Privacy Policy
Last updated: April 13, 2026
1. Information We Collect
Account Information
When you create an account, we collect your name, email address, password (hashed), and optionally your company name and profile photo. This information is required to provide you access to ConnectXeo.
Usage Data
We automatically collect data about how you interact with our platform — including pages visited, features used, agent configurations created, messages sent through agents, API call volumes, and token consumption. This data helps us improve our services and calculate billing.
Payment Information
Payments are processed exclusively by Paddle. We never store raw card numbers or bank details. Paddle shares billing-relevant metadata (plan type, subscription status, Paddle customer ID) with us for account management purposes.
Integration Credentials
When you connect third-party services (e.g. Shopify, Slack, Telegram), we store the necessary API keys and tokens to operate those integrations on your behalf. These credentials are encrypted at rest using AES-256.
Communications
If you contact us by email or through our support channels, we retain those records to resolve your inquiry and improve our support quality.
2. How We Use Your Information
Service Delivery
We use your information to authenticate you, run your AI agents, process workspace and deployment configurations, and deliver the core functionality of ConnectXeo.
Billing & Plan Enforcement
Usage data (token consumption, message counts, API calls, storage) is used to calculate credit usage, enforce plan limits, and generate invoices via Paddle.
Product Improvement
Aggregated and anonymized usage patterns inform how we prioritize features, fix bugs, and improve reliability. We do not use the content of your agents' conversations for training AI models without explicit consent.
Communications
We send transactional emails (account confirmation, password reset, billing receipts) and, with your consent, product updates and announcements. You can unsubscribe from marketing emails at any time.
Security & Fraud Prevention
We analyze access patterns and events to detect suspicious activity, prevent abuse, and protect the integrity of the platform and other users' data.
3. Data Sharing & Disclosure
We Do Not Sell Your Data
ConnectXeo does not sell, rent, or trade your personal information to third parties for their marketing purposes.
Service Providers
We share data with trusted sub-processors who help us operate the platform — including Paddle (billing), Resend (transactional email), Neon/Supabase (database hosting), and Vercel (frontend hosting). These providers are contractually bound to process data only as directed.
LLM Providers
When you use third-party LLM providers (OpenAI, Anthropic, Google, Groq), content from your agent queries may be sent to those providers for inference. We do not authorize these providers to use your data for training unless explicitly stated in their terms.
4. Data Retention
Retention Period
We retain your data for as long as your account remains active. You may request deletion of your account at any time. Certain data (billing records) may be retained for legal compliance.
Deletion Requests
You can request data deletion by emailing privacy@connectxeo.com. We will process verified requests within 30 days.
5. Security
Encryption
We encrypt sensitive data at rest (AES-256) and in transit (TLS 1.2+). Access to production systems is restricted and logged.
Incident Response
If we detect a data breach that affects your personal information, we will notify you within 72 hours and provide relevant remediation steps.
6. Contact
Questions
If you have questions about this Privacy Policy, contact us at privacy@connectxeo.com or visit our Contact page.