Privacy Policy

1. Introduction

Axtelica ("we", "us", "our") operates DeliveryAI and Requirement Studio at deliveryai.axtelica.com. This Privacy Policy explains how we collect, use, store, and protect your personal data when you use our Service. We are committed to your privacy and process your data only as described in this Policy.

2. Data We Collect

We collect the following categories of data:

Account & Identity Data

• Full name and email address (provided at registration)
• Organisation name (optional)
• Hashed password (never stored in plaintext)

Usage & Content Data

• Documents, transcripts, and text you upload for AI processing
• AI-generated requirements, gap analyses, clarifications, and exports you create
• Feature usage, run counts, and session activity
• Audit log entries (who changed what, and when)

Billing Data

• Subscription plan and billing history
• Payment card data is handled entirely by Paddle — we never store card numbers

Technical Data

• IP address, browser type, and device information
• Server-side access logs (retained for up to 90 days)

3. How We Use Your Data

• To provide, operate, and improve the Service
• To process AI extraction and analysis tasks on your behalf
• To manage your account, subscription, and billing
• To send transactional emails (account verification, billing receipts)
• To enforce our Terms of Service and detect abuse
• To comply with legal obligations

✓ Your documents and requirements are never used to train AI models — ours or Anthropic's. Your content is processed solely to deliver results to you.

4. Third-Party Processors

We share data with the following trusted sub-processors only to the extent necessary to deliver the Service:

We do not sell your data to any third party, ever.

5. Data Retention

• Account and content data is retained for as long as your account is active.
• After account deletion, your personal data is deleted within 30 days. Anonymised aggregated usage statistics may be retained.
• Billing records are retained for 7 years as required by financial regulations.
• Server access logs are retained for 90 days.

6. Security

We implement industry-standard security measures including:

• AES-256 encryption at rest for all stored data
• TLS 1.3 encryption in transit for all communications
• Hashed passwords (bcrypt) — never stored in plaintext
• JWT-based authentication with short-lived tokens
• Role-based access control (RBAC) with organisation-level data isolation
• SOC 2 Type II audit in progress

7. Your Rights (GDPR & Privacy Laws)

Depending on your location, you may have the following rights regarding your personal data:

• Access: Request a copy of the personal data we hold about you.
• Correction: Request correction of inaccurate or incomplete data.
• Deletion: Request deletion of your personal data ("right to be forgotten").
• Portability: Request an export of your data in a machine-readable format.
• Objection: Object to processing based on legitimate interests.
• Restriction: Request restriction of processing in certain circumstances.

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days.

8. Cookies

We use only essential cookies required for authentication and session management (e.g., access tokens stored in localStorage). We do not use advertising, tracking, or third-party analytics cookies.

9. Children's Privacy

The Service is intended for business and professional use and is not directed at children under 16. We do not knowingly collect personal data from children. If we become aware of such collection, we will delete it promptly.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or in-app notice. The "Last updated" date at the top of this page reflects the most recent revision.

11. Contact Us

For any privacy-related questions, data requests, or concerns: