Privacy Policy
Last updated: January 2026
1. CONTROLLER
Dualix Inc.
- Address: [Your Legal Address]
- VAT ID: [Your VAT ID]
- Email: privacy@dualix.io
- Phone: [Your Phone]
- Legal Representative: [Your Name]
Data Protection Officer (DPO): Email: dpo@dualix.io
2. WHAT DATA DO WE COLLECT?
We collect only data necessary to provide, maintain, and improve Dualix:
2.1 Account Data
- Full Name
- Email Address
- Phone Number (optional)
- Company/Organization
- Country of Residence
2.2 Configuration Data
- Language & Timezone
- Subscription Plan
- Privacy Settings
- Third-party Integrations
2.3 Usage Data (Analytics)
- Pages Visited
- Features Used
- Session Time
- Device & Browser
- IP Address
2.4 Transaction Data
- Payment History
- Invoices
- Billing Info
2.5 Communication Data
- Support Messages
- Issue Tickets
- Feedback Surveys
3. LEGAL BASIS
We process data under the following legal bases (GDPR Art. 6):
| Data | Legal Basis |
|---|---|
| Account Data | Consent (register) & Contract |
| Config Data | Contract |
| Usage Data | Consent (cookies) |
| Payment Data | Legal Obligation |
| Support | Consent |
4. HOW WE USE YOUR DATA
4.1 Mandatory Purposes
- ✅ Contract execution
- ✅ Security
- ✅ Fraud prevention
- ✅ Legal compliance
4.2 Legitimate Interests
- ✅ Service improvement
- ✅ Bug fixes
- ✅ Performance analysis
- ✅ Security updates
4.3 Marketing
- ✅ Newsletter (consent)
- ✅ New features
- ✅ Product updates
IMPORTANT: We do not automate or profile without explicit consent.
5. WE DO NOT SELL DATA
Dualix does not sell, rent, or monetize user data. Your business data belongs to you.
6. WHO WE SHARE DATA WITH
6.1 Service Providers
We share data with third parties only when necessary:
| Provider | Purpose | Location |
|---|---|---|
| AWS / Cloudflare | Hosting | EU / USA |
| Keycloak | Auth | EU |
| Stripe/Adyen | Payments | EU |
| SendGrid | Emails | USA |
6.2 Legal Requirements
We may disclose data if legally required.
6.3 M&A
In case of merger or acquisition, data may be transferred under same conditions.
7. DATA RETENTION
| Data | Retention |
|---|---|
| Active Account | Duration + 30 days |
| Logs | 90 days |
| Backups | 180 days |
| Payment Data | 7 years |
| Support | 3 years |
8. INTERNATIONAL TRANSFERS
Some data is processed in USA using Standard Contractual Clauses (SCC).
9. DATA SECURITY
- ✅ TLS/SSL Encryption
- ✅ AES-256 Encryption
- ✅ 2FA
- ✅ RBAC
- ✅ Audit Logs
- ✅ Backups
10. YOUR RIGHTS (GDPR)
You have the right to:
10.1 Access
Request copy of data.
Email privacy@dualix.io | 30 days
10.2 Rectification
Correct inaccurate data.
Settings Panel
10.3 Erasure
Request deletion.
Email privacy@dualix.io
10.4 Restriction
Restrict processing.
Email privacy@dualix.io
10.5 Portability
Download JSON/CSV.
User Panel
10.6 Objection
Object to marketing.
Unsubscribe link
10.7 Automation
We do not subject decisions to fully automated processing.
11. MINORS
Dualix is B2B. Not intended for minors under 16.
12. COOKIES
See Cookie Policy.
13. CHANGES
We may update this policy. Significant changes will be notified.
14. CONTACT
📧 privacy@dualix.io
📧 dpo@dualix.io
Spanish Data Protection Agency (www.aepd.es)
© 2026 Dualix Inc. All rights reserved.