This Privacy Policy explains how Axoix Technologies Private Limited ("we", "us", "our") — an MSME-registered micro enterprise (Udyam: UDYAM-DL-10-0120748, GSTIN: 07ABFCA7413E1ZY) with registered office at B-59, Second Floor, Southern Side, Block B, Rama Park Road, Uttam Nagar, New Delhi, Delhi - 110059, India — collects, uses, and protects information when you use our corporate website axoix.in, our marketing site axoix.com, our tenant dashboards at *.axoix.io, and any related services (collectively, the "Services").

1. Information We Collect

• Account data — name, email address, phone number, company name, and credentials you provide when signing up, requesting a quote, or applying as a contributor.
• Usage data — pages visited, features used, timestamps, IP address, device and browser information collected via server logs and analytics tooling.
• Tenant content — on AXOIX, any data you or your users upload (documents, emails, chats, voice recordings, images, etc.) is stored in your tenant's isolated database and object storage.
• Communications — messages you send us via forms, email ([email protected]), or chat.
• GitHub identity — if you sign in with GitHub (e.g. as a contributor), we receive your GitHub handle, user id, avatar URL, name, and verified primary email via the GitHub App OAuth flow.

2. How We Use Your Information

• To provide, operate, and maintain the Services.
• To process signups, payments, invoicing, and tenant provisioning.
• To respond to enquiries, support requests, and contributor applications.
• To improve our products through aggregated, anonymised analytics.
• To send service-related emails (account notices, receipts, policy changes).
• To comply with applicable laws, including Indian tax and GST requirements.

3. AI Processing — Default vs. BYOK

By default, AXOIX runs on self-hosted AI infrastructure (fine-tuned local LLM, Whisper STT, Coqui TTS, image/video generation) on our own GPU server. Your tenant content is processed inside our servers, is not shared with any external AI provider, and is not used to train any shared or public model.

Bring Your Own Key (BYOK) is an optional fallback. If you explicitly add an API key for a third-party AI provider (currently supported: OpenAI, Anthropic, Groq) via your account settings and route a request to that provider, then the prompt and any attached content you send will leave our servers and be processed by that third-party provider under their own terms and privacy policy. We encrypt your stored API key at rest but we do not control what happens to your content once it reaches the third-party provider. Enabling BYOK is your informed choice; you can deactivate or delete your BYOK key at any time from Account → API Keys.

Examples of features where BYOK, when enabled, sends content out: AI chat, AI costing, AI content generation, AI image generation. Features that never leave our servers regardless of BYOK: database queries, file storage, email IMAP/SMTP via our own mail server, voice transcription on our Whisper instance, and TTS on our Coqui instance.

4. Sharing & Third Parties

We do not sell personal data. We share data only with the categories of service providers and integrations listed below, and only to the extent necessary to operate the Services. Each provider is subject to its own terms and privacy policy.

Always involved (infrastructure)

• Backblaze B2 — private per-tenant object storage for files you upload (documents, images, audio). Region: eu-central-003 (Frankfurt, Germany). Tenant bucket credentials are encrypted at rest before being stored in your tenant database.
• Cloudflare — DNS, TLS, WAF, and CDN edge caching. File URLs served via cdn.axoix.io are validated with HMAC signatures, proxied through a Cloudflare Worker to Backblaze B2, and cached at Cloudflare edge locations globally so that repeat viewers are served from the nearest edge.
• Hostinger / VPS host — our dedicated virtual private server located in India hosts our application, databases, and email server.

Used when you choose to use the feature

• Razorpay — payment processing. Receives only the billing information and payment details needed to complete the transaction.
• Brevo (Sendinblue) — transactional email delivery for platform notices sent by us to you (signup confirmation, password reset, receipts, service notices). Does not process email in your tenant mailboxes.
• GitHub — for contributors only, to verify identity via the GitHub App OAuth flow and manage repository invitations.
• Social media OAuth providers — Meta (Facebook, Instagram, Messenger, WhatsApp), LinkedIn, X (Twitter), Google (YouTube, Calendar, Drive where applicable), Threads, and Telegram. Used only when you explicitly connect an account from your tenant dashboard (e.g. CHORUS social media posting). We receive the access tokens each provider issues you; we do not receive your social login password.
• Telephony — self-hosted FusionPBX on our VPS handles SIP routing. Outbound calls and SMS leave our network via our upstream DID/SMS carriers (e.g. LINK DID). Call audio is never sent to any AI provider without your BYOK configuration.
• Third-party AI (BYOK) — OpenAI, Anthropic, Groq. Only when you add a BYOK key and actively invoke a BYOK-routed feature. See section 3.

Legal

• Legal obligations — when required by law, court order, or to protect our rights.

5. Where Your Data Lives

• Compute, databases, email server — our VPS in India.
• Object storage (uploaded files) — Backblaze B2 eu-central-003 region (Frankfurt, Germany). Each tenant has a dedicated private bucket.
• CDN edge cache — Cloudflare globally distributed edge servers cache publicly-accessed file responses (signed URLs) transiently to reduce latency and bandwidth cost. Cached copies are purged on a rolling TTL; you can request a purge at any time.
• BYOK AI responses — if enabled, processed by the chosen provider in their region (see their documentation).

If your jurisdiction (e.g. EU GDPR, UK GDPR, DPDP Act India) imposes specific data residency or cross-border transfer obligations on you as a data controller, you are responsible for assessing whether this architecture meets those obligations before using AXOIX.

6. Data Security

Credentials and secrets are stored in HashiCorp Vault. Tenant B2 storage credentials and mailbox passwords stored in your tenant database are encrypted (AES-256 via Fernet, keys derived via PBKDF2HMAC-SHA256 with 100,000 iterations). All public traffic uses HTTPS with TLS certificates from Let's Encrypt. We restrict administrative access on a least-privilege basis. No system is impenetrable, but we take reasonable steps to protect your data against unauthorised access.

7. Data Retention

We retain account and tenant data for as long as your account is active. After account closure we retain minimum records required by law (e.g. invoices, tax records) and otherwise delete tenant content on request. Contact [email protected] to request deletion. Note that deletion of tenant content includes the contents of your Backblaze B2 bucket; Cloudflare edge caches for your files are purged on request within 24 hours.

8. Your Rights

Subject to applicable law, you may: request a copy of the data we hold about you; correct inaccurate data; request erasure; object to processing; or withdraw consent where processing is based on consent. Email [email protected] to exercise any right.

9. Cookies

We use a minimal set of cookies for authentication sessions and basic analytics. You can control cookies via your browser settings; disabling cookies may impair parts of the Services that require sign-in.

10. Children

The Services are not directed to individuals under 18. We do not knowingly collect data from children. If you believe a child has provided us data, contact us and we will delete it.

11. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be notified by email or a notice on the Services. Continued use after changes means you accept the revised policy.

12. Contact

Questions, complaints, or requests? Email [email protected] or call +91 89292 22212.

Registered office: Axoix Technologies Private Limited, B-59, Second Floor, Southern Side, Block B, Rama Park Road, Uttam Nagar, New Delhi, Delhi - 110059, India.
GSTIN: 07ABFCA7413E1ZY  |  Udyam: UDYAM-DL-10-0120748

See also our Terms of Service.