AIXION LogoAIXION

Privacy Policy

Effective Date: 21 June 2025
Last Updated: 21 June 2025

1. Introduction

AI Driven Solutions Ltd (“we,” “us,” or “AIXION”) is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, store, and protect your information when you use our AI-powered chatbot platform and related services.

This policy applies to all users of our website (www.aixion.co.uk), dashboard (dashboard.aixion.co.uk), API services, and any chatbots created through our platform.

Data Controller: AI Driven Solutions Ltd

Registered Office: [Address], Manchester, United Kingdom

Company Registration: [Company Number]

Contact: [email protected]

2. Information We Collect

2.1 Account and Profile Information

When you create an account, we collect:

  • Email address - for account identification and communication
  • Name - for personalisation and support
  • Password - securely hashed for account security
  • Account preferences - subscription type, settings, preferences
  • Billing information - payment details, billing address (when applicable)

2.2 Chat and Interaction Data

During your use of our Service, we collect:

  • Chat messages - conversations between users and AI assistants
  • Uploaded content - documents (PDFs, DOCX), images, and website URLs for bot training
  • Bot configurations - custom prompts, memory settings, assistant names
  • Session data - timestamps, user interactions, conversation threads
  • Lead capture data - contact information collected through chatbot interactions

2.3 Integration and Third-Party Data

When you connect third-party services, we may collect:

  • OAuth tokens - encrypted access and refresh tokens for connected services
  • CRM data - contact information from HubSpot, Salesforce, Microsoft Dynamics
  • Calendar information - event details from Google Calendar, Outlook, Calendly
  • Social media content - messages and posts from Instagram, Facebook, LinkedIn
  • Integration metadata - account IDs, permissions, connection status

2.4 Technical and Analytics Data

We automatically collect:

  • Device information - browser type, operating system, device identifiers
  • Usage analytics - page views, feature usage, performance metrics
  • API logs - request/response data, error logs, performance metrics
  • IP addresses - for security, fraud prevention, and geolocation
  • Cookies - session cookies, analytics cookies, preference cookies

2.5 Communications

We collect communications you send to us, including support requests, feedback, and correspondence via email or chat.

3. How We Use Your Information

3.1 Service Provision

  • Create and manage your AI assistants and chatbots
  • Process and analyse uploaded content for bot training
  • Generate AI responses using Azure OpenAI Service (GPT-4o)
  • Enable integrations with third-party platforms
  • Store and manage your files and conversation history

3.2 Account Management

  • Authenticate and authorize access to your account
  • Process subscription payments and manage billing
  • Enforce usage limits and plan restrictions
  • Provide customer support and technical assistance
  • Communicate service updates and important notices

3.3 Service Improvement

  • Analyse usage patterns to improve platform functionality
  • Monitor system performance and reliability
  • Develop new features and capabilities
  • Conduct security monitoring and fraud prevention
  • Generate aggregated analytics and insights

3.4 Legal and Compliance

  • Comply with legal obligations and regulatory requirements
  • Protect our rights and the rights of our users
  • Investigate and prevent fraudulent or illegal activities
  • Respond to legal requests and court orders

4. Legal Basis for Processing (GDPR)

Under the UK General Data Protection Regulation (UK GDPR), we process your personal data based on the following legal grounds:

Contract Performance

Processing necessary to provide our Service, manage your account, and fulfil our contractual obligations under our Terms of Service.

Legitimate Interests

Service improvement, security monitoring, fraud prevention, and business analytics, balanced against your privacy rights.

Consent

Marketing communications, optional analytics, and third-party integrations where you have explicitly consented.

Legal Obligation

Compliance with applicable laws, regulations, and legal proceedings.

5. Data Sharing and Third Parties

5.1 Service Providers

We share data with trusted service providers who help us operate our Service:

  • Microsoft Azure - Cloud hosting, AI services, data storage (UK region)
  • Azure OpenAI Service - AI model processing for chatbot responses
  • Sentry - Error monitoring and performance tracking
  • Cloudflare - Content delivery and security services
  • Stripe - Payment processing (planned implementation)

5.2 Integrated Platforms

When you enable integrations, we share necessary data with:

  • CRM Systems - HubSpot, Salesforce, Microsoft Dynamics 365
  • Calendar Services - Google Calendar, Microsoft Outlook, Calendly
  • Social Media Platforms - Instagram, Facebook, LinkedIn, TikTok, Twitter
  • Communication Tools - Slack, Microsoft Teams, WhatsApp (planned)
  • Automation Platforms - Zapier, Microsoft Power Automate

5.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of the business transaction. We will notify you of any such transfer.

5.4 Legal Requirements

We may disclose your information if required by law, court order, or to protect our legal rights, prevent fraud, or ensure user safety.

6. International Data Transfers

Our primary data processing occurs within the United Kingdom using Microsoft Azure UK South region. However, some integrated services may process data outside the UK/EU:

Transfer Safeguards

  • EU-UK adequacy decisions where applicable
  • Standard Contractual Clauses (SCCs) with third-party processors
  • Microsoft Data Protection Addendum for Azure services
  • Vendor-specific data protection agreements

For third-party integrations involving US-based services (Google, Meta, etc.), transfers are based on adequacy decisions or appropriate safeguards as required by UK GDPR.

7. Data Security

7.1 Technical Safeguards

  • Encryption in Transit - TLS 1.2+ for all data communications
  • Encryption at Rest - Customer-specific encryption keys via Azure Key Vault
  • Database Security - Encrypted PostgreSQL database with access controls
  • API Security - Rate limiting, authentication, and authorisation controls
  • Session Management - Secure, HTTP-only cookies with expiration

7.2 Organisational Safeguards

  • Access Controls - Role-based access with least privilege principle
  • Staff Training - Regular security and privacy training for employees
  • Incident Response - Procedures for security breaches and data incidents
  • Regular Audits - Security assessments and compliance reviews
  • Vendor Management - Due diligence on third-party processors

7.3 Infrastructure Security

Our platform is hosted on Microsoft Azure, which maintains SOC 2 Type II, ISO 27001, and other security certifications. We leverage Azure's built-in security features including threat detection, DDoS protection, and infrastructure hardening.

8. Data Retention

We retain your personal data only as long as necessary for the purposes outlined in this policy or as required by law:

Account DataUntil account deletion + 30 days
Chat HistoryUntil manual deletion or account closure
Uploaded FilesUntil manual deletion or account closure
Integration DataUntil integration disconnected + 90 days
Payment Records7 years after last transaction
Support Communications2 years after last interaction
Analytics Data26 months (aggregated)

9. Your Rights (UK GDPR)

Under UK GDPR, you have the following rights regarding your personal data:

🔍 Right of Access

Request copies of your personal data and information about how we process it.

Contact [email protected] with your request

✏️ Right to Rectification

Correct inaccurate personal data or complete incomplete data.

Update via your dashboard or contact support

🗑️ Right to Erasure

Request deletion of your personal data in certain circumstances.

Account deletion available in dashboard settings

⏸️ Right to Restrict Processing

Limit how we process your data in specific situations.

Contact [email protected] to request restrictions

📤 Right to Data Portability

Receive your data in a machine-readable format or transfer to another service.

Data export functionality available in dashboard

❌ Right to Object

Object to processing based on legitimate interests or for marketing purposes.

Unsubscribe links in emails or contact [email protected]

🤖 Rights Related to Automated Decision-Making

Protection against automated decisions with legal or significant effects.

We do not use fully automated decision-making for user accounts

💡 How to Exercise Your Rights

To exercise any of these rights, contact us at [email protected] with:

  • Your full name and account email address
  • Specific right you wish to exercise
  • Any relevant details or documentation

We will respond within 30 days and may request additional information to verify your identity.

10. Cookies and Tracking

10.1 Types of Cookies We Use

🔒 Strictly Necessary Cookies

Essential for website functionality and security.

  • Session management and authentication
  • Security and fraud prevention
  • Load balancing and performance

📊 Analytics Cookies

Help us understand how visitors use our website.

  • Google Analytics (_ga, _ga_*, _gid)
  • Page views and user behaviour
  • Performance monitoring

🎯 Marketing Cookies

Track visitors across websites for advertising purposes.

  • Facebook Pixel (_fbp, _fbc)
  • Conversion tracking
  • Retargeting campaigns

10.2 Cookie Management

You can control cookies through your browser settings. Please note that disabling necessary cookies may affect website functionality. For analytics and marketing cookies, you can opt out through our cookie preference centre or browser settings.

⚠️ Cookie Consent Notice: We are implementing a cookie consent management system to ensure full compliance with UK GDPR and PECR requirements. This will provide granular control over cookie preferences.

11. Children's Privacy

Our Service is not intended for children under 16 years of age. We do not knowingly collect personal data from children under 16. If you become aware that a child has provided us with personal data, please contact us immediately.

If we discover that we have collected personal data from a child under 16, we will delete such information from our systems promptly.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or service offerings. Material changes will be communicated through:

  • Email notification to account holders
  • Prominent notice on our website
  • In-app notifications in your dashboard

Your continued use of our Service after the effective date of any changes constitutes acceptance of the updated Privacy Policy.

13. Contact and Complaints

13.1 Data Protection Contact

AI Driven Solutions Ltd

Data Protection Enquiries

Email: [email protected]

Address: [Address], Manchester, United Kingdom

Response Time: Within 30 days

13.2 Regulatory Complaints

If you believe we have not handled your personal data in accordance with this policy or applicable data protection laws, you have the right to lodge a complaint with the UK Information Commissioner's Office (ICO):

Information Commissioner's Office (ICO)

Website: ico.org.uk

Helpline: 0303 123 1113

Address: Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF

14. Effective Date and Acknowledgment

This Privacy Policy is effective as of 21 June 2025. By using our Service, you acknowledge that you have read, understood, and agree to the collection, use, and disclosure of your personal data as described in this policy.

For the most current version of this Privacy Policy, please visit www.aixion.co.uk/legal/privacy.

This Privacy Policy was last updated on 21 June 2025. Please review it regularly for any changes.