Privacy Policy

1. Introduction

Welcome to Hexlyn ("we," "our," or "us"). This Privacy Policy explains how Hexlyn LTD, a company registered in the United Kingdom, collects, uses, discloses, and protects your personal information when you use our website at www.hexlyn.com and our SaaS platform services.

We are committed to protecting your privacy and ensuring transparency about our data practices. This policy complies with the UK General Data Protection Regulation (UK GDPR), the EU General Data Protection Regulation (EU GDPR), the California Consumer Privacy Act (CCPA), and other applicable data protection laws.

3. Information We Collect

3.1 Personal Information You Provide

When you register for our services, we collect:

• Name and email address
• Account credentials (username and encrypted password)
• Payment information (processed securely through Stripe, Inc.)
• Billing address and tax identification information
• Communication preferences
• Any information you provide in support communications
• SEO-related data you input into our platform (website URLs, keywords, etc.)

3.2 Automatically Collected Information

We automatically collect certain information when you use our services:

• Device information (browser type, operating system, device identifiers)
• Usage data (pages visited, features used, time spent on platform)
• IP address and location data (for security and analytics)
• Cookies and similar tracking technologies

3.3 Analytics and Tracking

We use Google Analytics to understand how our service is used. This may include:

• Website traffic patterns
• User behavior and engagement metrics
• Performance optimization data

4. How We Use Your Information

We use your personal information for the following purposes:

4.1 Service Provision

• Creating and managing your account
• Providing our SaaS platform services
• Processing payments and managing billing
• Authenticating users and maintaining security

4.2 Communication

• Sending service-related notifications
• Responding to your inquiries and support requests
• Providing updates about our services (with your consent)

4.3 Improvement and Analytics

• Analyzing usage patterns to improve our services
• Conducting research and development
• Ensuring platform security and preventing fraud

4.4 Legal Compliance

• Complying with applicable laws and regulations
• Protecting our rights and interests
• Responding to legal requests and court orders

5. Legal Basis for Processing (GDPR)

Under GDPR, we process your personal data based on the following legal grounds:

• Contract: Processing necessary to perform our contract with you
• Legitimate Interest: Analytics, security, and service improvement
• Consent: Marketing communications and optional features
• Legal Obligation: Compliance with applicable laws

6. Data Sharing and Disclosure

We do not sell your personal information. We may share your data in the following circumstances:

6.1 Service Providers

We work with trusted third-party service providers who assist us in:

• Payment Processing: Stripe, Inc. (USA) - processes payments and stores payment information. View Stripe's privacy policy at https://stripe.com/privacy
• Analytics: Google Analytics (USA) - tracks website usage patterns
• AI Services: OpenAI (USA) - powers our AI-assisted SEO analysis features
• Vector Database: Pinecone (USA) - stores embeddings for our AI features
• Email Services: Email delivery and communication services
• Cloud Infrastructure: Microsoft Azure (multiple regions) - hosts our application and stores data
• SEO Data: DataForSEO (multiple regions) - provides SEO analysis data

6.2 Legal Requirements

We may disclose your information if required by law or to:

• Comply with legal processes or government requests
• Protect our rights, property, or safety
• Prevent fraud or security threats
• Protect the rights and safety of our users

6.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of the business transaction.

7. Data Security

We implement appropriate technical and organizational measures to protect your personal information:

• Encryption of data in transit and at rest
• Access controls and authentication mechanisms
• Regular security assessments and updates
• Employee training on data protection
• Incident response procedures

8. Data Retention

We retain your personal information for as long as necessary to:

• Provide our services to you
• Comply with legal obligations
• Resolve disputes and enforce agreements
• Fulfill legitimate business purposes

Typically, we retain account information for the duration of your account plus up to 7 years after account closure for legal and business purposes. Analytics data may be retained for up to 2 years.

9. Your Rights

9.1 GDPR Rights (UK/EU Users)

If you are located in the UK or EU, you have the following rights:

• Access: Request a copy of your personal data
• Rectification: Correct inaccurate or incomplete data
• Erasure: Request deletion of your personal data
• Portability: Receive your data in a structured format
• Restriction: Limit how we process your data
• Objection: Object to processing based on legitimate interests
• Withdraw Consent: Withdraw consent for consent-based processing

9.2 CCPA Rights (California Users)

If you are a California resident, you have the right to:

• Know what personal information we collect and how it's used
• Delete your personal information
• Opt-out of the sale of personal information (we don't sell personal information)
• Non-discrimination for exercising your privacy rights

9.3 Account Deletion

You can delete your account at any time through your account settings or by contacting us at hexlynltd@gmail.com. Upon deletion:

• Your account and profile will be permanently removed
• Your personal data will be deleted within 30 days
• Some data may be retained for legal compliance purposes

10. Cookies and Tracking Technologies

We use cookies and similar technologies to:

• Maintain your login session
• Remember your preferences and settings
• Analyze website traffic and usage patterns
• Improve our services and user experience

Types of Cookies We Use:

• Essential Cookies: Required for basic functionality (authentication, security)
• Analytics Cookies: Google Analytics for usage statistics - you can opt-out at https://tools.google.com/dlpage/gaoptout
• Functional Cookies: Save your preferences and settings
• Performance Cookies: Monitor application performance and errors

Disabling certain cookies may affect website functionality and your user experience.

11. International Data Transfers

Your data may be transferred to and processed in countries other than your own, including:

• United Kingdom (where our company is registered)
• European Union (for EU users)
• United States (for certain service providers)

We ensure appropriate safeguards are in place for international transfers, including:

• Adequacy decisions by relevant authorities (UK-EU data bridge)
• Standard contractual clauses for transfers to countries without adequacy decisions
• Certification schemes and codes of conduct where applicable

12. Children's Privacy

Our services are not intended for children under 13 years of age (or 16 in the EU). We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we make changes:

• We will post the updated policy on our website
• We will update the "Last Updated" date
• For significant changes, we will notify you by email or through our platform
• Your continued use of our services constitutes acceptance of the updated policy

15. Effective Date

This Privacy Policy is effective as of the date listed at the top of this document and applies to all information collected by Hexlyn LTD.