Privacy Policy
Your privacy matters to us. This policy explains exactly what data we collect, why we collect it, how we use it, and the rights you hold over your own information when you use Avexora AI.
Data Protection
We collect only the data we need and protect it with industry-standard encryption and access controls.
Transparency First
We explain every type of data we collect, the legal basis for collecting it, and exactly how it is used.
Your Rights
You can access, correct, export, or delete your personal data at any time by contacting us directly.
Who We Are
Avexora AI operates avexora.ai and all sub-applications within the Avexora AI ecosystem (collectively, the "Platform"). We are the data controller responsible for your personal information collected through the Platform.
This Privacy Policy applies to all visitors, registered users, demo attendees, and subscribers of the Avexora AI Platform. By using our Platform, you agree to the practices described in this Policy.
Plain English summary: Avexora AI is a company that builds and operates an AI-powered business ecosystem. We are responsible for deciding how your data is used, and this document tells you everything you need to know about that.
Data We Collect
We collect personal data in three ways: information you provide directly, information collected automatically when you use the Platform, and information we receive from third parties.
Information You Provide Directly
- Name and email address when you register, book a demo, or contact us
- Phone number, if you choose to provide it on a contact or demo form
- Business type or role description when you complete a qualification field
- Payment and billing information when you subscribe to a paid plan (processed by our payment processor; we do not store card details)
- Profile information and preferences you set within the Platform
- Any content, prompts, niche descriptions, or strategic inputs you enter into AI apps within the Platform
- Support tickets, emails, and feedback messages you send to us
Information Collected Automatically
- IP address and approximate geographic location
- Browser type, operating system, and device identifiers
- Pages visited, features used, and time spent within the Platform
- Referral source and UTM parameters from marketing campaigns
- Session recordings and interaction data for product improvement (where consented)
- Error logs and performance metrics
Information From Third Parties
- Advertising platform identifiers (such as the Facebook Click ID, where you arrive via a paid ad)
- OAuth profile data if you sign in using a third-party authentication provider
- Publicly available business information used to enrich your account context
How We Use Your Data
We use the personal data we collect for specific, legitimate purposes only. We do not sell your personal data to third parties.
| Purpose | Data Used |
|---|---|
| Provide and operate the Platform and its AI apps | Account details, usage data, content inputs |
| Process demo bookings and onboarding | Name, email, phone, business type |
| Manage subscriptions and billing | Email, billing information via payment processor |
| Send transactional communications (receipts, account updates) | Email address |
| Send marketing communications (where you have consented or we have a legitimate interest) | Name, email address |
| Improve the Platform through analytics and product research | Usage data, session data, error logs |
| Measure and optimise marketing campaign performance | Referral data, advertising identifiers |
| Prevent fraud, abuse, and ensure platform security | IP address, device identifiers, usage patterns |
| Comply with legal obligations | Any relevant data as required by law |
We do not sell your data. We never sell, rent, or trade your personal information to any third party for their own marketing purposes.
Legal Basis for Processing
Where data protection law requires us to have a legal basis for processing your personal data, we rely on one or more of the following:
- Contract performance: Processing necessary to deliver the Platform services you have requested or subscribed to
- Legitimate interests: Processing necessary for our legitimate business interests (such as improving the Platform, security monitoring, and direct marketing to existing customers), where these interests are not overridden by your rights
- Consent: Where you have given us explicit consent, such as for marketing emails to new contacts or for optional session recording features
- Legal obligation: Processing required to comply with applicable laws and regulations
You may withdraw consent at any time without affecting the lawfulness of processing carried out before withdrawal.
Cookies and Tracking Technologies
We use cookies and similar tracking technologies to operate and improve the Platform. Cookies are small text files stored on your device.
Types of Cookies We Use
| Category | Purpose | Examples |
|---|---|---|
| Strictly Necessary | Essential for the Platform to function. Cannot be disabled. | Session authentication, security tokens |
| Analytics | Understand how users interact with the Platform to improve it. | Page views, feature usage, error tracking |
| Marketing and Advertising | Measure the effectiveness of our marketing campaigns and enable retargeting. | Facebook Pixel (_fbp, _fbc), conversion tracking |
| Preferences | Remember your settings and personalisation choices. | Language, display preferences |
You can control non-essential cookies through your browser settings or via any cookie consent tool we display. Disabling certain cookies may affect the functionality of the Platform.
Sharing Your Data
We share personal data only with trusted third-party service providers who help us operate the Platform, and only to the extent necessary for them to perform their services.
Our Sub-Processors Include
- Cloud infrastructure and database hosting - for storing your account data and content securely
- Payment processors - for securely handling subscription billing (they receive only the data needed to process your payment)
- Email delivery providers - for sending transactional and marketing communications
- AI and large language model providers - your content inputs may be processed by third-party AI APIs to deliver the app outputs you request
- Analytics and error tracking tools - for monitoring Platform performance and diagnosing issues
- Advertising platforms - for measuring campaign performance (such as Meta and Google, using anonymous event identifiers)
We may also disclose your data where required by law, to protect our legal rights, to prevent fraud, or in connection with a business transfer such as a merger or acquisition. In such cases, we will notify you as permitted by law.
All third-party providers are bound by data processing agreements that require them to handle your data lawfully and only for the purposes we specify.
Data Retention
We retain your personal data only for as long as necessary to fulfil the purposes described in this Policy, or as required by applicable law.
- Active account data: Retained for the duration of your account, plus a reasonable period afterward to handle any post-cancellation queries
- Demo and lead form submissions: Retained for up to 24 months from the date of submission, or until you request deletion
- Billing records: Retained for up to 7 years as required by financial and tax regulations
- Analytics and log data: Typically anonymised or aggregated after 12 months
- Marketing communications: Retained until you unsubscribe, after which we retain only a suppression record
When data is no longer required, we delete or anonymise it securely.
Your Rights
Depending on your location and applicable data protection law (including the GDPR and UK GDPR), you may have the following rights in relation to your personal data:
- Access: Request a copy of the personal data we hold about you
- Rectification: Ask us to correct inaccurate or incomplete data
- Erasure: Request that we delete your personal data ("right to be forgotten"), subject to any legal obligations to retain it
- Restriction: Ask us to limit how we process your data in certain circumstances
- Portability: Receive your data in a structured, machine-readable format and transfer it to another controller
- Objection: Object to processing based on legitimate interests, including direct marketing
- Withdraw consent: Where processing is based on your consent, withdraw it at any time without affecting prior processing
- Complaint: Lodge a complaint with your local data protection supervisory authority
To exercise any of these rights, please contact us using the details in Section 13. We will respond within 30 days. We may ask you to verify your identity before processing your request.
Security
We take the security of your personal data seriously. We implement and maintain technical and organisational measures to protect your data against unauthorised access, loss, destruction, or alteration. These measures include:
- Encryption of data in transit using TLS 1.2 or higher
- Encryption of sensitive data at rest
- Role-based access controls limiting who within Avexora AI can access your data
- Regular security reviews and vulnerability assessments
- Incident response procedures to detect, contain, and notify you of any data breach as required by law
No system is completely impenetrable. If you believe your account has been compromised, please contact us immediately at the details in Section 13.
International Data Transfers
Avexora AI operates globally. Your personal data may be stored and processed in countries outside your own, including countries where data protection laws may differ from those in your jurisdiction.
Where we transfer personal data from the European Economic Area (EEA) or the United Kingdom to countries that have not been deemed adequate by the relevant authority, we rely on appropriate safeguards such as Standard Contractual Clauses (SCCs) approved by the European Commission or the UK International Data Transfer Agreement.
By using the Platform, you acknowledge that your data may be transferred internationally in accordance with these safeguards.
Children's Privacy
The Avexora AI Platform is not intended for use by individuals under the age of 16. We do not knowingly collect personal data from anyone under 16 years of age.
If you believe we have inadvertently collected data from a child under 16, please contact us immediately and we will delete it as quickly as possible.
Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes to our practices, the Platform, or applicable law. When we make material changes, we will:
- Update the "Last Updated" date at the top of this Policy
- Notify registered users by email where the changes are significant
- In some cases, ask for your renewed consent
We encourage you to review this Policy periodically. Continued use of the Platform after changes are posted constitutes your acceptance of the updated Policy.
Contact Us
If you have any questions about this Privacy Policy, wish to exercise your data rights, or want to raise a concern about how we handle your information, please contact us:
Avexora AI - Privacy Team
Email: privacy@avexora.ai
Website: avexora.ai/contact
Response time: within 2 business days for general enquiries, within 30 days for formal data rights requests.
If you are located in the EEA or UK and are not satisfied with our response, you have the right to lodge a complaint with your local data protection supervisory authority. In the UK this is the Information Commissioner's Office (ICO) at ico.org.uk. In the EEA, contact your national data protection authority.