Privacy Policy.

1. Introduction & Scope

Metrix Zenith X Artificial Intelligence (“MZX”) operates the Hector AI platform and related services. This policy explains how the organization collects, uses, shares, and protects information during service interaction.

The company acts as a data controller when you use the service directly. For B2B deployments, it may function as a processor under a Data Processing Addendum.

2. Key Definitions

• Customer Content: Documents, templates, prompts, and materials uploaded or created through the platform.
• Personal Information: Data identifying or reasonably linkable to you or your device.
• Portals: Web-based interfaces for accessing the service.

3. Information We Collect

A. User-Provided Information

Name, email, organization, job title, account credentials, payment details, billing address, purchase history, uploaded documents, RfPs, PowerPoint templates, brand assets, instructions, and communications sent through support channels.

B. Third-Party Sources

Information from authentication providers, marketing partners, and publicly available business data used for account enrichment.

C. Automatically Collected Data

IP address, browser type, operating system, referring URLs, pages visited, timestamps, device identifiers, feature usage patterns, session duration, navigation paths, and email interaction tracking.

D. Cookies & Similar Technologies

The service uses cookies for authentication, security, preferences, and analytics, detailed in a separate Cookie Notice.

4. How We Use Information

The organization processes data to:

• Operate and provide the service, including RfP processing and account management.
• Personalize experience by remembering preferences and usage patterns.
• Improve and develop services through usage analysis and diagnostics.
• Communicate via transactional notifications and, with consent, marketing messages.
• Ensure security and compliance through fraud detection and legal obligation fulfillment.

AI & Model Providers

Customer content may transmit to third-party providers (OpenAI, Anthropic, Google Cloud Vertex AI, Perplexity, Mistral) solely for request processing. The organization states: “we do not use Customer Content or Outputs to train foundation models by default; any such training would require your explicit opt-in.”

De-identified Data Usage

Aggregated or de-identified data may be used for analytics and benchmarking. Individuals may opt out by contacting privacy@mzx.ai.

Automated Decision-Making

AI-generated outputs serve as review tools and do not constitute automated decisions with legal effects. Users retain full control over output usage.

5. Legal Bases for Processing (EEA/UK)

Processing relies on contractual necessity for service delivery, legitimate interests for analytics and security, consent for marketing, and legal obligations for compliance.

6. How We Share Information

Data sharing occurs with service providers, enterprise organization administrators, business partners (with consent), corporate transaction participants, legal/governmental authorities, and other organizational account users where applicable.

7. Your Choices

Users may unsubscribe from marketing emails through message links. Transactional emails cannot be opted out. Cookie preferences can be managed through browser settings. Declining information provision may limit feature access.

8. Data Subject & U.S. State Rights

GDPR/UK GDPR Rights

Residents of the EEA or UK have rights to access, rectify, erase, restrict processing, object, port data, withdraw consent, and lodge complaints with supervisory authorities.

U.S. State Privacy Notice

Residents of states with applicable privacy legislation (California, Virginia, Colorado, Connecticut, Utah) have additional rights detailed in a separate notice.

9. International Transfers

Information may transfer to countries including the United States and UAE. Transfers outside EEA/UK rely on Standard Contractual Clauses or other valid mechanisms.

10. Security

Technical and organizational measures include encryption in transit and at rest, access controls, security assessments, and incident response. However, absolute security cannot be guaranteed.

11. Children

The service targets individuals 18 and older. The company does not knowingly collect information from minors and will delete such data upon discovery.

12. Retention

Default retention periods include:

• Uploaded documents: 360 days
• Generated content: 360 days or per customer setting
• Operational logs/telemetry: 24 months
• Billing records: 7 years (legal requirement)

Deletion requests can be submitted to privacy@mzx.ai.

13. How to Contact Us

Address: Metrix Zenith X Artificial Intelligence, IFZA Business Park, Dubai Silicon Oasis, Dubai, United Arab Emirates.

EU/UK representatives available via the contact email.

14. Changes to This Policy

Material changes will be notified via email or prominent notice, with updated effective dates. Continued service use constitutes acceptance of updates.

15. Supplemental Notices

Referenced documents include Cookie Notice, Subprocessor List, U.S. State Privacy Notice, and Data Processing Addendum.

Notice to European Users

Controller Identity

Metrix Zenith X Artificial Intelligence, IFZA Business Park, Dubai Silicon Oasis, Dubai, UAE. Contact: privacy@mzx.ai.

Rights Under GDPR/UK GDPR

Access, rectify, erase, restrict, object, port data, and withdraw consent. Responses provided within 30 days (extendable by two months for complex requests).

Automated Decision-Making

Outputs serve as review aids and do not constitute legally binding automated decisions.

Sensitive Data

The organization does not intentionally collect special categories of personal data. Terms prohibit uploading such information.

Complaint Rights

Individuals may lodge complaints with local data protection supervisory authorities.