Privacy Notice
How Digitalix Hub collects, uses, and protects your data. We keep it simple and transparent.
What we collect
Digitalix Hub stores account details (name, email), authentication records (secure HTTP-only session cookies), billing state, onboarding Q&A answers, and your company memory document required to operate the service.
We collect basic usage analytics (page views, feature usage) via Google Analytics with anonymised IP addresses. When you connect third-party integrations (e.g. Gmail), we store encrypted OAuth tokens — never your password.
Cookies: we use strictly-necessary cookies (authentication, session state, CSRF protection) and, where you consent at the cookie banner, analytics cookies. You can revoke analytics consent at any time by clearing the banner preference.
How we use your data
We use your data to authenticate sessions, run AI agents on your behalf, maintain your company memory, process approval queues, deliver scout intel, and improve platform reliability.
Your company memory and agent activity are scoped to your account and never shared with other users. The shared intel feed contains only information gathered from public web sources — your private data is never used to generate intel for others.
Lawful bases (GDPR Article 6): we rely on (a) performance of contract — to operate the platform you subscribed to; (b) legitimate interests — to maintain reliability, prevent abuse, and improve the service; (c) legal obligation — to comply with tax and accounting law; and (d) consent — for optional marketing communications, which you can withdraw at any time.
Sub-processors and AI providers
Digitalix Hub uses third-party processors to deliver the service: Stripe (payments and billing), Anthropic and OpenAI (LLM inference for agent reasoning), Google (Workspace integrations and analytics), Hetzner (EU-based hosting infrastructure), BetterStack (operational logging), and others. A current list with purpose and processing location is maintained at /subprocessors and updated whenever the set changes.
Agent reasoning is performed by sending prompts and the relevant company-memory context to Anthropic or OpenAI APIs over encrypted connections. We do not use customer data to train models, and our LLM providers contractually agree not to retain or train on your prompts.
Payment & billing
Subscriptions are processed by Stripe. We do not store your full credit card number — Stripe manages all card data in compliance with PCI-DSS. Your Stripe customer ID is never exposed in client-facing API responses.
Billing webhook activity is logged for operational and fraud-prevention purposes. Billing data is retained for the duration of your account plus any legal retention requirements.
Security & retention
Sessions use secure, HTTP-only cookies with strict same-site policy — no sensitive state is stored in the browser.
Account data is retained while your subscription is active. After cancellation, your data is held for 30 days (to allow account recovery and final exports), then deleted. Operational logs are retained for 90 days. Billing and transaction records are retained for 7 years as required by the Estonian Accounting Act. Company memory prior versions are preserved within the active retention window.
Your rights (GDPR)
Under the GDPR you have the right to access, rectify, erase, restrict processing of, and port your personal data. You may also object to processing and withdraw consent at any time.
For account holders: exercise your rights directly from Settings → Data & Privacy in your dashboard. Available self-serve actions are Export All Data, GDPR Subject Access Request, GDPR Portable Export, and Delete My Account (Article 17 erasure). Deletion requests are processed within 30 days and you receive email confirmation once complete.
For anyone else (or if you prefer email): contact support@digitalixhub.com. We will respond within 30 days. If you are unsatisfied with our response, you may lodge a complaint with the Estonian Data Protection Inspectorate (AKI).
AI interaction & AI-generated content
When you use Digitalix Hub, you may interact directly with AI systems (our Stedral agents) and encounter content that is AI-generated. Agent outputs such as drafts, reports, briefs, and recommendations are produced by artificial intelligence rather than a human.
This reflects the same AI transparency commitments described in our Terms of Service, consistent with Article 50 of the EU AI Act. You remain in control of which AI-generated outputs are reviewed, approved, sent, or published.
Automated decision-making (GDPR Article 22): agents make automated decisions on your behalf, but every output that has external effect — sending an email, posting content, executing a tool call — passes through your approval queue first, with meaningful human review. For purely internal operations (memory updates, scout filtering), you can override or correct any decision through the dashboard at any time.
International transfers
Digitalix Hub is operated by a company based in Estonia (EU). Your data is primarily processed within the EU. Where infrastructure providers process data outside the EU, we ensure appropriate safeguards are in place (e.g. Standard Contractual Clauses).
By using the service, you acknowledge that your data may be processed in these jurisdictions for the purposes described in this notice.
Contact
For privacy-related questions, data subject requests, or account assistance, contact support@digitalixhub.com. We aim to respond within 30 days.