legal · 01

Privacy Policy.

effective April 20, 2026 aqnex, inc. · delaware, usa
summary
We collect the data needed to verify your business, distribute it to authorized AI partners, and run our service. You control what is published, what stays AI-only, and what stays private. We do not sell your personal information.

01 Who we are

This Privacy Policy is issued by aqnex, inc., a Delaware corporation with principal place of business in the United States ("aqnex," "we," "us," or "our"), and applies to the websites located at aqnex.com and its subdomains, the public directory at aqnex.com/directory, the administrative application at aqnex.com/app, our APIs, embedded widgets, and any related services we offer (collectively, the "Service").

For purposes of the EU and UK General Data Protection Regulation ("GDPR" and "UK GDPR"), aqnex is the controller of personal data we collect about visitors to our websites, prospects, applicants, and end users of the public directory. With respect to personal data that our business customers ("Customers") submit, configure, or instruct us to process through the Service, aqnex acts as a processor on behalf of the Customer; the Customer is the controller of that data, and the Data Processing Addendum governs that processing.

02 Information we collect

Information you provide directly

  • Account information. Name, business email, phone number, password (hashed), profile photo, role, and the business you represent.
  • Business profile content. The information you submit about your business or organization, including name, legal entity, address, hours, services, descriptions, license numbers, certifications, imagery, contact methods, owner identity, social handles, payment processors, insurance, languages spoken, accessibility features, and any other fields you choose to populate.
  • Verification materials. Government-issued identifiers, business registration documents, license screenshots, utility bills, domain control records, signed letters, or other artifacts you submit to prove ownership or licensure.
  • Billing information. Card brand and last four digits, billing address, tax identifiers, and invoice history. Full payment card numbers are processed by our payment processor and are not stored by aqnex.
  • Communications. The content of emails, chat messages, support tickets, feedback, survey responses, and any other communications you send to us.

Information collected automatically

  • Usage data. Pages viewed, features used, search queries inside the Service, referring URLs, interaction events, performance timing, error reports, and approximate session duration.
  • Device and connection data. IP address, browser type and version, operating system, device type, language preferences, time zone, and screen resolution.
  • Cookies and similar technologies. See our Cookie Policy for details about session cookies, preference cookies, and privacy-preserving analytics.

Information we receive from third parties

  • Public records and registries. Licensing boards, secretary-of-state filings, court records, and other government sources used to verify the businesses listed in our directory.
  • Authorized integrations. When you connect a third-party tool (e.g., a POS, calendar, CRM, or scheduler), we receive the data fields you authorize that integration to share, scoped to the purpose you select.
  • AI partner telemetry. When our partners attribute an answer to a verified aqnex record, we receive aggregated mention counts, query categories, and approximate geography. We do not receive identifiers of the individual end user who issued the query.
  • Identity providers. If you sign in with Google, Microsoft, or another provider, we receive the basic profile fields you authorize that provider to share.

03 How we use information

We use personal data to:

  • Operate, maintain, secure, and improve the Service.
  • Verify business identity, ownership, licensure, and continued eligibility.
  • Distribute the fields you have designated as Public or AI-only to our authorized AI partners, in accordance with the Data Use Policy.
  • Detect, prevent, and respond to fraud, abuse, security incidents, and unlawful activity.
  • Process payments, calculate taxes, and issue invoices.
  • Communicate with you about your account, service changes, security alerts, and other operational matters.
  • Send marketing communications about aqnex products and features (you may opt out of marketing at any time).
  • Generate aggregated, deidentified statistics about how the Service is used.
  • Comply with applicable law, legal process, and enforceable government requests.

04 Legal bases (EEA, UK, Switzerland)

Where the GDPR or UK GDPR applies, we rely on one or more of the following legal bases to process personal data:

  • Contract. To provide, support, and administer the Service you have requested, and to take pre-contractual steps you ask us to take.
  • Legitimate interests. To secure the Service, prevent misuse, conduct analytics necessary to operate and improve the Service, communicate with our customers about features and updates, and enforce our terms — provided those interests are not overridden by your rights.
  • Consent. For non-essential cookies, optional marketing emails, sensitive categories of data where required, and other situations where consent is the only lawful basis.
  • Legal obligation. To comply with tax, accounting, anti-money-laundering, and other statutory obligations.

05 When and how we share information

Service providers (sub-processors)

We share personal data with vendors who help us operate the Service (cloud hosting, managed databases, observability, transactional email, payment processing, identity and fraud signals, customer support, analytics). Each vendor is bound by written contractual obligations to process personal data only on our documented instructions and to implement appropriate technical and organizational safeguards. Our current list of sub-processors is published in Annex III of the Data Processing Addendum.

AI partners and the public directory

Fields you have classified as Public are published in the aqnex directory and delivered to authorized AI partners; fields classified as AI-only are delivered to authorized AI partners but not published in the public directory; fields classified as Private are not shared with any AI partner or directory consumer. Each AI partner is contractually prohibited from re-selling, retraining foundation models on, or otherwise repurposing aqnex-provided data outside the agreed citation, retrieval, and attribution use cases.

Compliance, safety, and legal process

We may disclose personal data where we have a good-faith belief that disclosure is necessary to comply with applicable law, valid legal process, or an enforceable government request; to enforce our agreements; to protect the rights, property, or safety of aqnex, our users, or others; or to detect, prevent, or address fraud, security, or technical issues.

Corporate transactions

If aqnex is involved in a merger, acquisition, financing, reorganization, bankruptcy, or sale of assets, personal data may be transferred as part of that transaction, subject to standard confidentiality protections and continued application of this Policy or a substantially similar successor policy.

With your direction

We share personal data with third parties when you direct us to (for example, by connecting an integration, generating a public link, or authorizing a webhook).

06 International data transfers

aqnex is headquartered in the United States and operates infrastructure in multiple countries. When we transfer personal data from the European Economic Area, the United Kingdom, or Switzerland to a country that is not subject to an adequacy decision, we rely on appropriate safeguards, including the European Commission's Standard Contractual Clauses (Module 2 or 3, as applicable), the UK International Data Transfer Addendum, and supplementary technical measures such as encryption in transit and at rest. A copy of the SCCs we use may be obtained by writing to privacy@aqnex.com.

07 Data retention

We retain personal data for as long as your account is active and for the period reasonably necessary thereafter to comply with our legal obligations, enforce our agreements, resolve disputes, and operate backups. Specific retention periods include:

Category Default retention
Active account and profile data Lifetime of the account
Closed-account profile data Up to 90 days, then deleted or anonymized
Verification documents 13 months after last verification
Billing and tax records 7 years (statutory)
Server, security, and audit logs 13 months
Encrypted backups 35 days rolling

Where you exercise a deletion right, we will honor it within the timeframes required by applicable law. Backups are deleted on their normal rolling schedule.

08 Your rights

Depending on where you live, you may have the following rights with respect to personal data we hold about you:

  • Access. Request a copy of the personal data we hold about you.
  • Rectification. Ask us to correct inaccurate or incomplete data.
  • Erasure. Ask us to delete personal data, subject to legal exceptions.
  • Restriction. Ask us to limit how we process your personal data.
  • Portability. Receive your personal data in a structured, commonly used, machine-readable format.
  • Objection. Object to processing based on legitimate interests, including for direct marketing.
  • Withdraw consent. Where we rely on consent, withdraw it at any time without affecting prior processing.
  • Lodge a complaint. File a complaint with your local supervisory authority.
  • Non-discrimination. Exercise your privacy rights without receiving discriminatory treatment.

U.S. state-specific rights (California, Colorado, Connecticut, Virginia, Utah, and other applicable states)

Residents of these states have additional rights to know, access, correct, delete, and port their personal information; to opt out of "sale" or "sharing" (as those terms are defined under applicable law); to limit the use of sensitive personal information; and to be free from retaliation for exercising these rights. aqnex does not sell personal information for monetary consideration. We do not knowingly process the personal information of consumers under 16 years of age for sale or sharing without affirmative authorization. To exercise any of these rights, write to privacy@aqnex.com or use the in-product privacy controls in your dashboard.

09 Security

We maintain administrative, technical, and physical safeguards designed to protect personal data against unauthorized access, accidental loss, alteration, or destruction. These include encryption in transit (TLS 1.2+) and at rest (AES-256), least-privilege access controls, mandatory single sign-on with multi-factor authentication for employees, code review, dependency scanning, vulnerability management, audit logging, regular penetration testing, and an incident response program. No method of transmission or storage, however, is fully secure, and we cannot guarantee absolute security.

10 Children

The Service is not directed to children under the age of 16, and we do not knowingly collect personal information from children under 16. If you become aware that a child has provided us with personal information without parental consent, please contact us and we will take steps to delete that information.

11 Automated decision-making

We use automated systems to detect spam, fraud, abuse, and policy violations, and to rank and weight verified business profiles for inclusion in AI partner outputs. These systems do not, on their own, produce legal or similarly significant effects on individuals. You may request human review of any automated decision that materially affects you by writing to privacy@aqnex.com.

12 Third-party services

The Service may contain links to, or integrations with, websites, applications, and services operated by third parties. This Policy does not apply to those third parties. We encourage you to review the privacy policies of any third-party service before you provide it with personal data.

13 Changes to this Policy

We may update this Policy from time to time. The "Effective" date at the top reflects the most recent revision. If we make material changes, we will provide notice through the Service or by email at least 14 days before the change becomes effective. Your continued use of the Service after the effective date constitutes acceptance of the updated Policy.

14 Contact us

If you have questions about this Policy, our data practices, or your rights, write to:

  • Email — privacy@aqnex.com
  • Data Protection Officer — dpo@aqnex.com
  • EU representative — eu-rep@aqnex.com
  • UK representative — uk-rep@aqnex.com
  • Postal — aqnex, inc., 10901 Danka Circle N Suite B, St Petersburg, FL 33701, USA

We aim to respond to verified privacy requests within 30 days. If you are not satisfied with our response, you may lodge a complaint with your local data protection authority or the U.S. state attorney general where you reside.

related documents
Terms of Service Data Use Policy Data Processing Addendum Cookie Policy