Privacy Policy

Last updated: April 26, 2026

This Privacy Policy describes how auxx.Ai ("we," "us," or "our") collects, uses, and shares your personal information when you use our website, browser extension, and services (collectively, the "Service"). We are committed to protecting your personal information and your right to privacy.

Geographic Scope

The Service is intended for users in the United States. We do not target or actively offer the Service to individuals located in the European Economic Area (EEA), the United Kingdom, or Switzerland, and we ask that residents of those regions not use the Service. If you access the Service from outside the United States, you do so on your own initiative and are responsible for compliance with your local laws. We may decline accounts or billing addresses associated with regions where we do not currently operate.

Who We Are

  • Legal entity: auxx.Ai (legal name to be confirmed)
  • Registered address: 5160 Gabbert Rd, Moorpark, CA 93021
  • Privacy contact: [email protected]

When you use the auxx.Ai browser extension to capture contact or company information about other people (for example, from a LinkedIn profile), you are responsible for that captured data — including ensuring you have a lawful basis under applicable U.S. law and the terms of service of the source site. auxx.Ai stores and processes that data on your behalf as part of providing the Service.

1. Information We Collect

We collect several types of information from and about users of our Service:

  • Account Information: When you register, we collect your name, email address, and password.
  • Integration Data: We collect information from connected services (Gmail, Outlook, Shopify) as necessary to provide our services, including email content, headers, labels, customer information, and order details. For Gmail-specific data, see Section 5 below.
  • Usage Information: We collect information about how you interact with our Service, including access times, pages viewed, and features used.
  • Device Information: We collect information about your device and internet connection, including IP address, browser type, and operating system.
  • Cookies and Similar Technologies: We use cookies and similar tracking technologies to track activity on our Service. Strictly necessary cookies (authentication, session, security) are set without consent. Non-essential cookies (analytics, preferences) are set only after you give consent through our cookie banner. You can change your cookie preferences at any time via the "Cookie settings" link in our footer.

2. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve our Service
  • Process and respond to customer support tickets
  • Generate AI-powered responses to customer inquiries
  • Analyze usage patterns to optimize our Service
  • Communicate with you, including sending service updates and marketing messages
  • Protect against and prevent fraud, unauthorized transactions, and security issues
  • Comply with legal obligations

Marketing Communications

You can opt out of marketing emails at any time by clicking the "Unsubscribe" link in any marketing message we send, or by emailing [email protected]. Opting out of marketing does not affect transactional emails (security alerts, billing notices, account changes), which we are required to send.

3. Data Storage and Retention

Your data is stored on cloud servers located in the United States, encrypted at rest and in transit. We use industry-standard security measures to protect your information.

Retention

  • Account data (name, email, organization): for as long as your account is active. Deleted within 30 days of account closure, except where we are required by law to retain it (e.g. tax / billing records for up to 7 years).
  • Email content + ticket data from connected mailboxes: for as long as your integration is connected, plus a 30-day grace period after disconnection or account closure. Permanently deleted thereafter.
  • Captured contacts and companies (including those captured via the browser extension): for as long as you keep them in your workspace. Deleted on user request, or within 30 days of account closure.
  • Logs and analytics: aggregated for up to 13 months; identifiable usage logs for up to 90 days.
  • Backups: routine encrypted backups are retained up to 35 days, after which deletions propagate fully.

4. Email Content Processing and Automated Decision-Making

Our AI-powered system processes email content from your connected accounts to provide customer support services. This includes analyzing email content, generating responses, and categorizing customer inquiries. We do not use email content for any purpose other than providing our service, including not using it to train general-purpose AI models. For Gmail-specific data handling, see Section 5 below.

Use of AI in the Service

The Service uses large language models (currently provided by OpenAI and Anthropic) to draft replies, classify tickets, and surface suggested actions to your support agents. By default, AI-drafted replies appear as drafts that a human reviews and sends from the auxx.Ai inbox.

The Service also offers a workflow builder that lets the workspace operator chain an AI generation step directly to a "send reply" step. When an operator configures and enables such a workflow, replies can be generated and sent to customers without a human reviewing each individual message. The workspace operator chooses whether to put a human in the loop, what triggers the workflow, and what the AI is allowed to send. auxx.Ai executes the workflow as configured. If you operate a workflow whose AI-generated outputs could meaningfully affect a recipient (for example, denying a refund or closing an account), you are responsible for ensuring appropriate human review and for making any required disclosures to the people you communicate with.

If you receive a message from a auxx.Ai workspace and have questions about how AI was used, contact that workspace directly. You can also reach us at [email protected] and we will route the request to the responsible workspace.

5. Google API Services & Gmail Integration

When you connect your Gmail account to auxx.Ai, we access your Google user data through the Gmail API. This section describes how we handle data obtained from Google APIs.

Data We Access

We request the following OAuth scopes from Google:

  • Gmail Read Access (gmail.readonly) — to read incoming email messages and threads for customer support ticket processing.
  • Gmail Send Access (gmail.send) — to send replies to customer support inquiries on your behalf.
  • Gmail Labels (gmail.labels) — to create and manage labels for organizing and categorizing support tickets.
  • Gmail Modify (gmail.modify) — to modify message status (e.g., mark as read, archive, or move messages).
  • Push Notifications (pubsub) — to receive real-time notifications when new emails arrive, enabling immediate ticket processing.
  • User Email Address (userinfo.email) — to identify the connected Gmail account.

How We Use Google User Data

Google user data is used solely to provide auxx.Ai's customer support automation service. Specifically, we use it to:

  • Read and process incoming customer emails as support tickets
  • Generate AI-powered responses to customer inquiries
  • Send replies through your connected Gmail account
  • Organize emails with labels for ticket categorization
  • Provide real-time notifications of new customer messages

We do not use Google user data for advertising, market research, or any purpose unrelated to providing our service.

Data Storage & Retention

Email content and metadata retrieved from Gmail are stored on encrypted, US-based cloud servers. We retain this data for as long as your account is active and your Gmail integration is connected. When you disconnect your Gmail account or delete your auxx.Ai account, we delete cached email data from our systems.

Data Sharing

Google user data is not sold to third parties. We share the minimum data necessary with AI service providers (such as OpenAI and Anthropic) solely for the purpose of generating customer support responses. No other third parties receive your Google user data unless required by law.

Google API Services User Data Policy Compliance

auxx.Ai's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. We only use Google user data to provide and improve the user-facing features that are visible and prominent in our application's user interface.

Revoking Access

You can disconnect your Gmail account from auxx.Ai at any time through your account settings. You can also revoke access directly from your Google Account permissions page. Upon disconnection, we will stop accessing your Gmail data and delete cached email content from our systems.

6. Shopify Integration

When you connect your Shopify store, we access customer, order, and product data to provide our services. This information is used solely for providing support to your customers and is not shared with third parties unless required to provide the service or as otherwise described in this Privacy Policy.

7. Browser Extension

The auxx.Ai browser extension lets you save contacts and companies into your auxx.Ai workspace from sites you visit. The extension is optional and runs only when you install it from the Chrome Web Store and activate it.

Sites Where the Extension Reads Page Content

The extension reads page content (DOM) only on the following sites, and only when you click the auxx.Ai button or open the extension panel:

  • LinkedIn (linkedin.com), including Sales Navigator
  • Gmail (mail.google.com)
  • X / Twitter (x.com, twitter.com)
  • Facebook (facebook.com)
  • Instagram (instagram.com)
  • Any company website you choose to capture as a company record

On every other site, the extension does nothing more than render its own panel chrome. It does not record clicks, keystrokes, mouse movements, or browsing history outside of the supported sites listed above.

What the Extension Sends

When you save a contact or company through the extension, the parsed fields (name, email, phone, profile URL, company name, domain, avatar URL) are sent to your auxx.Ai workspace via our API. We do not send page content to any other destination or use it for any purpose other than creating or updating the record you save.

What the Extension Stores Locally

The extension stores the following in your browser's local extension storage (chrome.storage.local):

  • Your color-theme preference (light or dark)
  • The identifier of your active auxx.Ai workspace

The extension does not store passwords, contacts, page content, or any other personal data on your device. Authentication uses a short-lived bearer token minted from your existing auxx.Ai session when you open the record-detail panel; the token is held in iframe memory and is not persisted.

Revoking Access

You can remove the extension at any time from chrome://extensions. Uninstalling the extension deletes its locally stored preferences and the active-workspace identifier. Records you have already saved remain in your auxx.Ai workspace and are managed there.

Capturing Information About Other People

When you use the extension to save a profile or page as a contact or company, you are capturing personal information about another individual. You are responsible for that captured data — including ensuring you have a lawful basis to capture and store it under applicable U.S. law and the terms of service of the source site (LinkedIn, Gmail, X, Facebook, Instagram, etc.). If a captured individual asks us to remove their information, we will work with you to honor that request.

8. Sharing Your Information

We may share your information in the following situations:

  • With Subprocessors: We share the minimum data necessary with vetted third-party vendors who perform services on our behalf. Each subprocessor is bound by a written agreement that requires them to use the data only to provide the contracted service and to maintain confidentiality and security at least equivalent to ours.
  • With Your Consent: We may share your information when you give us specific consent to do so (for example, when you connect a third-party integration).
  • For Legal Purposes: We may disclose your information where required to comply with applicable law, governmental requests, or legal process.
  • Business Transfers: If we are involved in a merger, acquisition, or sale of all or a portion of our assets, your information may be transferred as part of that transaction. The acquirer will assume all obligations under this Privacy Policy, and we will notify you in advance of any such transfer.

Categories of Subprocessors

  • Cloud infrastructure: Amazon Web Services (US) — hosting, databases, file storage.
  • AI providers: OpenAI (US), Anthropic (US) — generating AI-drafted ticket replies.
  • Email delivery: Mailgun / Amazon SES (US) — transactional and marketing email.
  • Payments: Stripe (US) — billing and subscription management.
  • Error monitoring & analytics: Sentry, PostHog (US) — crash reports and usage analytics (anonymized where possible).

A current list of all subprocessors is maintained at auxx.ai/subprocessors. We will notify you at least 30 days before adding a new subprocessor that processes personal information on your behalf, giving you a reasonable opportunity to object.

9. Your Rights and Choices

Subject to applicable U.S. law, you may request to:

  • Access the personal information we hold about you
  • Correct inaccurate personal information
  • Delete your personal information (subject to legal exceptions)
  • Withdraw consent at any time, where we rely on consent (this does not affect the lawfulness of processing carried out before withdrawal)
  • Opt out of marketing communications

California residents have additional rights — see Section 10. To exercise any of the rights above, email us at [email protected]. We will respond within 30 days. We may need to verify your identity before acting on a request.

10. California Residents (CCPA / CPRA)

This section applies to California residents and supplements the rest of this Privacy Policy. It is provided under the California Consumer Privacy Act, as amended by the California Privacy Rights Act ("CCPA").

Categories of Personal Information We Collect

  • Identifiers (name, email, IP address, account ID): collected.
  • Customer records (billing information, payment details processed via Stripe): collected.
  • Commercial information (subscription tier, usage history): collected.
  • Internet/network activity (cookie data, log data, device info): collected.
  • Geolocation data: only coarse, IP-derived (not GPS).
  • Inferences (drawn from usage to improve the Service): limited — we do not build profiles for advertising.
  • Sensitive personal information (account credentials): passwords are stored hashed; bearer tokens are short-lived.
  • Categories not collected: protected classifications, biometric information, health information, precise geolocation, education records.

Sources, Purposes, and Disclosures

We collect personal information directly from you, from your use of the Service, and from the integrations you connect (Gmail, Outlook, Shopify). We use it for the business purposes described in Section 2 above. We disclose personal information only to the categories of subprocessors listed in Section 8, and only as needed to provide the Service.

"Sale" or "Sharing" of Personal Information

We do not sell or share personal information for cross-context behavioral advertising under the CCPA. We have not done so in the preceding 12 months and do not intend to. Because we do not sell or share personal information, we do not provide a "Do Not Sell or Share My Personal Information" link — but if our practices ever change, we will update this Policy, post a clear opt-out, and obtain any legally required consent.

Your CCPA Rights

California residents have the right to:

  • Know what personal information we collect and how we use it
  • Access a copy of your personal information
  • Correct inaccurate personal information
  • Delete your personal information (subject to legal exceptions)
  • Opt out of the sale or sharing of personal information (we do not sell or share — see above)
  • Limit the use and disclosure of sensitive personal information (we already limit it to providing the Service)
  • Non-discrimination for exercising any of these rights

To exercise these rights, email [email protected]. We will verify your request before acting on it. You may also designate an authorized agent to make a request on your behalf, subject to verification.

11. Data Security

We have implemented appropriate technical and organizational security measures designed to protect the security of any personal information we process. However, despite our safeguards, no security system is impenetrable, and we cannot guarantee the security of our systems 100%.

12. Children's Privacy

Our Service is intended for use by businesses and is not directed to children. We do not knowingly collect personal information from children under 13 (under the U.S. Children's Online Privacy Protection Act, "COPPA"). If you are a parent or guardian and you believe your child has provided us with personal information, please contact us at [email protected] and we will delete it.

13. Changes to This Privacy Policy

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date. For material changes (changes that meaningfully affect how we collect, use, or share your personal information), we will give you at least 30 days' advance notice by email to the address associated with your account, and where required by law we will obtain your consent before the changes take effect.

14. Contact Us

If you have any questions about this Privacy Policy, please contact us at:

Email: [email protected]

Address: 5160 Gabbert Rd, Moorpark, CA 93021