Privacy Policy

Last updated: 19 March 2026

This policy covers all services operated by Alexiuz AS, including alexiuz.com, Botlor, Generor, Naited, Darobodo, Statility, IOProof, Algatella, Muuic, Dupliself, Nusltr, Rexiew, NewsCompute, and the Buidlings open source crypto tools: CoinAllocator, Blockral, Blockinity, Provifier, Weavefront, gregat, and Discussier (collectively "Alexiuz Services").

1. Data Controller

Alexiuz AS (Org.nr: 918851933), Gamlegrensa 8A, 3747 Skien, Norway is the data controller for all personal data processed across Alexiuz Services.

2. What We Collect

Account Data (all services)

• Email address, username, hashed password, account status
• Hashed IP address, session tokens (not stored long-term)
• Login timestamps, hashed IP, originating service
• Consent records (terms, marketing, product updates)

Service-Specific Data

• Botlor — conversations, preferences, AI interaction history
• Generor — generated content (text, images, audio, video), generation settings
• Naited — notes, tags, categories, semantic embeddings
• Darobodo — coaching sessions, wisdom tradition preferences
• Statility — watchlists, chart preferences, portfolio data
• IOProof — proof records, API keys, attestation hashes
• Algatella — website analysis results, monitoring targets
• Muuic — generated music, MIDI exports, style preferences
• Dupliself — training data, digital twin configurations, voice models
• Nusltr — email address, newsletter interests, subscription source, IP address
• Rexiew — email address, review history, AI model selections, thing searches, IP address
• NewsCompute — news topics, AI-generated stories, preferred AI model, content language, subscription tier, push notification device tokens, generated audio files, inbound emails to journalist@newscompute.com

Credits & Payment Data

• Credit balance (paid, free, earned), transaction history
• Purchase records (processed by Stripe — we do not store card details)

Advertising Data

• Listing submissions, company information provided by advertisers
• Campaign details, bid amounts, click logs (hashed IP, user agent hash, timestamp)
• PPC credit balances and transaction history

3. Legal Basis (GDPR Art. 6)

• Contract (Art. 6.1.b): Account creation, authentication, and service delivery
• Legitimate interest (Art. 6.1.f): Security logging, fraud prevention, service improvement
• Consent (Art. 6.1.a): Newsletter subscriptions, marketing communications

4. Cross-Service Data Sharing

When you use your Alexiuz account on a connected service, that service receives your Alexiuz user ID and email address. Each service stores its own application data linked to this ID. Your credit balance is centralized on alexiuz.com and accessible from any connected service.

5. Shadow Accounts

When a service stores data on your behalf (e.g., Botlor saving a note to Naited), a shadow account may be created using only your email address. No additional data is collected. You can claim, view, or delete shadow accounts at any time.

6. Newsletter Data (Nusltr)

When you subscribe to a Nusltr newsletter — whether through nusltr.com, a partner directory, or a blog — we collect your email address, selected interests, IP address (for rate limiting), and subscription source. We do not sell, rent, or share subscriber lists with third parties. Your email is shared with our delivery provider (ElasticEmail) solely to send you newsletters.

7. Data Retention

• Account data: retained while account is active
• Session tokens: cleared on logout or new login
• Auth tokens: single-use, expired entries purged automatically
• Login audit logs: retained for 12 months
• Newsletter subscribers: retained while active; 30 days after unsubscribe
• IP addresses: hashed for sessions; raw IPs for rate limiting retained 90 days
• Generated content: retained while account is active; deleted on account deletion
• Advertising data: campaigns, bids, transactions retained while account is active
• Click logs: retained for 24 months for fraud detection
• Payment records: retained as required by Norwegian bookkeeping law (5 years)

8. Your Rights (GDPR Art. 15-22)

You have the right to:

• Access your data via your account page or by contacting us
• Rectify incorrect information
• Delete your account (cascades to all services)
• Port your data in a machine-readable format on request
• Object to processing based on legitimate interest
• Withdraw consent for newsletters or marketing at any time
• Unsubscribe from any newsletter via the link in each email

9. Cookies

• Session cookies: Used on alexiuz.com and authenticated service pages for login sessions
• Functional cookies: Some services (e.g., directories) use cookies for user preferences
• No tracking cookies: We do not use third-party analytics, advertising pixels, or social media trackers on any Alexiuz property

10. Security

Passwords are hashed with bcrypt. IP addresses are stored as SHA-256 hashes where possible. Sessions use cryptographically random 256-bit tokens. All connections require HTTPS. Payment processing is handled entirely by Stripe.

11. Third-Party Processors

• ElasticEmail: Transactional and newsletter email delivery
• Stripe: Payment processing (credit purchases, advertising, listing packages)
• AI model providers: OpenAI, Anthropic, Google, and others for content generation (prompts may be sent to these providers to generate responses)

12. International Transfers

Our servers are located in Europe. Third-party processors may process data outside the EEA under appropriate safeguards (Standard Contractual Clauses or equivalent mechanisms).

13. Children

Our services are not directed at individuals under the age of 16. We do not knowingly collect personal data from children.

14. Changes

We may update this policy. Material changes will be communicated via email or in-service notice. The "Last updated" date reflects the most recent revision.

15. Contact

Alexiuz AS · Org.nr: 918851933 · Gamlegrensa 8A, 3747 Skien, Norway · mail@alexiuz.com