Privacy Policy
Our Commitments
We design our Services so your data stays private, secure, and under your control. Our commitments are simple:
- Your data is private. Customer environments are isolated and never shared between customers.
- Your data is secure. Data is encrypted in transit and at rest and processed only through enterprise-grade infrastructure (e.g., Google Cloud Platform).
- Your data is not used to train models. We do not train internal or external models on Customer Data, and our providers (such as Google and OpenAI) are contractually prohibited from doing so.
- Enterprise APIs only. We use secure enterprise API integrations — not consumer chat apps.
- Short-term logs only. Providers retain only minimal operational logs (typically 30–60 days) to operate the service and detect abuse.
- Minimal data use. We send only the data necessary for each request. Models do not learn from or retain your data after processing.
1. Purpose
Our Privacy Policy explains how Polaxys ("we") processes customer and personal data when operating our websites, platforms, and AI-powered data analytics services.
Our goals are to:
- Describe what data we process and why;
- Explain our commitments to privacy, security, and responsible AI use — including that your data is private, encrypted, and never used to train models;
- Clarify the rights of data subjects and how they may exercise them; and
- Demonstrate our ongoing efforts to achieve and maintain compliance with applicable privacy laws, including the LGPD, GDPR, and CCPA/CPRA.
Polaxys is actively pursuing full compliance with the LGPD, GDPR, and CCPA/CPRA. During this process, we continue to apply privacy-by-design principles and implement safeguards aligned with these laws.
Our commitment is straightforward: your data is private, secure, encrypted, and never used to train models, internally or externally. We process only the data necessary to provide our Services.
2. Scope
This Policy applies to all personal data processed by Polaxys when we provide our websites, products, APIs, support channels, and AI-powered data analytics services.
It covers personal data relating to:
- Users and customers of the Polaxys Services;
- Website visitors and individuals who interact with our communications;
- Employees, job candidates, service providers, partners, and suppliers.
This Policy governs how Polaxys, acting as controller or processor, handles personal data in all environments where we operate.
3. Context and Commitment
Polaxys provides data analytics and artificial intelligence services for companies and professionals. We process personal data in a manner designed to align with the requirements of the LGPD, GDPR, CCPA/CPRA, and other applicable laws.
Our commitment is simple:
- Your data is private. Customer environments are isolated, and no information is shared between customers.
- Your data is secure. Data is encrypted in transit and at rest, handled only in enterprise-grade environments.
- Your data is not used to train models. We do not train internal or external models on Customer Data, and our providers are contractually prevented from doing so.
- We apply privacy-by-design, data minimization, and responsible AI principles in every feature.
Polaxys may act as a controller (for our own operations) or a processor/service provider (when handling Customer Data). In both roles, we process personal data only for lawful, authorized purposes.
4. Definitions
For the purposes of this Privacy Policy:
- Personal Data: Information that identifies, relates to, or can reasonably identify a natural person.
- Sensitive Personal Data: Data related to racial or ethnic origin, religious beliefs, political views, union membership, health, sex life, or genetic/biometric data.
- Data Subject: The individual to whom the data refers.
- Controller: The person or organization that decides how and why personal data is processed.
- Processor / Service Provider / Operator: The person or organization that processes data on behalf of a controller.
- Customer Data: Data (including personal data) that customers or their users connect to or process through the Polaxys Services.
- Polaxys Services: Our websites, applications, APIs, and AI-powered analytics features.
- DPO: The Polaxys Data Protection Officer.
- Processing: Any operation involving personal data (collection, use, access, sharing, storage, deletion).
5. Collection of Customer and Personal Data
We collect personal data in different ways:
- Data you provide directly: Such as when you create an account, request demos, contact us, or use our Services. Examples include contact details, account information, billing data, and messages sent to our team.
- Data collected automatically: When you use our websites or Services, we may collect technical and usage information such as IP address, device/browser details, pages visited, actions taken, session data, API logs, and cookie data (see Section 11).
- Data from integrations and connected systems: If you or your organization connect external tools, databases, documents, or platforms, we receive the information these integrations make available so the Service can function.
Customers may connect datasets, documents, or internal systems that include personal data. We process this only as instructed by the customer and never for our own purposes.
6. Purposes of Processing
We process personal data for lawful and limited purposes, including:
- Providing and operating the Polaxys Services;
- Authenticating users and managing accounts;
- Responding to support requests and maintaining reliability;
- Protecting security, detecting misuse, and complying with the law.
We process only the data needed for each purpose and do not use Customer Data to train models.
7. How Polaxys Uses AI
To provide our analytics and automation features, Polaxys uses AI in a way designed to keep your data private, secure, and under your control.
- Your data is private. Customer environments are isolated, and no information is shared between customers.
- Your data is secure. Data is encrypted in transit and at rest and processed only through enterprise-grade providers (e.g., Google Cloud Platform).
- No model training. Customer Data is never used to train AI models, internally or externally. Our providers (such as Google and OpenAI) are contractually prohibited from using Customer Data for model training.
- Enterprise APIs only. We use controlled, enterprise integrations via APIs — not consumer chat apps or public accounts.
- Short-term logs only. Our providers retain only short-term operational logs (typically 30–60 days) to run the service and detect abuse, under our configuration.
- Minimum data necessary. For each request, we send only the data required for the model to understand the query and return a result.
- No memory. After processing a request, models do not learn from or retain your data beyond short-term logs.
- Like a data warehouse query. AI processing is similar to running a query: data passes securely through the compute environment and is kept only in short-term logs unless required otherwise.
8. Data Sharing and Transfers
We only share personal data when it is necessary to provide our Services, ensure security, or comply with the law. Customer Data remains private, encrypted, segregated, and never used to train models.
- Service Providers: We may share personal data with trusted, enterprise-grade providers (e.g., cloud and AI infrastructure) who help us operate the Services. They act under strict contractual controls and cannot use Customer Data for their own purposes, including model training.
- Legal Requirements: We may disclose personal data when required by law or to protect our users and systems. When possible, we notify the customer before disclosing Customer Data.
- International Transfers: When personal data is transferred to other countries, we use legally recognized safeguards (such as Standard Contractual Clauses and encryption) to ensure adequate protection.
- No Sale or Training: We do not sell personal data or share it for behavioural advertising. We do not allow Customer Data to be used to train internal or external models.
- Short-Term Operational Logs: Our providers may keep short-term logs only to operate the service and detect abuse. These logs are deleted after the provider's retention window.
9. Information Security
Personal data is protected through:
- Encryption in transit and at rest;
- Access controls and authentication measures;
- Enterprise-grade infrastructure;
- Monitoring, logging, and privacy-by-design practices.
Our providers follow strict security and are contractually prohibited from using Customer Data for training.
10. Data Retention and Deletion
We retain personal data only for the time needed to provide the Services or meet legal requirements.
- Customer Data is retained per customer instructions.
- Operational logs are kept only for short, predefined periods.
- AI providers keep short-term logs (typically 30–60 days).
- Data is securely deleted or anonymised when no longer needed.
11. Data Subject Rights
You have rights under the LGPD, GDPR, CCPA/CPRA, and other applicable laws. We make these rights easy to exercise and respond within the time limits required by each law.
You may have the right to:
- Access your personal data and confirm whether it is processed;
- Request correction, deletion, anonymisation, or portability of your data;
- Object to processing or withdraw consent when applicable;
- Receive information about how and with whom data is shared;
- Opt out of the sale or sharing of personal information, where applicable (Polaxys does not sell personal data).
When we process Customer Data, we act according to the customer's instructions and may refer requests to them.
To protect privacy, we may ask for information to verify your identity before responding.
12. Cookies and Similar Technologies
We use cookies and similar technologies to operate our website and improve the Polaxys experience.
These technologies help us:
- Ensure the website functions securely;
- Remember preferences;
- Understand basic usage patterns to improve performance.
We do not use cookies to sell personal data or for cross-context behavioural advertising.
You can manage or disable cookies through your browser settings or, where available, through our cookie banner. Some features may not work properly if certain cookies are disabled.
13. Communications and Preferences
We may contact you to provide essential information about the Polaxys Services, such as security alerts, product updates, or support communications. These messages are necessary to operate the Services.
We may also send optional marketing or educational content when permitted by law.
You can unsubscribe from these optional communications at any time using the link in our emails or by adjusting your preferences.
We do not sell personal data or use it for cross-context behavioural advertising.
14. International Transfers
Polaxys may process or store personal data in countries outside your own. Whenever we transfer data internationally, we apply recognized legal safeguards.
Polaxys is actively working toward full compliance with LGPD, GDPR, and CCPA/CPRA requirements for international transfers. While full conformity may still be in progress, we implement strong security, privacy, and contractual protections.
We work only with enterprise-grade providers that meet strict privacy and security standards, and that are contractually prohibited from using Customer Data for model training.
These protections apply to all environments in which the Polaxys Services operate.
15. Incident Notification
We maintain processes to identify, contain, and resolve security incidents. If an incident occurs that may affect personal data, we will notify customers and, when required, the appropriate authorities and impacted individuals without undue delay, in accordance with applicable laws.
We work with enterprise-grade providers and apply privacy-by-design practices to reduce the likelihood and impact of incidents.
16. Changes to this Policy
We may update this Privacy Policy to reflect legal, technical, or operational changes. When we make material updates, we will provide clear notice, such as through our website or by contacting account administrators.
The latest version of this Policy will always be available on our website.
17. Contact and Exercising Rights
If you have questions about this Privacy Policy or wish to exercise your privacy rights, you can contact Polaxys's Data Protection Officer (DPO):
DPO: Bernardo Rufino
Email: privacy@polaxys.com
Address: Polaxys LLC, 1881 Page Mill Road, Palo Alto, CA, 94304, United States — and Avenida Brigadeiro Faria Lima, 2954, São Paulo, SP, Brazil
If you are not satisfied with our response, you may contact the relevant data protection authority.
18. Polaxys's Commitment
Polaxys is committed to keeping your data private, secure, and processed only for the purposes you authorise. We apply privacy-by-design, use enterprise-grade infrastructure, and ensure that Customer Data is never used to train models.
We continuously review and improve our practices to meet high standards of security, transparency, and responsible AI.