Privacy Policy (Pilot Stage)

Novix LLC (dba AdFlex) ("we," "us," "our") respects your privacy. This Privacy Policy explains what data we collect through AdFlex, how we use and share it, and your rights under applicable data protection laws in the United States, the European Union, Saudi Arabia, and the United Arab Emirates.

AdFlex is operated from the USA. Novix LLC (8 The Green, STE B, Dover, DE 19901) is the controller of personal information we collect. For users in the EU, KSA, or UAE, Novix LLC remains the controller (no separate affiliate in those regions). Our Data Protection Officer can be reached at privacy@adflex.com. We are subject to US law, and where applicable, EU GDPR, Saudi PDPL, and UAE PDPL. (For example, Saudi law applies to any personal data related to KSA residents, and the UAE’s PDPL applies to personal data processing inside or outside the UAE.)

We collect various types of information:

• Account & Profile Data: Name, email, company name, and other registration or profile details you provide.
• Usage Data: Log data, IP address, browser and device information, cookies and similar tracking technologies. We use analytics to understand and improve our Service.
• Payment Information: Billing address and payment method (credit card) via secure third-party processors (we do not store raw card data).
• Optional Verification Data: Visa, passport, or ID information if you voluntarily provide it (even on the free tier). This is sensitive personal data used only for verification or support and processed with your explicit consent.
• Communications: Any information you send us via support messages, feedback, or other communications.

We collect this information directly from you when you register, upgrade, or use features. We also collect some data automatically (e.g. through cookies and logs). We do not obtain personal data from third parties beyond our service providers.

We use your data for the following purposes:

• To Provide and Improve the Service: For example, to authenticate you, host your account, and personalize your experience.
• Payment Processing: To handle subscription payments, billing, and send receipts.
• Communications: To send administrative notices (like updates, billing reminders) and to respond to support inquiries.
• Analytics and Service Improvement: To analyze usage and troubleshoot issues so we can enhance the Service.
• Legal and Compliance: To comply with legal obligations (e.g. accounting, security), and to protect our rights and those of our users.
• Marketing (with consent): With your opt-in, to send promotional offers or newsletters. You can withdraw consent anytime.

Our legal bases for processing are: (a) Contractual necessity for providing the Service and managing accounts; (b) Your consent for optional data (e.g. marketing emails, visa info); (c) Legitimate interests for fraud prevention, analytics, and improving the Service (balanced against your rights); and (d) Legal compliance (for example, tax laws or security requirements). For example, we process payment data under contractual necessity, and we rely on consent for optional identity verification. Under UAE’s PDPL and GDPR, consent must be clear and affirmative.

We do not sell your personal data. We may share information with:

• Service Providers: Cloud hosting (e.g. AWS), analytics services, email services, and payment processors. These providers process data only on our behalf and under confidentiality.
• Legal Requests: To comply with laws or protect our rights, e.g. if a court orders disclosure or to detect fraud.

AdFlex is global and data may be stored or accessed outside your country. For example, user data may be stored on servers in the US. We ensure compliance with cross-border rules: for EU data, we use GDPR-approved safeguards (like Standard Contractual Clauses), and for KSA or UAE data, we also apply strict safeguards. Saudi Arabia’s PDPL requires data transfers outside KSA only with “appropriate safeguards” (e.g. standard contractual clauses) or if the transfer meets certain conditions. The UAE PDPL likewise limits cross-border transfers to ensure comparable protection. We commit to protecting your data when transferring it across borders in accordance with these regulations.

We retain personal data only as long as needed for the purposes above or as required by law. Your account data is kept while your account is active and for a reasonable period after termination. We implement reasonable security measures (encryption, access controls, etc.) to protect your data. However, no system is 100% secure, and we cannot guarantee absolute security. If a data breach affecting your personal data occurs, we will notify the UAE Data Office (when established) or relevant authorities as required by law.

You have rights under applicable laws regarding your personal data:

• Access/Portability: You can request a copy of the personal data we hold about you.
• Correction: You can request correction of any inaccurate data.
• Erasure: You can ask us to delete your data (subject to legal exceptions).
• Restriction/Objection: You can object to certain processing (e.g. marketing) or ask us to limit processing.
• Withdraw Consent: Where we rely on your consent, you may withdraw it at any time (this will not affect processing done before withdrawal).
• Complaints: You may file a complaint with your local data protection authority if you believe your rights have been violated (for example, UAE residents may contact the UAE Data Office, EU residents may contact an EU supervisory authority, KSA residents may complain to the Saudi Data & AI Authority, and California residents may approach the California Privacy Protection Agency).

These rights align with GDPR and PDPL requirements. For example, under California’s CCPA/CPRA, residents have the right to know, access, delete, and limit the sale of their personal information. We do not sell personal data. To exercise your rights, contact us at privacy@adflex.com.

AdFlex is not directed at children under 16 (or 13 in some regions). We do not knowingly collect data from minors. If we become aware of data from a child, we will delete it promptly.

We may update this Privacy Policy when we add new features or comply with new laws. We will post the revised policy with a new “Effective Date.” Your continued use after changes indicates acceptance.

For questions about this Privacy Policy or your data, contact Novix LLC (dba AdFlex) at privacy@adflex.com or by mail at 8 The Green, STE B, Dover, DE 19901. You may also contact the Delaware Attorney General or the appropriate data protection authority in your jurisdiction for privacy concerns.