Privacy Policy

1. Information We Collect

We collect information that you provide directly to us and some information automatically. The personal information we collect depends on your interaction with us and our Services.

Personal Information You Provide

We collect personal information you voluntarily provide when you register for an account, make a purchase, or contact us. This includes:

• Names
• Email addresses
• Payment Information: If you make a purchase, we collect data needed to process your payment, such as your credit/debit card number and security code. All payment data is handled and stored by our payment processor, Stripe. You can review their privacy notice here.

Information Collected Automatically

We automatically collect certain information when you visit or use the Services. This information does not reveal your specific identity but may include device and usage information, such as your IP address, browser and device characteristics, and operating system. This data is primarily used to maintain the security and operation of our Services, and for internal analytics.

2. How We Use Your Information

We process your information to provide, improve, and administer our Services, communicate with you, prevent fraud, and comply with the law.

• To Provide and Manage Our Services

  To facilitate account creation, manage user accounts, and deliver the requested services to you.

• For Security and Fraud Prevention

  To keep our Services safe and secure.

• To Communicate with You

  To send you service-related messages and respond to your inquiries. We may also send marketing communications if it aligns with your preferences, and you can opt out at any time.

3. Legal Basis for Processing (For EEA and UK Users)

If you are in the European Economic Area (EEA) or the United Kingdom (UK), we only process your personal information when we have a valid legal reason to do so. We rely on the following legal bases:

• Consent

  We may process your information if you have given us permission to use it for a specific purpose. You can withdraw your consent at any time.

• Performance of a Contract

  We process your information to fulfill our contractual obligations to you, such as providing our Services.

• Legitimate Interests

  We may process your information to achieve our legitimate business interests, provided they do not outweigh your rights and freedoms.

• Legal Obligations

  We may process your information to comply with our legal obligations, such as cooperating with a law enforcement body.

4. How We Share Your Information

We may share your data with third-party vendors and service providers who perform services for us and require access to such information to do that work.

• Payment Processing

  We share payment data with Stripe to bill you for your purchases.

• User Account Registration and Authentication

  We use services like Google OAuth 2.0 to allow you to register and log in.

• Legal Requirements & Business Transfers

  We may share your information in connection with a merger or acquisition, or if required by law.

We have contracts in place with our third parties to help safeguard your personal information. They are not permitted to share your information with any other organization and must protect the data they hold on our behalf.

5. Cookies and Tracking Technologies

We use cookies and similar technologies to collect and store your information. We use essential cookies to maintain the security of your account, save your preferences, and assist with basic site functions like token-based authentication. Most web browsers are set to accept cookies by default, but you can usually choose to remove or reject them, which could affect certain features of our Services. For more details, please see our Cookie Notice.

7. Data Retention

We keep your personal information only for as long as it is necessary for the purposes set out in this notice, unless a longer period is required by law. Generally, this means we will keep your information for the period of time in which you have an account with us. When we no longer have a legitimate business need to process your information, we will either delete or anonymize it.

8. Your Privacy Rights

Depending on your location, you have certain rights regarding your personal information.

• The right to access and obtain a copy of your personal information.

• The right to request correction of inaccurate information or erasure of your data.

• The right to restrict the processing of your personal information.

• The right to data portability, where applicable.

To exercise these rights, the easiest way is by visiting https://hexilo.org/dashboard/user/data-request or by contacting us at [email protected]. We will act upon any request in accordance with applicable data protection laws.

9. Specific Regional Rights

A. For Residents of the EEA, UK, and Switzerland

In addition to the rights listed above, if you believe we are unlawfully processing your personal information, you have the right to complain to your local data protection supervisory authority.

B. For Residents of California (CCPA)

If you are a California resident, you have specific rights regarding your personal information.

• Categories of Personal Information Collected:

  In the last 12 months, we have collected the following categories of personal information:

  • Identifiers: such as name, email address, and IP address.
  • Personal information categories listed in the California Customer Records statute: such as name and contact information.

• "Sale" or "Sharing" of Data:

  We have not sold or shared any personal information with third parties for a business or commercial purpose in the preceding 12 months.

• Your Rights:

  You have the right to:

  • Request to know more details about the categories and specific pieces of personal information we collect.
  • Request the deletion of your personal data.
  • Request to correct inaccuracies in your personal data.
  • Not be discriminated against for exercising your rights.

• "Shine the Light" Law:

  California residents can request, once a year and free of charge, information about categories of personal information (if any) we disclosed to third parties for their direct marketing purposes.

To exercise your CCPA rights, please contact us at [email protected] or by visiting https://hexilo.org/dashboard/user/data-request. Upon receiving your request, we will need to verify your identity.

10. Children's Privacy

We do not knowingly collect data from or market to children under 18 years of age. By using the Services, you represent that you are at least 18 or that you are the parent or guardian of a minor and consent to their use of the Services. If we learn that we have collected information from users under 18, we will take reasonable measures to promptly delete such data.

11. Updates to This Policy

We may update this privacy notice from time to time to stay compliant with relevant laws. The updated version will be indicated by a "Revised" date, and we encourage you to review it frequently.