Home Privacy Policy
GDPR Compliant

Privacy Policy

PAICON is committed to protecting your personal data. This policy explains how we collect, use, store, and protect your information in compliance with GDPR.

Last updated: February 1, 2026

Your Privacy Matters

PaiX Inc. is committed to protecting your personal data in compliance with the EU General Data Protection Regulation (GDPR) and applicable data protection laws. This policy explains how we collect, use, store, and protect your information.

1. Data Controller

The data controller responsible for processing your personal data is:

PaiX Inc. — Data Protection Officer

privacy@paix.com

2. Personal Data We Collect

2.1 Account Information

When you create an account, we collect:

  • Full name
  • Work email address
  • Organization name
  • Professional role
  • Password (stored in hashed form — never in plain text)

2.2 Usage Data

When you use the Platform, we automatically collect:

  • Chat conversation history with the AI assistant
  • Data request specifications and form submissions
  • Uploaded documents (processed for data extraction)
  • Browser type, device information, and IP address
  • Timestamps of access and feature usage patterns

2.3 Authentication Data

If you use Google SSO to sign in, we receive your name, email address, and profile picture from Google. We do not receive or store your Google password.

3. How We Use Your Data

We process your personal data for the following purposes:

Purpose Legal Basis (GDPR)
Account creation and authentication Contract performance (Art. 6(1)(b))
Providing AI-assisted data request services Contract performance (Art. 6(1)(b))
Processing and fulfilling data requests Contract performance (Art. 6(1)(b))
Improving AI model quality and accuracy Legitimate interest (Art. 6(1)(f))
Security monitoring and fraud prevention Legitimate interest (Art. 6(1)(f))
Compliance and audit logging Legal obligation (Art. 6(1)(c))
Marketing communications Consent (Art. 6(1)(a))

4. AI Processing

4.1 How AI Uses Your Data

When you interact with the AI chat assistant, your messages are processed by large language models (LLMs) to generate responses and assist in creating data requests. Conversations are:

  • Processed in real-time to provide contextual assistance
  • Stored securely for session continuity and conversation history
  • Not used to train third-party AI models without your explicit consent

4.2 Document Processing

Documents you upload are processed to extract data requirements. Uploaded files are stored securely, processed for the duration of your session, and retained only as long as necessary to fulfill your data request.

5. Data Sharing and Third Parties

We may share your personal data with:

  • AI Service Providers: For LLM processing (data is transmitted securely and not retained by providers for training)
  • Cloud Infrastructure: For secure hosting and data storage
  • Payment Processors: For billing and payment handling (when applicable)
  • Data Partners: Limited request metadata shared to fulfill your Data Requests (no personal data shared without consent)

We do not sell your personal data to third parties.

6. Data Retention

  • Account data: Retained for the duration of your account plus 30 days after deletion request
  • Chat history: Retained for 12 months, then automatically anonymized
  • Data request records: Retained for 5 years for compliance purposes
  • Uploaded documents: Retained for 90 days after request completion, then deleted
  • Audit logs: Retained for 7 years as required by applicable regulations

7. Your Rights Under GDPR

As a data subject, you have the following rights:

Right of Access

Request a copy of all personal data we hold about you.

Right to Rectification

Request correction of inaccurate or incomplete personal data.

Right to Erasure

Request deletion of your personal data, subject to legal retention requirements.

Right to Data Portability

Receive your data in a structured, machine-readable format.

Right to Object

Object to processing based on legitimate interest, including profiling.

Right to Restrict Processing

Request limitation of processing in certain circumstances.

To exercise any of these rights, contact us at privacy@paix.com. We will respond within 30 days.

8. Data Security

We implement appropriate technical and organizational measures to protect your data:

  • AES-256 encryption for data at rest
  • TLS 1.3 encryption for data in transit
  • Multi-factor authentication support
  • Regular security audits and penetration testing
  • Role-based access controls and principle of least privilege
  • Incident response procedures and breach notification within 72 hours as required by GDPR

9. International Data Transfers

Your data may be processed in countries outside the European Economic Area (EEA). When such transfers occur, we ensure adequate protection through Standard Contractual Clauses (SCCs) approved by the European Commission or other legally recognized safeguards.

10. Cookies

We use essential cookies for authentication and session management. Analytics cookies are only used with your consent. You can manage cookie preferences through your browser settings or our cookie consent banner.

11. Children's Privacy

The Platform is not intended for use by individuals under 18 years of age. We do not knowingly collect personal data from children.

12. Changes to This Policy

We may update this Privacy Policy periodically. Material changes will be communicated via email and through a notice on the Platform. The "Last updated" date at the top reflects the most recent revision.

13. Supervisory Authority

You have the right to lodge a complaint with a supervisory authority. The lead supervisory authority for PaiX Inc. is the Berlin Commissioner for Data Protection and Freedom of Information (Berliner Beauftragte für Datenschutz und Informationsfreiheit).

14. Contact

For privacy-related inquiries:

PaiX Inc. — Data Protection Officer

privacy@paix.com