Privacy Policy

Effective date: September 9, 2025

Axofy respects your time, your work, and your data. This policy explains what we collect, why we collect it, how we use it, and the choices you have. It applies to axofy.ai, our apps, and services that link to this policy.

1) Who we are

Controller: Axofy (“we,” “us”).
Contact: privacy@axofy.ai

If you’re in the EEA/UK, we process your data under GDPR. If you’re in California, your rights follow the CCPA/CPRA.

2) What we collect

a) You provide

  • Account data: name, email, password (hashed), workspace details.

  • Project data: product URLs, uploaded images, scripts, subtitle files, settings (duration, aspect ratio), export outputs, and metadata (timestamps, versions).

  • Support data: tickets, attachments, logs you choose to share.

  • Billing data: billing name, email, address. Card data is handled by our payment processor; we don’t store full card numbers.

b) Collected automatically

  • Usage and device data: pages, clicks, referring URLs, basic device/browser info, approximate location (from IP), language, crash logs.

  • Cookies/SDKs: essential cookies for sign-in and security; optional analytics/diagnostics (if you consent).

c) From third parties

  • Payments: payment status and limited billing details from our processor.

  • Auth/abuse prevention: signals used to protect accounts and prevent fraud.

We do not collect: government IDs, facial recognition templates, or biometric identifiers through Axofy. If a vendor requires identity verification for payments, that happens directly with them.

3) How we use data

  • Provide the service: create, render, and deliver your UGC videos; maintain accounts and workspaces.

  • Improve reliability and speed: diagnostics, performance tuning, and feature quality.

  • Security: detect abuse, fraud, spam, and service misuse.

  • Support: resolve tickets and product issues.

  • Legal/compliance: tax, accounting, and regulatory obligations.

  • Communication: essential product emails (password reset, service notices). You can opt out of non-essential messages.

Legal bases (GDPR): contract (to deliver the service), legitimate interests (security, improvement), consent (non-essential cookies/analytics), and legal obligation (tax/records).

4) AI processing and your content

  • No training on your content: We don’t use your projects, uploads, or outputs to train our models.

  • Vendors: When we use third-party AI or infrastructure, we contractually restrict them from training on your content where such options exist.

  • Access: Only authorized staff can access your content to fix a specific problem you asked us to investigate, and access is logged.

5) Sharing and disclosure

We share data only with:

  • Processors: hosting, storage, analytics, logging, email, payments, and (if used) AI inference providers—solely to run Axofy.

  • Compliance: law enforcement or regulators when legally required.

  • Business transfers: if we sell or restructure the business, information may transfer under the same protections.

We do not sell your personal information and we don’t share it for cross-context behavioral advertising as defined by CPRA.

6) Data retention

  • Account data: kept while your account is active.

  • Project data (uploads/outputs): kept while in your workspace; when you delete a project, it’s removed from active systems within 30 days and from backups within 90 days.

  • Logs and diagnostics: 30–90 days unless needed longer for security or legal reasons.

  • Billing records: kept for up to 7 years for tax and accounting.

7) Security

  • Encryption in transit (TLS) and at rest where supported.

  • Least-privilege access, audit logging, and segmented infrastructure.

  • Regular backups and recovery testing.
    No system is perfectly secure, but we take security seriously and respond quickly to issues.

8) International transfers

We may process data in countries other than yours. When we transfer personal data internationally, we use lawful mechanisms (e.g., Standard Contractual Clauses under GDPR).

9) Your rights

EEA/UK (GDPR)

  • Access, rectification, erasure, restriction, portability, and objection (including to profiling for legitimate interests).

  • Withdraw consent for non-essential cookies/analytics at any time.

California (CCPA/CPRA)

  • Know, access, correct, delete, limit use of sensitive data, and opt out of sale/share (we don’t sell or share as defined).

  • Non-discrimination for exercising rights.

How to exercise rights: email privacy@axofy.ai from your account email. We may need to verify your identity. You can also manage cookies through our preferences banner.

10) Your choices

  • Cookies: accept only essential cookies or manage preferences.

  • Content control: download or delete your projects in the product.

  • Emails: unsubscribe from non-essential messages via the footer link or in settings.

11) Children

Axofy isn’t for children under 13 (or the age required by your region). We don’t knowingly collect children’s data.

12) Payments

Payments are processed by our payment provider. We receive payment confirmations and limited billing details; we never see or store full card numbers.

13) Third-party links

If you follow a link to a third-party site, their terms and privacy policies apply.

14) Changes to this policy

When we update this policy, we’ll change the effective date and, if the changes are significant, notify you by email or in-app.

15) Contact

Questions or requests: privacy@axofy.ai
Security reports: security@axofy.ai

16) Region-specific disclosures (summary)

EEA/UK: You can lodge a complaint with your local supervisory authority. We rely on contract, legitimate interests, consent, and legal obligation as described above.
California: We don’t “sell” or “share” personal information as defined by CPRA and don’t use sensitive personal information for purposes requiring “limit” rights. You can request access, deletion, and correction via email.

17) Short version (for humans)

We use your data to run Axofy, keep it secure, make it faster, and support you. We don’t sell it, we don’t train models on your content, and you can delete your projects and ask us to delete your account. If you need help, email privacy@axofy.ai.