Privacy Policy

Last Updated: 18-03-2026

This Privacy Policy explains how Elyx GmbH ("Elyx", "we", "us") collects, uses, and protects your personal data when you use our platform. We are committed to fully complying with the General Data Protection Regulation (GDPR).

1. Data Controller

The Data Controller responsible for your personal data is: Elyx GmbH in formation, Berlin, Germany Email: privacy@elyx.tech

2. What Data We Collect

We collect the absolute minimum amount of data required to operate the Service:

  • Account Information: Your name, last name, email address, and profile picture.

  • Billing Information: Managed entirely through our payment processor (Stripe). We only keep a reference to your Stripe Customer ID.

  • Project Data: The logic, structures, and data you input into the Elyx canvas to build your applications.

3. How We Use Your Data

  • To provide, maintain, and bill for the Service.

  • To authenticate you into your account securely.

  • We do not use your personal data, project data, or code to train AI models.

  • We do not sell your data to advertisers or data brokers.

4. Data Security and Protection Mechanisms

Your privacy and data security are paramount. To protect your sensitive data and Google user data from unauthorized access, alteration, disclosure, or destruction, we implement the following security mechanisms:

  • Encryption in Transit: All data transferred between your browser, our servers, and third-party APIs (including Google) is encrypted using modern TLS/HTTPS protocols.

  • Encryption at Rest: All personal data, OAuth tokens, and project data stored in our AWS databases are encrypted at rest using industry-standard AES-256 encryption.

  • Strict Access Controls: Elyx staff cannot and will not access your project data, secure credentials, or personal configurations unless you explicitly request us to do so via a verified support ticket.

5. Cookies and Tracking (No Tracking Cookies)

  • No Tracking: We do not use third-party tracking cookies, marketing cookies, or analytics trackers on our core platform.

  • Local Storage: We use local storage in your browser strictly for functional purposes (e.g., remembering your canvas scroll location or UI preferences). This data is linked to a Project ID, contains no personally identifiable information (PII), and never leaves your browser.

6. Third-Party Data Processors

To run Elyx, we rely on trusted infrastructure partners who process data on our behalf. We have Data Processing Agreements (DPAs) in place with them:

  • Amazon Web Services (AWS): All Elyx backend infrastructure, databases, and servers are hosted securely in AWS data centers located in Frankfurt, Germany (eu-central-1).

  • Stripe: Used for secure payment processing and subscription management.

A note on External Integrations: While Elyx allows you to connect to hundreds of third-party tools, we route these connections through our own self-hosted infrastructure. We do not use third-party bridging services (like the hosted Nango cloud) that would process your integration data. Data only flows to a third party when you explicitly configure your project to send it there.

7. Your GDPR Rights (Right to Erasure)

Under the GDPR, you have the right to:

  • Access the personal data we hold about you.

  • Rectify inaccurate or incomplete data.

  • Request Erasure ("Right to be Forgotten"): You can request the complete deletion of your user account, personal data, and all associated project data at any time.

  • Export your data in a portable format.

To exercise any of these rights, please contact us at privacy@elyx.tech.