Legal
Privacy Policy
Last updated: May 31, 2026
1. Introduction
Calux, Inc. ("Calux," "we," "our," or "us") operates an AI-powered SEO and Answer Engine Optimization (AEO) platform that helps businesses grow their organic and AI search presence. This Privacy Policy describes how we collect, use, and protect information when you use our website at calux.io and our subscription services (collectively, the "Services").
By using the Services you agree to the practices described in this policy. If you do not agree, please discontinue use of the Services.
2. Information We Collect
Account information
When you sign up or are invited by an admin, we collect your name, email address, company name, and website URL. This information is necessary to create your account and deliver the Services.
Billing information
Subscription payments are processed by Stripe, Inc. Calux never receives or stores your full credit card number. Stripe provides us with a tokenized reference to your payment method and basic billing details (last four digits, card type, expiry). Stripe's own privacy policy governs how they handle your payment data.
Integration credentials
To provide the Services, we store the following credentials on your behalf, all encrypted at rest:
- Google Search Console OAuth tokens
- Google Business Profile OAuth tokens
- WordPress site URL and shared plugin secret
These credentials are used exclusively to perform SEO and AEO work on behalf of your business. They are never shared with third parties for any other purpose.
Usage and log data
Our hosting infrastructure (Vercel, Railway) automatically collects standard server logs including IP addresses, browser type, pages visited, and timestamps. This data is used solely for security monitoring and troubleshooting.
3. How We Use Your Information
- Deliver and operate the Services, including running AI agents on your behalf
- Generate SEO audits, keyword plans, articles, and reports for your business
- Send transactional notifications (e.g. new content ready for review) via email
- Respond to support inquiries and communicate service updates
- Detect and prevent fraud, abuse, or unauthorized access
- Improve the platform based on aggregated, anonymized usage patterns
We do not sell your personal information to third parties. We do not use your data for advertising targeting.
4. Third-Party Services
We share data with the following sub-processors as necessary to deliver the Services. Each is bound by their own privacy and security obligations.
| Provider | Purpose |
|---|---|
| Supabase | Authentication, database, and file storage |
| Stripe | Payment processing |
| Anthropic | AI content generation (articles, audits, reports) |
| Semrush | Keyword research, site audits, authority metrics |
| Google (GSC / GBP APIs) | Search Console data and Google Business Profile management |
| Firecrawl | Website crawling for technical SEO audits |
| ForumScout | Forum and social question mining (Growth plan only) |
| BrightLocal | Local citation building (one-time at onboarding) |
| Postmark | Transactional email notifications |
| Vercel | Frontend hosting and CDN |
| Railway | Backend API and worker hosting |
5. Data Security
All integration credentials (OAuth tokens, WordPress secrets) are encrypted at rest before being stored in our database. Access to client data is restricted to authenticated API requests validated using Supabase JWT tokens. Our infrastructure is hosted on SOC 2-compliant platforms (Supabase, Vercel, Railway).
Despite these measures, no system is perfectly secure. We encourage you to use a strong, unique password for your Calux account and to notify us immediately at [email protected] if you suspect unauthorized access.
6. Data Retention
We retain your account data and all associated content (articles, audits, reports, integration credentials) for the duration of your active subscription. Upon cancellation, all personal data and client-specific content is deleted within 30 days. Aggregated, anonymized platform analytics may be retained indefinitely as they cannot be linked back to you.
7. Your Rights
You may request access to, correction of, or deletion of your personal data at any time by emailing [email protected]. We will respond within 30 days. Deletion requests are fulfilled upon account cancellation in accordance with Section 6.
8. Changes to This Policy
We may update this Privacy Policy from time to time. When we do, we will revise the "Last updated" date at the top of this page and, for material changes, notify you by email at least 14 days before the changes take effect. Continued use of the Services after the effective date constitutes acceptance of the updated policy.
9. Contact
Questions or concerns about this Privacy Policy should be directed to:
Calux, Inc.131 Continental Dr, Suite 305
Newark, Delaware 19713
[email protected]