AIRIX
← Back

Privacy Policy

Last updated: 20 April 2026

1. Who We Are

AIRIX (airix.app) is the data controller responsible for your personal data. AIRIX is operated from the United Kingdom. For any privacy-related enquiries, contact us at support@airix.app.

2. Information We Collect

We collect the following categories of information:

  • Business information— name, website URL, city, and industry, as provided by you during setup.
  • Email address— used for account access, billing communications, and weekly reports.
  • Lead capture data— if you request a free AI visibility report, we collect your email address, business name, and website URL. This data is stored separately from subscriber accounts.
  • Payment information— processed and stored by Stripe. We do not store your card details.
  • Scan data— AI platform responses related to your business, including visibility scores, competitor mentions, and cited sources.
  • Device and usage data— IP address, browser type, operating system, pages visited, referring URLs, and interactions with our site.
  • Advertising data— data collected via Google Tag Manager, Google Ads conversion tracking, the Meta Pixel, and Meta Conversions API, including page views, button clicks, purchase events, lead form submissions, and hashed identifiers (such as email address) used for ad measurement, conversion optimisation, and audience targeting.
  • Product analytics data— interactions, clicks, page views, session recordings, error reports, and performance data collected via PostHog for product improvement and debugging.

3. How We Use Your Information

  • To provide, maintain, and improve the service.
  • To scan AI platforms on your behalf and generate visibility reports.
  • To generate structured data, descriptions, and profile pages for your business.
  • To send weekly scan reports and service communications via email.
  • To send free AI visibility reports requested via our website.
  • To send occasional marketing emails about AI visibility, with your consent. You can unsubscribe at any time.
  • To process payments through Stripe.
  • To submit your public profile URL to search engines for indexing.
  • To measure advertising performance and optimise ad campaigns via Google Ads conversion tracking, Meta Pixel, and Meta Conversions API.
  • To create custom audiences and lookalike audiences for advertising on Google and Meta platforms.
  • To detect fraud, prevent abuse, and maintain security.

4. Legal Basis for Processing (UK GDPR)

Under UK GDPR, we process your personal data on the following legal bases:

  • Contract— processing necessary to provide the service you subscribed to, including scanning AI platforms, generating assets, and sending reports.
  • Consent— for setting non-essential cookies (including Google Tag Manager, Google Ads tracking, and the Meta Pixel), and for marketing communications. You can withdraw consent at any time.
  • Legitimate interest— for fraud prevention, service security, and improving the service, where these interests are not overridden by your rights.

5. Advertising & Analytics

We use the following advertising and analytics technologies:

  • Google Tag Manager & Google Ads— we use Google Tag Manager (GTM) to manage tracking scripts on our website. GTM loads Google Ads conversion tracking tags that measure when visitors complete key actions such as purchases and lead form submissions. This data is shared with Google to measure advertising effectiveness, optimise ad bidding, and build remarketing audiences. Google may combine this data with other information it holds about you. You can manage your Google ad preferences at adssettings.google.com or opt out of personalised ads at optout.aboutads.info.
  • Meta Pixel & Conversions API— we use Meta's tracking technologies to measure the effectiveness of our Facebook and Instagram advertisements, to build custom audiences for ad targeting, and to provide conversion data back to Meta. This involves sharing data such as page views, purchase events, and hashed email addresses with Meta Platforms, Inc. Meta may combine this data with other information it holds about you. You can manage your Meta ad preferences at facebook.com/adpreferences.
  • PostHog— we use PostHog for product analytics, session replay, and error tracking to understand how users interact with the service and to identify and fix issues. PostHog collects interaction data, page views, session recordings (which may capture mouse movements, clicks, and page content), and error reports. PostHog data is stored in the EU (Frankfurt). You can opt out of session recordings and analytics by enabling Do Not Track in your browser. For more information, see PostHog's privacy policy at posthog.com/privacy.

In the UK, non-essential tracking cookies (including Google Ads tracking and the Meta Pixel) are only activated after you provide consent via our cookie notice. You can change your cookie preferences at any time.

To opt out of interest-based advertising more broadly, visit optout.aboutads.info (US) or youronlinechoices.com (UK/EU).

6. Third-Party Services

We share data with the following third-party services as necessary to operate:

  • Stripe— payment processing (USA). Subject to Stripe's Privacy Policy.
  • Google— Google Tag Manager and Google Ads conversion tracking for advertising measurement, bid optimisation, and remarketing (USA). Subject to Google's Privacy Policy.
  • Meta Platforms— advertising measurement and audience targeting (USA). Subject to Meta's Data Policy.
  • Clerk— user authentication, identity management, and session handling (USA). Subject to Clerk's Privacy Policy.
  • Supabase— database hosting (USA).
  • Resend— email delivery for weekly reports and transactional emails (USA).
  • Vercel— web hosting and infrastructure (USA).
  • PostHog— product analytics, session replay, and error tracking (EU/Frankfurt). Subject to PostHog's Privacy Policy.
  • AI platform APIs— we send your business name, industry, and city to AI platforms (OpenAI, Anthropic, Google, Perplexity, Groq, Mistral, DeepSeek) to perform scans. These queries are sent as standard API requests.
  • IndexNow— we submit your public profile URL to search engines (Bing, Yandex, Seznam, Naver) for indexing.

7. International Data Transfers

AIRIX is operated from the United Kingdom. Most of our third-party service providers are based in the United States. PostHog data is stored in the EU (Frankfurt), so no international transfer is required for that processor. When your data is transferred outside the UK, we ensure appropriate safeguards are in place, including the UK International Data Transfer Agreement (UK IDTA), the UK Extension to EU Standard Contractual Clauses, or reliance on adequacy decisions (including the UK-US data bridge where applicable). By using the service, you acknowledge that your data may be processed in the United Kingdom, European Union, United States, and other countries where our service providers operate.

8. Cookies & Tracking Technologies

We use the following categories of cookies:

  • Essential cookies— required for authentication, session management, and security. These cannot be disabled.
  • Analytics cookies— set by PostHog to track product usage, session recordings, and error reports. These help us improve the service.
  • Advertising cookies— set by Google Ads (via Google Tag Manager) and Meta Pixel to measure ad performance, track conversions, and enable retargeting. These are only activated with your consent in jurisdictions that require it.

You can control cookie preferences through our cookie notice, your browser settings, or the opt-out links provided in Section 5. Note that disabling cookies may affect the functionality of the service.

9. Public Information

If you subscribe, a public profile page may be created at airix.app/b/your-business. This page displays your business name, industry, city, AI visibility breakdown, generated profile content, and FAQs. This page is publicly accessible and indexed by search engines. This is a core part of the service designed to improve your AI discoverability.

10. Email Communications

Subscribers receive weekly scan reports via email. You can unsubscribe from these reports at any time using the unsubscribe link in any email. Unsubscribing from reports does not cancel your subscription or affect service functionality.

If you request a free AI visibility report, we may also send you occasional emails about improving your AI visibility. These emails are sent based on the consent you provide when submitting the report request form. You can unsubscribe at any time using the link in any email.

We comply with applicable email marketing laws, including UK PECR, US CAN-SPAM, Canadian CASL, and Australia's Spam Act 2003.

11. Data Retention

We retain your personal data for as long as your subscription is active. After cancellation, we retain your data for up to 12 months for record-keeping, legal compliance, and to allow you to reactivate your account. Scan history and generated assets are retained for the duration of your subscription to provide trend data and historical reporting. Payment records are retained as required by applicable tax and financial regulations. You may request earlier deletion by contacting us (subject to legal retention obligations). Lead capture data (free report requests) is retained for up to 24 months to support marketing communications, unless you unsubscribe or request deletion earlier.

12. Your Rights

United Kingdom (UK GDPR)

If you are in the UK, you have the following rights under the UK General Data Protection Regulation:

  • Right of access — request a copy of your personal data
  • Right to rectification — correct inaccurate or incomplete data
  • Right to erasure — request deletion of your personal data
  • Right to restriction — limit how we process your data
  • Right to data portability — receive your data in a structured, machine-readable format
  • Right to object — object to processing based on legitimate interest or for direct marketing
  • Right to withdraw consent — where processing is based on consent, you may withdraw it at any time

To exercise these rights, contact support@airix.app. We will respond within 30 days. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.

United States (California & Other States)

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA):

  • Right to know — what personal information we collect, use, disclose, and sell or share
  • Right to delete — request deletion of your personal information
  • Right to correct — correct inaccurate personal information
  • Right to opt out of sale or sharing — we share data with Google and Meta for targeted advertising, which may constitute “sharing” under CPRA. You may opt out by contacting us or using the opt-out links in Section 5
  • Right to non-discrimination — we will not discriminate against you for exercising your rights

Residents of Virginia, Colorado, Connecticut, Texas, Oregon, and other states with comprehensive privacy laws have similar rights. Contact support@airix.app to exercise any of these rights. We will respond within 45 days.

Canada (PIPEDA)

If you are in Canada, you have the following rights under the Personal Information Protection and Electronic Documents Act (PIPEDA):

  • Right to access your personal information
  • Right to correct inaccurate information
  • Right to withdraw consent for the collection, use, or disclosure of your personal information
  • Right to challenge compliance by filing a complaint with the Office of the Privacy Commissioner of Canada

Australia (Privacy Act 1988)

If you are in Australia, you have the following rights under the Australian Privacy Principles (APPs):

  • Right to access your personal information
  • Right to request correction of inaccurate information
  • Right to complain about a breach of the APPs

You may lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au.

13. Data Security

We implement reasonable technical and organisational measures to protect your data, including encrypted connections (HTTPS), row-level security on database access, secure API key management, and hashed tokens for authentication links. However, no method of transmission over the internet is 100% secure, and we cannot guarantee absolute security.

14. Children

The service is intended for business use and is not directed at individuals under the age of 16 (or 13 in the United States under COPPA). We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, contact us and we will delete it.

15. Changes

We may update this Privacy Policy from time to time. Material changes will be communicated via the email associated with your account. Continued use of the service after changes constitutes acceptance.

16. Contact

For questions about this Privacy Policy or to exercise your data rights, contact us at support@airix.app.