Privacy Policy

Last updated: May 8, 2026

ellix.ai ("we", "us", "our") operates the ellix.ai website and the aiassist.chat platform. This Privacy Policy explains what personal data we collect, why we collect it, how we use it, and the rights you have over it.

By using our website or products, you agree to the practices described in this policy.

1. Information We Collect

1.1 Information you provide directly

  • Contact and support: When you contact us via forms or email, we collect your name, email address, and the content of your message.
  • Newsletter and waitlist: When you subscribe to our newsletter or join a product waitlist, we collect your email address.
  • Account registration: When you sign up for aiassist.chat, we collect your name, email address, and a hashed password. We use Argon2 for password hashing — your plaintext password is never stored.
  • Billing: Payment processing is handled by a third-party provider (Stripe). We do not store your card details. We retain a record of your subscription tier and billing history.

1.2 Information collected automatically

  • Usage data: When you visit ellix.ai, we may collect your IP address, browser type, operating system, referring URL, pages visited, and timestamps. This data is used in aggregate for analytics.
  • Cookies: We use strictly necessary cookies for session management and authentication. We do not use third-party advertising cookies. You may disable cookies in your browser settings, though some features may not function correctly.
  • Widget telemetry (aiassist.chat): If you use the aiassist.chat widget on your site, we collect the content of chat messages and conversation metadata (session ID, timestamps, widget configuration). This data is used to power AI responses and provide analytics to the site owner.

1.3 Information from third parties

We may receive information about you from third-party integrations you configure, such as CRM or helpdesk tools connected via webhooks. We process such data only as directed by you.

2. How We Use Your Information

We use the information we collect to:

  • Respond to inquiries and provide customer support
  • Operate and improve our products and services
  • Send transactional emails (account notifications, invoices, security alerts)
  • Send newsletters or product updates you have opted into
  • Detect and prevent fraud, abuse, and security incidents
  • Comply with legal obligations

We do not sell your personal data to third parties. We do not use your data for targeted advertising.

3. Legal Bases for Processing (GDPR)

If you are located in the European Economic Area (EEA) or the United Kingdom, we process your personal data under the following legal bases:

| Purpose | Legal Basis | |---|---| | Providing our services | Performance of a contract | | Sending newsletters | Consent | | Security and fraud prevention | Legitimate interests | | Legal compliance | Legal obligation |

4. Data Retention

| Data type | Retention period | |---|---| | Contact form submissions | 12 months | | Account data | Duration of account + 30 days after deletion | | Chat conversation logs | 12 months (configurable per site) | | Billing records | 7 years (legal/tax requirement) | | Server logs | 90 days |

5. Sharing and Disclosure

We share personal data only in the following circumstances:

  • Service providers: We share data with vendors who help us operate our infrastructure (e.g., cloud hosting, email delivery, payment processing). These vendors are bound by data processing agreements and may not use your data for their own purposes.
  • Legal requirements: We may disclose data when required by law, court order, or to protect the rights and safety of ellix.ai or others.
  • Business transfer: In the event of a merger, acquisition, or sale of assets, your data may be transferred. We will notify you before your data becomes subject to a different privacy policy.

6. Data Security

We implement industry-standard security measures including:

  • TLS encryption in transit
  • Argon2 password hashing
  • Per-site API key isolation
  • Regular security reviews

No method of transmission or storage is 100% secure. If we become aware of a breach that affects your data, we will notify you as required by applicable law.

7. Your Rights

Depending on your location, you may have the following rights:

  • Access: Request a copy of the personal data we hold about you.
  • Correction: Request correction of inaccurate or incomplete data.
  • Deletion: Request deletion of your personal data ("right to be forgotten").
  • Portability: Receive your data in a machine-readable format.
  • Objection: Object to processing based on legitimate interests.
  • Withdraw consent: Withdraw consent for processing where consent is the legal basis (e.g., unsubscribe from newsletters).

To exercise any of these rights, email privacy@ellix.ai. We will respond within 30 days.

8. Children's Privacy

Our services are not directed to individuals under the age of 16. We do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a child, please contact us and we will delete it promptly.

9. International Transfers

ellix.ai is operated from [your country]. If you access our services from outside this jurisdiction, your data may be transferred and processed in other countries. We ensure appropriate safeguards are in place (e.g., Standard Contractual Clauses) for any international transfers.

10. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the "Last updated" date at the top and, where appropriate, notify you by email. Your continued use of our services after the effective date constitutes acceptance of the updated policy.

11. Contact

For privacy-related questions or to exercise your rights:

Email: privacy@ellix.ai
Address: ellix.ai, [your address]