Privacy Policy

Effective as of May 6, 2026

Your Privacy Matters

At Essentyx, we believe privacy is fundamental. This Privacy Policy explains how Mindwave IT Services - FZCO ("we," "us," or "our") collects, uses, shares and protects information when you use our AI-powered text neutralization service ("Essentyx" or "the Service"), including our browser extension, web dashboard and related features accessible at https://essentyx.com.

Who We Are

Essentyx is provided by Mindwave IT Services - FZCO, a company registered in the United Arab Emirates.

Legal address: XXXXXX
Contact: support@essentyx.com

Information We Collect

1. Account Information

• When you sign up via Google OAuth, we receive your name, email address and Google profile picture (if available). We do not access your Google contacts, calendar, or other Google services.
• You may update or disconnect your Google account at any time through your account settings.

2. Text Submissions (User Content)

• You submit text (up to 5,000 characters) for neutralization. This text is processed entirely in-memory and is never stored on our servers after neutralization completes.
• We do not retain copies of your original submissions or neutralized outputs.

3. Analytics Metadata (Pro Plan Only)

• If you use the Pro plan with analytics enabled, we store limited, non-identifying metadata associated with your account:
  • Trigger counts (e.g., "3 emotional language triggers detected")
  • Trigger categories/types (structured classifications like "hyperbole" or "vague quantifier"—never the original text phrases)
  • Clarity scores (numerical ratings)
  • Character counts
• This metadata helps power your analytics dashboard and charts. You may disable analytics at any time via account settings.

4. Usage and Technical Data

• We collect standard log data when you use Essentyx:
  • IP address (used for rate limiting on our public demo endpoint /neutralize-demo)
  • Browser type, operating system and device information
  • Timestamps of neutralization requests
  • Request counts against your plan limits
• This data helps us monitor service health, prevent abuse and enforce plan limits.

5. Billing Information

• If you subscribe to a paid plan, Stripe (our payment processor) collects and stores:
  • Payment method details (credit/debit card or other payment instruments)
  • Billing address
  • Transaction history
• We do not store full payment card numbers or CVV codes on our servers. We receive only limited billing information from Stripe (e.g., last 4 digits of card, subscription status).

6. Cookies and Similar Technologies

• Our website and dashboard use essential cookies for session management and authentication.
• We use Google Analytics to understand aggregate usage patterns (anonymized). You may opt out via browser extensions or our cookie consent banner.

How We Use Information

We use the information we collect to:

• Provide, operate and improve Essentyx's core neutralization service
• Display analytics dashboards and charts for Pro users (using stored metadata only)
• Enforce plan limits (e.g., 2,000/5,000/15,000 requests per month)
• Process payments and manage subscriptions via Stripe
• Respond to your support requests
• Prevent fraud, abuse and security incidents
• Comply with legal obligations (e.g., GDPR data deletion requests)
• Send service-related emails (e.g., subscription renewal notices, security alerts)

We do not:

• Sell your personal data to third parties
• Use your text submissions for advertising or marketing
• Train AI models on your content (see "AI Model Training" section below)

How We Share Information

1. With Service Providers

• OpenRouter: Your text submissions are transmitted to OpenRouter solely to perform neutralization using large language models (currently Qwen models). OpenRouter's data policies apply to this transmission step. We do not control OpenRouter's practices and are not responsible for their handling of your data beyond the inference request.
• Stripe: Processes payments and manages subscriptions. Stripe's privacy policy applies to billing data.
• Google Cloud Platform: Hosts our infrastructure. Google acts as a data processor under our instructions.
• Google Analytics: Collects anonymized usage statistics for our website.

All service providers are contractually obligated to process data only as instructed and maintain appropriate security measures.

2. For Legal Compliance

We may disclose information if required by law, regulation, legal process, or governmental request (e.g., court orders, subpoenas), or to protect our rights, safety, or property.

3. Business Transfers

If we are involved in a merger, acquisition, or sale of assets, user information may be transferred as part of that transaction. We will notify you via email or prominent notice before your data becomes subject to a different privacy policy.

4. With Your Consent

We will not share your personal data beyond the purposes described above without your explicit consent.

AI Model Training and Your Content

Essentyx does not train AI models on your submissions. Your text is sent to OpenRouter solely for inference (neutralization). We do not store it and we do not use it to improve or train any models—ours or third parties'.

OpenRouter's practices: OpenRouter may have its own data retention and usage policies for inference requests. We recommend reviewing OpenRouter's privacy policy for details about their handling of transmitted text. Essentyx is not responsible for OpenRouter's independent data practices beyond our contractual instructions.

Data Retention and Deletion

• Text submissions: Immediately discarded after in-memory processing completes. Never persisted.
• Analytics metadata (Pro users): Retained while your account is active. Deleted upon account deletion.
• Account information: Retained while your account is active. Deleted upon account deletion request.
• Billing data: Retained by Stripe per their policies and applicable financial regulations (typically 7 years). We cannot delete Stripe-held data directly but will instruct Stripe to anonymize your account upon deletion request.
• Inactive accounts: Free accounts inactive for 12+ consecutive months may be automatically deleted.

Your deletion rights. You may request complete account deletion at any time via:

• Dashboard: /account/delete
• Email: support@essentyx.com

Upon deletion:

• All analytics metadata is permanently erased
• Account information is anonymized
• A hashed identifier is retained solely to prevent trial re-registration abuse (not linked to personal data)
• We will instruct Stripe to anonymize billing records associated with your account

Your Privacy Rights

Depending on your location, you may have the following rights:

GDPR (European Economic Area, UK, Switzerland)

• Access: Request a copy of personal data we hold about you via /account/export
• Rectification: Correct inaccurate account information
• Erasure: Request complete account deletion (see above)
• Restriction: Limit processing of your data in certain circumstances
• Portability: Receive your data in a structured, machine-readable format
• Objection: Object to processing based on legitimate interests
• Withdraw consent: Where processing relies on consent

To exercise these rights, email support@essentyx.com. We will respond within 30 days.

CCPA/CPRA (California Residents)

• Right to know: Request categories and specifics of personal information collected
• Right to delete: Request deletion of personal information
• Right to opt-out: We do not "sell" personal information as defined by CCPA, so no opt-out mechanism is required
• Non-discrimination: We will not discriminate against you for exercising CCPA rights

Submit requests via email to support@essentyx.com with subject line "CCPA Request."

Other Jurisdictions

Residents of other regions (e.g., Brazil under LGPD, Canada under PIPEDA) may have similar rights. Contact us to discuss applicable protections.

Data Security

We implement industry-standard security measures to protect your information:

• Encryption: All data transmitted between your browser and our servers uses TLS 1.3+
• Authentication: Google OAuth with token validation; session management via secure, HttpOnly cookies
• Infrastructure: Hosted on Google Cloud Platform with firewall rules, DDoS protection and regular security patching
• Access controls: Employee access to production systems is strictly limited and logged
• No storage of sensitive content: Original text submissions never touch persistent storage

Limitations: No system is 100% secure. We cannot guarantee absolute security of data transmitted over the internet. You are responsible for safeguarding your Google account credentials.

International Data Transfers

Essentyx operates globally. Your data may be transferred to, processed in and stored in countries outside your country of residence—including the United States (for OpenRouter and Stripe services) and UAE (our legal entity).

• EEA/UK users: We rely on Standard Contractual Clauses (SCCs) approved by the European Commission for transfers to non-adequate countries.
• Other regions: We implement appropriate safeguards per local law requirements.

By using Essentyx, you consent to such cross-border transfers.

Children's Privacy

Essentyx is not intended for children under 16. If you reside in the United States, the minimum age is 13. If you are below the applicable minimum age in your jurisdiction, do not use Essentyx.

We do not knowingly collect personal information from children. If we become aware of such collection, we will promptly delete the information. Contact us at support@essentyx.com if you believe a child has provided us with personal data.

Third-Party Links

Our website may contain links to third-party sites (e.g., OpenRouter, Stripe). This Privacy Policy does not apply to those sites. We encourage you to review the privacy policies of any third-party services you interact with.

Changes to This Policy

We may update this Privacy Policy periodically to reflect changes in our practices or legal requirements.

• Material changes (those significantly affecting your rights) will be communicated via email at least 30 days before taking effect.
• Non-material changes (e.g., contact details, feature names) will be posted with an updated "Effective Date" at the top of this page.

Continued use of Essentyx after changes become effective constitutes acceptance. If you disagree with updates, delete your account before the effective date.

Contact Us

Questions about this Privacy Policy or your data? Contact us:

Mindwave IT Services - FZCO
Email: support@essentyx.com
Legal address: XXXXXX

For GDPR-specific inquiries, you may also contact our designated representative in the European Economic Area: [TO BE DETERMINED BY LEGAL COUNSEL]

Last Updated: May 6, 2026