Privacy Policy
Effective Date: February 3, 2026 | Last Updated: February 3, 2026
This Privacy Policy describes how GenXis, Inc. ("Company", "we", "us") collects, uses, and protects your information when you use 50c.ai ("Service").
1. Information We Collect
Account Data
- Email address (for authentication and communications)
- API keys (for tool access control)
- Account preferences and settings
Usage Data
- Tool call logs (timestamp, tool ID, request/response hashes)
- IP addresses (for rate limiting and fraud prevention)
- Session tokens and authentication data
- Credit usage and billing records
Payment Data
- Transaction IDs and amounts (processed by ThriveCart/Stripe)
- We do NOT store credit card numbers or payment instrument details
2. How We Use Your Data
| Purpose | Legal Basis (GDPR) |
|---|---|
| Providing the Service | Contractual necessity |
| Processing payments | Contractual necessity |
| Fraud prevention | Legitimate interest |
| Analytics and improvements | Legitimate interest (opt-out available) |
| Marketing communications | Consent |
3. Data Retention
| Data Type | Retention Period |
|---|---|
| Account data | Until account deletion |
| Tool call logs | 6 months |
| IP addresses | 30 days |
| Payment records | 7 years (tax compliance) |
| Support tickets | 2 years |
4. Third-Party Services
We share data with the following service providers:
| Service | Purpose | Location |
|---|---|---|
| ThriveCart | Payment processing | US/EU |
| Cloudflare | CDN, DDoS protection | Global |
| Turso | Database (usage metrics) | EU (Switzerland) |
| OpenAI / Anthropic | AI model inference | US |
| SiteBehaviour | Analytics | EU |
5. Your Rights (GDPR/CCPA)
You have the right to:
- Access: Request a copy of your personal data
- Rectification: Correct inaccurate data
- Erasure: Delete your account and associated data (except where legally required to retain)
- Portability: Export your data in JSON/CSV format
- Objection: Opt out of analytics and marketing
- Restriction: Limit how we process your data
To exercise these rights, email privacy@50c.ai. We respond within 30 days.
6. International Data Transfers
Data may be transferred between our servers in the US and EU. We use Standard Contractual Clauses (SCCs) approved by the European Commission to protect data transferred outside the EEA.
7. Security
We implement industry-standard security measures:
- AES-256 encryption for data at rest
- TLS 1.3 encryption for data in transit
- Regular security audits and penetration testing
- Access controls and logging
In the event of a data breach affecting your personal information, we will notify you within 72 hours as required by GDPR.
8. Children's Privacy
50c.ai is not intended for users under 16 years of age. We do not knowingly collect personal information from children.
9. California Privacy Rights (CCPA)
California residents have additional rights:
- Right to know what personal information is collected
- Right to delete personal information
- Right to opt-out of the sale of personal information (we do NOT sell your data)
- Right to non-discrimination for exercising privacy rights
10. Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be notified via email or prominent website notice. The "Last Updated" date will be revised accordingly.
11. Contact Us
For privacy-related inquiries:
- Email: privacy@50c.ai
- Data Controller: GenXis, Inc.