Privacy Policy

Last updated: 2025‑11‑05

1. Introduction

Personaxis Inc. (“Personaxis”, “we”, “us”) builds an affective memory layer for AI systems. This Privacy Policy explains the personal data we collect today (marketing site, waitlist, research collaborations) and how we will expand protections as our SDK and APIs become available. It applies to our websites, investor materials, pilot programs, and any related services (collectively, the “Services”).

Summary

  • We collect only the signals needed to operate our properties, share research updates, and evaluate potential collaborations.
  • Emotional inferences are currently computed locally during experiments; we do not store affective vectors in production environments yet.
  • You can access, correct, or delete your information at any time, and exercise regional rights under GDPR, UK GDPR, CPRA, LGPD, and similar laws.

2. Data we collect

  • Contact information such as name, email address, organization, and role so we can respond to inquiries, schedule briefings, and manage collaboration requests.
  • Preference signals including locale, theme, and cookie choices so we can render localized, accessible experiences.
  • Attribution and usage data (referring URLs, UTM parameters, IP address, user agent, timestamps, page paths, error diagnostics) so we can keep the Services secure, understand engagement at a high level, and troubleshoot issues.
  • Affective research inputs collected during closed pilots or studies (e.g., valence/arousal vectors, conversation snippets). These datasets are de-identified when possible or stored in controlled enclaves with strict access policies.

We avoid collecting sensitive information unless strictly required for a pilot and consented. If a dataset might reveal health, biometric, or demographic details, we will run a Data Protection Impact Assessment before ingesting it.

3. How we obtain data

  • Directly from you when you request information, subscribe to updates, participate in research, or contact us.
  • Automatically from your browser through strictly necessary cookies, local storage, and server logs.
  • Through research or pilot partners who share interaction data under a data processing agreement. We require they secure proper consent from end users.

4. How we use data

  1. Operate and improve the Services: run the website, personalize content, analyze interest, and maintain our documentation.
  2. Build the Personaxis platform: prototype affective-memory algorithms, assess performance, and debug socioaffective safety tooling. Pilot datasets are pseudonymized, access-controlled, and deleted at the end of the engagement unless longer retention is explicitly requested.
  3. Communicate: send updates about our roadmap, research publications, and funding announcements (you may opt out at any time).
  4. Compliance and safety: prevent abuse, investigate suspicious activity, and satisfy legal obligations.

We do not sell personal data, use it for automated decision-making with legal effect, or train general-purpose models without contractual safeguards.

5. Legal bases (EEA/UK)

  • Consent (GDPR Art. 6(1)(a)): newsletter sign-ups, non-essential cookies, participation in user studies.
  • Contract (Art. 6(1)(b)): providing requested materials, scheduling demos, fulfilling pilot agreements.
  • Legitimate interests (Art. 6(1)(f)): securing infrastructure, measuring engagement, improving the platform in privacy-preserving ways.
  • Special categories: if a pilot requires processing health- or emotion-related data, we will obtain explicit consent and apply additional protections (encryption, access logging, retention caps).

6. Retention

  • Collaboration records: retained while we maintain an active relationship or for 24 months after last contact, then deleted or de-identified.
  • Server logs: 30–90 days unless extended for security investigations.
  • Pilot datasets: retained only for the contract term; we provide deletion certificates upon request.

7. Sharing & transfers

We rely on vetted processors for hosting, analytics (self-hosted or privacy-first vendors), communication tools, and storage. Each processor signs a Data Processing Agreement and, where relevant, EU Standard Contractual Clauses plus UK addenda. Supplemental safeguards (encryption, access controls, regional data residency) are applied when required by law.

We may share data with:

  • Professional advisers (legal, accounting) under confidentiality.
  • Prospective investors during diligence, using redacted or aggregated data.
  • Authorities if required to comply with law or protect rights.

8. Security

  • TLS everywhere; encryption at rest for storage.
  • Least-privilege access, MFA, continuous logging.
  • Segregated environments for research prototypes vs. production services.
  • Safety reviews aligned with NIST AI RMF, ISO/IEC 27001 practices, and upcoming EU AI Act requirements.

9. Your rights

Depending on your jurisdiction you can:

  • Request access, correction, deletion, or portability of your data.
  • Object to or restrict processing.
  • Withdraw consent at any time (does not affect prior lawful processing).
  • Lodge a complaint with your supervisory authority.

To exercise these rights, contact us at davidq@personaxis.com. We will respond within 30 days (or faster where required).

10. Cookies & similar technologies

  • Essential: locale (NEXT_LOCALE), session integrity, CSRF protection.
  • Analytics: currently disabled; if we enable privacy-preserving analytics we will request consent and provide granular controls.
  • Experiment flags: optional local storage entries during pilots; these remain on your device.

11. Children

The Services are not directed to children under 13 (or under 16 in the EEA). If you believe a child submitted data, please notify us and we will delete it promptly.

12. Sub-processor list

We maintain an up-to-date roster of infrastructure and research vendors. Request the latest version by emailing davidq@personaxis.com with subject “Sub-processor list”.

13. Contact

Questions, concerns, or data rights requests: davidq@personaxis.com.

14. Updates

We will revise this policy as our affective memory platform evolves. Material changes will be announced via email or in-app notice at least 14 days before they take effect. The “Last updated” date reflects the latest revision.