Privacy Policy

Last updated: 24 April 2026

1. Who We Are

AIRTIGHT is an AI-native accounting platform operated by Sajdak Group Holdings WLL (CR 182901, Kingdom of Bahrain), trading as INEVARA. In this policy, "we", "us", and "our" refer to Sajdak Group Holdings WLL.

2. Information We Collect

We collect information you provide directly when creating an account or using AIRTIGHT:

Account information: name, email address, organisation name
Financial data: transactions, invoices, bank feed data, and ledger entries you create or import
Authentication data: passkey credentials (public keys only), session tokens
Usage data: features used, pages visited, error logs

3. How We Use Your Information

We use your information solely to provide, maintain, and improve the AIRTIGHT platform:

To operate the accounting platform and process your financial data
To authenticate your identity and secure your account
To provide AI-powered categorisation, reconciliation, and compliance features
To send transactional emails (invoices, receipts, security alerts)
To comply with legal and regulatory obligations

4. Data Security

Your financial data is protected by a four-layer envelope encryption architecture (CMK, KEK, DEK, field key). Every organisation's data is encrypted with a unique key. All sensitive fields (TFN, bank details, PII) use field-level encryption. Cryptographic shredding is applied on account deletion.

5. Multi-Tenancy and Data Isolation

AIRTIGHT enforces strict multi-tenant data isolation through tenant-scoped access controls applied at the database engine on every table. Your organisation's data is never accessible to other tenants.

6. Data Retention

We retain your data for as long as your account is active. When you delete your account, we perform cryptographic shredding — your data encryption keys are destroyed, rendering all encrypted data permanently unrecoverable. Certain records may be retained as required by law (e.g., financial record-keeping obligations).

7. Third Parties

We do not sell your data. We share data only with:

An enterprise cloud infrastructure provider for hosting and data storage
Paddle as our Merchant of Record — for billing, subscription management, and regulatory tax compliance (mandatory disclosure per Paddle's consumer terms)
A transactional email provider for account verification and billing notifications
Law enforcement or regulators when legally compelled

8. Your Rights

You may request access to, correction of, or deletion of your personal data at any time by contacting us at legal@airtight.one.

9. Changes to This Policy

We may update this policy from time to time. We will notify you of material changes via the email associated with your account.

10. Contact

For privacy enquiries: legal@airtight.one

Provider

This service is provided by Sajdak Group Holdings WLL (CR 182901, Kingdom of Bahrain), trading as INEVARA. Payments are processed by Paddle.com Market Ltd as our merchant of record.