Data Architecture

Privacy Policy.

Document Version: 1.1
Effective Date: February 11, 2026
Controller: Dalexor

This Privacy Policy describes how Dalexor ("we", "us", "our") collects, uses, and discloses your information when you use the Dalexor MI platform. We are committed to the concept of Data Sovereigntyโ€”the belief that your code intelligence belongs to you.

Dalexor Pay SRL Strada Episcop Ioan Alexi nr 16 Oradea, Bihor County, 410130, Romania CUI: 37851685 Registration Number: J05/1822/2017

1. INFORMATION WE COLLECT

1.1 Information You Provide

  • **Account Information:** Email address, password (hashed), and billing details.
  • **Profile Data:** Developer alias, organization name, and team member roles.

1.2 Automated Collection (The Sentinel)

  • **Metadata Signals:** Filenames, file sizes, modify timestamps, and language types.
  • **Code Snippets (Protected):** We ingest code chunks to generate architectural insights. These are processed locally or in volatile memory where possible and encrypted before persistence.
  • **Vector Embeddings:** High-dimensional semantic representations of your code logic.
  • **Usage Analytics:** CLI command frequency and error rates (for system stability).

Encryption Architecture: Data is protected based on your subscription tier:

  • Neural Vault (Professional/Sovereign): Mandates a `DX_TEAM_SECRET` for full End-to-End Encryption (E2EE). We possess no decryption keys; data is unreadable by Dalexor employees or systems without your local vault handshake.
  • Standard Encryption (Power User/Standard): Data is protected via industry-standard TLS 1.3 in transit and AES-256 at rest. These tiers use automatic privacy scrubbing to redact identified secrets before indexing.

2. HOW WE USE YOUR INFORMATION

We process your data under the following legal bases: (a) Performance of a Contract; (b) Legitimate Interest in improving system security; (c) Compliance with Legal Obligations.

  • To provide the Service: Storing architectural history, retrieving context for your IDE.
  • To facilitate billing and tax compliance (Romanian Law).
  • To protect against malicious entropy flooding or unauthorized access.
  • **Conflict Prediction:** AI-driven analysis to identify architectural drift.

Data Isolation: We DO NOT use your proprietary code or architectural data to train our foundation models for other customers. Your data environment is cryptographically isolated.

3. DATA STORAGE AND SECURITY

3.1 Security Measures

We employ industry-standard **Symmetric Authenticated Encryption** for sensitive data at rest and Secure TLS for data in transit. Access to production databases is restricted to essential maintenance personnel via hardware-based MFA.

3.2 Data Breach Notification

In accordance with GDPR, we will notify the Romanian National Supervisory Authority (ANSPDCP) within 72 hours of discovering a personal data breach, and notify affected users without undue delay where required.

4. INTERNATIONAL TRANSFERS

Our primary infrastructure is in the EU. However, we use subprocessors (Supabase, Hetzner) that may have operations in the US or globally. We rely on standard contractual clauses (SCCs) and adequacy decisions to ensure GDPR compliance for cross-border transfers.

5. COOKIES & TRACKING

We use essential cookies for authentication and CSRF protection. We may use anonymous analytics cookies to improve system performance. You can control these via your browser settings.

6. THIRD-PARTY PROCESSORS

We utilize the following subprocessors:

  • **Supabase:** Database and Auth hosting (AWS EU-West).
  • **Hetzner:** Private Server Hosting (EU Locations).
  • **Groq:** AI Inference for architectural analysis (US).
  • **Paddle:** Payment processing.

7. B2B & ENTERPRISE

7.1 Data Processing Agreement (DPA)

For Enterprise customers, we offer a signed Data Processing Agreement (DPA) adhering to EU SCCs. Contact support@dalexor.com to request a copy.

7.2 Disaster Recovery

We perform daily encrypted backups of all vector indices. In the event of a catastrophic failure, our RPO (Recovery Point Objective) is 24 hours.

8. YOUR RIGHTS (GDPR)

You have the right to:

  • **Access & Rectification:** View and correct your data via the Dashboard.
  • **Erasure:** Request deletion of your account and all vaults.
  • **Portability:** Export your architecture graph in JSON format.
  • **Restriction:** Limit how we process your data.
  • **Marketing Opt-out:** Unsubscribe from non-essential emails at any time.

9. CHILDREN'S PRIVACY

Our Service is intended for professionals. We do not knowingly collect data from anyone under the age of 16. If we become aware that a child has provided us with Personal Data, we will delete it.

10. DATA RETENTION

We retain operational data as long as your account is active. Upon termination, data is deleted after a 30-day grace period, unless required for legal/tax obligations (typically 10 years for invoices).

11. CONTACT US

If you have questions about this Privacy Policy or wish to exercise your GDPR rights, please contact our Data Protection Officer:

  • Email: support@dalexor.com
  • Post: Dalexor, Strada Episcop Ioan Alexi nr 16, Oradea, Bihor, Romania