Legal

Privacy Policy

Last updated: June 5, 2026

This Privacy Policy describes how Reddlix collects, uses, and protects your personal data in connection with reddlix.io and app.reddlix.io.

1. Controller

Reddlix is the data controller for personal data processed through reddlix.io and app.reddlix.io. Reddlix is registered in Estonia, European Union. Contact: info@reddlix.io

2. Data We Collect

Account data: Email address, authentication method (email/password or third-party OAuth such as Google), subscription plan, and subscription status. Payment identifiers assigned by our payment processor (no card numbers or payment credentials are stored by Reddlix). Brand profile: Brand name, website URL, business sector, target customer description, geographic market, and declared competitor names. Entered voluntarily by you. Scan and analysis data: Prompts you configure or generate, responses received from third-party AI models when scans are executed, computed scores and metrics, and recommended actions. Stored per analysis run. Usage data: Which tool was used, timestamp, and your user ID. Used exclusively to enforce plan limits and daily quotas. Not deleted when you reset a tool. Contact and newsletter data: Name and email when you contact us directly, and email address when you subscribe to our newsletter via reddlix.io. Landing site behavioral data: Interaction data (mouse movements, clicks, scroll depth, session recordings) collected by analytics and session recording tools active on reddlix.io. See Section 7.

3. How We Use Your Data

We process your data for the following purposes: - To create and manage your account. - To deliver and operate the platform and its features. - To process payments and manage your subscription. - To enforce plan limits and usage quotas. - To respond to support requests and inquiries. - To send you the newsletter you subscribed to (you may unsubscribe at any time). - To detect and prevent fraud, abuse, and unauthorized access. - To improve the platform based on usage patterns. We do not sell your data to third parties. We do not use your data for advertising.

4. Legal Basis for Processing (GDPR)

We process your personal data on the following legal bases: Performance of contract: Account management, service delivery, billing, and quota enforcement. Necessary to provide the services you have requested. Legitimate interest: Fraud prevention, platform security, and aggregate usage analysis to improve the service. Our interests do not override your fundamental rights. Consent: Newsletter subscription and session recording / analytics tools on reddlix.io. You may withdraw consent at any time (see Section 9). Legal obligation: Where required by Estonian or European Union law, including financial record-keeping.

5. Data Processors and Recipients

To deliver our services, we share data with third-party service providers acting as data processors under appropriate agreements. Categories of processors we use: Cloud database and authentication provider: Stores all account data, brand profiles, scan results, and usage events. Access controls ensure each user can only access their own data. Payment processor: Handles subscription billing. Receives your email address and subscription details. Manages payment card data directly and is PCI-DSS compliant. Reddlix does not receive or store your card details. Third-party AI model providers: When you run a scan, prompts are sent to external AI models via a routing service. These providers receive the prompt text and brand context (brand name, sector, market). They do not receive your email address, password, or payment data. AI services for product functionality: Used for in-app help responses and site analysis within the Technical Audit feature. Receive only the data necessary for the specific function (chat messages, or the public URL being audited). Content delivery networks: Used for serving static UI assets. Do not process user-generated data. Analytics and session recording tools: Active on reddlix.io (not on app.reddlix.io). Record visitor interactions for UX analysis. See Section 7. No other parties receive your personal data. An up-to-date list of our active processors is available upon request at info@reddlix.io.

6. International Data Transfers

Some of the processors described in Section 5 are located outside the European Economic Area, including in the United States. Data transfers to these processors are conducted under the EU-US Data Privacy Framework and/or Standard Contractual Clauses (SCCs) as applicable, providing an adequate level of data protection. By using our services, you acknowledge that these transfers are necessary for us to deliver the services.

7. Cookies and Tracking

Functional cookies: Reddlix uses HttpOnly, secure session cookies to manage your authenticated session on app.reddlix.io. These are strictly necessary and cannot be disabled without breaking authentication. Analytics and session recording (reddlix.io only): We use session recording and analytics tools on reddlix.io to understand how visitors interact with the site. These tools may place cookies and collect behavioral data. This tracking is not active on app.reddlix.io. You may opt out by adjusting your browser cookie settings or by contacting us at info@reddlix.io. We do not use advertising, retargeting, or third-party behavioral profiling cookies.

8. Data Retention

Account data: Retained until you close your account. Brand profile and scan data: Retained until you delete it using the reset feature within each tool, or until you close your account. Usage events: Retained for the duration necessary to enforce plan quotas. Not deleted by individual tool resets. Payment records: Retained for a minimum of 7 years as required by Estonian accounting and tax law. Newsletter subscriptions: Retained until you unsubscribe or request deletion. Account deletion: Upon account closure, your personal data is deleted within 30 days, except for records that must be retained to comply with legal obligations. You may request immediate deletion at info@reddlix.io.

9. Your Rights

Under the GDPR, you have the following rights regarding your personal data: - Access: Request a copy of the personal data we hold about you. - Rectification: Request correction of inaccurate or incomplete data. - Erasure: Request deletion of your personal data ("right to be forgotten"). - Restriction: Request that we limit how we process your data in certain circumstances. - Objection: Object to processing based on legitimate interest. - Portability: Receive your data in a structured, machine-readable format. - Withdraw consent: For processing based on consent (newsletter, analytics), you may withdraw at any time without affecting the lawfulness of prior processing. To exercise any of these rights, email info@reddlix.io. We will respond within 30 days. You also have the right to lodge a complaint with the Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon, aki.ee) or with the supervisory authority in your EU member state.

10. Security

We implement the following technical and organizational measures to protect your data: - Data access controls: each user can only read and write their own records. - HTTPS-only access across all domains. - HttpOnly and Secure flags on all session cookies. - Passwords are hashed by our authentication provider. Plaintext passwords are never stored. - Third-party integrations (such as AI assistant connections) provide read-only access to your data and cannot modify any records. No method of internet transmission is 100% secure. Contact info@reddlix.io immediately if you believe your account or data has been compromised.

11. Children

Our services are intended for business use only. We do not knowingly collect personal data from anyone under 18 years of age. If you believe we have inadvertently collected data from a minor, contact info@reddlix.io and we will delete it promptly.

12. Changes to This Policy

We reserve the right to update this Privacy Policy at any time without prior notice. The "Last updated" date at the top of this page reflects the most recent revision. Continued use of the services after changes constitutes your acceptance of the updated policy.

13. Contact

For questions, requests, or concerns regarding this Privacy Policy or your personal data: Email: info@reddlix.io We will respond within 30 days. Supervisory authority: Andmekaitse Inspektsioon (aki.ee), Tallinn, Estonia.

Questions about this policy?

Contact us and we will respond within 30 days.

info@reddlix.io