Privacy Policy

1. Introduction

Alexandra ("we," "us," "our," or "the Service") is committed to protecting your privacy. For the purposes of the General Data Protection Regulation (GDPR) and UK data protection laws, Alexandra acts as the data controller for the personal data collected and processed through the Service.

Contact: If you have questions about this policy, email us at hello@alexandra.ai

2. Information We Collect

Information You Provide Directly:

• Email address (via Cognito authentication)
• Problem description and synthesis inputs
• Selected domains and research papers (if provided)
• Constraints and variables you specify
• Payment information (processed by Stripe; we do not store card details)

Information Collected Automatically:

• IP address and device information
• Browser type and usage patterns
• Synthesis job history and status
• Timestamps of your activities
• CloudWatch logs for service reliability

3. How We Use Your Information

Under GDPR, we rely on the following legal bases to process your personal data:

• Performance of a Contract (Art. 6(1)(b) GDPR): To provide the Service, process your synthesis requests, authenticate your account, and process subscription payments via Stripe.
• Legitimate Interests (Art. 6(1)(f) GDPR): To improve Alexandra by analyzing usage patterns, optimizing tool performance, and maintaining security to detect and prevent fraud or abuse.
• Compliance with Legal Obligations (Art. 6(1)(c) GDPR): To comply with applicable tax laws, accounting rules, and respond to valid legal requests from public authorities.
• Consent (Art. 6(1)(a) GDPR): Where you have provided explicit consent for specific communications (which you may withdraw at any time).

4. Third-Party Data Processing (CRITICAL)

Your synthesis inputs are processed by third-party service providers:

• AI Language Model Services: Your problem descriptions and inputs are sent to third-party artificial intelligence services for synthesis processing and analysis
• Cloud Infrastructure Services: Your data is stored and processed using cloud storage and database services
• Payment Processing: Payment information is processed through third-party payment processors

International Data Transfer Notice: The Service is hosted in the United States. If you access the Service from the EU, UK, or other regions with laws governing data collection and use, please note that your personal data is transferred to and processed in the United States. To ensure your data is protected, we utilize appropriate safeguards under GDPR, including Standard Contractual Clauses (SCCs) approved by the European Commission and the UK Information Commissioner's Office, to govern these transfers.

For a full list of specific data processors and their locations, please contact hello@alexandra.ai. We maintain detailed records of all data processors and can provide this information to users upon request.

5. Data Storage & Retention

• Completed syntheses: Retained for 90 days, then automatically deleted
• Job history: Retained for 1 year for billing and support purposes
• Account data: Retained until account deletion
• Logs and analytics: Retained for 30 days for security and performance
• Payment records: Retained as required by law (typically 7 years)

Upon account deletion, all associated personal data is permanently removed from our systems within 30 days, except where required by law.

6. Your Privacy Rights (GDPR/UK Privacy Law)

If you are located in the EU or UK, you have the following rights under GDPR:

• Right of Access: Request a copy of your personal data.
• Right to Rectification: Correct any inaccurate or incomplete data.
• Right to Erasure: Request the deletion of your personal data ("Right to be Forgotten").
• Right to Restrict Processing: Limit how we process your personal data.
• Right to Data Portability: Request the transfer of your data in a structured, machine-readable format.
• Right to Object: Object to the processing of your personal data based on legitimate interests.
• Right to Withdraw Consent: Withdraw your consent at any time (where processing is based on consent).
• Right to Complain: Lodge a complaint with a supervisory authority (such as the Information Commissioner's Office in the UK, or your local Data Protection Authority in the EU).

To exercise these rights, email hello@alexandra.ai with your request. We will respond to your request within one month of receipt.

7. Cookies & Tracking

Alexandra uses:

• Session cookies: Required for authentication and functionality
• Cognito cookies: Used for secure login
• Functional cookies: To remember your preferences

We do not use marketing or advertising cookies. You can disable cookies in your browser, but this may limit functionality.

8. Data Security

We implement industry-standard security measures:

• Encryption in transit (TLS/HTTPS)
• AWS DynamoDB encryption at rest
• Cognito for secure authentication
• Regular security audits and monitoring
• Restricted access to personal data

However, no system is 100% secure. We cannot guarantee absolute security of your data.

9. Data Breach Notification

If we discover a data breach that poses a high risk to your privacy:

• We will notify you within 72 hours of discovery
• We will notify the Information Commissioner's Office (ICO) in the UK
• We will provide details of the breach and recommended actions

10. Children's Privacy

Alexandra is intended for users aged 18 and older. We do not knowingly collect data from children under 18. If we become aware that a child has provided personal data, we will delete it immediately and notify parents/guardians.

11. Third-Party Links

Alexandra may contain links to external websites (research papers, documentation, etc.). We are not responsible for their privacy practices. Review their privacy policies before sharing information.

12. Policy Updates

We may update this Privacy Policy periodically. Significant changes will be communicated via email or prominent notice on our website. Continued use of Alexandra after changes constitutes acceptance of the updated policy.

13. Contact Us

For privacy inquiries or to exercise your rights:

Email: hello@alexandra.ai
Service: Alexandra — Cross-Domain Synthesis
Jurisdiction: English law applies