Ophraxx
Disclaimer: This website is currently in beta testing. Some features may not be complete, and content may be out of date.

Privacy Policy

Last updated: March 2026

1. Introduction

This Privacy Policy explains how Ophraxx AI collects, uses, discloses, and safeguards information when you use our services—including our website, web applications, conversational bot, and any other products or channels we offer. Our systems are built and operated by us; we do not sell your personal information or use it for advertising. We collect only what is necessary to provide the Service, enforce our policies, and improve safety and quality as described below.

2. Information We Collect

2.1 Website and Web Application Data

When you use our website or web applications, we collect and process:

  • Account and authentication: Email address, account identifier, and (if you choose) password hash. We support two-factor authentication (2FA); 2FA secrets and backup codes are stored securely and used only for verification. We do not store your 2FA codes in plain text.
  • Profile and preferences: Username, display name, bio, pronouns, profile picture URL, and any other profile fields you provide. We also store your preference and settings data (e.g. notification preferences, accent color, language, custom instructions) so we can apply them across sessions.
  • Session and device data: Session tokens, IP address, user agent, and similar technical data necessary for authentication, security (e.g. CSRF), and session management. We may record login and security-relevant events (e.g. sign-in, 2FA verification) for abuse prevention and account security; this data is used only by us and is not shared for advertising.
  • Cookies and local storage: We use first-party cookies and similar technologies as described in our Cookie Policy. We do not use third-party advertising or tracking cookies.

2.2 Bot and Conversational Service Data

When you interact with our conversational AI (e.g. in a server or space where the bot is installed):

  • In-session content: Messages you send and the AI's responses are processed in memory to generate replies and to run our safety pipeline (input validation, safeguard models, output checks, PII redaction). This content is not written to a persistent database; it is held only for the duration of a short-lived session (e.g. 15 minutes) and is then discarded. We do not maintain a searchable or long-term archive of conversation content.
  • Usage and operational data: We store numeric usage counts per user per month to enforce rate limits and quotas based on subscription tier across the Ophraxx Web Core (OW-F1, OW-B12, OW-U45, OW-P88). We store server or space configuration (e.g. which channels the bot uses, invoke settings) so the service behaves consistently. We may store a first-use or onboarding flag so we do not send duplicate welcome messages. None of this includes message content.
  • Safety and moderation data: When a safety violation or abuse event occurs, we may store the category of the violation and the timestamp (and associated identifiers) to support escalation, appeals, and abuse prevention. We do not retain the full content of the triggering message in long-term storage. Our safety systems are built and operated by us.

2.3 Feedback and Communications

  • If you submit feedback (e.g. thumbs up/down on AI responses, bug reports, or support messages), we use that data to improve the Service and to respond to you. Feedback may be used for model evaluation and product improvement in accordance with our Your Data and Model Performance page; you may opt out of model improvement use via our support channel.

3. How We Use Information

We use the information we collect to:

  • Provide, maintain, and improve the Service (website, web app, bot, and any future features).
  • Authenticate you and manage your account, profile, and preferences.
  • Enforce our Terms of Use, Usage Policies, and safety systems (rate limits, moderation, abuse prevention).
  • Monitor and protect the security and reliability of our systems (e.g. detecting abuse, responding to incidents).
  • Comply with applicable law and respond to valid legal process.
  • Communicate with you about the Service (e.g. important policy or security updates) where permitted.

We do not use your data for advertising or to build advertising profiles. We do not sell your personal information. Our models and improvement pipelines are built and operated in-house.

4. Model Improvement and Evaluation

We may use service content and feedback signals to evaluate and improve model performance and safety (e.g. accuracy, response quality, safety classification). Where we do so, we apply data minimization, de-identification, and access controls as described in Your Data and Model Performance. You may opt out of having your interactions used for model improvement by contacting us through our support channel; opting out does not affect core service functionality. Any future use of interaction data for training or fine-tuning would be subject to a separate policy update and clear opt-in or opt-out where required.

5. Data Sharing and Disclosure

We do not sell personal information. We may disclose data only in the following circumstances:

  • Our own operations: Data may be processed and stored on infrastructure we operate or that is operated on our behalf under strict confidentiality and security obligations. Our core processing logic, safety systems, and policy enforcement remain under our control; we do not delegate controller-level decisions or data use to unnamed or unaccountable parties.
  • Legal and safety: We may disclose data when required by applicable law, court order, or valid legal process, or when we believe in good faith that disclosure is necessary to protect the rights, safety, or property of Ophraxx AI, our users, or the public.
  • Business transfers: In the event of a merger, acquisition, or sale of assets, your data may be transferred to the successor entity, subject to the same privacy commitments where feasible.

6. Data Retention

  • Conversation content: Not stored in persistent form; in-memory session data is discarded when the session expires (e.g. 15 minutes of inactivity) or when the process restarts.
  • Account and profile: Retained for the duration of your account and for a reasonable period after account closure to comply with law, resolve disputes, and enforce our terms.
  • Usage counts and configuration: Retained as long as needed for rate limiting, service operation, and abuse prevention; aggregated or anonymized data may be retained longer for capacity and product analysis.
  • Safety and security logs: Retained for up to 24 months for abuse prevention, security investigations, and appeals, unless a longer period is required by law.
  • Login and session activity: Retained for a limited period for account security and abuse prevention; exact retention depends on the type of event.

We may retain data longer when required by law, regulation, or to resolve disputes or enforce our agreements.

7. Security

We implement technical and organizational measures to protect your data, including encryption in transit and at rest where appropriate, access controls, least-privilege principles, monitoring, and incident response procedures. Our security practices are described in more detail in our Security & Privacy page. No system is completely secure; you use the Service at your own risk. We will notify you of material security incidents affecting your data where required by law or contract.

8. Your Rights and Choices

Depending on your jurisdiction, you may have the right to:

  • Access: Request a copy of the personal data we hold about you.
  • Correction: Request correction of inaccurate or incomplete data (e.g. via your profile or account settings where available).
  • Deletion: Request deletion of your personal data, subject to exceptions for legal obligation, dispute resolution, or safety.
  • Object or restrict: Object to or request restriction of certain processing where provided by law.
  • Portability: Request a portable copy of your data where technically feasible and required by law.
  • Withdraw consent: Where processing is based on consent, you may withdraw consent at any time; withdrawal does not affect the lawfulness of processing before withdrawal.

To exercise these rights, contact us through our designated support channel. We will process valid requests in accordance with applicable law. You may also have the right to lodge a complaint with a supervisory authority in your jurisdiction.

9. Cookies and Similar Technologies

We use cookies and similar technologies only as necessary to provide and secure the website and web applications and to remember your preferences. We do not use third-party advertising or tracking cookies. Details are in our Cookie Policy.

10. Children's Privacy

The Service is not intended for children under 13 in the United States or under 16 in the United Kingdom (or such higher minimum age as required by your jurisdiction). We do not knowingly collect personal information from children. If you believe we have collected data from a child, please contact us through our support channel and we will take steps to delete it.

11. International Transfers

Your information may be processed in countries other than your own. We use safeguards consistent with applicable law to protect data in transit and at rest and, where required, implement appropriate transfer mechanisms (e.g. standard contractual clauses) for cross-border transfers.

12. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be posted on this page with an updated "Last updated" date and, where appropriate, communicated via the Service or email. Your continued use of the Service after changes constitutes acceptance of the updated policy. We encourage you to review this policy periodically.

13. Contact

For privacy-related questions, requests, or complaints, contact us through our designated support channel. We do not sell or license your data to advertisers or data brokers. Our policy index links to all current policy documents.