Privacy Policy

Last updated: February 2026

1. Introduction

Rexium AI ("we", "our", "us") operates the rexium.ai platform, including the dashboard, embeddable chat widget, and associated APIs. This Privacy Policy explains how we collect, use, and protect information when you use our services.

2. Information We Collect

We collect the following categories of information:

  • Account Information: Name, email address, and authentication credentials when you create an account.
  • Business Data: Knowledge base documents, product catalogs, FAQs, and other content you upload to train your chatbot.
  • Conversation Data: Messages exchanged between your website visitors and the chatbot, including visitor metadata (page URL, device type, country).
  • Usage Data: Analytics and usage patterns to improve our service (conversation counts, response times, feature usage).
  • Payment Information: Billing details processed securely through Stripe. We do not store credit card numbers on our servers.

3. How We Use Your Information

  • To provide and operate the Rexium AI platform
  • To train your AI chatbot on your business data (RAG)
  • To process payments and manage your subscription
  • To send transactional emails (invitations, escalation alerts, billing notices)
  • To improve our service through aggregated, anonymized analytics
  • To provide customer support

4. Data Isolation & Multi-Tenancy

Each business account (tenant) is fully isolated. Your data — including knowledge base documents, conversations, and settings — is stored separately and is never accessible by other tenants. We use Google Cloud Firestore with strict security rules to enforce tenant isolation at the database level.

5. Third-Party Services

We use the following third-party services to operate our platform:

  • Google Cloud Platform: Infrastructure, database (Firestore), authentication, and hosting.
  • Anthropic (Claude AI): AI language model for generating chatbot responses. Conversation data is sent to Anthropic's API for processing but is not used to train their models.
  • Stripe: Payment processing. See Stripe's Privacy Policy.
  • Amazon SES: Transactional email delivery.

6. Data Retention

We retain your data for as long as your account is active. Conversation data is retained for the duration of your subscription. Upon account deletion, all associated data (conversations, knowledge base, settings) is permanently removed within 30 days.

7. Your Rights (GDPR)

If you are in the European Economic Area, you have the right to access, rectify, delete, or export your personal data. You can also object to or restrict processing. To exercise these rights, contact us at privacy@rexium.ai.

8. Cookies

The Rexium dashboard uses essential cookies for authentication (session management). The embeddable widget uses a visitor ID stored in localStorage to maintain conversation continuity. We do not use advertising or tracking cookies.

9. Security

We implement industry-standard security measures including encrypted data in transit (TLS), encrypted data at rest, role-based access control, and regular security reviews. All infrastructure runs on Google Cloud Platform with SOC2-compliant practices.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes via email or a notice in the dashboard. Continued use of the service after changes constitutes acceptance.

11. Contact

For questions about this Privacy Policy, contact us at privacy@rexium.ai.