Privacy Policy

Effective Date: March 11, 2026

This Privacy Policy describes how CARDIGITAL FZCO ("Company", "we", "us") collects, uses, and protects your personal data when you use ResonixAI (the "Service"). We are committed to compliance with the EU General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA).

1. Data We Collect

Account Data

• Email address
• Full name
• Organization name (optional)

Usage Data

• Pages visited, features used, actions taken within the Service
• Browser type, device information, IP address

Social Platform Data

• Publicly available posts from monitored platforms (Hacker News, Reddit, LinkedIn, Twitter/X)
• We do not collect private messages or non-public content

2. How We Use Your Data

• Service delivery: monitoring social signals, AI classification, and reply generation
• Account management: authentication, billing, support
• Service improvement: analyzing usage patterns to improve features
• Communication: transactional emails (verification, billing), product updates

3. Third-Party Services

We share data with the following third-party processors solely to provide the Service:

We do not sell your personal data to third parties.

4. Legal Basis for Processing (GDPR)

• Contract: processing necessary to provide the Service you requested
• Legitimate interest: service improvement, security, fraud prevention
• Consent: marketing communications (where applicable)

5. Data Retention

• Account data: retained until you delete your account
• Social signals: retained for 90 days, then automatically deleted
• Generated replies: retained for 90 days
• Payment records: retained as required by tax/accounting laws

6. Your Rights

Depending on your jurisdiction, you may have the right to:

• Access — request a copy of your personal data
• Correction — request correction of inaccurate data
• Deletion — request deletion of your data ("right to be forgotten")
• Export — receive your data in a portable format
• Restriction — request limitation of processing
• Objection — object to processing based on legitimate interest
• Withdraw consent — where processing is based on consent

To exercise any of these rights, email support@resonixai.com. We will respond within 30 days.

CCPA Rights (California Residents)

California residents have the right to know what personal information is collected, request deletion, and opt out of the sale of personal information. We do not sell personal information.

7. Cookies

We use a single session cookie (JWT) for authentication. We do not currently use tracking or advertising cookies. See our Cookie Policy for details.

8. Data Security

We implement appropriate security measures including:

• Encryption in transit (TLS/HTTPS)
• Encryption at rest for stored data
• Access controls and authentication
• Regular security reviews

No method of transmission or storage is 100% secure. We cannot guarantee absolute security.

9. Children

The Service is not intended for users under 16 years of age. We do not knowingly collect data from children. If we become aware that we have collected data from a child under 16, we will delete it promptly.

10. International Data Transfers

Your data may be processed in:

• European Union — Supabase (database)
• United States — Vercel (hosting), OpenAI, Anthropic, Stripe, Resend
• UAE — CARDIGITAL FZCO (company operations)

Where data is transferred outside the EU, we ensure appropriate safeguards are in place (Standard Contractual Clauses or equivalent).

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or through the Service.

12. Contact

For privacy-related inquiries:

• Email: support@resonixai.com
• CARDIGITAL FZCO, DSO-IFZA, IFZA Properties, Dubai Silicon Oasis, Dubai, UAE

As a small company, we are not required to appoint a Data Protection Officer. All privacy inquiries are handled directly by our team.