Privacy Policy

Last updated: May 22, 2026

This Privacy Policy explains how Nixflex Enterprises LLC, a United States limited liability company with operations in the United Kingdom ("Nixflex", "we", "us", "our"), collects, uses, and protects information when you use our voice AI platform at nixflex.com, dashboard.nixflex.com, and api.nixflex.com (the "Service").

1. Our role: processor and controller

Nixflex operates a technology platform that enables developers and businesses ("Customers", "you") to build AI voice agents that handle phone calls.

We act as a data controller for information we collect directly from Customers when they sign up for and use the Service (account details, billing, support communications).

We act as a data processor for information that Customers' AI agents collect or process during phone calls (call audio, transcripts, recordings, caller information). The Customer is the data controller for this information and is responsible for the lawful basis, consent, and disclosures required for processing it.

2. Information we collect

Customer account data

Name and email address provided at signup
Encrypted authentication credentials and session tokens
Billing details (processed by our payment provider — we do not store full card numbers)
API keys you generate and your account preferences

Service usage data

Agent configurations (system prompts, voice selections, languages, webhooks)
Phone numbers you connect to the Service
API request logs, error logs, and usage metrics
Login times and IP addresses (for security and fraud prevention)

Call data (processed on behalf of Customers)

Real-time call audio (transcribed and then discarded — not stored)
Call transcripts (text of what was said during calls)
Call recordings (audio files, only if recording is enabled by the Customer)
Caller phone numbers and call metadata (duration, timestamps, outcome)
AI-generated post-call analysis (summaries, sentiment, extracted data)

3. How we use information

We use the data we collect to:

Provide, operate, and improve the Service
Process payments and manage billing
Send transactional emails (account confirmations, password resets, billing notifications)
Detect, prevent, and respond to fraud, abuse, security incidents, or violations of our Terms
Comply with legal obligations and respond to lawful requests from authorities

We may use aggregated and de-identified data derived from Service usage to operate and improve the Service. Such data cannot reasonably be used to identify any individual.

We do not sell your personal data. We do not use Customer call content, transcripts, or recordings to train AI models.

4. Third-party providers

To provide the Service, we rely on a small number of third-party providers in the following categories:

Speech-to-text transcription
AI language model
Text-to-speech synthesis
Telephony infrastructure (Customers connect their own account)
Database, authentication, and storage (EU-based)
Application and website hosting (EU-based)
Payment processing
Transactional email delivery
DNS and traffic protection

Each provider operates under its own privacy policy and a written data processing agreement with us. We require all providers to handle data securely and use it only as instructed. A detailed list of current providers is available on request to support@nixflex.com.

5. Data storage and security

Customer data and call data are stored primarily in EU-based data centres. Data is encrypted in transit (TLS 1.2+) and at rest.

Where any personal data is transferred outside the EU/EEA or UK (for example, when working with US-based AI providers), we rely on Standard Contractual Clauses or equivalent legal mechanisms to safeguard your data.

Our security measures include row-level database security, encrypted backups, scoped API keys, audit logging, and regular security reviews. No system is completely secure. If a personal data breach affects your data, we will notify you and the applicable supervisory authority as required by law.

6. Data retention

We retain data only for as long as necessary:

Customer account data: retained while your account is active, then deleted within 30 days of account closure
Call data (transcripts, recordings, summaries, sentiment, extracted data): automatically deleted 90 days after the call ends. Customers may delete call data sooner at any time from Settings → Danger Zone
Billing records: retained for 7 years to comply with tax and accounting laws
Security and audit logs: retained for 12 months
Aggregated, de-identified data: may be retained indefinitely

7. Your rights (UK GDPR, EU GDPR, CCPA, GCC data protection laws)

Depending on your location, you have rights under one or more of: UK GDPR, EU GDPR, California Consumer Privacy Act (CCPA), Saudi Arabia PDPL, UAE Federal Decree-Law No. 45 of 2021, Qatar Law No. 13 of 2016, Kuwait PDPL 2021, or equivalent data protection laws.

These rights typically include:

The right to access personal data we hold about you
The right to correct inaccurate or incomplete data
The right to delete your data ("right to be forgotten")
The right to export your data in a portable format
The right to object to or restrict certain processing
The right to withdraw consent where processing relies on consent
The right to lodge a complaint with your local data protection authority (such as the ICO in the UK)

To exercise any of these rights, email support@nixflex.com. We will respond within 30 days. We may need to verify your identity before fulfilling certain requests.

8. Customer responsibilities

Nixflex gives Customers full control over how their AI agents behave through the prompts and configurations they create. Customers are solely responsible for the content and conduct of their agents and for ensuring lawful use of the Service.

This includes, where applicable:

Obtaining valid prior consent from end-users where required
Disclosing that calls involve AI in a clear and distinguishable manner at the start of the call (required under the EU AI Act Article 50 from 2 August 2026, and recommended best practice in the UK, US, and GCC)
Notifying parties that calls may be recorded where required by local law
Screening outbound numbers against do-not-call registers (TPS/CTPS in the UK, the US National Do Not Call Registry, equivalents in the EU and GCC)
Complying with PECR (UK), TCPA (US federal), state laws including California SB 942 and Florida's Voice AI Protection Act, the EU ePrivacy Directive, GDPR, GCC data protection laws, and equivalent regulations
Maintaining auditable records of consent and disclosure for end-users
Providing an appropriate privacy notice to end-users

We do not monitor the content of Customer calls. However, if we become aware that an account is being used for illegal purposes, fraud, abuse, or in violation of our Terms, we may suspend or terminate that account without notice.

9. Cookies

We use only essential cookies to operate the Service:

Authentication cookies (to keep you logged in)
Preference cookies (to remember your dashboard settings)
Security cookies (for fraud and abuse prevention)

We do not use advertising cookies, behavioural tracking cookies, or sell browsing data to third parties.

10. Children

The Service is not directed at and is not intended for use by anyone under 18 years of age. We do not knowingly collect personal data from minors. If you believe a minor has provided us with data, contact us and we will delete it promptly.

11. Changes to this Policy

We may update this Privacy Policy from time to time. Material changes will be notified by email to the address associated with your account, or by a prominent notice in the dashboard, at least 14 days before they take effect. The "Last updated" date at the top reflects the most recent revision.

12. Contact us

For privacy questions, data subject requests, or to exercise any rights described above, email support@nixflex.com.

Nixflex Enterprises LLC
A United States limited liability company
Primary operations: United Kingdom
Contact: support@nixflex.com