Privacy Policy

Acenxia is the controller of personal data processed through the Service.

Controller address: Acenxia, Dusseldorf, Germany.

Privacy requests can be sent to dev.acenxia@gmail.com.

We may collect: account identifiers (name/email), authentication metadata, onboarding responses, mission/focus board content, chat content, usage telemetry, and support communications.

Billing data is processed by Stripe. We do not store full card numbers in Acenxia systems.

We use data to provide and secure the Service, personalize guidance, process billing, troubleshoot issues, prevent abuse, and improve reliability and performance.

Depending on your jurisdiction, processing is based on one or more of: contract performance, legitimate interests (service security and improvement), consent (where required), and legal obligations.

We use third-party processors to operate the Service, including infrastructure, authentication/database, AI processing, analytics, and payments (for example: Supabase, Anthropic, Vercel, Stripe).

These providers process data under contractual safeguards and only for authorized service purposes.

We do not sell personal data. We may share data with processors, where required by law, to enforce rights, protect users, or in a merger/acquisition scenario subject to legal safeguards.

Data may be processed in countries outside your own. Where legally required, we use appropriate transfer mechanisms and contractual protections.

We retain personal data only for as long as needed for the purposes listed here, including account operations, dispute resolution, security, and legal compliance.

You can request deletion of your account data, subject to legal and fraud-prevention retention obligations.

Typical retention periods: account/service content is retained while your account is active; billing and anti-fraud records may be kept for legal and accounting periods after closure.

We apply technical and organizational safeguards designed to protect personal data. No system is fully risk-free, but we continuously monitor and improve security controls.

Depending on your jurisdiction, you may have rights to access, correct, export, or delete personal data.

If you are in regions with additional rights (for example GDPR/UK GDPR/CCPA-type regimes), you can submit requests through the contact email above.

Manual request process: email from your account address with subject line "Data Access Request", "Data Export Request", or "Account Deletion Request". We may ask for identity verification and target a response within 30 days where required by law.

We use essential cookies for authentication and security, and optional cookies for analytics and product-improvement measurement.

You can manage non-essential consent at any time through the cookie preferences controls and by visiting the Cookie Policy page.

The Service is not intended for children under 13 (or higher age where required by local law), and we do not knowingly collect data from children.

We may update this Privacy Policy to reflect product, legal, or operational changes. Updates are posted with a revised "Last updated" date.