Effective March 24, 2026
This policy applies to anyone who uses the Semavex platform, visits the Semavex website, or submits a report request through any supported channel. It covers all plans, including free trials and paid subscriptions.
Semavex is an AI reporting platform that connects to customer databases and generates reports through Vexon, its built-in AI engine. This policy explains what information Semavex collects, how that information is used, and what rights you have regarding your data.
Semavex does not sell personal information to any third party. This applies to all users regardless of location.
Semavex collects the minimum information necessary to deliver its reporting service, maintain accounts, and improve the product. The categories below describe each type of information and how it is handled.
When you register, Semavex collects your name and email address. This information is used for account management, authentication, and transactional emails such as report delivery notifications and password resets. Your name and email are stored in the Semavex metadata database and are never shared with other customers.
To generate reports from your data, Semavex requires connection credentials for your database. These credentials are encrypted at rest using a dedicated encryption key and are used solely to establish a connection to your own database. Credentials are never shared with third parties, never logged in plaintext, and never accessed by Semavex staff without explicit authorization from you.
When Vexon generates a report, it reads data directly from your connected database. This data is processed in memory to build the report output. Once the report is delivered to you, the underlying query results are discarded. Semavex does not copy, cache, or persist your raw database content in its own storage.
When Vexon generates a report, the data read from your database is used in memory and discarded after delivery. Semavex does not persist query results to its own database.
Semavex tracks feature usage, report frequency, and scheduling activity to understand how the product is used and where improvements are needed. This data is associated with your account internally but is never sold to third parties or used for advertising purposes.
All payment processing is handled by Stripe. When you subscribe to a paid plan, Stripe collects your billing name, email, and payment method. Semavex does not store credit card numbers, bank account details, or any other payment credentials on its own servers. Stripe is PCI DSS Level 1 certified, the highest level of compliance in the payment industry.
Semavex uses collected information to provide and maintain the reporting service. This includes connecting to your database, generating reports, delivering results, and managing your account settings and preferences.
Semavex may send you transactional communications by email or SMS. These include report delivery confirmations, scheduled report notifications, account security alerts, and service announcements. You can manage your notification preferences from your account settings.
Payment information submitted through Stripe is used exclusively to process subscription charges and handle billing inquiries. Semavex does not use payment data for any other purpose.
Aggregated usage analytics help the Semavex team identify popular features, detect performance issues, and prioritize product improvements. Individual analytics are never shared externally.
In limited circumstances, Semavex may use or disclose information where required by law, such as in response to a valid court order or to comply with applicable regulatory obligations.
Semavex relies on a small number of third-party services to operate. Each service receives only the data necessary for its specific function.
Stripe handles all payment processing for Semavex subscriptions. It receives your billing name, email address, and payment method. Stripe operates under its own privacy policy and is PCI DSS Level 1 certified.
Microsoft Azure provides cloud hosting infrastructure for the Semavex platform. Azure acts as a data processor under a Data Processing Agreement (DPA) with Semavex. All data is stored in the region selected during your account setup.
Resend handles email delivery for Semavex. It receives recipient email addresses and the content of emails sent on your behalf, such as report deliveries and account notifications.
ClickSend provides SMS delivery for Semavex notifications. It receives recipient phone numbers and the content of SMS messages, such as scheduled report alerts.
Account information, including your name and email, is retained for the duration of your active account. If you close your account, Semavex retains this data for 30 days to allow for reactivation, after which it is permanently deleted.
Database connection credentials are deleted immediately when you remove a connection from your account. If you close your account, all stored credentials are deleted as part of the account closure process.
Individual usage analytics are retained for 12 months from the date of collection. After that period, analytics are aggregated into anonymized statistics and the individual records are deleted. Aggregated data may be retained indefinitely.
Billing records processed through Stripe are retained for 7 years to comply with tax and financial reporting requirements.
Report content and query results are never retained. Data read from your database during report generation is processed in memory and discarded once the report is delivered.
All data transmitted between your browser and the Semavex platform is encrypted in transit using TLS. Data stored on Semavex servers is encrypted at rest using AES-256 encryption.
Database connection credentials receive an additional layer of protection through a separate encryption key that is managed independently from the primary storage encryption. Access to this key is restricted to the connection service and is not available to other parts of the application.
Internal access to customer data is restricted on a need-to-know basis. Semavex staff do not access customer databases or credentials without explicit written authorization. Professional tier accounts benefit from additional isolation measures at the infrastructure level.
Despite these measures, no system is completely immune to security incidents. In the event of a data breach that affects your personal information, Semavex will notify affected users by email within 72 hours of confirming the breach, in accordance with applicable law.
If you are located in Canada, you have specific rights under the Personal Information Protection and Electronic Documents Act (PIPEDA).
You have the right to request a copy of the personal information Semavex holds about you. To make an access request, send an email to privacy@semavex.ai. Semavex will respond within 30 days of receiving your request.
If any personal information Semavex holds about you is inaccurate or incomplete, you have the right to request a correction. Send your correction request to privacy@semavex.ai with details of the information that needs to be updated. Semavex will process corrections within 30 days.
You may withdraw your consent to the collection, use, or disclosure of your personal information at any time by contacting privacy@semavex.ai. Withdrawing consent may limit or prevent Semavex from providing certain services to you. Semavex will explain the consequences before processing your withdrawal.
If you believe Semavex has handled your personal information improperly, you have the right to file a complaint with the Office of the Privacy Commissioner of Canada at priv.gc.ca. Semavex encourages you to contact privacy@semavex.ai first so the issue can be resolved directly.
If you are a California resident, you have specific rights under the California Consumer Privacy Act (CCPA).
You have the right to know what personal information Semavex collects about you, the categories of sources from which it is collected, the business purpose for collecting it, and the categories of third parties with whom it is shared. To exercise this right, email privacy@semavex.ai. Semavex will respond within 45 days of receiving your request.
You have the right to request deletion of the personal information Semavex has collected about you. Some information may be retained where required by law, such as billing records for tax compliance. To request deletion, email privacy@semavex.ai. Semavex will respond within 45 days.
Semavex does not sell personal information to any third party. Since no sale occurs, there is no need to submit an opt-out request. However, if this practice ever changes, Semavex will provide a clear opt-out mechanism and update this policy accordingly.
Semavex will not discriminate against you for exercising any of your CCPA rights. You will not receive a different level of service, different pricing, or a degraded experience as a result of making a privacy request.
Semavex is not directed at children under the age of 13. The platform does not knowingly collect personal information from children. If Semavex becomes aware that it has collected information from a child under 13, that information will be deleted promptly. If you believe a child has provided personal information to Semavex, please contact privacy@semavex.ai so the matter can be addressed.
Semavex may update this privacy policy from time to time to reflect changes in practices, services, or legal requirements. When a material change is made, registered users will be notified by email at least 14 days before the change takes effect. The effective date at the top of this page will be updated to reflect the most recent revision.
If you have questions about this privacy policy or want to exercise any of your rights, contact the Semavex privacy team at privacy@semavex.ai. Requests from Canadian residents under PIPEDA will receive a response within 30 days. Requests from California residents under the CCPA will receive a response within 45 days.