Privacy Notice

1. Controller details

Controller: lixxi.com
Email: support@lixxi.com

2. Personal data we collect

We may collect:

• Account data: name, email, organisation name, role, authentication data (password hashes / SSO identifiers).
• Usage data: prompts/questions, outputs, citations shown, feature usage, timestamps, settings.
• Technical/log data: IP address, device/browser info, event logs, security logs.
• Support data: communications with support.
• Billing data: billing contact details, invoices, subscription status, transaction references (payments handled by Stripe; we do not typically store full card details).

3. What we use data for

• Provide and operate the Service (accounts, authentication, response generation)
• Security, abuse prevention, monitoring, and fraud prevention
• Customer support and service communications
• Product improvement and reliability (debugging, performance)
• Analytics and measurement (subject to cookie choices)
• Billing and accounting (via Stripe)
• Legal compliance and enforcing our Terms

4. Lawful bases

We rely on:

• Contract (to provide the Service you request)
• Legitimate interests (security, service improvement, basic operational logs, support)
• Consent (non-essential cookies/analytics; marketing where applicable)
• Legal obligation (tax/accounting records and compliance requests)

5. AI processing (AWS Bedrock)

To generate responses, we may send your prompts and relevant context to Amazon Web Services (AWS) using AWS Bedrock (or a similar managed AI service). AWS may process requests using different underlying model providers. We send only what's needed to generate the response and operate the Service.

We may store prompts and outputs to provide the Service (e.g., history), provide support, and prevent abuse.

6. Cookies and analytics

We use:

• Essential cookies required for login and core functionality
• Analytics cookies to understand usage and improve the product

Where required, analytics cookies are set only after you consent. You can update preferences via the cookie consent banner.

7. Who we share data with

We may share data with:

• AWS (including AWS Bedrock) for hosting and AI inference processing
• AWS sub-processors / model providers used by Bedrock (may vary)
• Stripe (payments and subscription management)
• Analytics provider(s): Google (only if you consent to analytics cookies)
• Professional advisers (legal/accounting) where necessary
• Authorities where required by law or to protect rights/safety

8. International transfers

Some providers may process data outside the UK. Where this happens, we use appropriate safeguards (e.g., contractual protections and vendor security measures) to protect your data.

9. Retention

We keep data only as long as needed:

• Account data: while your account is active, and for a reasonable period after closure
• Prompts/outputs: 12 months (or until you delete them, where available), plus limited retention for security/legal needs
• Logs/security: 12 months
• Billing records: as required by law (typically several years)

10. Your rights

You may have rights to access, correct, delete, restrict or object to processing, and data portability. You can withdraw consent for consent-based processing (e.g., analytics cookies).

Contact us at support@lixxi.com

11. Security

We use appropriate technical and organisational measures (access controls, encryption in transit, monitoring). No system is 100% secure.

12. Public pages and share links

• Our public, indexable knowledge content is curated by us.
• Share links may be accessible to anyone with the link. Do not share personal data or confidential client information via share links.

13. Children

The Service is not intended for children under 18.

14. Changes

We may update this notice from time to time and will update the "Last updated" date.