Solexi Trust Center

Privacy Policy (Solexi)

Last updated: 2026-03-20 Legal entity: Solexi.ai Inc. Jurisdiction: Canada / Québec
RPRP (Privacy Officer): Daniel Tanguay, CEO Email: [email protected] Address: 527 rue Lacasse, Terrebonne QC J6W 4Y7 Phone: +1-514-570-3074

Contents

Plain-language summary What to know quickly Scope Where this policy applies Personal information we collect What we handle Why we use it Purposes AI: use, consent, and choices How AI features work Legal basis By jurisdiction Retention and destruction How long we keep it Sharing with third parties Vendors / processors Security Protecting your data Your rights and choices Access, deletion, export Privacy incidents / breaches Notification & records Contact How to reach us

Plain-language summary

Solexi helps you organize and transmit your digital legacy. To provide the service, we must process certain personal information (e.g., account details, content you upload, transmission settings). This policy explains:

  • what we collect;
  • why we collect it;
  • how long we keep it;
  • who we share it with;
  • your choices and rights.
Key commitment: We do not sell your personal information. We do not use your vault content to train public AI models. Your data is processed only to deliver the services you request.

Scope

This policy applies to our website (solexi.ai), applications, and services (collectively, the "Services"), including all requests related to transmission to heirs and mandataries. It applies to all individuals whose personal information is processed by Solexi.ai Inc. in the course of its operations.

Personal information we collect

1) Information you provide

  • Account: email address, username, password (hashed with bcrypt), preferences, and — if you use SSO — authentication tokens issued by your identity provider.
  • Content: files and information you upload (photos, videos, documents, audio recordings) and metadata you add (titles, tags, relationships, notes).
  • Transmission settings: designation of heirs/mandataries, access rules, trigger conditions (inactivity, date, milestone), and scheduled messages.
  • Support: customer support messages, attachments, and any information you provide when contacting us.

2) Information collected automatically

  • Technical data: IP address, login timestamps, device type, browser type, session identifiers, and pages viewed — used for security and service delivery.
  • Cookies: We use essential cookies only (authentication session, CSRF protection). No advertising or behavioural tracking cookies are set. No third-party advertising pixels are present.
  • Analytics: Aggregate, anonymized usage metrics via a privacy-focused analytics tool. No personal identifiers are stored. You can opt out at any time via our cookie preference center.

3) Sensitive information

Some content you upload may be highly sensitive (e.g., financial documents, legal instruments, personal messages, voice recordings). We apply enhanced safeguards proportionate to sensitivity, including AES-256 encryption at rest and strict access controls (see our Security page).

Why we use this information (purposes)

We use your personal information to:

  • provide and secure the Services (account creation, authentication, access control);
  • store and organize your content according to your explicit instructions;
  • execute your transmission rules to heirs and mandataries at the time you specify;
  • process your requests, complaints, and rights requests;
  • detect and prevent fraud, abuse, and security incidents;
  • comply with legal obligations under applicable Canadian and Québec law;
  • improve service reliability and performance using aggregated, anonymized data.
We never use your vault content for advertising, marketing profiling, or AI model training without your explicit, separate consent.

AI: use, consent, and choices

AI-assisted features

Some optional features (e.g., content structuring assistance, search within your vault) may use AI processing. These features require your explicit opt-in consent. You may withdraw consent at any time from your account settings without affecting other services.

AI model training

Your vault content is not used to train public AI models. Any AI processing applied to your content operates on your data exclusively, within your vault, subject to your permissions. No vault content is shared with third-party AI providers for the purpose of training general models.

AI transparency

When an AI feature is active, it will be clearly identified in the interface. You will always be able to see what data was processed and disable the feature. Full details are in our AI Policy.

Retention and destruction

We retain personal information as long as necessary for the purpose collected, required by law, or as needed for security. Upon account deletion request, data is purged within the schedule below.

Category Retention period Basis Deletion method
Account credentials (email, hashed password) Until account deletion + 30 days Contract / service delivery Secure deletion from primary database; purged from backups within 90 days
Vault content (files, messages, documents) Until user deletes content or account Consent / service delivery Immediate removal from active storage; purged from backups within 90 days
Transmission settings (heirs, triggers) Until revoked by user or account deleted Consent Same as vault content
Security logs (login, access events) 90 days rolling Legitimate interest / security / Loi 25 Automatic rotation after 90 days
Support correspondence 3 years from last interaction Legal obligation / legitimate interest Secure deletion on schedule
Financial records (subscription, invoices) 7 years Canadian tax law (CRA requirements) Retained in encrypted, access-controlled archive
Waitlist / lead data Until opt-out or 2 years of inactivity Consent Deletion on request; auto-purge after 2 years

To request early deletion of any category, contact: [email protected] — we respond within 30 days.

Sharing with third parties (processors)

We share personal information only with vendors who process it on our behalf and under our instructions. We do not sell personal information. We do not share vault content with advertisers.

Category Purpose Data location Safeguards
Cloud infrastructure (hosting & storage) Compute, encrypted storage, CDN delivery Canada / United States Data processing agreement; standard contractual clauses for cross-border transfers; AES-256 encryption at rest
Transactional email Account verification, delivery trigger notifications, security alerts United States (EU SCCs applied) Data processing agreement; email list not used for marketing by vendor
Authentication provider (if SSO enabled) OAuth 2.0 / OpenID Connect token validation United States / Canada Standard contractual clauses; minimal data exchanged (token + email)
Privacy-focused analytics Aggregate usage metrics to improve reliability European Union / Canada No cookies; no personal identifiers; no cross-site tracking; GDPR-compliant by design
Payment processor (when billing goes live) Subscription billing and invoice management United States / Canada PCI-DSS compliant provider; Solexi does not store full card numbers

Transfers outside Québec / Canada

Some processors are located in the United States or the European Union. Before transferring personal information outside Québec, we conduct a Privacy Impact Assessment and apply appropriate safeguards (standard contractual clauses, or equivalent). You may request a copy of the applicable safeguards at: [email protected].

Full sub-processor list available on written request within 5 business days. We notify users of new processors within 30 days of engagement.

Security

We implement technical and organizational measures appropriate to the sensitivity of the information, including TLS 1.3 in transit, AES-256 at rest, role-based access control, TOTP MFA, audit logs, daily encrypted backups, and automated vulnerability scanning.

For full details, see our dedicated Security & Trust page, which documents all active controls, our 24-month security roadmap, and responsible disclosure policy.

Your rights and choices

Subject to applicable law, you have the right to:

  • Access your personal information and receive a copy in a structured format;
  • Correct inaccurate or incomplete information;
  • Delete your personal information (subject to legal retention obligations);
  • Export your vault content as a portable ZIP archive at any time;
  • Withdraw consent at any time for any purpose based on consent, without affecting past processing;
  • Object to processing based on legitimate interests;
  • Lodge a complaint with the Commission d'accès à l'information du Québec (CAI) or applicable supervisory authority.
To exercise a right: Email [email protected] with subject line "Privacy Rights Request" — we respond within 30 calendar days. We may request identity verification before acting on the request.

Cookie preferences

We use essential cookies only (authentication session, CSRF token). No preference center is required, but you may disable cookies in your browser settings — note that disabling session cookies will prevent login. We do not use advertising or cross-site tracking cookies.

Privacy incidents / breaches

If a privacy incident occurs that presents a real risk of serious harm (under Loi 25, Québec) or a real risk of significant harm (under PIPEDA), we will:

  • Notify the Commission d'accès à l'information (CAI) within 72 hours of confirming a serious incident;
  • Notify affected individuals as required by law, without undue delay;
  • Maintain a confidential incident register as required by Loi 25;
  • Document root cause, corrective actions, and outcome in the register.
To report a suspected incident: Email [email protected] — triaged within 24 hours.

Contact

Privacy Officer (RPRP)

  • Name: Daniel Tanguay
  • Role: CEO & Founder — Responsable de la protection des renseignements personnels
  • Email: [email protected]
  • Phone: +1-514-570-3074
  • Address: 527 rue Lacasse, Terrebonne, QC J6W 4Y7, Canada

Other contacts