Privacy Policy

Anthyx ("we", "our", or "us") operates the Anthyx platform — an autonomous AI marketing workspace. Our registered business address and data controller contact is privacy@useanthyx.com.

Account data

Name, email address, password hash (bcrypt), and optional profile photo when you register.

Organisation and brand data

Brand names, logos, colours, tone guidelines, social media account credentials (encrypted AES-256-GCM), and any documents you upload or link for brand ingestion.

Usage data

Pages visited, features used, timestamps, IP address, browser type, and device information. Collected automatically via server logs and analytics cookies (if consented).

Payment data

Billing address and payment card details — processed directly by Stripe. We store only a Stripe Customer ID; we never store raw card numbers.

Content data

Posts generated, scheduled, or published through the platform; form responses collected via embedded forms; lead and CRM data you enter or import.

• To provide and operate the Anthyx platform.
• To authenticate you and maintain your session securely.
• To process payments and manage your subscription via Stripe.
• To generate AI content using your brand data as context.
• To send transactional emails (account confirmations, OTP codes, billing receipts).
• To send product update emails if you opt in.
• To improve the platform using aggregated, anonymised usage analytics.
• To comply with legal obligations.

We do not sell your personal data to third parties. We do not use your brand content to train any AI model without your explicit consent.

• Contract: Processing necessary to deliver the services you signed up for.
• Legitimate interests: Security logging, fraud prevention, and product analytics.
• Consent: Analytics and marketing cookies (which you can withdraw at any time via Manage cookies).
• Legal obligation: Retaining invoices and audit logs as required by applicable law.

We use the following categories of cookies:

• Strictly necessary: Session tokens, CSRF protection, theme preference.
• Analytics (opt-in): Page view tracking to understand feature usage.
• Marketing (opt-in): Retargeting and personalised advertising.

You can update your cookie preferences at any time by clicking the "Manage cookies" link in the footer of any public page.

• Account data: retained while your account is active, deleted within 30 days of a deletion request.
• Billing records: retained for 7 years for legal compliance.
• Analytics data: retained for up to 2 years, then aggregated/anonymised.
• Form submissions: retained for up to 365 days (configurable per organisation).
• Audit logs: retained according to your plan tier (90 days on Starter, indefinite on Agency+).

We share data with the following sub-processors to deliver our service. A full list is available at /privacy/sub-processors.

If you are in the EU or UK, you have the following rights:

• Access: Request a copy of all personal data we hold about you.
• Rectification: Correct inaccurate data in Settings → Profile.
• Erasure: Delete your account via Settings → Privacy & Data. Data is hard-deleted after 30 days.
• Portability: Download your data as JSON/CSV from Settings → Privacy & Data.
• Restriction: Request we pause processing while you dispute accuracy.
• Objection: Object to processing based on legitimate interests.
• Withdraw consent: Update cookie preferences at any time.

To exercise these rights, email privacy@useanthyx.com. We will respond within 30 days.

Some sub-processors are based outside the EEA. Where this is the case, transfers are protected by Standard Contractual Clauses (SCCs) approved by the European Commission, or the receiving country has an adequacy decision.

We protect your data using AES-256-GCM encryption for OAuth tokens, bcrypt hashing for passwords, TLS 1.2+ for all data in transit, and role-based access controls. Social media credentials are never stored in plain text.

Anthyx is not directed at children under 16. We do not knowingly collect personal data from children. If you believe a child has provided us data, contact us to have it removed.

We may update this policy from time to time. We will notify you of material changes via email and/or an in-app notice at least 30 days before the change takes effect.

Questions about this policy? privacy@useanthyx.com or write to us at our registered address.