Four vendors. None ever touches a secret.
These are every third party that processes limited operational data for TechBantu IT Solutions, LLC(the “Operator”). Each receives only what its function requires. Because AION is blind by design, no sub-processor ever receives Vault plaintext, keys, or unseal-sufficient material — that material never leaves your device.
The blind-server limit
NO SUB-PROCESSOR LISTED BELOW EVER RECEIVES VAULT PLAINTEXT, THE ENCRYPTION KEY, ANY THRESHOLD-SUFFICIENT SET OF SHARDS, THE MEMORY ANSWER, TRUSTEE KEYS, RECOVERY PASSPHRASES, OR ANY UNSEAL-SUFFICIENT COMBINATION.
Sealing and unsealing run entirely in your browser. The data each sub-processor receives is confined to the narrow operational data in its row below and is never Vault Material. We cannot disclose to a sub-processor what we never possess.
Current sub-processors
- Stripe. Hosted payment for the Founding Vault Ceremony and Heir Fire Drill via a Stripe Payment Link. Data shared: Billing email; card and payment data (held by Stripe, never by AION); invoice, customer, and charge IDs; tax/address fields where required. Region: United States · global infrastructure. Privacy policy.
- Vercel. Serving the public website and the local-only browser prototype. Data shared: Standard request metadata (timing, status, coarse diagnostics); no request bodies, no vault content, no analytics events. Region: United States · global edge. Privacy policy.
- EForw. Inbound email routing for mail@sealedaion.com. Data shared: Requester email, message body, headers, and any attachment the requester chooses to send. Region: United States. Privacy policy.
- Google (Gmail). Maintainer inbox receiving forwarded private-session requests. Data shared: Requester email, message body, headers, and any attachment the requester chooses to send. Region: United States · global infrastructure. Privacy policy.
AION engages no analytics, authentication, profile-database, or file-storage sub-processors, because the live Service keeps no accounts, runs no analytics, and stores no uploaded files or vault ciphertext on any server. Where these providers process data outside your region, that transfer relies on the standard contractual clauses or equivalent safeguards in each provider’s own policy linked above; the architectural guarantee — that they receive no Vault Material — is the controlling supplementary measure.
Notice and your right to object
We post material additions to this page before a new sub-processor begins processing, or promptly thereafter where advance notice is impractical. To receive change notices, or to object to a new sub-processor, write to mail@sealedaion.com; we record your address only to notify you. If we cannot reasonably accommodate a legitimate objection, you may discontinue use — and because the live Service holds no accounts and no Vault Material, that requires no server-side deletion by us.
EACH SUB-PROCESSOR PROCESSES DATA UNDER ITS OWN TERMS AND PRIVACY POLICY, LINKED ABOVE; AION DOES NOT CONTROL AND IS NOT RESPONSIBLE FOR THOSE THIRD PARTIES’ INDEPENDENT PRACTICES.
This page is governed by the laws of the State of California, without regard to its conflict-of-laws rules. See also the Privacy Policy.