Privacy Policy

Last updated: 2026-05-04

1. Who we are

Inxy.ai ("we", "us", "our") operates the website at https://inxy.ai and the related SaaS application that helps Shopify merchants and SaaS publishers analyze and improve their organic search performance (SEO, AEO, GEO, LLMO).

2. What we collect

2.1 Account information

Email, name, password hash (or Google OAuth profile basics if you sign in with Google), and your subscription status.

2.2 Connected platforms

With your explicit consent during onboarding, we read data from third-party services to power your dashboard:

• Shopify: store domain, products, collections, blogs, orders (for source-revenue attribution).
• Google Search Console (read-only, scope webmasters.readonly): impressions, clicks, position, indexation status of your own properties.
• Google Analytics 4 (read-only): traffic sources, conversions on your own properties.

We never write to your Shopify, Google Search Console, or Google Analytics accounts on your behalf. We never read data from properties you do not own or have not explicitly connected.

2.3 Usage data

Standard web logs (IP, user agent, pages visited) for security and abuse monitoring; AI usage metrics (tokens consumed, models invoked) for billing transparency.

3. How we use your data

• Provide the product features (dashboards, recommendations, AI content generation)
• Bill you according to your plan
• Send transactional and product emails (you can opt out of non-essential ones)
• Improve the product, including computing anonymized cross-shop benchmarks (see §5)

4. How we share your data

Your raw shop data is never sold. We share narrowly with subprocessors strictly necessary to operate the service: Stripe (payments), Railway (hosting), Postgres (DB), and the AI model providers we route generation through (we anonymize prompts where feasible). A current subprocessor list is available on request from support@inxy.ai.

5. Anonymized aggregate data ("cross-shop intelligence")

To improve recommendations for all customers, we may compute cohort-level benchmarks (e.g. "median CTR for jewelry mid-tier stores") from anonymized, bucket-aggregated data with small-cell suppression. We do not expose per-shop deltas. You can opt out at any time in Settings → Privacy; opting out means your data does not contribute to those aggregates, but you still see the cohort medians.

6. Your rights

• Access / portability: export all your data in JSON via Settings → Account.
• Deletion: cancel your subscription and email support@inxy.ai; we delete your account + raw shop data within 30 days.
• Correction: update profile fields in Settings.
• Opt-out of cross-shop aggregation: Settings → Privacy.
• EU/UK residents (GDPR) / California residents (CCPA): you have the same rights granted to all users above; contact support@inxy.ai to exercise them or for any data complaint.

7. Data retention

We retain your data while your subscription is active, plus a 30-day grace window after cancellation in case you reactivate. Anonymized aggregate counts may persist beyond that, but no per-shop data does.

8. Security

Encryption in transit (HTTPS) and at rest. Per-tenant data isolation in Postgres. OAuth tokens are encrypted. We use industry-standard practices but do not claim security is absolute.

9. Children

Inxy.ai is not intended for users under 16.

10. Changes

We will notify you via email of material changes to this policy at least 30 days before they take effect.

11. Contact

Questions or requests: support@inxy.ai