Molixa
Legal

Privacy Policy

Plain English: we do not log your prompts, files, or generated content. Tools that can run in your browser do. Here are the details.

Last updated: May 1, 2026

TL;DR

  • We do not log the prompts you send to AI tools, the files you upload, or the QR data you encode.
  • Tools that can run in your browser (QR Generator, Word Counter, JSON Formatter, password generator, image tools) never send data to our servers at all.
  • If you sign up for an account, we store your email, hashed password, and your saved brand voice profile. Nothing else.
  • We use Stripe for payments, accredited AI providers for inference, and Cloudflare for DNS. Each is contractually required to forward your data only for the duration of the request.
  • You can delete your account and all associated data at any time from your dashboard. Deletion is permanent and instant.

What we collect

If you visit Molixa anonymously (no account)

  • Anonymized usage counts per tool, per IP, per day: the number we use to enforce free-tier daily caps. Stored for 24 hours, then deleted.
  • Standard server logs (IP address, user-agent, request URL, timestamp): kept for 7 days for security audit, then rotated out.
  • Aggregated anonymous analytics via privacy-respecting Plausible Analytics (no cookies, no cross-site tracking).

If you create an account

  • Email address and a one-way bcrypt hash of your password (we never see your plaintext password).
  • Your name and avatar URL if you signed in via Google OAuth.
  • Your saved brand voice profile (tone, signature phrases, banned words).
  • Your favorited tools and tool usage history (for your own dashboard, not our analytics).

If you upgrade to Premium

  • Stripe customer ID and subscription status. We do not see or store your card data; that lives with Stripe.
  • Billing email address (can differ from your account email).

What we never collect

  • The content of your prompts to AI tools. Your input passes through our infrastructure as a stateless proxy to the AI provider for the request, then is dropped from memory.
  • The files you upload (PDFs, images, .docx, etc.). Same flow: proxied, processed, dropped.
  • The QR codes you generate or scan. All QR generation runs in your browser. The scanner uses your camera locally and never uploads frames.
  • Your computed tool output (summaries, translations, captions, etc.). We see it transit, we never store it.
  • Cross-site browsing behavior, advertising IDs, third-party cookies. We do not run any of those.

How we use what we do collect

  • To run the tools. Anonymized rate-limit counters keep the free tier honest.
  • To bill you. Stripe customer ID lets us know whether to enforce the free cap.
  • To respond to your support requests. Account email lets us reply to you.
  • To improve the product. Aggregated usage tells us which tools are popular and where users hit walls.

We never use your data to train AI models. We never sell your data. We never share it with advertisers.

Third parties we use

  • AI inference sub-processor (primary): forwards inputs only for the duration of the request. Provider details available on request to [email protected] for GDPR compliance.
  • AI inference sub-processor (writing): same forwarding-only flow. Available on request.
  • AI inference sub-processor (fallback): used only when the primary path is rate-limited or unavailable. Available on request.
  • Stripe: payments. Privacy policy. PCI-DSS compliant.
  • Cloudflare: DNS, DDoS protection. Privacy policy.
  • Plausible: privacy-respecting, cookie-less analytics. Privacy policy.
  • Hetzner: data center provider in Germany (EU-jurisdiction). Privacy policy.

Your rights (GDPR + CCPA)

If you live in the EU or California, you have the right to:

  • Know what personal data we hold on you. Request a copy from your dashboard or by emailing [email protected].
  • Correct any data that is inaccurate. Edit from your dashboard.
  • Delete your data. Permanent and instant from your dashboard.
  • Port your data. Export your saved brand voice profile and tool history as JSON.
  • Object to certain processing or withdraw consent.

We respond to all requests within 30 days. If you live elsewhere, we apply these same rights as our default operating policy.

Deleting your data

Sign in, go to Dashboard → Settings → Delete account. We immediately:

  • Cancel any active Premium subscription (no future charges).
  • Wipe your account record, brand voice profile, favorites, and tool usage history.
  • Forget your Stripe customer ID on our side (Stripe retains tax records per EU regulation).
  • Drop you from any future analytics aggregation.

If you cannot sign in, email [email protected] from the address on the account and we will verify and delete within 7 days.

Children

Molixa is not directed at children under 13 (under 16 in the EU). We do not knowingly collect data from children. If you believe a child has registered, email [email protected] and we will delete the account immediately.

Changes to this policy

If we materially change what we collect or how we use it, we will notify all account holders by email at least 30 days in advance and post a banner on the homepage. Cosmetic edits (rewording, fixing typos) are made silently with the “Last updated” date refreshed.

Contact

Privacy questions, deletion requests, or concerns: [email protected].

General contact: [email protected].

EU representative (per GDPR Art. 27): contact [email protected] for the appointed representative’s name and address.