Complixo
Credibility Bureau
Fri · 17 Apr 2026 · Vol. I, No. 1
§PrivacyLast updated 15 Apr 2026

How we handle your data.

This page describes what data Complixo collects, what we use it for, how long we keep it, and what rights you have under the GDPR. It applies to everyone who uses complixo.com and to anyone who commissions a brand report or subscribes to our dashboards.

§ IWhat we collectAnd why

Account data. When you sign in, we store your email address, a Supabase user id, and timestamps of your sessions. We use this to authenticate you and to link you to your brand workspaces.

Brand request data. When you commission a report, we store the brand name, URLs, any materials you pasted in, and the email address we deliver the report to. This is the working material of the analysis.

Payment data. Payment is processed by Stripe. We receive the Stripe session id, the amount, and a confirmation that payment cleared. Card details never touch our servers.

Analytics. We log basic request data (URL, status code, anonymised IP) to operate the site and detect abuse. We do not run third-party trackers or advertising pixels.

§ IIHow we use itLawful basis

We use your data to run the analysis you commissioned, deliver the report, and keep your workspace working. For commissioned reports the lawful basis is contract performance (GDPR Art. 6(1)(b)). For operating the website the basis is legitimate interest (Art. 6(1)(f)).

No training data. Documents and URLs you upload are never used to train third-party models and never aggregated for any purpose other than your own report.

§ IIIRetentionHow long we keep it

Uploaded documents are auto-deleted 30 days after delivery of your report, unless you explicitly ask us to keep them for a follow-up. Delivered reports remain available via private magic link for as long as your account is active. Payment records are kept for seven years to comply with Dutch bookkeeping law.

§ IVYour rightsGDPR

You have the right to access the data we hold about you, request corrections, request deletion, and object to processing. To exercise any of these rights, write to contact@complixo.com. We answer within 30 days. If you are not satisfied with our response, you can file a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens).

§ VSub-processorsWho touches the data

Complixo uses the following sub-processors. All process data on our behalf under standard data-processing agreements.

Supabase — database and authentication (EU region).
Vercel — application hosting.
Stripe — payment processing.
Resend — transactional email delivery.
OpenAI & Anthropic — language-model APIs used inside the analysis pipeline, with zero-data-retention agreements where available.