Privacy Policy
Version 2026-05-01 · Last updated 2026-05-01
This Privacy Policy describes how RBV Media LLC ("we", "us", "our") collects, uses, and protects information when you use Alex (the "Service"). It applies to the Alex desktop application, the hosted dashboard at app.withalex.ai, and any related backend services.
1. Information we collect
- Account information — email address, business name, and tenant slug provided during onboarding.
- Configuration data — automation preferences, connected integrations (Slack, Meta, Google, etc.), API keys you provide for those integrations, budget caps, and skill preferences.
- Operational data — chat conversations with Alex, files you upload, prompts you submit, and outputs Alex generates on your behalf. This data is stored to provide context across sessions.
- Telemetry — heartbeat checks, license validation, cost tracking (token usage and dollar amounts), error logs. Limited to operational data needed to keep the Service running.
- Acceptance audit trail — when you accept these terms, we record the version, timestamp, and originating IP address as a weak audit signal.
2. How we use your information
- To provide, maintain, and improve the Service.
- To send relevant operational notifications (license, billing, security).
- To run the integrations you've configured (e.g., post to Slack on your behalf, fetch ad data from Meta) using credentials you've explicitly provided.
- To monitor for abuse, fraud, or breach of our Terms.
- To diagnose service issues and improve product quality.
We do not sell your data. We do not use your operational data to train language models. We do not share your data with third parties except the service providers listed below who help us operate the Service.
3. Third-party service providers
Operating Alex requires routing certain data through these providers. Each is contractually committed to data-protection standards through their published terms. We do not control them and their handling of your data is governed by their own privacy policies.
- Anthropic — language model provider. Your prompts and Alex's generated responses are sent to Anthropic to be processed. Anthropic states it does not train on commercial API traffic by default. See anthropic.com/legal/privacy.
- Upstash — Redis database provider, stores tenant configuration and operational state at rest. Encrypted at rest by default. See upstash.com/trust.
- Railway — hosts our backend services and the auto-update endpoint. See railway.com/legal/privacy.
- GitHub — hosts our software releases that customers download for auto-update.
- Stripe — payment processing for subscriptions. We do not store your full card number; Stripe holds the payment method.
- OpenAI — additional AI/code-generation tasks; receives prompts and business context needed for those tasks.
- Composio and Pipedream — connector brokers that manage OAuth authorization and relay data to and from the integrations you enable (e.g., CRM, email, calendar, ads).
- Resend and AgentMail — send and receive email on your behalf (transactional email, and inbound/ outbound messages you direct Alex to handle).
- Telegram — delivers operator approval notifications, which may include message drafts and action details for review.
- Apify and Apollo — web-data collection and contact enrichment, when you direct Alex to research or enrich contacts.
- fal and ElevenLabs — image generation and voice/transcription, when you use those features.
- Integration partners you configure — Slack, Meta, Google, etc. — receive scoped credentials and data only as you have explicitly enabled.
4. Data retention
We retain operational data while your subscription is active and for up to 30 days after cancellation to allow reactivation. After that grace window, scheduled purge jobs remove tenant data (chat history, configuration, integration credentials). Audit logs and accounting records may be retained longer where required by law.
5. Your rights
- Access — you may request a copy of the personal data we hold about you by emailing support@withalex.ai.
- Correction — most account information is editable directly in the dashboard; for anything else, email us.
- Deletion — you may delete your account at any time from Settings or by emailing us. Deletion marks the account for purge with a 30-day grace window for reactivation. After that, your operational data is purged.
- Portability — we will export your operational data in JSON on request.
If you are in the EU/UK, you have rights under GDPR including the right to lodge a complaint with a supervisory authority. If you are in California, you have rights under the CCPA. Contact us for any of the above.
6. Security
We use TLS for data in transit, leverage Upstash's encryption-at-rest for stored data, scope API keys per tenant where supported, and gate administrative interfaces with strong authentication. No system is fully secure; we make commercially reasonable efforts but cannot guarantee that data will not be intercepted or compromised.
7. Children's privacy
Alex is a B2B product not intended for individuals under 16. We do not knowingly collect data from children.
8. Changes
We may update this policy. When we do, we'll bump the version string above and the desktop application will prompt you to review.
9. Contact
Privacy questions: support@withalex.ai.
This policy is provided as a starting framework reflecting our current data practices. It is not legal advice. A formal legal review pass is queued; substantive changes will bump the version and trigger re-acceptance.