Skip to content
Plixa
Join waitlist

Legal

Privacy Policy

Last updated: 2026-05-25

This Privacy Policy explains how Plixa ("we", "us") collects, uses, stores and shares personal data when you use our website at plixa.app or our SaaS product. We follow the GDPR (European Union), LGPD (Brazil) and CCPA (California) frameworks.

1. Who we are

Plixa is a SaaS for automated WhatsApp customer service. When you use Plixa to talk to your own customers, you are the controller of that data and Plixa is the processor.

2. Data we collect

  • Account data: name, email, password (hashed), company name, tax ID (CPF/CNPJ/VAT/EIN), country.
  • Billing data: handled exclusively by Stripe. Plixa never stores credit card numbers.
  • Customer data you process through Plixa: WhatsApp contacts, message contents, conversation metadata.
  • Technical data: IP address, browser fingerprint, activity logs. Stored hashed where possible.
  • Marketing data: emails you enter into our waitlist or newsletter forms.

3. Why we collect it (legal bases)

  • Performance of contract: deliver the SaaS service you signed up for.
  • Legitimate interest: AI-powered replies, aggregated analytics, fraud prevention.
  • Consent: marketing emails, integrations with third parties you authorize.

4. Subprocessors

We share data only with the subprocessors needed to run the service:

  • Anthropic — Claude API used for AI replies.
  • Stripe — billing and payment processing.
  • Cloudflare — CDN, DNS, TLS, edge caching.
  • Oracle Cloud Infrastructure — production hosting (São Paulo / United States).

Plixa never sells your personal data. Period.

5. Retention

Conversation history is retained for 12 months by default. Account owners can export or delete their tenant's data at any time. On cancellation, all data is purged 30 days after the cancellation date.

6. Your rights

Under GDPR, LGPD and CCPA you have the right to: access, correct, delete, port and restrict processing of your personal data. Contact [email protected] and we'll respond within 30 days.

7. Security

Data is encrypted at rest in our production database. Access is scoped per-tenant at the application and database layer. Internal access requires multi-factor authentication.

8. Cookies

plixa.app uses only first-party, strictly necessary cookies (session, CSRF). We do not run analytics or advertising cookies on the marketing site.

9. Changes to this policy

We will notify account owners by email when we make material changes. Continued use of the service after a change constitutes acceptance.

10. Contact

Privacy questions: [email protected]
Data Protection Officer: [email protected]