AIXNEX
AIXNEX
Next-Gen AI
Contact
Legal

Privacy Policy

AIXNEX is a service of Goldbaz Studio (Dubai, UAE). This policy explains what personal data we collect, why we collect it, who we share it with, and the rights you have over it — wherever in the world you live.

Last updated · 2026-05-07

1. Who we are

AIXNEX (the “Service”) is operated by Goldbaz Studio, a company registered in the United Arab Emirates. References to “we”, “us”, “our”, or “AIXNEX” in this policy mean Goldbaz Studio acting as the data controller for personal data processed through the Service.

For privacy matters: privacy@aixnex.com. For general support: hello@aixnex.com.

2. Data we collect

Account data

When you sign up we receive your name, email address, profile photo (if you use a social-login option), and an internal user identifier. We never see or store your password — authentication is delegated to a specialised identity provider.

Content you upload or generate

Product photos, reference images, videos, brand briefs, prompts, and any other material you supply or that AIXNEX generates on your behalf. This content is stored in encrypted cloud object storage tied to your account's gallery.

Billing data

When you subscribe or buy a credit pack we receive an order identifier from our payment processor. We do not see or store your full card number or CVV — those stay with the processor.

Lead-form data

If you apply for a Free Hero Campaign or send a message via the Contact form, we receive the fields you fill in (name, brand, WhatsApp, email, message, etc.) plus the IP address you submit from (for rate-limit and abuse prevention).

Usage and device data

Standard server logs (IP address, user-agent, timestamps, pages visited, generation actions performed) and a session cookie that keeps you signed in. Used for security, fraud prevention, debugging, and platform reliability.

3. Why we use it (legal basis)

  • Performance of contract — to deliver the renders, store your gallery, and process your subscription.
  • Legitimate interest — to keep the platform secure, prevent abuse, monitor performance, and improve quality.
  • Consent — for non-essential cookies, marketing emails, and any feature that explicitly asks you to opt in.
  • Legal obligation — to comply with tax, accounting, anti-money-laundering, and lawful requests from authorities.
We never sell your personal data. We never use your uploaded images or generated outputs to train our or any third party's AI models without your explicit consent.

4. Categories of processors we share data with

To run the Service we share limited, purpose-bound categories of data with a small number of carefully selected third-party processors. Each is contractually obliged to handle your data confidentially, only for the stated purpose, with appropriate technical and organisational safeguards.

  • Cloud infrastructure provider — hosting, database, file storage, identity, and the secure compute environment that runs the Service.
  • AI generation platforms — the models that produce your images, videos, and 3D meshes. We send the inputs you provide (e.g. product reference, prompt, resolution) and receive the generated output.
  • Payment processors — to settle subscriptions and credit packs in AED for the GCC and in other supported currencies internationally. Card details are entered directly with the processor; we never see them.
  • Internal tooling and review — specialist providers that power our copy-generation utilities and our automated pre-deployment code review.

We do not publish the named list of these processors on our public site for competitive reasons. The current named list, the categories of data shared with each, and a copy of the data-processing agreement we have signed with them is available to data subjects, regulators, and enterprise customers on request at privacy@aixnex.com.

5. International transfers

AIXNEX is operated from the UAE; some of our processors are located outside your country of residence. When you are located in the EU/EEA, UK, or another jurisdiction with cross-border transfer rules, transfers rely on the European Commission's Standard Contractual Clauses (SCCs) and equivalent transfer mechanisms agreed with each processor, supplemented by encryption in transit (TLS) and encryption at rest in our object storage layer.

6. How long we keep it

  • Account data — for as long as your account is active, plus 90 days after deletion for fraud-prevention and accounting purposes.
  • Generated media — non-saved outputs default to 30 days in our temporary bucket; saved gallery items stay until you delete them or your account closes.
  • Billing records — minimum 5 years to comply with UAE tax and bookkeeping rules; longer where local law requires.
  • Lead-form submissions — up to 24 months from submission, then archived or deleted.
  • Server logs — typically 30 days, up to 12 months for security investigations.

7. Your rights

Wherever you live, you have the right to ask us what personal data we hold about you and to have it corrected if it's wrong. The rights below come from your local law, but we apply them globally — you don't need to be in the EU or California to use them.

If you are in the EU, UK, or EEA (GDPR / UK GDPR)

  • Right of access and a copy of your data
  • Right to rectification of inaccurate data
  • Right to erasure (right to be forgotten), subject to legal retention
  • Right to restrict or object to processing
  • Right to data portability in a machine-readable format
  • Right to withdraw consent at any time without affecting prior lawful processing
  • Right to lodge a complaint with your local supervisory authority

If you are in California (CCPA / CPRA)

  • Right to know what personal information we collect, use, disclose, and sell or share
  • Right to delete your personal information, subject to listed exceptions
  • Right to correct inaccurate personal information
  • Right to limit the use of sensitive personal information
  • Right to opt out of sale or sharing — note: we do not sell or share personal information for cross-context behavioral advertising
  • Right to non-discrimination for exercising any of the above

If you are in the UAE or Saudi Arabia (PDPL)

  • Right to be informed of processing purposes and recipients
  • Right to access, correct, update, or delete your personal data
  • Right to restrict or object to processing
  • Right to withdraw consent
  • Right to lodge a complaint with the UAE Data Office or the Saudi SDAIA, as applicable

To exercise any of these rights, email privacy@aixnex.com from the email address on your account. We respond within 30 days (or sooner where local law requires).

8. Children

AIXNEX is not intended for anyone under 18. We do not knowingly collect data from minors. If you believe a child has signed up, contact us and we will delete the account.

9. Cookies

We use a minimal set of cookies to keep you signed in and remember your preferences. See our Cookie Policy for the full list and how to control them.

10. Security

We protect your data with TLS 1.2+ in transit, AES-256 encryption at rest in our cloud object storage layer, hardened database-level access rules, role-based access for staff, and audit logging on every administrative action. To report a vulnerability, see our Security Policy.

11. Changes to this policy

When we make material changes we'll update the “Last updated” date and, where required by law, email account holders before the change takes effect.

12. Contact

Goldbaz Studio · Dubai, United Arab Emirates
Privacy enquiries: privacy@aixnex.com
General contact: hello@aixnex.com

Questions about this page? Contact our team.

← Back to AIXNEX