Loading...
Last updated: March 6, 2026
At Rax AI, we take your privacy seriously. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform. We operate on a strict opt-in model — we do not collect any non-essential data about you unless you have explicitly consented. Your data belongs to you.
Rax AI ("we," "us," or "our") is committed to protecting your personal information and your right to privacy. This Privacy Policy describes how we collect, use, disclose, store, and protect information in connection with our website, API platform, and related services (collectively, the "Service"). This Policy applies to all users of our Service, regardless of location. By using the Service, you acknowledge that you have read, understood, and agree to the terms of this Policy. If you do not agree with the terms of this Policy, please do not access or use our Service.
We collect only the minimum information necessary to provide, maintain, and improve the Service. a) Information You Provide Directly: • Account registration details: name, email address, and password. • Contact and communication data: content of messages you send us, including support requests. • Payment information: billing details processed securely through our payment processors (we do not store full card numbers). • Professional information: company name, job title, or use-case description. b) Technical Data (Collected Automatically): • IP address, browser type, operating system, and device identifiers. • API request logs (timestamp, endpoint, response codes) for security and billing. • Session data and authentication tokens for account security. • Error reports and crash logs to diagnose technical issues. c) Data Collected Only With Your Consent (Opt-In): We do NOT collect the following unless you explicitly opt in: • Analytics and usage behavior tracking. • Marketing and promotional preferences. • Non-essential cookies or behavioral data. • Any data used for advertising or commercial profiling.
Rax AI operates on a strict consent-first principle: • Minimal Baseline Data: We collect only what is strictly necessary to provide the Service. You agreed to this by creating an account. • Explicit Opt-In for Everything Else: We will never collect optional or non-essential data without your prior, informed, and freely given consent. • Granular Controls: Where optional data collection is offered, you may consent to specific categories individually. • Right to Withdraw: You may withdraw any consent at any time without penalty. • No Dark Patterns: We do not use deceptive design practices to induce consent. To review or update your consent preferences, visit your account settings or contact [email protected].
We use your information strictly and only for the following purposes: Mandatory (contractual necessity or legitimate interest): • To create, manage, and authenticate your account. • To process payments and maintain billing records. • To provide, operate, and maintain the Service. • To detect, investigate, and prevent fraudulent transactions and security breaches. • To respond to your support requests and communications. • To comply with legal obligations and protect our legal rights. Optional (with your explicit consent only): • To send newsletters and marketing communications. • To analyze usage for service improvement. • To personalize content or recommendations. • To conduct surveys or research.
We understand the sensitivity of data processed through our API: • We do not use your API input or output data to train or improve our AI models unless you have explicitly opted in to a model improvement program. Even then, data is fully anonymized first. • API request metadata (not content) is retained for up to 90 days for security and billing purposes. • We implement end-to-end encryption and strict access controls. • Data processed through the API is not accessed by Rax AI employees except for legal compliance or at your explicit request for support. • We will notify you promptly of any confirmed security breach affecting your API data.
We do not sell, rent, or trade your personal data to third parties for their own commercial purposes. We share your information only in these limited circumstances: • Service Providers: With vetted vendors who perform services on our behalf (hosting, payments, support) under strict data processing agreements that prohibit other use. • Legal Compliance: To comply with a valid legal obligation, court order, or government request, or to protect the safety of our users or the public. • Business Transfers: In the event of a merger or acquisition, you will be notified before data is transferred and subject to a new policy. • With Your Consent: For any other sharing, we will first obtain your explicit consent.
We retain personal data only as long as necessary for the purposes collected: • Account data: Duration of your account, plus up to 3 years post-deletion where required by law. • API request logs: 90 days (metadata only; content not stored). • Support communications: Up to 2 years from the last communication. • Billing and payment records: Up to 7 years, as required by financial regulations. • Consented analytics data: Deleted or anonymized within 30 days of consent withdrawal. After the applicable period, we securely delete or anonymize your personal data.
We implement comprehensive technical and organizational measures to protect your personal data: • Encryption of data in transit using industry-standard TLS/SSL protocols. • Encryption of sensitive data at rest. • Role-based access controls limiting data access to authorized personnel only. • Regular security audits and penetration testing. • Multi-factor authentication for internal systems. • Incident response procedures for prompt breach detection and response. No method of electronic storage is 100% secure. In the event of a breach affecting your data, we will notify you in accordance with applicable legal requirements.
Strictly Necessary Cookies (No Consent Required): Essential for the Service to function — session authentication tokens and security identifiers. These cannot be disabled. Optional Cookies (Opt-In Required): • Analytics Cookies: Track usage patterns (e.g., Google Analytics). Only activated if you opt in. • Marketing Cookies: Track advertising effectiveness. Never used without your explicit opt-in. • Preference Cookies: Remember your settings. Available on opt-in basis. You can manage preferences through the cookie settings panel or your browser settings. Opting out of optional cookies will not affect your ability to use the core Service.
Rax AI operates globally, and your data may be transferred to and processed in countries outside your jurisdiction. These countries may have different data protection laws. Where we transfer personal data internationally, we ensure appropriate safeguards are in place, including: • Standard Contractual Clauses (SCCs) approved by competent authorities. • Binding corporate rules for intra-group transfers. • Adequacy decisions by relevant data protection authorities. By using our Service, you consent to such transfers made in accordance with this Policy and applicable law.
Depending on your location, you may have the following rights: • Right to Access: Request a copy of the personal data we hold about you. • Right to Rectification: Request correction of inaccurate or incomplete data. • Right to Erasure: Request deletion of your personal data, subject to legal retention requirements. • Right to Restriction: Request that we limit processing of your data in certain circumstances. • Right to Data Portability: Receive your data in a structured, machine-readable format. • Right to Object: Object to processing based on legitimate interests or direct marketing. • Right to Withdraw Consent: Withdraw any consent at any time without penalty. • Right to Lodge a Complaint: Lodge a complaint with your relevant data protection authority. Contact us at [email protected] to exercise these rights. We respond within 30 days.
The Service is not directed to or intended for children under 18 years of age. We do not knowingly collect personal information from children under 18. If you are a parent or guardian and believe your child has provided us with personal data, contact us immediately at [email protected] and we will take steps to delete such information from our systems. We reserve the right to terminate any account we discover is held by a person under 18.
For users in the EEA, UK, or similar jurisdictions, we process data under these legal bases: • Contractual Necessity: Processing required to provide the Service. • Legitimate Interests: Fraud prevention, security monitoring. • Legal Obligation: Compliance with applicable laws. • Consent: For all optional data collection. You may withdraw at any time. For California residents (CCPA/CPRA), you have the right to know, delete, correct, and opt out of any sale of your data. We do not sell your data. Contact [email protected] to exercise your California rights.
While we implement robust security measures and follow best practices, Rax AI shall not be held liable for: • Data breaches or unauthorized access resulting from your failure to keep your account credentials secure. • Privacy risks arising from information you voluntarily share publicly through the Service. • Data practices of third-party services you access through or in connection with our Service. • Loss or corruption of data due to causes beyond our reasonable control, including force majeure events. You agree to promptly notify us of any known or suspected unauthorized access to your account.
We may update this Privacy Policy from time to time. When we make material changes, we will: • Update the "Last Updated" date on this page. • Send a notification to the email address associated with your account. • Display a prominent notice on our website. Your continued use of the Service after changes are posted constitutes acceptance of the updated Policy. If material changes require new consent for data collection, we will obtain that consent before making such changes.
For questions, concerns, or data requests regarding this Privacy Policy: • Email: [email protected] • Data Deletion Requests: [email protected] (Subject: "Data Deletion Request") • Data Access Requests: [email protected] (Subject: "Data Access Request") • Security Concerns: [email protected] • Mailing Address: Rax AI Privacy Team, Nairobi, Kenya We respond to all privacy inquiries within 5–10 business days and formal data subject requests within 30 days.
We're here to help. Reach out to our privacy team for any concerns or data requests.