1. Who we are (Controller)

BK GLOBAL INNOVATIONS LTD (Company No. 15735237) is the controller of personal data processed under this Privacy Policy.

Registered office: 3rd Floor, 86-90 Paul Street, London, England, EC2A 4NE

Privacy contact: info@linxie.ai

2. What this policy covers

This policy explains how we collect, use, share, and retain personal data when you use the Linxie SaaS (the "Service").

3. Personal data we collect

We may collect:

• Account data: email, full name, avatar URL (from Google OAuth).
• LinkedIn data (if you provide it / enable it): LinkedIn URL, username, up to 10 recent posts retrieved via a service provider, and derived analysis of writing style/interests.
• Content data: URLs you provide, your opinions/inputs, generated drafts, editing history, selected titles, final posts and translations, and (if you use voice features) audio/transcripts you submit for transcription.
• Billing data: Stripe customer ID, subscription plan, invoice URLs/PDFs, payment amounts (we do not store full card details).
• Preferences: working language, target language, image prompt templates, image styles.
• Analytics/monitoring: error reports, stack traces, and associated user ID (Sentry).
• Debug logs (only if DEBUG_API is enabled): full request/response logs of API calls stored on our servers.

4. How we use your data (purposes)

We use personal data to:

• provide and operate the Service (account creation, content generation, translations, image generation);
• manage subscriptions and billing;
• provide support and respond to requests;
• secure the Service, prevent fraud/abuse, and troubleshoot issues;
• monitor reliability and improve the Service (e.g. error monitoring);
• comply with legal obligations (e.g. accounting/tax record-keeping).

5. Lawful bases (UK GDPR)

We rely on the following lawful bases depending on the activity:

• Contract: to provide the Service you request (account, generation features, preferences, delivering outputs).
• Legitimate interests: to secure, maintain, and improve the Service (e.g. preventing abuse, debugging, reliability monitoring), balanced against your rights.
• Consent: where we offer optional features that are not strictly necessary, and for certain cookie/device technologies where consent is required.
• Legal obligation: where we must retain or process data to comply with legal requirements (e.g. company record-keeping).

6. Who we share data with (processors / subprocessors)

We use the following service providers to operate the Service:

• Stripe (payments, subscriptions, billing)
• Supabase (database hosting: profiles, posts, credits)
• Vercel (application hosting)
• OpenAI (text generation; transcription where used)
• Anthropic (alternative text generation)
• Perplexity (URL/context analysis)
• Google (Gemini) (image generation where used)
• Apify (LinkedIn post retrieval/scraping where enabled)
• Sentry (error monitoring)
• Google Fonts (web fonts)

We share only what is reasonably necessary for the provider to perform their services.

7. International transfers

Some of our providers may process data outside the UK/EEA. Where international transfers occur, we rely on appropriate safeguards (such as contractual protections) where required under applicable law.

8. Data retention

We keep personal data only as long as necessary for the purposes described in this policy and to meet legal requirements. Typical retention (may vary depending on circumstances):

• Account, preferences, and content: for as long as your account is active, and deleted upon request (subject to backups and legal obligations).
• Error monitoring data: typically 30-90 days.
• Debug logs (if enabled): short-term only (e.g. 7-14 days), then deleted.
• Billing/accounting records: retained as needed for accounting/tax compliance (often up to 6 years for company records).

9. Your rights

Depending on your location, you may have rights to access, correct, delete, restrict, or object to processing of your personal data, and to data portability.

To exercise your rights, email info@linxie.ai. We may ask for verification to protect your account.

You may also have the right to lodge a complaint with the UK data protection authority (the ICO).

10. Cookies and similar technologies

We use cookies and similar technologies for essential functions (such as authentication and session management). These are strictly necessary for the Service to operate.

We do not currently use non-essential cookies for advertising or third-party tracking. If we introduce optional cookies or technologies in the future, we will obtain consent where required.

11. Security

We implement appropriate technical and organisational measures to protect personal data (e.g. access controls, minimisation, and monitoring). However, no system is 100% secure.

12. Children

The Service is not intended for children under 18.

13. Changes

We may update this policy from time to time. We will post the updated version with a new "Last updated" date.