technology that creates individual user profiles.
2.4 Email Engagement Data
If you provide your email address and receive a diagnostic report, our email delivery service (Resend) may collect standard email engagement metrics, including whether the email was delivered, opened, or whether links within the email were clicked. This data is used solely to measure the effectiveness of our communications and improve the Service.
03How We Use Your Information
We use the information we collect for the following purposes:
- a.To generate and deliver your personalised Operational Bleed Diagnostic report
- b.To send your PDF report to your email address, if you request it
- c.To send a single follow-up communication within 3 days of your diagnostic, offering additional resources (you may opt out at any time)
- d.To improve the accuracy of our diagnostic engine and industry benchmarks
- e.To notify our team when a new diagnostic is completed, enabling us to provide timely support if requested
- f.To maintain aggregate, anonymised statistics about diagnostic usage and industry trends
We do not sell, rent, or trade your personal information to third parties for marketing purposes. We do not use your information for automated decision-making or profiling that produces legal effects.
04How We Share Your Information
We share your information only with the following categories of service providers, strictly as necessary to operate the Service:
| Resend (Email Delivery) | Processes and delivers your diagnostic report email. Subject to Resend's privacy policy. |
| Amazon Web Services (S3) | Stores your generated PDF report. Reports are stored at non-enumerable URLs with randomised paths. |
| Manus Platform | Hosts the Service infrastructure, including the database and server environment. |
| Google Fonts | Serves the Montserrat typeface used on the Service. Subject to Google's privacy policy. |
Your diagnostic data may also be transmitted to our internal operations system (the “Command Centre”) to facilitate follow-up and service delivery. This is an internal Aion Development Partners system and your data is not shared with external parties through this process.
We may disclose your information if required to do so by law, regulation, legal process, or governmental request, or if we believe disclosure is necessary to protect our rights, your safety, or the safety of others.
05Data Storage and Security
Your data is stored in a secured database hosted on the Manus platform with encrypted connections (TLS/SSL). PDF reports are stored on Amazon S3 with non-enumerable, randomised file paths to prevent unauthorised access through URL guessing.
We implement reasonable technical and organisational measures to protect your personal information against unauthorised access, alteration, disclosure, or destruction. These measures include encrypted data transmission, access controls, and secure authentication for administrative functions.
However, no method of transmission over the Internet or method of electronic storage is 100% secure. While we strive to protect your personal information, we cannot guarantee its absolute security.
06Data Retention
We retain your diagnostic data for as long as necessary to fulfil the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law. Specifically:
| Diagnostic Results | Retained for up to 24 months from the date of completion, after which they may be anonymised or deleted |
| Contact Information | Retained for up to 24 months, or until you request deletion, whichever is sooner |
| PDF Reports | Stored on S3 indefinitely unless you request deletion. Reports are accessible only via their unique, non-enumerable URL |
| Email Engagement Data | Retained for up to 12 months for service improvement purposes |
| Aggregated Analytics | Retained indefinitely in anonymised, non-identifiable form |
To request deletion of your data, contact us at [email protected].
07Cookies and Local Storage
The Operational Bleed Scanner does not set cookies for scanner users. We do not use tracking cookies, advertising cookies, or any third-party cookie-based analytics.
The Service uses browser local storage solely for the following non-tracking purposes:
| Theme Preference | Stores your light/dark theme selection for visual consistency |
Administrative functions (accessible only to Aion team members) use a secure, HTTP-only session cookie for authentication. This cookie is not set for scanner users.
08Your Rights
Depending on your jurisdiction, you may have the following rights regarding your personal information:
- a.Right of Access — You may request a copy of the personal information we hold about you.
- b.Right to Rectification — You may request that we correct any inaccurate or incomplete personal information.
- c.Right to Erasure — You may request that we delete your personal information, subject to certain legal exceptions.
- d.Right to Restrict Processing — You may request that we limit how we use your personal information.
- e.Right to Data Portability — You may request a copy of your data in a structured, commonly used, machine-readable format.
- f.Right to Object — You may object to the processing of your personal information for certain purposes, including direct marketing.
- g.Right to Withdraw Consent — Where processing is based on consent, you may withdraw that consent at any time.
To exercise any of these rights, please contact us at [email protected]. We will respond to your request within 30 days.
09International Data Transfers
The Service is operated from the United Arab Emirates. Your information may be transferred to and processed in countries other than your country of residence, including the United States (where our cloud infrastructure providers operate). These countries may have data protection laws that differ from those in your jurisdiction.
Where we transfer personal data internationally, we ensure appropriate safeguards are in place, including reliance on service providers’ data processing agreements and, where applicable, Standard Contractual Clauses approved by relevant data protection authorities.
10Children's Privacy
The Service is designed for business professionals and is not directed at individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected personal information from a child under 18, we will take steps to delete that information promptly. If you believe a child has provided us with personal information, please contact us at [email protected].
11Third-Party Links
The Service may contain links to third-party websites and services, including Calendly (for booking strategy calls) and our main website at aiondevs.io. We are not responsible for the privacy practices of these third-party services. We encourage you to review the privacy policies of any third-party service you access through the Service.
12GDPR Compliance (European Economic Area)
If you are located in the European Economic Area (EEA), the United Kingdom, or Switzerland, the following additional provisions apply:
Legal Basis for Processing. We process your personal data on the following legal bases:
| Consent | When you voluntarily provide your name, email, and company information through the email gate form |
| Legitimate Interest | To improve our diagnostic engine, maintain security, and conduct anonymised analytics |
| Contractual Necessity | To deliver the diagnostic report you have requested |
Data Protection Officer. For GDPR-related enquiries, please contact us at [email protected].
Supervisory Authority. You have the right to lodge a complaint with a supervisory authority in your country of residence if you believe our processing of your personal data infringes applicable data protection law.
13CCPA Compliance (California Residents)
If you are a California resident, the California Consumer Privacy Act (CCPA) provides you with additional rights regarding your personal information:
- a.Right to Know — You may request disclosure of the categories and specific pieces of personal information we have collected about you.
- b.Right to Delete — You may request deletion of your personal information, subject to certain exceptions.
- c.Right to Non-Discrimination — We will not discriminate against you for exercising your CCPA rights.
- d.Right to Opt-Out of Sale — We do not sell personal information. No opt-out is necessary.
In the preceding 12 months, we have collected the categories of personal information described in Section 2 of this Privacy Policy. We have not sold any personal information and have no plans to do so.
14Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will update the “Last Updated” date at the top of this page. We encourage you to review this Privacy Policy periodically.
If we make changes that materially affect how we handle your personal information, we will provide notice through the Service or by other means as required by applicable law.
15Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us: