LogoRuxa.ai

Privacy Policy

How Ruxa AI collects, uses, and protects your personal information

2025/12/30

Introduction

This Privacy Policy explains how Ruxa AI ("we", "us", or "our") collects, uses, discloses, and protects your personal information when you use our AI API services platform. We are committed to protecting your privacy and ensuring transparency in how we handle your data.

Information We Collect

Account Information

  • Name and email address
  • Account credentials and authentication data
  • Profile information and preferences
  • Communication preferences

Payment Information

  • Payment details processed through our third-party payment processors
  • Transaction history and billing records
  • Billing address and contact information
  • We do not store complete payment card details; these are handled securely by our payment processors

Usage Data

  • API requests and usage statistics
  • Service interaction logs and timestamps
  • IP address and geolocation data
  • Device information (type, model, operating system)
  • Browser type, version, and language settings

Technical Data

  • API keys and authentication tokens
  • Error logs and performance metrics
  • System diagnostics and crash reports

Content Data

  • Input data submitted through our APIs
  • Generated output content
  • Feedback and support communications

How We Use Your Information

We use your information for the following purposes:

  • Provide, maintain, and improve our AI API services
  • Process payments and manage your account
  • Monitor API usage, enforce rate limits, and prevent abuse
  • Send service notifications, updates, and security alerts
  • Provide customer support and respond to inquiries
  • Develop new features and enhance existing services
  • Detect, prevent, and address fraud, security issues, and technical problems
  • Comply with legal obligations and enforce our terms
  • Conduct analytics and research to improve user experience
  • Personalize your experience and provide relevant recommendations

Payment Processing

We use trusted third-party payment processors to handle all payment transactions. When you make a payment:

  • Your payment information is collected and processed directly by our payment processors
  • We receive transaction confirmations, billing details, and payment status from our processors
  • Each payment processor has its own privacy policy governing the handling of your payment data
  • We may use multiple payment processors including PayPal, Stripe, and other providers
  • Your choice of payment method determines which processor handles your transaction

We recommend reviewing the privacy policies of our payment processors for details on how they handle your data.

Data Sharing

We may share your information with the following parties:

  • Payment Processors: To process payments and prevent fraud (e.g., PayPal, Stripe)
  • AI Model Providers: Anonymized or pseudonymized usage data for service delivery
  • Cloud Infrastructure Providers: For hosting and data storage
  • Analytics Services: To understand usage patterns and improve our services
  • Customer Support Tools: To provide efficient support services
  • Legal Authorities: When required by law, court order, or to protect our rights
  • Business Partners: With your consent, for joint offerings or integrations

We do not sell your personal information to third parties for marketing purposes.

Third-Party Services

Our services integrate with various third-party providers:

  • Payment processors (PayPal, Stripe, and others)
  • Cloud hosting providers (Cloudflare, AWS)
  • AI model providers (OpenAI, Anthropic, Google, and others)
  • Analytics and monitoring services
  • Email and communication services

Each third-party service has its own privacy policy. We encourage you to review their policies.

Data Security

We implement comprehensive security measures including:

  • Encryption of data in transit (TLS/SSL) and at rest (AES-256)
  • Secure API authentication using industry-standard protocols
  • Regular security audits and vulnerability assessments
  • Access controls, role-based permissions, and audit logging
  • Intrusion detection and prevention systems
  • Regular backups and disaster recovery procedures
  • Employee security training and background checks

Data Retention

We retain your data according to the following principles:

  • Account data: Retained while your account is active and for a reasonable period after closure
  • Transaction records: Retained as required by financial regulations (typically 7 years)
  • Usage logs: Retained for up to 90 days for operational purposes
  • API request data: Retained for up to 30 days unless longer retention is required
  • Support communications: Retained for up to 3 years after resolution

You may request deletion of your data at any time, subject to legal retention requirements.

Your Rights

Depending on your location, you may have the following rights:

  • Access: Request a copy of your personal data
  • Rectification: Correct inaccurate or incomplete data
  • Erasure: Request deletion of your data ("right to be forgotten")
  • Portability: Export your data in a machine-readable format
  • Restriction: Limit how we process your data
  • Objection: Object to certain types of processing
  • Withdraw Consent: Withdraw previously given consent
  • Opt-out: Unsubscribe from marketing communications
  • Non-discrimination: Exercise your rights without penalty

To exercise these rights, please contact us using the information below.

GDPR Compliance (EEA Users)

For users in the European Economic Area, we comply with GDPR requirements:

  • Legal Basis: We process data based on consent, contract performance, legitimate interests, or legal obligations
  • Data Protection Officer: Contact us for DPO inquiries
  • Supervisory Authority: You have the right to lodge a complaint with your local data protection authority
  • Cross-border Transfers: We use Standard Contractual Clauses for data transfers outside the EEA

CCPA Compliance (California Users)

For California residents, we provide additional rights under CCPA:

  • Right to Know: Request information about data collection and sharing practices
  • Right to Delete: Request deletion of your personal information
  • Right to Opt-Out: Opt out of the sale of personal information (we do not sell your data)
  • Right to Non-Discrimination: Equal service regardless of privacy choices

Cookies and Tracking

We use cookies and similar technologies for:

  • Essential cookies: Required for authentication and security
  • Functional cookies: Remember your preferences and settings
  • Analytics cookies: Understand how you use our services
  • Performance cookies: Monitor and improve service performance

You can manage cookie preferences in your browser settings or through our cookie consent tool.

International Data Transfers

Your data may be transferred to and processed in countries outside your residence, including the United States. We ensure appropriate safeguards are in place, including Standard Contractual Clauses, adequacy decisions, or other legally recognized transfer mechanisms.

Children's Privacy

Our services are not intended for users under 18 years of age. We do not knowingly collect personal information from children. If we learn that we have collected data from a child, we will promptly delete it.

Do Not Track

Some browsers offer a "Do Not Track" feature. Our services do not currently respond to DNT signals, but we respect your privacy choices through other mechanisms described in this policy.

Changes to This Policy

We may update this Privacy Policy periodically to reflect changes in our practices or legal requirements. We will notify you of significant changes via email or prominent notice on our website. Your continued use after changes constitutes acceptance of the updated policy.

Contact Us

For privacy-related inquiries, data requests, or concerns, please contact us, or email us at privacy@ruxa.ai

Last updated: January 6, 2026