Privacy Policy

Last updated: February 24, 2026

Welcome to AspectFS, operated by Aspect Ratio, Inc. ("Aspect," "we," "us," or "our"). AspectFS provides a shared development filesystem and live workspace for developers, engineering teams, servers, cloud environments, and AI coding agents, accessible through our websites, applications, command-line tools, mount clients, APIs, and related services (collectively, the "Services").

This Privacy Policy describes how we collect, use, disclose, and protect personal information when you interact with the Services, our websites, and our support or marketing channels. It applies to our customers ("Customers"), the individuals who access a Customer's filespace or workspace ("End Users"), and visitors to our websites ("Visitors"). Throughout this Privacy Policy, "personal information" or "personal data" means information that relates to an identified or identifiable individual.

If you are located in the European Economic Area ("EEA") or the United Kingdom ("UK"), this entire Privacy Policy applies to you, and we recommend that you read it carefully. If you have questions, comments, or concerns, please contact us at [email protected].

Who We Are

Aspect Ratio, Inc. is based in New York, NY. You may contact us at [email protected].

We may process your personal data as a data controller when we determine the means and purposes of processing, such as when we process the personal data of Visitors, prospective customers, or Customers managing their accounts. We act as a data processor when we collect and process personal data on behalf of Customers who use the Services to store, sync, mount, and manage development files and workspace data. Each Customer is responsible for its own privacy practices with respect to personal data it collects from End Users and places in the Services.

Who This Policy Applies To

  • Customers: Individuals or organizations that register for an AspectFS account, subscribe to the Services, or otherwise contract with Aspect.
  • End Users: Individuals who access a Customer's filespace or workspace, including employees, contractors, collaborators, and customer-authorized AI agents or automated systems.
  • Visitors: Individuals who visit our websites or interact with our marketing content.

Each Customer is responsible for posting its own privacy policies and ensuring compliance with all applicable laws and regulations for data it processes through the Services.

What Information We Collect

The personal information we collect depends on how you interact with the Services. We collect information in the following ways.

Information You Provide Directly

Account Information. When you register for an AspectFS account, we collect information such as your name, email address, company name, job title, and authentication details. This information is necessary to create and manage your account.

Billing Information. When you subscribe to a paid plan, we use a PCI-compliant third-party payment processor to handle payment information. Aspect does not store credit card numbers or payment card data. We receive transaction confirmations, invoice records, and subscription status from our payment processor.

Communications. When you contact our support team, submit feedback, join a waitlist, or otherwise communicate with us, we collect the content of those communications along with associated metadata such as timestamps.

Workspace Configuration. Customers configure their filespaces or workspaces with folder structures, mount settings, permission settings, sync preferences, ignore rules such as .aspectfsignore, and other organizational preferences. We collect and store these configurations to deliver the Services.

Information Generated by the Services

When Customers use AspectFS, the Services generate operational metadata needed to provide storage, sync, mount, access control, observability, and support. This system-generated data may include:

  • Directory structure, file identifiers, object keys, file sizes, content hashes, version references, and timestamps
  • Sync state, mount state, hydration status, cache state, conflict markers, and transfer metadata
  • Access control records, invitation status, device records, workspace membership, and role assignments
  • Audit logs, API access logs, authentication events, and request metadata
  • Search or indexing metadata needed to locate files and provide workspace functionality
  • Product analytics and performance data, typically collected in aggregate or pseudonymized form

Customer files are never used to train artificial intelligence or machine learning models operated by Aspect or its service providers. If customer-authorized AI agents, coding tools, or automation systems access a Customer filespace, that access occurs under the Customer's instructions and configuration.

Information Collected Automatically

When you access the Services, we automatically collect certain technical information:

  • Device and browser information: device type, operating system, browser type and version, screen resolution, and language settings
  • Network information: IP address and general location derived from IP address
  • Usage data: session information, feature usage patterns, mount and sync activity, and interaction data collected via analytics tools
  • Server logs: API access logs, authentication events, error logs, and request metadata

We do not intentionally capture the contents of Customer files in error or crash reports.

Information From Third Parties

  • Authentication providers: When Customers use single sign-on (SSO) or directory sync, we receive identity information such as name, email address, authentication identifier, and group membership from the configured identity provider.
  • Payment processor: We receive transaction status, billing confirmations, and subscription data from our payment processing provider.
  • Customer-authorized integrations: If a Customer connects third-party services, developer tools, cloud environments, AI agents, or automation systems to AspectFS, we may receive information necessary to provide the requested integration.

Information We Process on Behalf of Customers

As a data processor, we store and process the following on behalf of Customers:

  • Customer files and directories: Source code, configuration files, scripts, logs, prompts, fixtures, documents, datasets, and other files or folders uploaded, synced, mounted, or otherwise processed through the Services
  • Workspace data: Folder structures, permissions, workspace settings, sync settings, ignore rules, device registrations, mount configuration, and related records
  • Operational metadata: File metadata, object metadata, indexes, audit logs, and activity records needed to operate the Services

Customer-uploaded content remains the property of the Customer. Aspect owns operational metadata, analytics, and system-generated records created by the Services, except to the extent they contain Customer Personal Data processed on behalf of a Customer.

How We Use Your Information

We use personal information for the purposes described below. For users in the EEA and UK, we have identified the applicable legal basis under the General Data Protection Regulation (GDPR) for each purpose.

  • Providing the Services: delivering, maintaining, and improving AspectFS, including file storage, sync, mount functionality, workspace management, access controls, indexing, backups, and support. Legal basis: performance of contract and legitimate interests.
  • Processing payments: managing subscriptions, processing billing, and sending transaction-related communications. Legal basis: performance of contract and legal obligations.
  • Customer-authorized integrations and automation: enabling Customers to connect developer tools, servers, cloud environments, AI coding agents, and other systems to their filespaces. Legal basis: performance of contract and legitimate interests.
  • Customer support: responding to inquiries, troubleshooting issues, and providing technical assistance. Legal basis: performance of contract and legitimate interests.
  • Audit logging: recording workspace, account, API, mount, and sync activity for security, support, and Customer administration. Legal basis: legitimate interests and legal obligations.
  • Service security and fraud prevention: detecting, preventing, and responding to security incidents, fraud, abuse, and misuse. Legal basis: legitimate interests and legal obligations.
  • Analytics and service improvement: analyzing usage patterns to improve performance, reliability, and user experience. Legal basis: legitimate interests.
  • Marketing communications: sending information about our products, features, and updates, in accordance with your preferences. Legal basis: consent where required and legitimate interests where permitted.
  • Legal compliance: meeting legal, regulatory, tax, and accounting obligations. Legal basis: legal obligations.
  • Error tracking and debugging: identifying and resolving technical issues in the Services. Legal basis: legitimate interests.

Where we rely on legitimate interest as a legal basis, we have assessed that our interests do not override your fundamental rights and freedoms. You may object to processing based on legitimate interest at any time by contacting [email protected].

When We Share Information

We do not sell, rent, or trade your personal information to third parties for their marketing purposes.

We share personal information only in the following circumstances.

Service Providers

We engage third-party service providers that process personal information on our behalf to help us operate the Services. These providers are contractually obligated to protect your information and may only use it for the purposes we specify. Categories of service providers include:

  • Cloud infrastructure and hosting providers
  • File storage, sync, backup, and disaster recovery providers
  • Payment processing providers
  • Authentication and identity management providers
  • Error tracking and application monitoring providers
  • Product analytics providers
  • Customer support platform providers
  • Email delivery providers
  • Compliance and security monitoring providers
  • CRM and sales tools
  • AI, automation, or developer-tool providers where necessary to deliver Customer-requested functionality

A current list of our subprocessors is available at trust.aspectfs.com.

Customer-Authorized Access

Customers may authorize End Users, devices, servers, cloud environments, agents, tools, or integrations to access their filespaces. Customers are responsible for configuring and managing that access, including access granted to AI coding agents or automated systems.

Business Transfers

If Aspect is involved in a merger, acquisition, sale of assets, reorganization, or bankruptcy, your personal information may be transferred as part of that transaction. We will notify you of any change in ownership or control of your personal information where required by law.

We may disclose personal information when we have a good-faith belief that disclosure is necessary to:

  • Comply with applicable law, regulation, legal process, or government request
  • Enforce our terms of service and other agreements
  • Protect the rights, property, or safety of Aspect, our Customers, or the public
  • Detect, prevent, or address fraud, security issues, or technical problems

We may share your information with third parties when you have given us explicit consent to do so.

Aggregated and De-identified Data

We may share aggregated or de-identified information that cannot reasonably be used to identify you for purposes such as analytics, benchmarking, performance reporting, and industry research.

Data Retention

We retain personal information for as long as necessary to fulfill the purposes for which it was collected, comply with legal obligations, and resolve disputes. Specific retention periods include:

  • Customer files and directories: Retained during the active account period and deleted within 60 days after account termination or permanent workspace deletion, unless otherwise agreed in writing or required by law.
  • Operational metadata and indexes: Retained during the active account period and deleted within 60 days after the associated filespace, workspace, or file is permanently deleted, unless otherwise required for security, legal, or accounting reasons.
  • Account information: Retained during the active account period and for up to 7 years after account termination to satisfy legal, tax, and accounting requirements.
  • Billing records: Retained for 7 years per tax and accounting requirements.
  • Audit logs: Retained for the duration of the active workspace and for 60 days after workspace deletion, unless a longer period is required for security, compliance, or legal purposes.
  • Usage analytics: Retained in aggregate or anonymized form indefinitely.
  • Customer support records: Retained for up to 3 years after the last interaction.
  • Marketing consent records: Retained as needed to honor opt-out preferences.

Residual copies of deleted data may persist in encrypted backups for up to 30 days after deletion from production systems, after which they are permanently removed through the ordinary backup lifecycle.

Data Security

We implement administrative, technical, and organizational measures designed to protect your personal information. These measures include:

  • AES-256 encryption at rest for stored data
  • TLS 1.2 or higher for data in transit
  • Multi-availability-zone infrastructure deployment for redundancy and resilience
  • Role-based access controls enforcing the principle of least privilege
  • Multi-factor authentication for access to production systems
  • Vulnerability scanning of public-facing systems
  • Independent penetration testing of the production environment
  • Incident response procedures with defined severity levels and escalation paths
  • Data pseudonymization and anonymization techniques where appropriate
  • Employee background checks and security awareness training where permitted by law

Aspect maintains a SOC 2 Type 1 report, which is available to Customers and prospective Customers under a non-disclosure agreement. Please visit trust.aspectfs.com to request a copy.

No method of transmission over the Internet or electronic storage is completely secure. While we strive to protect your personal information, we cannot guarantee absolute security.

International Data Transfers

Aspect is based in the United States, and personal information is primarily stored and processed in the United States.

Aspect is self-certified under the EU-U.S. Data Privacy Framework (DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF as set forth by the U.S. Department of Commerce. We are subject to the investigatory and enforcement powers of the Federal Trade Commission with respect to personal data received or transferred pursuant to these frameworks.

Where the Data Privacy Framework does not apply or additional safeguards are required, we rely on Standard Contractual Clauses (SCCs) approved by the European Commission to support transfers of personal data from the EEA, UK, and Switzerland.

Our service providers may process personal data in locations outside the EEA and UK. We ensure that appropriate transfer mechanisms and contractual protections are in place. For details on our subprocessors and their locations, please visit trust.aspectfs.com.

Your Privacy Rights

All Users

Regardless of your location, you may:

  • Request access to the personal information we hold about you
  • Request correction of inaccurate personal information
  • Request deletion of your personal information
  • Export your data through available self-service tools
  • Update your communication preferences
  • Opt out of marketing communications

European Economic Area and United Kingdom (GDPR)

If you are located in the EEA or UK, you have the following rights under the GDPR:

  • Right to be informed about how your personal data is processed
  • Right of access to request a copy of your personal data
  • Right to rectification to correct inaccurate or incomplete personal data
  • Right to erasure to request deletion of your personal data under certain circumstances
  • Right to restrict processing to request that we limit how we use your personal data
  • Right to data portability to receive your personal data in a structured, commonly used, machine-readable format
  • Right to object to processing based on legitimate interests, including direct marketing
  • Rights related to automated decision-making and profiling
  • Right to withdraw consent at any time where processing is based on consent
  • Right to lodge a complaint with your local supervisory authority

When we process End User data on behalf of a Customer as a data processor, we will direct data subject requests to the relevant Customer and cooperate as required to help the Customer fulfill the request.

EU and UK Representative

In accordance with Article 27 of the GDPR and the UK GDPR, Aspect Ratio, Inc. has appointed Prighter Group, together with its local partners, as our privacy representative and point of contact for data subjects and supervisory authorities in the European Union (EU) and the United Kingdom (UK).

To exercise privacy-related rights through our representative, please visit our trust center at trust.aspectfs.com and request access to the privacy request portal.

California (CCPA/CPRA)

If you are a California resident, you have the following rights under the California Consumer Privacy Act and the California Privacy Rights Act:

  • Right to know what personal information we collect, use, and disclose
  • Right to delete your personal information
  • Right to correct inaccurate personal information
  • Right to opt out of the sale or sharing of personal information
  • Right to limit use of sensitive personal information
  • Right to non-discrimination for exercising your privacy rights

We do not sell or share personal information as those terms are defined by the CCPA.

Other US State Privacy Laws

We recognize the privacy rights granted to residents of Texas, Colorado, Connecticut, Virginia, Oregon, Montana, and other states with applicable privacy legislation. If you are a resident of any of these states and wish to exercise your rights, please contact us at [email protected].

How to Exercise Your Rights

To exercise any of your privacy rights, please contact us at [email protected]. When submitting a request, please provide sufficient information for us to verify your identity and locate your data.

  • Response timeframes: We will respond within 30 days for GDPR requests and within 45 days for CCPA requests. These timeframes may be extended where permitted by law, and we will notify you if an extension is necessary.
  • Identity verification: We may need to verify your identity before processing your request. This is a security measure to ensure personal information is not disclosed to unauthorized parties.
  • No fee: We do not charge a fee to process your request unless the request is manifestly unfounded or excessive.

Children's Privacy

The Services are not intended for use by children under the age of 16. We do not knowingly collect personal information from children under 16. If we become aware that we have collected personal information from a child under 16 without appropriate parental consent, we will take steps to delete that information promptly.

If you believe that a child under 16 has provided personal information to Aspect, please contact us at [email protected].

Cookies and Tracking Technologies

Aspect uses cookies and similar technologies on our website to provide functionality, understand usage, and support marketing activities. We categorize cookies as follows:

  • Strictly necessary cookies are required for the website to function and cannot be switched off. They include cookies for authentication, security, and load balancing.
  • Performance cookies collect aggregated information about how visitors use the website, such as which pages are visited most often and whether errors occur. We use this information to improve website performance and reliability.
  • Functional cookies enable enhanced features and personalization, such as remembering your preferences and settings.
  • Advertising and remarketing cookies are used to deliver relevant advertisements and measure campaign effectiveness.

Our core product analytics may use cookieless tracking technology and do not rely on cookies to collect the contents of Customer files.

Do Not Track: The Services do not currently respond to Do Not Track (DNT) browser signals, as there is no industry-standard interpretation of DNT signals for online services.

Cookie Consent: For visitors in the EEA and UK, we provide a cookie consent mechanism that allows you to manage your preferences for non-essential cookies.

The Services may contain links to third-party websites, services, tools, or integrations that are not operated or controlled by Aspect. This Privacy Policy does not apply to those third-party services. We encourage you to review the privacy policies of any third-party services you access. Aspect is not responsible for the privacy practices of third-party services.

Local Mounts, Device Storage, and Agent Access

AspectFS is designed to let Customers mount and sync files across laptops, servers, cloud environments, and agent runtimes. Files or metadata may be cached, hydrated, pinned, or otherwise stored locally on Customer-controlled devices or environments. Customers and End Users are responsible for securing data stored outside Aspect-managed infrastructure, including local mounts, local caches, developer machines, servers, cloud VMs, containers, and AI agent environments.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes to our practices, technologies, legal requirements, or other factors. When we make material changes, we will notify you by email and/or through a prominent notice in the Services before the changes become effective.

We encourage you to review this Privacy Policy periodically. Your continued use of the Services after the effective date of any changes constitutes your acceptance of the updated Privacy Policy.

Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Email: [email protected]

For customer support inquiries, you may also reach us at [email protected].