NoxyAI Comprehensive Privacy Policy

Welcome to NoxyAI. We prioritize your privacy, security, and digital sovereignty. This document is a detailed, 30-point Privacy Policy designed to transparently explain exactly how we collect, store, protect, and utilize your data. By using NoxyAI.com or dev.noxyai.com, you agree to the practices described in this policy.

PART I: INTRODUCTION AND SCOPE

1. Introduction to NoxyAI

NoxyAI ("we," "our," or "us") is an advanced artificial intelligence platform designed to assist users through natural language interactions and provide API integrations for developers. This Privacy Policy outlines our commitment to protecting the personal information of our users ("you," "your").

2. Scope of this Policy

This policy covers two main digital properties:

• noxyai.com: Our consumer-facing AI chat interface.
• dev.noxyai.com: Our developer-facing API platform.

The data practices differ significantly between these two platforms, and this document details the specific protocols for both.

3. Agreement to Terms

By accessing NoxyAI, setting up an account, or integrating our APIs, you acknowledge that you have read, understood, and agreed to the detailed data collection and encryption practices outlined below.

PART II: DATA COLLECTION AND AUTHENTICATION

4. What Information We Collect

We believe in data minimization. We only collect the absolute minimum data required to provide you with a seamless and functional AI experience. This includes account credentials, communication preferences, and explicit user inputs.

5. Third-Party Authentication (Google & Microsoft)

To make logging in secure and convenient, we use third-party Single Sign-On (SSO) services, specifically Google Auth and Microsoft Auth.

• What we access: We explicitly restrict our access requests to only three pieces of information: your profile picture, your email address, and your username.
• What we do NOT access: We do not read your emails, view your contacts, check your calendars, or access any other personal data linked to your Google or Microsoft accounts.

6. Chat Data on NoxyAI.com

When you use noxyai.com, we collect and store the text of your conversations with our AI. The sole reason we store this chat history is for your convenience—so you can easily navigate back to previous sessions, pick up where you left off, and review your historical interactions with the AI.

7. Developer API Data (dev.noxyai.com) - Zero Storage Policy

Our developer platform (dev.noxyai.com) operates strictly differently from our consumer platform.

• When you use our API, you send a prompt, and we return the AI's response.
• We do NOT store anything here. We do not log the API prompts, the AI responses, or any user metadata passed through the API endpoint. The data simply passes through our secure servers momentarily to generate the response and is instantly discarded.

8. Payment Information (PayPal and PayU)

To process subscriptions and API billing, we partner with industry-leading payment gateways: PayPal and PayU (including PayU.in for Indian users).

Zero Payment Data Storage: NoxyAI does not collect, process, or store your credit card numbers, bank details, or direct financial information on our servers. All payment processing is securely handled entirely by PayPal and PayU.

PART III: DATA STORAGE, INFRASTRUCTURE, AND SECURITY

9. End-to-End Encryption (E2EE) for Chats

While we store your chat history on noxyai.com so you can access it, your chats are End-to-End Encrypted (E2EE). This means the data is encrypted on your device before it is sent to our servers, and it can only be decrypted by your account credentials. Because of this cryptographic architecture, no one—not even NoxyAI engineers, server administrators, or third parties—can read your chats without your explicit account access.

10. Trusted Infrastructure Partner: Supabase

To manage our database, we rely on Supabase, a highly trusted, secure, and globally recognized backend-as-a-service provider. Supabase helps us maintain the integrity and encryption standards required to keep your E2EE chats safe.

11. Server Locations (Vercel & Supabase in California, USA)

Currently, our primary hosting is provided by Vercel, and our Supabase database servers are located in secure data centers in California, USA.

Future Flexibility: We reserve the right to migrate or expand our database locations to other global data centers in the future to improve latency, comply with regional data localization laws, or enhance server redundancy.

12. Account Security and Two-Factor Authentication (2FA)

Because your chats are end-to-end encrypted, protecting your account login is paramount. We strongly encourage, and provide the ability for, all users to enable Two-Factor Authentication (2FA) on their accounts. With 2FA enabled, even if someone obtains your password, they cannot access your account or decrypt your chats.

13. Strict No-Sale Policy

We want to be unequivocally clear: We do not sell your personal data. We do not sell your email, your profile information, your API usage statistics, or your chat histories to advertisers, data brokers, or any third-party entities.

PART IV: AI TRAINING AND USER CONSENT

14. The Opt-In Rule for AI Training

By default, your private, encrypted chats are NEVER used to train our AI models. However, if you wish to help us improve NoxyAI, you can explicitly grant us permission to use your data for AI training.

You must actively toggle this permission. You can find this toggle at noxyai.com/profile.

15. How AI Training Works (If You Opt-In)

If you toggle the "Allow Training Data" option, here is exactly how your data is used:

• Anonymization: First, your data is stripped of personally identifiable markers (like names, emails, or specific account IDs).
• Tokenization: The text is broken down into "tokens" (fragments of words).
• Pattern Recognition: The AI neural network processes these tokens to learn grammar, logic, coding syntax, and natural conversational flow.
• Weight Adjustment: The AI adjusts its mathematical "weights" based on the patterns it observes. It does not memorize your exact sentences like a tape recorder; rather, it learns the abstract relationships between concepts to generate better, more accurate responses for everyone in the future.

16. Reversing Your Training Consent

You retain absolute control over your data. If you opt-in to AI training and later change your mind, you can simply switch the toggle off at noxyai.com/profile. Once disabled, any future chats will be immediately excluded from our training pipelines.

PART V: COMMUNICATION AND MARKETING

17. Email Communications

We use the email address provided during your Google or Microsoft login solely to communicate with you regarding NoxyAI. This includes important security alerts, platform updates, billing receipts, and feature announcements.

18. Unsubscribing from Emails

We respect your inbox. You will never receive spam from third parties because of us. If you no longer wish to receive promotional or update emails from NoxyAI, you can easily remove yourself from our mailing list by visiting noxyai.com/unsubscribe or clicking the unsubscribe link at the bottom of our emails. (Note: Critical account and security notices cannot be opted out of).

PART VI: USER RIGHTS AND DATA DELETION

19. Total Control Over Your Chat History

Because your chats belong to you, you have full administrative rights over them. Within your dashboard on noxyai.com, you can delete individual chats, clear specific conversations, or wipe out your entire chat history with a single click. Once deleted, this encrypted data is permanently purged from our Supabase database.

20. Complete Account Deletion

If you wish to stop using NoxyAI entirely, you can delete your account from the settings menu. Doing so will:

• Immediately wipe out all your chats from our database.
• Delete your user profile, username, and authentication link.
• Revoke all our access to your 3rd-party auth providers.

21. Revoking Third-Party Access

In addition to deleting your NoxyAI account, you can also manage our access directly through your Google or Microsoft security dashboards by revoking NoxyAI's permission to view your basic profile data.

PART VII: AGE RESTRICTIONS AND MINOR POLICY

22. Strict 18+ Age Requirement

NoxyAI is designed for adults. You must be at least 18 years old to create an account, use noxyai.com, or access our developer APIs at dev.noxyai.com. Alternatively, you must have reached the legal age of majority in your specific country of residence if it is higher than 18.

23. Zero Retention of Minor Data

We do not knowingly collect, store, or process any data from individuals under the age of 18. If we discover or are informed that an account belongs to a minor, we will immediately and permanently wipe out that account and all associated data from our servers.

PART VIII: LEGAL COMPLIANCE AND JURISDICTION

24. Compliance with Indian Government Laws

While our servers are currently located in California, NoxyAI operates in strict compliance with the laws of the Government of India. This includes adherence to the Information Technology Act, 2000, and the Digital Personal Data Protection (DPDP) Act, ensuring lawful processing, data minimization, and the protection of digital rights for our users.

25. International Data Transfers

Because NoxyAI is a global service compliant with Indian law but hosted in the USA, your minimal profile data and encrypted chats are transferred internationally. By using our service, you consent to this secure, encrypted cross-border data transfer.

26. Law Enforcement and Subpoenas

We cooperate with valid, legally binding requests from law enforcement agencies. However, because chats on noxyai.com are End-to-End Encrypted (E2EE) and we do not store chat data on dev.noxyai.com, we are technically incapable of handing over readable chat logs to authorities. We can only provide encrypted ciphertext and basic account metadata.

27. Global Privacy Regulations (GDPR & CCPA)

Although we strictly follow Indian jurisdiction, our data practices (E2EE, instant deletion, zero-sale policy, and strict opt-in training) align with the highest global privacy standards, including the European GDPR and California CCPA, granting all global users the right to access, rectify, and erase their data.

PART IX: TECHNICAL LIMITATIONS AND LIABILITY

28. AI Hallucinations and Liability

Artificial Intelligence is a probabilistic technology. While we strive for accuracy, NoxyAI may generate incorrect, biased, or nonsensical information. NoxyAI is not liable for business losses, damages, or personal consequences resulting from reliance on the AI's outputs, whether generated via noxyai.com or dev.noxyai.com.

29. Third-Party Links

During a chat, the AI may generate or suggest URLs leading to third-party websites. NoxyAI does not govern these external sites, and this Privacy Policy does not apply to them. We urge you to review the privacy policies of any third-party links you click.

PART X: CONTACT INFORMATION

30. Reaching the NoxyAI Privacy Team

We believe privacy policies should be active conversations, not just static documents. If you have any questions, concerns, or requests regarding your data, encryption methods, or this 30-point policy, please reach out to our support and legal compliance team.

Thank you for trusting NoxyAI. We are committed to keeping your thoughts, code, and conversations entirely your own.