Privacy Policy

Last updated: January 2025 • Operated by HEKAX LLC, Wyoming, United States

In short: We use your data only to deliver and improve our AI automation services, keep systems secure, and comply with the law. We do not sell your data and we do not train our own proprietary AI models on your client data.

This Privacy Policy explains how HEKAX LLC ("HEKAX", "we", "our", "us") collects, uses, and protects personal information when you visit our website, communicate with us, or use our AI automation, AI agents, PrivateGPT and consulting services (collectively, the "Services").

1. Who We Are

HEKAX LLC is a United States limited liability company registered in the State of Wyoming. We provide AI automation systems, AI agents, PrivateGPT deployments and related professional services to businesses globally.

2. Information We Collect

We may collect the following categories of information:

Contact details: name, email address, phone number, role, company name.
Business information: workflows, processes, prompts, instructions and context you provide so we can design and implement your systems.
Content you submit: documents, files, databases, transcripts, and messages that you choose to share for analysis, automation or PrivateGPT training.
Usage data: IP address, browser type, device information, pages visited, time on page, referrer, and similar diagnostic data.
Communication metadata: call logs, timestamps, technical call details, and interaction metadata when using AI phone, chat, or messaging agents that we deploy for you.
Billing information: limited payment and invoicing details (handled by third-party processors where applicable).

3. How We Use Your Information

We process personal data in order to:

Provide, configure, and maintain AI automation, AI agents, dashboards, and related Services.
Design, test, and deploy workflows tailored to your business processes.
Communicate with you about demos, onboarding, support and ongoing optimisation.
Monitor performance, reliability, and security of systems we host or help you operate.
Analyse anonymous or aggregated usage patterns to refine features and user experience.
Comply with legal, tax, and accounting obligations.

We do not sell or rent your personal information. We do not train our own proprietary models on your confidential business or client data.

4. Legal Bases for Processing (EU/UK GDPR)

When the EU/UK General Data Protection Regulation (GDPR) or similar laws apply, we rely on the following legal bases:

Contractual necessity – to provide Services you request and to perform our obligations under agreements with you.
Legitimate interests – to secure, improve, and operate our systems and Services, provided these interests are not overridden by your rights.
Consent – for certain marketing communications, cookies, or optional features where required by law.
Legal obligation – to comply with applicable laws, regulations, and court orders.

5. Data Processing & AI Systems

HEKAX uses AI models and automation platforms (for example, OpenAI, Anthropic, Llama-based models, n8n, Twilio, and cloud infrastructure providers) to process data on your behalf. We process only the data required to implement, operate, and maintain the solutions you ask us to build.

Where we act as a data processor on your instructions (for example, when we automate your internal systems or deploy PrivateGPT for your organisation), we process data strictly in line with the applicable service agreement and, where relevant, a Data Processing Addendum (DPA).

6. Sharing of Data

We may share information with trusted third parties solely to deliver the Services, including:

Cloud hosting, storage, and infrastructure providers (e.g., Vercel, Google Cloud, Firebase, other data centres).
AI and automation platforms (e.g., OpenAI, Anthropic, Twilio, n8n, and similar API-based services).
Analytics, logging, monitoring, and security vendors (e.g., CDN, DDoS protection, performance analytics).
Payment processors, accounting tools, and invoicing platforms.
Professional advisers (lawyers, accountants) where reasonably necessary.

These providers process data under their own terms and privacy policies. We take reasonable steps to ensure they implement appropriate security and confidentiality measures.

7. International Data Transfers

Our infrastructure and third-party providers may be located in the United States and other countries. Where required by law, we rely on appropriate safeguards such as Standard Contractual Clauses or equivalent mechanisms for cross-border data transfers.

8. Data Retention

We retain personal data only as long as necessary for the purposes described in this Policy, including the fulfilment of contracts, resolution of disputes, enforcement of our agreements, and compliance with legal obligations.

When data is no longer required, we take reasonable steps to delete, anonymise, or securely archive it in line with our retention practices.

9. Security

We implement technical and organisational measures to protect your information, including encrypted transport (HTTPS), access control, credential management, and system monitoring. No system can be guaranteed 100% secure, but we treat security as a core part of our Services and review our practices regularly.

10. Your Rights

Depending on your jurisdiction, you may have the right to:

Request access to the personal data we hold about you.
Request correction of inaccurate or incomplete data.
Request deletion of your data, subject to legal and contractual exceptions.
Object to or restrict certain types of processing.
Request a copy of your data in a portable format (where technically feasible).
Withdraw consent where processing is based on consent.

To exercise these rights, please contact us at support@hekax.com. We may need to verify your identity before acting on certain requests.

11. Cookies & Tracking

Our website may use cookies and similar technologies for essential functionality, performance, and analytics. Where required by law, we will request your consent before setting non-essential cookies. You can manage cookies through your browser settings. For more information, please see our Cookie Policy.

12. Third-Party Websites

Our website may contain links to third-party websites or services. We are not responsible for the content, security, or privacy practices of those third parties. We recommend you review their privacy policies separately.

13. Children's Privacy

Our Services are not directed to children under the age of 16, and we do not knowingly collect personal data from them. If you believe a child has provided us with personal data, please contact us so we can delete it where appropriate.

14. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our Services, legal requirements, or privacy practices. The "Last updated" date at the top of this page indicates the latest version. Continued use of our Services after any update constitutes acceptance of the revised Policy.

15. Contact

For questions, requests, or concerns regarding this Privacy Policy, please contact:
HEKAX LLC
Email: support@hekax.com