Privacy Policy

Last Updated: April 9, 2026

1. Introduction

Philonexia ("Company," "we," "us," or "our") operates the www.philonexia.com website (the "Service"). This Privacy Policy explains our data practices and your privacy rights under the General Data Protection Regulation (GDPR) and other applicable laws.

We are committed to protecting your personal data and respecting your privacy. This policy describes how we collect, use, disclose, and safeguard your information.

2. Data Controller

Company Name: Philonexia

Contact Email: contact@philonexia.com

Website: www.philonexia.com

Philonexia is the data controller responsible for your personal information. When you contact us, please reference this Privacy Policy.

3. What Data Do We Collect?

3.1 Information You Provide Directly

• Account Information: Name, email address, phone number, country of residence
• Payment Information: Payment method details (processed securely through Stripe)
• Communication: Messages sent through our chatbot or contact forms
• Profile Data: Investment preferences, property interests, communication preferences

3.2 Information Collected Automatically

• Device Information: Device type, operating system, browser type and version
• IP Address: Your IP address and approximate geolocation
• Usage Data: Pages visited, time spent, interaction patterns, clicks, searches
• Cookies & Tracking: See section 9 for detailed information

3.3 Data from Third Parties

• Stripe: Payment processing information
• Supabase: Database storage and authentication logs
• OpenAI: Chatbot interaction logs (anonymized where possible)
• Google Analytics: Aggregated usage statistics

4. Legal Basis for Processing (GDPR)

We process your personal data based on the following legal bases:

• Contract Performance: Processing necessary to provide investment services (Article 6(1)(b) GDPR)
• Legal Obligation: Compliance with financial regulations and AML/KYC requirements (Article 6(1)(c) GDPR)
• Consent: For marketing communications and non-essential cookies (Article 6(1)(a) GDPR)
• Legitimate Interest: For security, fraud prevention, and service improvement (Article 6(1)(f) GDPR)

5. Data Retention Policy

• Account Data: Retained while your account is active and for 7 years after closure (for financial compliance)
• Payment Information: Retained for 7 years per financial regulations
• Chatbot Logs: Retained for 12 months, then anonymized
• Analytics Data: Retained for 26 months, then aggregated
• Marketing Data: Retained until you unsubscribe

6. Third-Party Service Providers

6.1 OpenAI (Chatbot)

Purpose: AI-powered customer support and investment advice

Data Shared: Messages, queries, and conversation context

Privacy: OpenAI Privacy Policy

6.2 Stripe (Payment Processing)

Purpose: Secure payment processing and transaction management

Data Shared: Payment method details (never stored on our servers)

Privacy: Stripe Privacy Policy

6.3 Supabase (Database & Authentication)

Purpose: Secure data storage, authentication, and account management

Data Shared: Account information, preferences, transaction records

Privacy: Supabase Privacy Policy

6.4 Google Analytics

Purpose: Website usage analytics and improvement

Data Shared: Aggregated usage data, device information (IP anonymized)

Privacy: Google Analytics Privacy

7. Your GDPR Rights

Under the GDPR, you have the following rights regarding your personal data:

7.1 Right of Access

You have the right to request a copy of all personal data we hold about you in a structured, commonly-used, machine-readable format.

7.2 Right to Rectification

You can request that we correct any inaccurate or incomplete personal data.

7.3 Right to Erasure ("Right to be Forgotten")

You may request deletion of your personal data, subject to legal retention requirements for financial compliance.

7.4 Right to Restrict Processing

You can request that we limit how we process your data in certain circumstances.

7.5 Right to Data Portability

You can request your data in a structured, commonly-used format to transfer to another service provider.

7.6 Right to Object

You can object to marketing communications, profiling, and processing based on legitimate interest.

7.7 Right to Withdraw Consent

If we process your data based on consent, you can withdraw that consent at any time by updating your Data Rights page.

8. Data Security

We implement industry-standard security measures to protect your data:

• SSL/TLS encryption for data in transit
• AES-256 encryption for data at rest
• Regular security audits and penetration testing
• Access controls and role-based permissions
• Secure password storage with hashing
• Payment card data handled by PCI-DSS compliant providers

While we strive to protect your data, no method of transmission is 100% secure. Report any security concerns to contact@philonexia.com.

9. Cookies & Tracking Technologies

9.1 Types of Cookies We Use

• Essential Cookies: Required for website functionality (always active)
• Analytical Cookies: Google Analytics - understand user behavior (requires consent)
• Marketing Cookies: Track across websites for targeted advertising (requires consent)
• Functional Cookies: Remember preferences and settings (requires consent)

9.2 Cookie Management

You can manage your cookie preferences through our Cookie Banner that appears on first visit. You can update preferences anytime through your account settings or by visiting the Cookie Settings page.

9.3 Do Not Track

Our website respects "Do Not Track" browser signals. If you enable this setting, we will not process analytics cookies.

10. Changes to This Privacy Policy

We may update this Privacy Policy periodically. We will notify you of significant changes via email or by posting a notice on our website. Your continued use of the Service constitutes acceptance of changes.

11. Contact Us & Data Rights Requests

To exercise your GDPR rights or if you have privacy questions, please contact us:

Philonexia Data Protection Team
Email: contact@philonexia.com
Website: www.philonexia.com
Response Time: We respond to all data rights requests within 30 days (GDPR requirement)

Data Rights Requests: You can also submit formal data rights requests through our Data Rights Portal for expedited processing.