Limited beta seats available for advanced automation features
Krixs AI

Krix Studio legal

Privacy Policy

How Krix Studio collects, uses, protects, and transfers data when you use Krixs AI and related AI automation services.

Last updated: May 29, 2026

Section 1

1. Data Controller

The controller of your personal data is Krix Studio ("Controller", "we", "us"), operating the Krixs AI platform available at krixai-kappa.vercel.app.

Contact with the Controller:

  • Email: hello@krixstudio.com
  • Data protection matters: hello@krixstudio.com
Section 2

2. Legal Basis and Purposes of Processing

We process your personal data in accordance with:

  • Regulation (EU) 2016/679 (GDPR / RODO)
  • The Polish Act of May 10, 2018 on the Protection of Personal Data
  • The Polish Act of July 18, 2002 on Providing Services by Electronic Means
  • Regulation (EU) 2024/1689 (EU AI Act) — within the scope of AI systems
Processing purposeLegal basis under GDPR
Providing the Krixs AI platform servicesArticle 6(1)(b) — performance of a contract
User account registration and account supportArticle 6(1)(b) — performance of a contract
Handling inquiries and technical supportArticle 6(1)(b) — performance of a contract
Sending marketing informationArticle 6(1)(a) — consent
Analytics and improvement of the platformArticle 6(1)(f) — legitimate interest
Compliance with legal obligationsArticle 6(1)(c) — legal obligation
Detecting abuse and ensuring securityArticle 6(1)(f) — legitimate interest
Section 3

3. Data We Collect

3.1 Data provided by the user

  • First and last name or company name
  • Email address
  • Password, stored in encrypted form
  • Billing data, where paid plans are used
  • Content entered into the system, including prompts and workflow descriptions

3.2 Data collected automatically

  • IP address
  • Browser type and version
  • Operating system
  • Session and activity data on the platform
  • System logs and errors
  • Device data, including device fingerprint data

3.3 Data processed by AI systems

Krixs AI processes the content you enter as instructions or input data for automation. This content may be transferred to external AI model providers, including OpenAI, Google Gemini, and Anthropic, solely to provide the requested function. It is not used to train models without your explicit consent.

Section 4

4. Recipients of Data

Your data may be transferred to:

  • Infrastructure service providers such as hosting and cloud providers, to maintain the platform
  • AI model providers such as OpenAI, Google Gemini, and Anthropic Claude, only to the extent necessary to execute workflows
  • Payment operators, where paid plans are used
  • Analytics tool providers, within the scope of anonymized session data
  • Public authorities, only where required by applicable law

All external data recipients are required to ensure an appropriate level of data protection, in particular through relevant data processing agreements under Article 28 GDPR.

Section 5

5. Transfers Outside the EEA

Some AI model providers, including OpenAI, Google, and Anthropic, may be established outside the European Economic Area (EEA). Data transfers are based on:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • European Commission adequacy decisions, where applicable
Section 6

6. Data Retention Periods

Data categoryRetention period
User account dataFor the duration of the contract plus 3 years
System and security logs12 months
Billing data5 years, due to tax obligations
Marketing data processed on the basis of consentUntil consent is withdrawn
Workflow content, including prompts and input dataUntil deleted by the user or until the account is closed
Section 7

7. Your Rights

Under GDPR, you have the following rights:

  • Right of access under Article 15 GDPR — you may request information about processed data
  • Right to rectification under Article 16 GDPR — you may correct inaccurate data
  • Right to erasure under Article 17 GDPR — the "right to be forgotten"
  • Right to restriction of processing under Article 18 GDPR
  • Right to data portability under Article 20 GDPR
  • Right to object under Article 21 GDPR, especially to processing for marketing purposes
  • Right to withdraw consent at any time, without affecting the lawfulness of processing carried out before withdrawal
  • Right not to be subject to automated decision-making under Article 22 GDPR — you have the right to human intervention in decision-making processes based solely on automated processing

To exercise these rights, contact us at hello@krixstudio.com.

You also have the right to lodge a complaint with the President of the Personal Data Protection Office (UODO), ul. Stawki 2, 00-193 Warsaw, Poland.

Section 8

8. AI Systems — Special Provisions Under the EU AI Act

Krixs AI uses artificial intelligence systems within the meaning of Regulation (EU) 2024/1689 (EU AI Act). Therefore:

  • AI systems used on the platform are not classified as high-risk systems within the meaning of Annex III of the EU AI Act in the standard scope of platform use.
  • Users are informed when they interact with an AI system.
  • Critical decisions are not made solely automatically. The user can always review and modify a generated workflow before launching it.
  • Input data processed by AI models is not used to train models without the user's explicit consent.
Section 9

9. Cookies

The Krixs AI platform uses cookies in accordance with Article 173 of the Polish Telecommunications Law of July 16, 2004.

Cookie typePurposeBasis
Necessary cookiesPlatform operation and user sessionLegitimate interest
Analytics cookiesTraffic analysis and user behavior analysisConsent
Marketing cookiesPersonalization of content and adsConsent

You can manage cookie settings in the preference panel or in your browser settings.

Section 10

10. Data Security

We apply appropriate technical and organizational measures under Article 32 GDPR, including:

  • Encryption of data in transit using TLS/HTTPS
  • Password hashing using bcrypt or an equivalent technology
  • Role-based access control (RBAC)
  • Regular security audits
  • Incident response procedures under Articles 33-34 GDPR, including notification to UODO within 72 hours where required
Section 11

11. Changes to This Privacy Policy

We reserve the right to amend this Privacy Policy. We will inform you of material changes by email or through a platform notification at least 14 days in advance.

Section 12

12. Contact

For matters concerning personal data protection:

Krix Studio

Email: hello@krixstudio.com

This Privacy Policy is intended to comply with GDPR, the Polish Personal Data Protection Act, the Polish Act on Providing Services by Electronic Means, and the EU AI Act.

Contact

Questions about this page?

Reach Krix Studio at hello@krixstudio.com.

Return to landing page