Last updated: May 24, 2026
ILLIXIS ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our marketing platform.
Please read this privacy policy carefully. If you do not agree with the terms of this privacy policy, please do not access the platform.
We may collect personal information that you voluntarily provide to us when you:
We automatically collect certain information when you use our platform, including:
We use the information we collect for various purposes, including:
ILLIXIS and its customers may send SMS (text) messages to phone numbers you provide. By providing your phone number and opting in, you consent to receive text messages related to:
Message frequency varies based on your interactions and preferences. Standard message and data rates may apply depending on your mobile carrier and plan.
You may opt out of SMS messages at any time by:
After opting out, you will receive a confirmation message. Reply HELP to any message for assistance.
We implement appropriate technical and organizational security measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. These measures include:
In the event of a security incident, ILLIXIS follows the procedures described in our Security Incident Response Policy, including timing of regulator notification under GDPR Article 33 and data-subject notification under GDPR Article 34 and applicable US state laws.
We engage third-party service providers to operate ILLIXIS. These sub-processors include:
The current list of sub-processors with their names, purposes, and processing regions is maintained at illixis.io/subprocessors. We update that page whenever we add, replace, or remove a provider.
All sub-processors are bound by written agreements requiring confidentiality, security safeguards, and processing only on our documented instructions.
ILLIXIS integrates with Google Analytics 4 to help you track content performance. When you connect your Google Analytics account, we access:
This data is:
You can disconnect your Google Analytics integration at any time from your ILLIXIS Settings page, which immediately revokes our access to your data.
ILLIXIS integrates with Google Search Console to provide SEO insights. When you connect your Search Console account, we access:
This data is:
You can disconnect your Google Search Console integration at any time from your ILLIXIS Settings page.
ILLIXIS integrates with the Meta Graph API, Instagram Graph API, and Meta Marketing API so you can publish content and manage advertising on your connected Facebook Pages, Instagram Business accounts, and Meta Ad Accounts directly from the ILLIXIS platform. When you connect a Meta account via OAuth, we access:
This data is:
Meta API access tokens are encrypted at rest. ILLIXIS does not use Facebook Login for ILLIXIS account authentication; users sign in to ILLIXIS with their own email and password. The Meta connection authorizes ILLIXIS to act on your behalf only within your ILLIXIS workspace and only for the scopes you grant during the OAuth flow.
You can disconnect your Meta integration at any time from your ILLIXIS Settings page, which immediately revokes our access token. Upon disconnection, identifiers and tokens associated with the connection are removed from active systems; aggregated performance data may be retained for historical reporting consistent with our general data retention practices.
Depending on your location, you may have certain rights regarding your personal information:
You may opt out of any marketing email ILLIXIS or any tenant of ILLIXIS sends to you. Every marketing email's footer includes a one-click Unsubscribe link and a Manage Preferences link. The preferences page lets you opt out of an individual sequence (for example, a specific drip campaign) without unsubscribing from all marketing communications.
Your unsubscribe is honored permanently across all of that tenant's marketing communications and is processed within minutes, well within the legal floors required by CAN-SPAM (10 business days, US), GDPR Article 21 ("without undue delay", EU), CASL §6(2) (10 business days, Canada), Australia's Spam Act 2003 (5 business days), the UK Data Protection Act, Singapore's PDPA, and Brazil's LGPD. We also support the IETF RFC 8058 one-click unsubscribe standard, so mail clients such as Gmail and Apple Mail render a native Unsubscribe button in the message header.
Receipts, password resets, account notifications, and legally-required service messages are not subject to the marketing unsubscribe and continue to be delivered. CAN-SPAM § 7702(17) and analogous provisions in other jurisdictions exempt these from the unsubscribe requirement. They are still filtered by the same suppression list, so bounces, complaints, manual removals, and GDPR erasure requests block all sends, including transactional.
If you live in California, the California Consumer Privacy Act as amended by the California Privacy Rights Act (together, the "CCPA") gives you specific rights about your personal information. This section describes those rights and how to exercise them.
Since ILLIXIS began collecting personal information from consumers, we have collected the following categories of personal information, defined in California Civil Code § 1798.140(v):
ILLIXIS does not collect biometric information, sensory data (audio, video, thermal), or any other category defined in § 1798.140(v) that is not listed above.
We collect this information from:
We use the categories above for the following purposes:
ILLIXIS does not sell personal information in exchange for money. ILLIXIS does, however, share certain identifiers and internet activity with advertising partners (Meta, Google, LinkedIn) for cross-context behavioral advertising, which the CCPA defines as "sharing." For US visitors, certain ad-related cookies and pixels may load by default and can be opted out at any time using the "Do Not Sell or Share My Personal Information" link in our CookieYes banner or by sending a Global Privacy Control (GPC) signal from your browser.
You can re-open the CookieYes banner at any time by clicking the CookieYes badge in the lower-left corner of any page. ILLIXIS honors GPC signals automatically; if your browser broadcasts GPC, we treat that as a Right to Opt Out of Sharing without any further action from you.
ILLIXIS does not knowingly sell or share the personal information of any consumer under 16 years of age.
ILLIXIS does not collect Sensitive Personal Information (as defined in § 1798.140(ae)) for the purpose of inferring characteristics about you. Error-monitoring data captured by our subprocessors (Sentry) may incidentally include personal data you submitted at the time of an error; this data is encrypted at rest and retained for 90 days. Because ILLIXIS does not use Sensitive Personal Information for inference or other restricted purposes, the Right to Limit Use of Sensitive Personal Information does not currently apply to ILLIXIS processing.
ILLIXIS discloses the categories of personal information listed above to its sub-processors for the business purposes described above. The current list of sub-processors, with the purpose each serves and the processing region, is maintained at illixis.io/subprocessors.
We keep personal information only as long as needed for the purposes described above:
California residents have the following rights:
You can submit a CCPA request through any of the following designated methods:
To protect against fraudulent requests, ILLIXIS verifies your identity before fulfilling a Right to Know, Right to Delete, or Right to Correct request. For authenticated requests submitted from your ILLIXIS account, we verify your identity through your active login session. For requests submitted by email, we ask you to confirm your account email and may request additional information to match against records we already hold. We do not request government-issued identification unless we cannot otherwise verify your identity and you are requesting specific pieces of personal information.
You may use an authorized agent to submit a request on your behalf. The agent must provide ILLIXIS with written, signed authorization from you, and ILLIXIS will verify your identity directly with you before fulfilling the request. If the agent has Power of Attorney under California Probate Code §§ 4000-4465, we will accept that documentation in place of written authorization.
ILLIXIS acknowledges every CCPA request within 10 business days and responds substantively within 45 calendar days. We may extend by an additional 45 days when reasonably necessary, in which case we will notify you of the extension and the reason within the original 45-day period.
ILLIXIS does not currently respond to "Do Not Track" (DNT) browser signals, because there is no universally accepted standard for how to interpret them. We do honor the Global Privacy Control (GPC) signal, which is supported by Firefox, Brave, DuckDuckGo, and several extensions; when GPC is detected, we treat it as a Right to Opt Out of Sharing request.
If you live in the European Economic Area, the United Kingdom, or Switzerland, the General Data Protection Regulation, the UK GDPR, and the Swiss Federal Act on Data Protection give you specific rights about your personal data. ILLIXIS acts as a data controller for personal data we collect from you directly and as a data processor for content and customer data you store in the ILLIXIS platform.
You have the right to access, rectify, erase, restrict, port, and object to processing of your personal data, and the right to withdraw consent at any time without affecting the lawfulness of processing already carried out. Submit requests to privacy@illixis.io or through your in-app Settings page. We will respond within one month, extendable by up to two further months for complex requests in line with Art. 12(3).
ILLIXIS is based in the United States and stores data with US-based sub-processors. When personal data moves from the EEA, UK, or Switzerland to the US, ILLIXIS relies on:
If you believe your data has been processed unlawfully, you have the right to lodge a complaint with a supervisory authority. EU residents can find the list of national data protection authorities at edpb.europa.eu. UK residents can contact the Information Commissioner's Office at ico.org.uk. Swiss residents can contact the Federal Data Protection and Information Commissioner at edoeb.admin.ch.
We use cookies and similar tracking technologies on illixis.io and www.illixis.io to remember your preferences, measure traffic, attribute marketing performance, and personalize advertising. The trackers we load include:
You can review, update, or withdraw your consent at any time by clicking the privacy/cookie icon in the page footer, which re-opens the CookieYes consent banner. Withdrawing consent is as easy as granting it. CookieYes also publishes a dynamically-updated, cookie-by-cookie list of every tracker that fires on the site, with each cookie's purpose and lifetime.
You can additionally control cookies through your browser settings. Note that disabling all cookies may affect site functionality.
Our services are not intended for individuals under the age of 18, and ILLIXIS does not knowingly collect personal information from any individual under 18.
Consistent with California Civil Code § 1798.120(c), ILLIXIS does not knowingly sell or share the personal information of any individual under 16 years of age. If we become aware that we have collected personal information from a child under 13 in violation of the Children's Online Privacy Protection Act (COPPA), we will delete that information as soon as possible and not later than the timeframes required by applicable law.
We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date.
If you have questions about this Privacy Policy, please contact us: