Privacy Policy

1. Information We Collect

1.1 Information You Provide

Anonymous Access Code

Your access to the Service is tied to an anonymous access code (e.g., 7362-8491-2847-9156). We do not require or collect:

• • Email address
• • Name
• • Phone number
• • Physical address
• • Any other personal information

Conversations and Data

We store the following data encrypted on our servers to provide the Service:

• • Your conversations and prompts
• • AI-generated responses
• • Saved prompts and templates
• • Spaces and project organization
• • Artifacts (code, documents, images you generate)
• • Documents you upload to the Service

Why We Store Server-Side: Sync conversations across all your devices, access your chat history from anywhere, search through past conversations, organize work in Spaces and projects, and collaborate with AI across sessions.

Encryption: All data is encrypted at rest (AES-256 in our database) and in transit (TLS 1.3), tied only to your anonymous access code.

Support Communications

If you contact our support team, we may collect:

• • Your email address (if you voluntarily provide it)
• • The content of your support request
• • Your access code (if you choose to include it)

Support data is deleted within 90 days after your issue is resolved.

1.2 Information We Automatically Collect

Technical Metadata

We collect limited technical metadata necessary to operate the Service:

• • Access code status (active/inactive)
• • Credit balance and transaction history
• • Service availability and performance metrics
• • Security events and authentication attempts
• • Aggregate usage statistics (not tied to individual users)

What We Do NOT Collect

• • IP addresses (stripped via proxy before reaching our servers)
• • Browser fingerprints
• • Tracking cookies
• • Analytics or usage patterns tied to you
• • Device information beyond what's necessary for service delivery

1.3 Payment Information

Credit/Debit Cards: Processed by Stripe. We never see or store your full payment details. Stripe provides us with a transaction ID only.

Cryptocurrency: Processed by our payment processor. We receive only transaction confirmation, amount, and date. Blockchain transactions are public but not linked to your identity by us.

We retain payment transaction records for 7 years as required by Romanian tax law. These records are stored separately and cannot be linked to your conversations or activity.

2. How We Use Your Information

2.1 To Provide the Service

• • Store and sync your conversations across devices
• • Route your requests to AI providers
• • Manage your access code status
• • Track credit balance and usage
• • Enable search and organization features

2.2 To Maintain Security

• • Detect and prevent fraud
• • Protect against abuse and unauthorized access
• • Monitor for security events
• • Ensure platform stability and availability

2.3 To Improve the Service

• • Fix bugs and technical issues
• • Monitor service performance and uptime
• • Develop new features based on aggregate usage patterns
• • Optimize infrastructure and costs

2.4 What We Never Do

• • Train AI models on your data
• • Analyze your prompts or responses for profiling or marketing
• • Sell or share your data with third parties for their own purposes
• • Read your conversations (unless you explicitly request support)

2.5 Legal Basis for Processing (GDPR)

Our processing of your data is based on:

• • Contract Performance: Necessary to provide the Service you requested
• • Legitimate Interests: Security, fraud prevention, service stability, and improvement
• • Your Consent: You control retention periods and can delete data at any time
• • Legal Obligation: Retaining payment records as required by Romanian tax law

This processing does not override your fundamental rights under applicable data protection laws.

3. Zero Data Retention (ZDR)

We route all AI requests through intermediary services with Zero Data Retention policies. This means:

• • AI providers never store your prompts
• • AI providers never store your responses
• • AI providers never train models on your data
• • Your IP address is stripped before requests reach AI providers

While we store your conversations encrypted on our servers to provide cross-device sync and other features, AI providers themselves maintain zero data retention.

4. Data Storage and Security

4.1 Encryption

Your data is protected with:

• • In transit: TLS 1.3 encryption for all data transmission
• • At rest: AES-256 encryption in our database
• • Access control: Data accessible only via your anonymous access code

4.2 Access Controls

Access to your data is strictly limited to:

• • You (via your anonymous access code)
• • Our technical team (only for critical support and security issues, and only when you explicitly request assistance)

We never browse, read, or analyze your conversations unless you explicitly request support and provide your access code.

4.3 Service Providers

We use carefully selected third-party providers for infrastructure and hosting, payment processing, and service delivery. These providers are contractually bound to protect your data according to our privacy standards, use data only for providing services to us, never use your data for their own purposes, and comply with applicable data protection laws (GDPR, etc.).

5. Your Privacy Rights and Control

5.1 Complete Control Over Data Retention

You have full control over how long we keep your data. Woltex offers flexible retention settings that you configure in Settings → Data Retention.

Two-Layer Retention Control:

1. Conversations

• • Control how long we keep your chat conversations and prompts
• • Set anywhere from 1 day to indefinite retention
• • Conversations older than your period are auto-deleted

2. Artifacts & Documents

• • Control how long we keep documents you upload
• • Control how long we keep artifacts (code, documents, images) you create
• • Independent retention settings from conversations
• • Set anywhere from 1 day to indefinite retention

How Auto-Deletion Works:

• • You choose your retention period - we follow your choice exactly
• • Data older than your chosen period is automatically deleted daily at 00:00 UTC
• • Once deleted, data cannot be recovered (true deletion, not archival)
• • No warnings before auto-deletion (by design - privacy first)
• • Change your retention settings anytime - takes effect immediately

5.2 Delete Your Data

You can request permanent deletion of all your data at any time through your account settings or by contacting support@woltex.ai. Deletion requests will be processed within 14 working days.

What We Must Keep (Legal Requirement): Payment transaction records only (Romanian tax law: 7-year retention). These contain Transaction ID, amount, date, payment method but do NOT contain conversations, prompts, artifacts, or any content you created and cannot be linked back to your deleted data.

5.3 EU Privacy Rights (GDPR)

If you are an EU/EEA/UK/Swiss resident, you have rights under GDPR including access, rectification, erasure, restriction, data portability, objection, and withdrawal of consent. Contact us at privacy@woltex.ai to exercise these rights.

5.4 U.S. State Privacy Rights

California, Virginia, Colorado, Connecticut, Utah, and other applicable states have rights including right to know, delete, correct, and opt-out of sale/sharing (Note: We do not sell or share). Contact us at privacy@woltex.ai to exercise these rights.

6. Data Retention Periods

Active Data: Retained according to your chosen retention periods for conversations and artifacts/documents (configurable from 1 day to indefinite)

Inactive Access Codes: After 12 months of no activity, your access code may be automatically suspended and data permanently deleted

Support Data: Support tickets and communications deleted within 90 days of resolution

Payment Records: Retained for 7 years as required by Romanian tax law (stored separately, cannot be linked to conversations or content)

7. Cookies and Tracking

We Do NOT Use:

• • Analytics cookies
• • Advertising cookies
• • Social media tracking pixels
• • Third-party tracking or monitoring
• • Behavioral profiling
• • Cross-site tracking

We Use Only Essential Technologies:

• • Session management (keeping you logged in)
• • Security (CSRF protection, authentication)
• • Local browser storage for app preferences (stored locally in your browser, not transmitted to our servers)

8. Children's Privacy

The Service is not intended for users under 18 years of age. We do not knowingly collect information from children. If you believe a child under 18 has provided us with information, please contact us immediately at privacy@woltex.ai and we will delete it.

9. International Data Transfers

Your data may be transferred to and processed in countries outside your home country. We ensure all international transfers comply with applicable data protection laws through Standard Contractual Clauses (SCCs), service provider compliance with GDPR adequacy decisions, contractual obligations binding service providers to GDPR standards, and encryption and security measures protecting data in transit and at rest.

10. Our Privacy Commitments

What We Never Do:

• • Never sell your data - Not now, not ever
• • Never share conversations - Without your explicit consent
• • Never train AI models on your data - Your conversations stay yours
• • Never track you across the web - No third-party tracking
• • Never require personal information - Anonymous access codes only
• • Never read your conversations - Unless you request support and provide your access code
• • Never use data for marketing or profiling - We don't analyze your usage patterns

What We Always Do:

• • Always encrypt your data - At rest (AES-256) and in transit (TLS 1.3)
• • Always give you control - You set retention periods, you delete when you want
• • Always use Zero Data Retention - AI providers never store your prompts or responses
• • Always be transparent - Clear about what we collect and why
• • Always minimize collection - We only collect what's necessary
• • Always respect your rights - GDPR, CCPA, and all applicable privacy laws

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we update this Policy, you will receive an in-app notification requiring you to review and accept the updated Policy to continue using the Service. If you do not accept within 30 days of notification, your access will be suspended.

12. Contact Us

Privacy Inquiries and Data Subject Requests:
Email: privacy@woltex.ai

General Support:
Email: support@woltex.ai

Company Information:
Hextec Digital S.R.L
Romania

We aim to respond to all privacy requests within 30 days as required by applicable law.