Privacy

Placeholder. This document will be replaced with the final legal Privacy Policy before general availability.

What we collect

• Tenant account data — email, hashed password, optional name, preferred language and currency, billing address (Stripe).
• KYC data — collected by Stripe Identity on our behalf. We receive a verification result + minimal metadata; the ID image and deeper PII stay with Stripe.
• Conversation data — messages and voice transcripts between end users and each tenant's Alex instance, scoped by instance.
• Usage data — metered events (speech minutes, text queries, storage, phone-bridge minutes) used for billing and operational audits.
• Operational logs — request IDs, timing, IP addresses (rate limits, fraud prevention).

Third parties we use

• Stripe — payments, subscriptions, Identity (KYC).
• Telnyx — inbound phone numbers and SIP telephony.
• OpenAI — model inference (chat + voice Realtime).
• Google — Gemini model inference (chat analysis, knowledge studio). Google reCAPTCHA for bot protection.
• SMTP provider (one.com) — transactional email delivery.

What we don't do

• We do not sell data to advertisers.
• We do not train our own models on tenant conversation content.
• Tenant knowledge-base entries stay in the tenant's scope — never shared with other tenants.

Data location

The platform runs in the EU (Denmark) today. Third-party providers (Stripe, Telnyx, OpenAI, Google) may route data through their own regions as required to deliver the service.

Retention

• Account data: kept while the account is active, plus 30 days after termination.
• Conversation transcripts: kept 90 days by default (configurable by tenant in a future release).
• Usage events and billing ledgers: 7 years, to meet accounting requirements.

Your rights

EU tenants have the rights to access, correct, export, and delete their data per GDPR. Email the platform team to exercise any of these.