Privacy Policy

Last updated: May 24, 2026

Introduction

ILLIXIS ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our marketing platform.

Please read this privacy policy carefully. If you do not agree with the terms of this privacy policy, please do not access the platform.

Information We Collect

Personal Information

We may collect personal information that you voluntarily provide to us when you:

  • Register for an account
  • Subscribe to our services
  • Fill out a form
  • Contact our support team
  • Participate in surveys or promotions

Usage Data

We automatically collect certain information when you use our platform, including:

  • IP address and device information
  • Browser type and version
  • Pages visited and time spent
  • Referring website addresses
  • Platform usage patterns and preferences

How We Use Your Information

We use the information we collect for various purposes, including:

  • Providing and maintaining our services
  • Processing your transactions and managing your account
  • Sending administrative information and updates
  • Responding to your inquiries and providing customer support
  • Improving our platform and developing new features
  • Analyzing usage patterns and optimizing user experience
  • Detecting and preventing fraud or abuse
  • Complying with legal obligations

SMS and Text Messaging

ILLIXIS and its customers may send SMS (text) messages to phone numbers you provide. By providing your phone number and opting in, you consent to receive text messages related to:

  • Appointment reminders and follow-ups
  • Service notifications and updates
  • Promotional offers and marketing communications
  • Account-related alerts

Message Frequency & Costs

Message frequency varies based on your interactions and preferences. Standard message and data rates may apply depending on your mobile carrier and plan.

Opting Out

You may opt out of SMS messages at any time by:

  • Replying STOP to any message you receive
  • Contacting us at privacy@illixis.io
  • Updating your communication preferences in your account settings

After opting out, you will receive a confirmation message. Reply HELP to any message for assistance.

Data Security

We implement appropriate technical and organizational security measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. These measures include:

  • Encryption of data in transit and at rest
  • Regular security assessments and audits
  • Access controls and authentication mechanisms
  • Employee training on data protection
  • Incident response procedures

In the event of a security incident, ILLIXIS follows the procedures described in our Security Incident Response Policy, including timing of regulator notification under GDPR Article 33 and data-subject notification under GDPR Article 34 and applicable US state laws.

Third-Party Sub-processors

We engage third-party service providers to operate ILLIXIS. These sub-processors include:

  • AI services for content generation, analysis, embeddings, and media generation
  • Email delivery for transactional and marketing messages
  • Payment processing and subscription billing
  • Hosting, content delivery, and file storage
  • Error monitoring and application performance tools
  • SEO, keyword, and web research APIs
  • Voice, image, and media generation services
  • SMS delivery and phone number verification
  • Content originality and duplicate-content verification

The current list of sub-processors with their names, purposes, and processing regions is maintained at illixis.io/subprocessors. We update that page whenever we add, replace, or remove a provider.

All sub-processors are bound by written agreements requiring confidentiality, security safeguards, and processing only on our documented instructions.

Google Analytics Integration

ILLIXIS integrates with Google Analytics 4 to help you track content performance. When you connect your Google Analytics account, we access:

  • Page view counts and engagement metrics
  • Traffic sources and user behavior data
  • Content performance statistics

This data is:

  • Used solely to display performance insights in your ILLIXIS dashboard
  • Stored securely in our database for historical reporting
  • Accessed in read-only mode (we never modify your Analytics data)

You can disconnect your Google Analytics integration at any time from your ILLIXIS Settings page, which immediately revokes our access to your data.

Google Search Console Integration

ILLIXIS integrates with Google Search Console to provide SEO insights. When you connect your Search Console account, we access:

  • Search query data (keywords, impressions, clicks, positions)
  • Page performance metrics
  • Site indexing information

This data is:

  • Used to display SEO performance in your ILLIXIS dashboard
  • Used to generate personalized content recommendations
  • Stored securely in our database for historical analysis
  • Accessed in read-only mode (we never modify your Search Console data)

You can disconnect your Google Search Console integration at any time from your ILLIXIS Settings page.

Meta (Facebook and Instagram) API Integration

ILLIXIS integrates with the Meta Graph API, Instagram Graph API, and Meta Marketing API so you can publish content and manage advertising on your connected Facebook Pages, Instagram Business accounts, and Meta Ad Accounts directly from the ILLIXIS platform. When you connect a Meta account via OAuth, we access:

  • The identifier and basic public profile of the Meta user who authorized the connection
  • The list of Facebook Pages you administer, including their identifiers, names, and categories
  • The list of Instagram Business accounts linked to those Pages, including their identifiers, usernames, and profile pictures
  • The list of Meta Ad Accounts and Business Manager assets you have access to
  • Engagement metrics on posts published through ILLIXIS (reach, impressions, reactions, comments, clicks)
  • Ad campaign performance metrics on campaigns created or managed through ILLIXIS
  • The Meta API access token issued to ILLIXIS for the duration of the connection

This data is:

  • Used to publish posts and manage ad campaigns at your explicit direction
  • Used to display performance insights for posts and campaigns in your ILLIXIS dashboard
  • Stored securely in our database for the duration of your connection plus historical reporting
  • Never shared with other ILLIXIS tenants or with third parties beyond the sub-processors listed at illixis.io/subprocessors

Meta API access tokens are encrypted at rest. ILLIXIS does not use Facebook Login for ILLIXIS account authentication; users sign in to ILLIXIS with their own email and password. The Meta connection authorizes ILLIXIS to act on your behalf only within your ILLIXIS workspace and only for the scopes you grant during the OAuth flow.

You can disconnect your Meta integration at any time from your ILLIXIS Settings page, which immediately revokes our access token. Upon disconnection, identifiers and tokens associated with the connection are removed from active systems; aggregated performance data may be retained for historical reporting consistent with our general data retention practices.

Your Rights

Depending on your location, you may have certain rights regarding your personal information:

  • Access: Request a copy of your personal information
  • Correction: Update or correct inaccurate information
  • Deletion: Request deletion of your personal information
  • Portability: Receive your data in a portable format
  • Objection: Object to certain processing activities
  • Withdrawal: Withdraw consent at any time

Marketing Emails: Opt Out Anytime

You may opt out of any marketing email ILLIXIS or any tenant of ILLIXIS sends to you. Every marketing email's footer includes a one-click Unsubscribe link and a Manage Preferences link. The preferences page lets you opt out of an individual sequence (for example, a specific drip campaign) without unsubscribing from all marketing communications.

Your unsubscribe is honored permanently across all of that tenant's marketing communications and is processed within minutes, well within the legal floors required by CAN-SPAM (10 business days, US), GDPR Article 21 ("without undue delay", EU), CASL §6(2) (10 business days, Canada), Australia's Spam Act 2003 (5 business days), the UK Data Protection Act, Singapore's PDPA, and Brazil's LGPD. We also support the IETF RFC 8058 one-click unsubscribe standard, so mail clients such as Gmail and Apple Mail render a native Unsubscribe button in the message header.

Transactional and Relationship Emails

Receipts, password resets, account notifications, and legally-required service messages are not subject to the marketing unsubscribe and continue to be delivered. CAN-SPAM § 7702(17) and analogous provisions in other jurisdictions exempt these from the unsubscribe requirement. They are still filtered by the same suppression list, so bounces, complaints, manual removals, and GDPR erasure requests block all sends, including transactional.

California Residents (CCPA/CPRA)

If you live in California, the California Consumer Privacy Act as amended by the California Privacy Rights Act (together, the "CCPA") gives you specific rights about your personal information. This section describes those rights and how to exercise them.

Categories of personal information we collect

Since ILLIXIS began collecting personal information from consumers, we have collected the following categories of personal information, defined in California Civil Code § 1798.140(v):

  • Identifiers: name, email, billing address, IP address, account identifiers.
  • Commercial information: subscription tier, billing history, products purchased.
  • Internet or other electronic network activity: page views, feature usage, click data, browser and device information.
  • Geolocation data: approximate location derived from IP address, at the city or region level.
  • Professional or employment-related information: company name, role, industry, when you voluntarily provide it.
  • Inferences: usage patterns, content preferences, and product fit signals derived from your activity.

ILLIXIS does not collect biometric information, sensory data (audio, video, thermal), or any other category defined in § 1798.140(v) that is not listed above.

Sources

We collect this information from:

  • You directly, when you register, fill out a form, contact support, or use the platform.
  • Your devices and browsers, automatically, when you visit our site or use the platform.
  • Service providers that help us operate the platform (payment processors, analytics, error monitoring).
  • Marketing and advertising partners (cookie-based ad networks, subject to your consent and opt-out choices).

Business and commercial purposes

We use the categories above for the following purposes:

  • Providing and maintaining the ILLIXIS platform.
  • Processing payments and managing subscriptions.
  • Authenticating accounts and preventing fraud.
  • Sending transactional and service notifications.
  • Improving features, debugging, and product analytics.
  • Sending marketing communications, only if you opt in.
  • Measuring marketing performance and serving relevant ads, subject to your opt-out choices.
  • Complying with legal obligations and responding to lawful legal process.

Sale or sharing of personal information

ILLIXIS does not sell personal information in exchange for money. ILLIXIS does, however, share certain identifiers and internet activity with advertising partners (Meta, Google, LinkedIn) for cross-context behavioral advertising, which the CCPA defines as "sharing." For US visitors, certain ad-related cookies and pixels may load by default and can be opted out at any time using the "Do Not Sell or Share My Personal Information" link in our CookieYes banner or by sending a Global Privacy Control (GPC) signal from your browser.

You can re-open the CookieYes banner at any time by clicking the CookieYes badge in the lower-left corner of any page. ILLIXIS honors GPC signals automatically; if your browser broadcasts GPC, we treat that as a Right to Opt Out of Sharing without any further action from you.

ILLIXIS does not knowingly sell or share the personal information of any consumer under 16 years of age.

Sensitive Personal Information

ILLIXIS does not collect Sensitive Personal Information (as defined in § 1798.140(ae)) for the purpose of inferring characteristics about you. Error-monitoring data captured by our subprocessors (Sentry) may incidentally include personal data you submitted at the time of an error; this data is encrypted at rest and retained for 90 days. Because ILLIXIS does not use Sensitive Personal Information for inference or other restricted purposes, the Right to Limit Use of Sensitive Personal Information does not currently apply to ILLIXIS processing.

Disclosure for business purposes

ILLIXIS discloses the categories of personal information listed above to its sub-processors for the business purposes described above. The current list of sub-processors, with the purpose each serves and the processing region, is maintained at illixis.io/subprocessors.

Retention

We keep personal information only as long as needed for the purposes described above:

  • Active account data: retained while your account is active.
  • Closed account data: deleted within 30 days of account closure, except where retention is legally required.
  • Backups: 30-day rolling backups.
  • Billing and tax records: 7 years, as required by US tax and accounting law.
  • Application and security logs: 90 days.
  • Marketing-suppression and unsubscribe records: retained indefinitely so we can honor your opt-out across future communications.

Your CCPA rights

California residents have the following rights:

  • Right to Know: request the categories and specific pieces of personal information ILLIXIS has collected about you, along with the categories of sources, business purposes, and third parties.
  • Right to Delete: request that ILLIXIS delete personal information collected from you, subject to legal retention exceptions.
  • Right to Correct: request that ILLIXIS correct inaccurate personal information about you.
  • Right to Opt Out of Sale or Sharing: opt out of the sharing of your personal information for cross-context behavioral advertising.
  • Right to Limit Use of Sensitive Personal Information: applies only if ILLIXIS uses SPI for inference purposes (we do not, as described above).
  • Right to Non-Discrimination: ILLIXIS will not deny services, charge different prices, or provide a different level of service because you exercised any CCPA right.

How to exercise your rights

You can submit a CCPA request through any of the following designated methods:

  • Email privacy@illixis.io with the subject line "CCPA Request."
  • Use your in-app Settings page (Account → Privacy controls) to download, correct, or delete your data.
  • For Opt Out of Sharing, click "Do Not Sell or Share My Personal Information" in the CookieYes banner, or send a GPC signal from your browser.

Verification

To protect against fraudulent requests, ILLIXIS verifies your identity before fulfilling a Right to Know, Right to Delete, or Right to Correct request. For authenticated requests submitted from your ILLIXIS account, we verify your identity through your active login session. For requests submitted by email, we ask you to confirm your account email and may request additional information to match against records we already hold. We do not request government-issued identification unless we cannot otherwise verify your identity and you are requesting specific pieces of personal information.

Authorized agents

You may use an authorized agent to submit a request on your behalf. The agent must provide ILLIXIS with written, signed authorization from you, and ILLIXIS will verify your identity directly with you before fulfilling the request. If the agent has Power of Attorney under California Probate Code §§ 4000-4465, we will accept that documentation in place of written authorization.

Response timeframes

ILLIXIS acknowledges every CCPA request within 10 business days and responds substantively within 45 calendar days. We may extend by an additional 45 days when reasonably necessary, in which case we will notify you of the extension and the reason within the original 45-day period.

Do Not Track

ILLIXIS does not currently respond to "Do Not Track" (DNT) browser signals, because there is no universally accepted standard for how to interpret them. We do honor the Global Privacy Control (GPC) signal, which is supported by Firefox, Brave, DuckDuckGo, and several extensions; when GPC is detected, we treat it as a Right to Opt Out of Sharing request.

EU, UK, and Swiss Residents (GDPR / UK GDPR)

If you live in the European Economic Area, the United Kingdom, or Switzerland, the General Data Protection Regulation, the UK GDPR, and the Swiss Federal Act on Data Protection give you specific rights about your personal data. ILLIXIS acts as a data controller for personal data we collect from you directly and as a data processor for content and customer data you store in the ILLIXIS platform.

Lawful basis for processing

  • Contract (Art. 6(1)(b)): processing necessary to provide the ILLIXIS service you signed up for, including authentication, billing, and platform features.
  • Legitimate Interest (Art. 6(1)(f)): product analytics, fraud prevention, security monitoring, debugging, and operational improvements. You may object at any time.
  • Consent (Art. 6(1)(a)): marketing communications and non-essential cookies, including the ad-measurement and retargeting trackers listed in our Cookies section.
  • Legal Obligation (Art. 6(1)(c)): tax record retention, lawful regulator and law-enforcement requests, and statutory accounting requirements.

Your rights

You have the right to access, rectify, erase, restrict, port, and object to processing of your personal data, and the right to withdraw consent at any time without affecting the lawfulness of processing already carried out. Submit requests to privacy@illixis.io or through your in-app Settings page. We will respond within one month, extendable by up to two further months for complex requests in line with Art. 12(3).

International transfers

ILLIXIS is based in the United States and stores data with US-based sub-processors. When personal data moves from the EEA, UK, or Switzerland to the US, ILLIXIS relies on:

  • EU-US Data Privacy Framework, UK Extension, and Swiss-US DPF for sub-processors that are self-certified under those frameworks. Current certification status of each provider is published at dataprivacyframework.gov/list.
  • Standard Contractual Clauses (SCCs) as the transfer mechanism for any sub-processor that is not DPF-certified, supplemented by appropriate technical and organizational measures including encryption in transit and at rest, access controls, and audit logs.

Right to lodge a complaint

If you believe your data has been processed unlawfully, you have the right to lodge a complaint with a supervisory authority. EU residents can find the list of national data protection authorities at edpb.europa.eu. UK residents can contact the Information Commissioner's Office at ico.org.uk. Swiss residents can contact the Federal Data Protection and Information Commissioner at edoeb.admin.ch.

Cookies and Tracking

We use cookies and similar tracking technologies on illixis.io and www.illixis.io to remember your preferences, measure traffic, attribute marketing performance, and personalize advertising. The trackers we load include:

  • CookieYes — our consent management platform; records your consent choices and exposes a live list of every cookie set.
  • PostHog — product analytics; helps us understand how visitors use the platform.
  • Google Analytics 4, Google Tag Manager, Google Ads — site analytics, tag delivery, and ad conversion tracking.
  • Meta Pixel (Facebook / Instagram) — ad performance measurement and retargeting.
  • LinkedIn Insight Tag — ad performance measurement and retargeting on LinkedIn.

Managing your cookie consent

You can review, update, or withdraw your consent at any time by clicking the privacy/cookie icon in the page footer, which re-opens the CookieYes consent banner. Withdrawing consent is as easy as granting it. CookieYes also publishes a dynamically-updated, cookie-by-cookie list of every tracker that fires on the site, with each cookie's purpose and lifetime.

You can additionally control cookies through your browser settings. Note that disabling all cookies may affect site functionality.

Children's Privacy

Our services are not intended for individuals under the age of 18, and ILLIXIS does not knowingly collect personal information from any individual under 18.

Consistent with California Civil Code § 1798.120(c), ILLIXIS does not knowingly sell or share the personal information of any individual under 16 years of age. If we become aware that we have collected personal information from a child under 13 in violation of the Children's Online Privacy Protection Act (COPPA), we will delete that information as soon as possible and not later than the timeframes required by applicable law.

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date.

Contact Us

If you have questions about this Privacy Policy, please contact us:

  • Email: privacy@illixis.io
  • Address: 7252 Winding Lake Cir, Oviedo, FL 32765