PAL Cai
Legal

Privacy Policy

Effective date: 1 January 2026 Last updated: 26 March 2026 Heyxio Ltd

Heyxio Ltd ("Heyxio", "we", "us") is committed to protecting your personal data and respecting your privacy. This policy explains what information we collect, why we collect it, how we use it, and your rights under UK GDPR and the Data Protection Act 2018.

01

Who We Are

Heyxio Ltd is a company registered in England and Wales. We operate the Heyxio platform, including the PAL and Cai products accessible at heyxio.com, pal.heyxio.com, and cai.heyxio.com.

Heyxio Ltd is the data controller for the personal data we process under this policy.

02

What Data We Collect

Depending on how you interact with us, we may collect:

  • Identity & contact data — name, email address, job title, company name
  • Account data — login credentials, subscription tier, usage preferences
  • Usage data — pages visited, features used, session duration, click-path
  • Technical data — IP address, browser type, device identifiers, time zone
  • Communications data — messages sent via contact forms or support channels
  • Content data — prompts, documents, and outputs you create within the platform (stored in your secure vault)
  • Payment data — processed via our payment provider; we do not store card details
Content you create in PAL or Cai is stored in your private vault and is never used to train AI models or shared with third parties without your explicit instruction.
03

How We Collect Your Data

We collect data through:

  • Direct interactions — when you register, subscribe, or contact us
  • Automated technologies — cookies and similar tracking technologies as you use our platform (see our Cookies Policy)
  • Third parties — identity verification providers, payment processors, and analytics partners
04

Why We Process Your Data

We process your personal data on the following legal bases:

  • Contract — to provide and manage your account and subscription
  • Legitimate interests — to improve our products, prevent fraud, and ensure platform security
  • Legal obligation — to comply with applicable laws and regulations
  • Consent — for marketing communications and non-essential cookies (which you may withdraw at any time)
05

How We Use Your Data

We use the information we collect to:

  • Create, manage, and support your account
  • Deliver and improve the PAL and Cai products
  • Send transactional communications (billing, security alerts)
  • Send marketing updates where you have opted in
  • Analyse usage patterns to improve performance and user experience
  • Detect and prevent fraudulent or unauthorised activity
  • Meet legal, regulatory, and audit obligations
06

Data Sharing & Third Parties

We do not sell your personal data. We share data only where necessary with:

  • Infrastructure & hosting providers — cloud services that host the platform under strict data processing agreements
  • AI model providers — only the content you actively submit for processing; governed by data processing terms
  • Payment processors — for subscription billing
  • Analytics providers — aggregated, anonymised usage data where possible
  • Regulatory & legal authorities — when required by law or to protect rights

All third-party processors are contractually bound to handle your data in accordance with UK GDPR.

07

International Transfers

Some of our service providers operate outside the UK. Where we transfer personal data internationally, we ensure appropriate safeguards are in place — such as UK Adequacy Regulations, Standard Contractual Clauses, or the UK–US Data Bridge — so your data receives equivalent protection.

08

Data Retention

We retain personal data for as long as your account is active and for a period afterwards as required by law or legitimate business need. Vault content you delete is permanently removed within 30 days. Anonymised usage data may be retained indefinitely for analytics.

09

Security

We implement appropriate technical and organisational measures to protect your data against unauthorised access, alteration, disclosure, or destruction. These include encryption at rest and in transit, access controls, and regular security reviews. No system is 100% secure; if you have concerns about a specific interaction, please contact us.

10

Your Rights

Under UK GDPR, you have the right to:

  • Access — request a copy of the personal data we hold about you
  • Rectification — ask us to correct inaccurate or incomplete data
  • Erasure — request deletion of your data where there is no compelling reason for continued processing
  • Restriction — ask us to pause processing in certain circumstances
  • Portability — receive your data in a structured, machine-readable format
  • Objection — object to processing based on legitimate interests or for direct marketing
  • Withdraw consent — at any time, without affecting the lawfulness of prior processing

To exercise any of these rights, contact us at the address below. We will respond within one calendar month.

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) if you believe we have not handled your data lawfully.

11

Cookies

We use cookies and similar technologies on our platform. Please read our separate Cookies Policy for full details on what we use, why, and how to manage your preferences.

12

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or by displaying a prominent notice on the platform. The "last updated" date at the top of this page reflects the most recent revision. Continued use of the platform after changes take effect constitutes acceptance.

13

Contact Us

For any questions, requests, or concerns regarding this Privacy Policy or our data practices, please contact us:

Heyxio Ltd

Data Controller

Email: privacy@heyxio.com

Web: heyxio.com

Registered in England & Wales