Privacy Policy

Last updated: February 2026

1. Data Controller

Alexiuz AS (Org. nr. pending), Gamlegrensa 8A, 3747 Skien, Norway is the data controller for all authentication data processed through alexiuz.com.

2. What We Collect

• Account data: Email address, hashed password, account status
• Session data: Hashed IP address, session tokens (not stored long-term)
• Audit logs: Login timestamps, hashed IP, which service initiated the login
• Consent records: Whether you consented to terms and marketing

3. Legal Basis (GDPR Art. 6)

• Contract (Art. 6.1.b): Account creation and authentication are necessary to provide the service
• Legitimate interest (Art. 6.1.f): Security logging, fraud prevention
• Consent (Art. 6.1.a): Marketing communications (opt-in only)

4. Cross-Service Data Sharing

When you use your Alexiuz account on a connected service, that service receives your Alexiuz user ID and email address. Each service has its own privacy policy governing how it handles your application data:

• Botlor — conversations, preferences, AI interactions
• Generor — generated content, usage credits
• Naited — notes, tags, categories, embeddings
• Statility — watchlists, chart preferences
• Darobodo — coaching sessions, wisdom preferences
• IOProof — proof records, API keys
• Algatella — analysis reports, uptime monitors
• Muuic — projects, compositions, AI requests
• Dupliself — digital twin profiles, training data, voice models

New services may be added to the Alexiuz ecosystem over time. Each new service will be listed here when integrated.

5. Shadow Accounts

When a service stores data on your behalf (e.g., Botlor saving a note to Naited), a shadow account may be created using only your email address. No additional data is collected. You can claim, view, or delete shadow accounts at any time.

6. Data Retention

• Account data: retained while account is active
• Session tokens: cleared on logout or new login
• Auth tokens: single-use, expired entries purged automatically
• Login audit logs: retained for 12 months

7. Your Rights (GDPR Art. 15-22)

You have the right to:

• Access your data via your account page
• Rectify incorrect information
• Delete your account (cascades to all services)
• Port your data on request
• Object to processing based on legitimate interest
• Withdraw consent for marketing at any time

8. Security

Passwords are hashed with bcrypt. IP addresses are stored as SHA-256 hashes. Sessions use cryptographically random 256-bit tokens. All connections require HTTPS.

9. Third-Party Processors

• ElasticEmail: Transactional email delivery (verification, password reset)

10. Contact

For privacy inquiries: Alexiuz AS, Gamlegrensa 8A, 3747 Skien, Norway.