Privacy Policy

Complix AI (“we,” “us,” or “our”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service. Please read it carefully.

1. Information we collect

Information you provide

• Email address and password when you create an account
• Payment information (processed by Stripe — we never store card numbers)
• Website URLs you submit for scanning

Information collected automatically

• IP address and browser/device information
• Pages visited and features used within the Service
• Scan history and report data associated with your account
• Authentication tokens stored in secure HTTP-only cookies

2. How we use your information

We use the information we collect to:

• Provide, operate, and improve the Service
• Process payments and manage your subscription
• Send transactional emails (account confirmation, receipts, scan completion notices)
• Respond to support requests and communicate with you
• Enforce our Terms of Service and prevent misuse
• Comply with applicable laws and regulations

We do not sell your personal data to third parties. We do not use your scan results or report data for advertising purposes.

3. Website scanning

When you submit a URL, our crawler accesses that website’s publicly available pages to generate a compliance report. We store the crawled content and report data in association with your account. We do not crawl pages behind login screens or authentication walls.

Crawl data is retained for as long as your account is active. You may delete individual scan reports from your dashboard at any time.

4. Third-party services

We use the following third-party services to operate Complix AI:

Your scan URLs and crawl data are processed by Anthropic’s API to power Verdix AI report generation. By using the Service, you consent to this processing. Anthropic’s API does not use customer data to train models (as of our last review).

5. Cookies

We use essential cookies only to maintain your authenticated session. We do not use advertising cookies, tracking pixels, or third-party analytics cookies. You may disable cookies in your browser, but this will prevent you from logging in to the Service.

6. Data retention

We retain your account data and scan history for as long as your account is active. If you delete your account, we will delete or anonymize your personal data within 30 days, except where retention is required by law or for legitimate business purposes (e.g., financial records for tax compliance).

7. Data security

We implement industry-standard security measures including encrypted connections (TLS), hashed passwords, and row-level security on our database. However, no transmission over the internet is 100% secure. If you become aware of a security issue, please contact us at security@complixai.org.

8. Your rights

Depending on your jurisdiction, you may have the right to:

• Access the personal data we hold about you
• Request correction of inaccurate data
• Request deletion of your account and associated data
• Object to or restrict certain processing
• Data portability (receive your data in a machine-readable format)
• Lodge a complaint with your local data protection authority

To exercise any of these rights, email us at privacy@complixai.org. We will respond within 30 days.

9. GDPR — EU/EEA residents

If you are located in the European Union or European Economic Area, the following additional rights and disclosures apply under the General Data Protection Regulation (GDPR).

Data controller

Complix AI is the data controller for personal data collected through the Service. You may contact us at privacy@complixai.org for any data protection inquiries.

Legal basis for processing

• Contract — processing your account data and scan results to deliver the Service you signed up for (Article 6(1)(b))
• Legitimate interests — fraud prevention, security, and Service improvement (Article 6(1)(f))
• Legal obligation — retaining financial records as required by law (Article 6(1)(c))
• Consent — where we rely on consent (e.g. marketing emails), you may withdraw it at any time without affecting prior processing

International transfers

Your data may be transferred to and processed in countries outside the EEA (including the United States) by our sub-processors (Supabase, Stripe, Anthropic, Vercel). Where required, we rely on Standard Contractual Clauses or other GDPR-compliant transfer mechanisms.

Right to lodge a complaint

You have the right to lodge a complaint with your local supervisory authority. A list of EU data protection authorities is available at edpb.europa.eu.

10. CCPA — California residents

If you are a California resident, the California Consumer Privacy Act (CCPA) grants you the following rights in addition to those in Section 8:

• Right to know — request disclosure of the categories and specific pieces of personal information we have collected about you
• Right to delete — request deletion of your personal information, subject to certain exceptions
• Right to opt out — we do not sell personal information, so no opt-out is required
• Right to non-discrimination — we will not discriminate against you for exercising any CCPA right

To submit a CCPA request, email privacy@complixai.org with the subject line “CCPA Request.”

12. Children

The Service is not directed to individuals under 16 years of age. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.

13. Changes to this policy

We may update this Privacy Policy periodically. We will notify you of material changes by email or via a prominent notice on the Service. The “Last updated” date at the top reflects the most recent revision.

14. Contact

Questions about this Privacy Policy? Contact us at privacy@complixai.org.