Last updated: March 2026 — We take your privacy seriously. Here is exactly what we collect and why.
This Privacy Policy describes how Vexlora Inc. ("Vexlora", "we", "our", "us") collects, uses, and shares information about you when you use our platform, website, and related services. We are committed to transparency and to handling your data responsibly in accordance with the GDPR, CCPA, and other applicable privacy laws.
We collect information in several ways: data you provide directly, data collected automatically as you use our services, and data we receive from third parties.
We use the data we collect for the following purposes, each grounded in a lawful basis under GDPR:
We process your account and Customer Content data to create and maintain your account, execute your workflows, provide API access, deliver support, and send transactional emails such as invoices, password resets, and service notifications.
We analyse aggregated usage patterns and performance metrics to improve the reliability, performance, and feature set of the Service. This data is anonymised before analysis wherever possible and never linked back to individual users without necessity.
With your consent (or under legitimate interests where permitted), we may send you product updates, newsletters, and promotional communications. You can opt out at any time via the unsubscribe link in any marketing email or from your account notification settings. Opting out of marketing emails does not affect transactional emails.
We may process your data where required by applicable law, including to comply with tax obligations, respond to lawful requests from government authorities, or enforce our Terms of Service.
We monitor for suspicious activity, abuse, and security threats to protect the integrity of the Service and the safety of all users.
We do not sell your personal data. We share data only in the following limited circumstances:
We engage trusted third-party service providers who process data on our behalf under strict data processing agreements. These include:
All service providers are contractually required to use your data only to provide services to Vexlora and to maintain confidentiality and security standards equivalent to our own.
We may disclose your information if required to do so by law, court order, or governmental authority, or if we believe in good faith that such disclosure is necessary to protect the rights, property, or safety of Vexlora, our users, or the public.
In the event of a merger, acquisition, or sale of all or substantially all of our assets, your data may be transferred to the acquiring entity. We will provide notice before your data is transferred and becomes subject to a different privacy policy.
We may share your data with third parties where you have provided your explicit consent to do so, such as when you authorise a third-party integration via OAuth.
We use cookies and similar technologies (such as local storage and pixel tags) on our website and within the Service. These can be categorised as follows:
These cookies are essential for the Service to function and cannot be disabled. They include session authentication tokens, CSRF protection tokens, and load-balancing cookies. No personal data is stored in these cookies beyond what is necessary for security and authentication.
With your consent, we use analytics tools to understand how visitors interact with our website. We use a privacy-first analytics stack and, where possible, process analytics data entirely in aggregate without storing individual user journeys. You can opt out of analytics cookies via our cookie consent banner or browser settings.
These cookies remember your settings and preferences (such as language, theme, and notification preferences) to provide a personalised experience. Disabling them may affect functionality.
You can control cookies through your browser settings. Most browsers allow you to refuse new cookies, delete existing cookies, or receive a warning before a cookie is stored. Note that disabling cookies may affect your ability to use certain features of the Service. For more detail, visit our full Cookie Policy (linked in the footer).
We implement industry-standard technical and organisational security measures to protect your personal data from unauthorised access, disclosure, alteration, and destruction. Key measures include:
Despite these measures, no system is entirely immune to security incidents. In the event of a data breach that is likely to result in risk to your rights and freedoms, we will notify you within 72 hours of becoming aware of the breach, as required by GDPR Article 33.
We retain personal data only as long as necessary to fulfil the purposes described in this policy and to comply with our legal obligations.
While your account is active, we retain all account data, Customer Content, and usage logs. You can delete specific Customer Content at any time from within the platform.
When you delete your account, we begin a 30-day deletion window during which your data remains recoverable in case of accidental deletion. After 30 days, all personal data and Customer Content is permanently deleted from our systems and backups. Some data may be retained for up to 7 years where required for tax, accounting, or legal compliance purposes, but only in a minimised, anonymised form wherever possible.
Database backups are retained for 90 days and are subject to the same encryption and access controls as live data. Backup data is automatically purged on a rolling basis.
Depending on your location, you may have the following rights regarding your personal data. We honour these rights regardless of your jurisdiction as a matter of principle.
To exercise any of these rights, please submit a request to privacy@vexlora.com or use the data export and deletion tools available in your account settings. We will respond within 30 days (or within the timeframe required by applicable law). We may need to verify your identity before processing certain requests.
If you are an EEA resident and believe we have not adequately addressed your privacy concern, you have the right to lodge a complaint with your local Data Protection Authority (DPA).
If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:
We are committed to resolving privacy concerns promptly and transparently. If you are not satisfied with our response, you may escalate your complaint to the relevant supervisory authority in your jurisdiction.