Privacy Policy

This Privacy Policy explains what personal data we collect, why, how we use it, and the rights you have. It applies to our website ainexxo.com and to our AINEXXO web apps (together, the “Services”). If something differs for a particular app or feature, we explain it in the “Productspecific details” section. 

1) Who we are 

  • Data controller: AINEXXO S.r.l. 
    Registered office: Via Ernesto Cairoli 5, 21100, Varese, Italy 
  • Contact email: support@ainexxo.com 
  • Data Protection Officer: Not appointed. 
  • UK representative: Not applicable (no UK establishment). 

This policy applies to ainexxo.com and to our AINEXXO web apps (Neurolinker, BrainIQ, DaVinci). 

 

2) Scope 

This notice covers personal data processed when you: 

  • visit our website or interact with our cookie banners and forms (website cookies are governed by our separate Cookie Policy on ainexxo.com); 
  • create or use an account in our web apps (Neurolinker, BrainIQ, DaVinci); 
  • upload documents (e.g., PDFs) to use our extraction tools or chat with documents; 
  • connect thirdparty accounts (e.g., email/calendar) within BrainIQ’s workflows; 
  • receive emails or marketing from us; 
  • contact support or participate in surveys, webinars, or events. 

 

3) What data we collect 

3.1 Data you provide to us 

  • Account data: name, email, password, company, role, billing address. 
  • Billing data: payment method details (handled by Stripe), VAT/tax IDs, transaction records. We do not store full card numbers on our servers. 
  • Content data: documents you upload (e.g., PDFs) and the outputs generated by our tools (Neurolinker, DaVinci). 
  • Workflow data: configuration and nodes you create in BrainIQ (e.g., connections, triggers, actions). 
  • Support data: messages, feedback, and issue reports. 

3.2 Data we collect automatically 

  • Device and usage data: IP address, browser type, pages viewed, time spent, referring URLs. 
  • Cookies and similar technologies: used for essential operations (authentication, security), analytics, and—if you opt in—marketing. See Cookies & tracking. 

3.3 Data from third parties 

  • Identity data: when you sign in with SSO/OAuth providers (e.g., Google, Microsoft). 
  • Billing & fraud prevention: responses from payment and antifraud providers. 

 

4) Why we use your data and legal bases (GDPR) 

We process personal data for: 

  • Providing the Services (create/manage accounts, authenticate users, operate the web apps) — Art. 6(1)(b) contract. 
  • Document processing and extraction (Neurolinker) and chatbot functionality (DaVinci)Art. 6(1)(b); Art. 6(1)(f) legitimate interests to improve reliability and security. 
  • Workflow automation (BrainIQ) — execute your configured workflows and connections — Art. 6(1)(b). 
  • Payments and invoicing — via Stripe — Art. 6(1)(b) and legal obligations Art. 6(1)(c) (tax, accounting). We do not store full card numbers. 
  • Security, abuse and fraud preventionArt. 6(1)(f) legitimate interests. 
  • Analytics (website) — Art. 6(1)(a) consent for nonessential cookies. 
  • MarketingArt. 6(1)(a) consent or Art. 6(1)(f) legitimate interests where permitted. You can opt out anytime. 

Where we rely on legitimate interests, we balance these against your privacy rights. Contact us to obtain details. 

 

5) Cookies & tracking 

  • Website (ainexxo.com): We use a consent banner and maintain a dedicated Cookie Policy that lists nonessential cookies and provides granular controls. Use that banner to accept or reject nonessential cookies any time (also available via a persistent Cookie Settings link in the footer). See: https://ainexxo.com/cookie-policy-eu/ 
  • Apps (Neurolinker, BrainIQ, DaVinci): We primarily use essential cookies or similar local storage for login sessions and security. We also use inapp analytics (Firebase usage analytics) to understand feature adoption and reliability; where required by law, these analytics only activate after your consent (or can be disabled in app settings). 

 

6) Productspecific details (AINEXXO web apps) 

Neurolinker 

  • Uploads & processing: When you upload documents (e.g., PDFs), we process them to return structured outputs and enable chat with your documents. 
  • Storage: User uploads and derived outputs are stored in Firebase (Google Cloud) under our project. 
  • Security: Data is encrypted in transit (HTTPS/TLS) and at rest by our cloud provider. Access is restricted to authorized personnel and service accounts. 
  • Retention: You control retention; if you do not maintain an active storage plan, we retain uploads/outputs for up to 30 days and then delete them. 
  • Model training & human review: We do not use your content to train models. Human review occurs only to provide support or investigate abuse. 

BrainIQ  

  • Account connections: You may connect thirdparty accounts (e.g., Gmail, Outlook, ERPs, CRMs, and other APIs) using OAuth or API keys. 
  • Secrets: We store connection credentials (tokens, API keys) in Google Cloud Secret Manager. 
  • Data handling: Workflows may pull limited metadata or content from your connected services as configured by you to execute tasks. We do not systematically store workflow content beyond what is necessary to operate. 
  • Retention: Tokens are kept until you revoke the connection. Logs are currently retained indefinitely. 

DaVinci  

  • Purpose: Provides domainspecific assistance. 
  • Inputs: Messages, prompts, and files you provide in the conversation. 
  • Handling & retention: Unless otherwise agreed by contract, we retain conversation logs indefinitely. 
  • Quality & improvement: We use deidentified logs to improve quality and safety. You may request optout where required by law. 
  • Human review: As with other apps, only for support or abuse investigations. 

Common safeguards (all apps) (all apps)** 

  • Encryption & infrastructure: Hosted on Google Cloud; data encrypted in transit and at rest; rolebased access controls and audit logging. 
  • Data residency & transfers: See International data transfers for the mechanisms used when data is processed outside your jurisdiction. 

 

7) Sharing your data 

We share personal data only with: 

  • Service providers/Processors: cloud hosting and storage (Google Cloud / Firebase), analytics (for website, if enabled by your consent), email and customer support tools, payment processing (Stripe), identity providers, and workflow connectors used within BrainIQ. We require appropriate contracts and safeguards. 
  • Professional advisors and auditors as necessary. 
  • Authorities when required by law. 
  • Business transfers: in connection with a merger, acquisition, or reorganization, subject to appropriate safeguards. 

We do not sell personal information. If we engage in targeted advertising or crosscontext behavioral advertising on the website, we will provide the required optouts and disclosures. 

 

8) International data transfers 

We primarily host data in Google Cloud (EU regions) for Cloud Functions and Firestore. Where personal data is transferred outside the EEA/UK/Switzerland (for example, to subprocessors or support tools in other countries), we rely on mechanisms recognized by law, such as adequacy decisions (e.g., the EU–U.S. Data Privacy Framework, where applicable), and Standard Contractual Clauses (SCCs) or equivalent UK/Swiss instruments.  

 

9) Retention 

We keep personal data only as long as necessary for the purposes described or as required by law. Typical periods: 

  • Account data: for the life of the account + 6 months. 
  • Billing records: 10 years (to meet Italian Civil Code and tax/accounting obligations). 
  • Uploads and outputs (Neurolinker): Usercontrolled; otherwise up to 30 days if storage credits lapse. 
  • Secrets and tokens (BrainIQ): kept until you revoke the connection. 
  • App logs (BrainIQ and DaVinci): indefinitely (until we implement configurable retention). 
  • Support tickets: 24 months. 

 

10) Security 

We use administrative, organizational, and technical measures designed to protect personal data, including: 

  • Infrastructure security: Our apps run on Google Cloud (including Firebase) with encryption in transit (TLS/HTTPS) and at rest at the storage layer. 
  • Secrets management: Connection credentials and API keys in BrainIQ are stored in Google Cloud Secret Manager. 
  • Payments: We use Stripe for payment processing; we do not store full card details. 
  • Access controls: Rolebased access, least privilege, and logging. 
  • Testing & monitoring: Routine vulnerability management and incident response procedures. 

No method of transmission or storage is 100% secure. If you believe your account was compromised, change your password immediately and contact support@ainexxo.com. 

 

11) Your rights 

Depending on where you live, you may have rights to access, correct, delete, restrict, object, port your data, and withdraw consent. 

EU/EEA & UK (GDPR) 

You also have the right to lodge a complaint with your local supervisory authority. In Italy, you may contact the Garante per la protezione dei dati personali (Piazza Venezia 11, 00187 Roma; PEC: protocollo@pec.gpdp.it). If we rely on legitimate interests, you can object. If processing is based on consent, you can withdraw it at any time. 

California (CCPA/CPRA) (CCPA/CPRA) 

California residents have rights to know, delete, correct, and to optout of sale or sharing of personal information and to limit the use of sensitive personal information. We honor the Global Privacy Control (GPC) signal for optout where required. 

Canada (PIPEDA) 

You have rights to access, challenge accuracy, and complain to the Office of the Privacy Commissioner of Canada. 

We respond to all verified rights requests within applicable timelines. Submit requests via support@ainexxo.com. 

 

12) Children’s privacy 

Our Services are not directed to children under 13 (or the minimum age required by your country). We do not knowingly collect personal data from children. If you believe a child provided personal data, contact us to delete it. If a service is intended for students/minors, we will provide a servicespecific notice. 

 

13) Thirdparty links 

Our Services may link to other websites or services. Their privacy practices are governed by their own policies. 

 

14) Changes to this policy 

We will update this page when we make material changes and indicate the effective date above. If changes are significant, we will provide additional notice (e.g., email, inproduct banner). 

 

15) How to contact us 

  • Email: support@ainexxo.com 
  • Web form: https://ainexxo.com/contact-us/ 
  • Postal: AINEXXO S.r.l., Via Ernesto Cairoli 5, 21100, Varese, Italy 

 

Cookie Policy (summary) 

  • Website: nonessential cookies only with your consent via our banner; manage preferences anytime in Cookie Settings. 
  • Apps: essential cookies/local storage for login and security; no marketing cookies unless expressly stated and consented to. 
  • Retention: see full cookie list on the website.