Privacy Policy

Last updated: 19 May 2026 · Compliant with UK GDPR & Data Protection Act 2018

A1x ("we", "us") is the data controller for personal data processed in connection with our software-services products. We are committed to processing your data lawfully, fairly, and transparently.

1. Data we collect

Account & billing data

• Contact email address (provided by you at sign-up or when requesting a quote)
• Customer name / business name
• Panel subdomain identifier (chosen by you)
• Builder Portal access keys (generated by us; cryptographically random)
• Invoice references and payment confirmations from CryptoCloud (we do NOT receive your wallet address or transaction signing keys)

Branding data uploaded by you

• Brand assets (logos, background images, launcher icons, app names) uploaded through the Builder Portal, retained for as long as your account is active so we can rebuild your APK on demand

Service logs

• Standard web server access logs (IP address, user agent, request path, HTTP status, timestamp), retained for 30 days for fraud / abuse prevention, then automatically deleted
• Build job records (timestamp, build success/failure, output APK size), retained for 90 days

2. Why we collect it (lawful basis)

• Contract (Art. 6(1)(b) UK GDPR): account, billing, branding, and build-job data are necessary to deliver the service you have purchased.
• Legitimate interests (Art. 6(1)(f) UK GDPR): web server logs are retained for fraud and abuse prevention. We have balanced this against your privacy interests and consider it proportionate given the short retention window and the security benefit.
• Legal obligation (Art. 6(1)(c) UK GDPR): financial records associated with invoices are retained for the period required by UK tax law (currently 6 years).

3. Who we share data with

We do not sell, rent, or share your personal data with any third party for marketing purposes. The only third parties who process personal data on our behalf are:

• CryptoCloud OÜ — payment processing. See cryptocloud.plus for their privacy policy. They process the payment itself; we receive a confirmation reference.
• Contabo GmbH — server hosting. They provide the physical infrastructure on which our services run. No application data is shared with them beyond what is necessary to operate the servers.

We may disclose data if compelled by a valid court order, lawful regulatory request, or law-enforcement demand from a competent UK authority.

4. International transfers

Server infrastructure is located in the European Union (Germany). CryptoCloud OÜ operates from Estonia. Both jurisdictions have adequate data-protection regimes. No personal data is transferred outside the UK / EU / EEA in the course of normal operations.

5. How long we keep your data

• Account data: for the duration of your active subscription, plus 12 months after termination, then deleted (unless legally required to retain longer for tax purposes).
• Branding uploads: for the duration of your active subscription; deleted within 30 days of termination.
• Web server logs: 30 days.
• Build job records: 90 days.
• Invoice / financial records: 6 years (UK statutory requirement).

6. Your rights under UK GDPR

You have the right to:

• Access the personal data we hold about you;
• Rectify any inaccurate or incomplete data;
• Erase your data (subject to legal retention requirements above);
• Restrict processing of your data in certain circumstances;
• Object to processing based on legitimate interests;
• Portability — receive your data in a structured, commonly-used machine-readable format;
• Withdraw consent at any time (where processing is based on consent).

To exercise any of these rights, email support@a1x-panels.com from your registered contact address. We respond within 30 days.

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) — the UK supervisory authority — at ico.org.uk.

7. Cookies

This website does not use third-party tracking cookies or analytics. The Builder Portal at autobuild.a1x-panels.com uses one essential session cookie strictly for sign-in authentication; it is deleted when you sign out or when your browser session ends. We use a single localStorage flag to remember whether you have dismissed our cookie notice. We do not use any cookies for advertising, retargeting, or behavioural profiling.

8. Security

We protect personal data with industry-standard technical and organisational measures: HTTPS everywhere with strong TLS, encrypted storage of access-key hashes, restricted server access via SSH keys only, and timely patching of dependencies. No system is 100% secure; in the event of a personal-data breach affecting your data, we will notify you and the ICO within 72 hours as required by UK GDPR.

9. Changes to this Policy

Material changes to this Policy will be communicated to your registered email address at least 14 days before they take effect.

10. Contact (Data Controller)

For any privacy / GDPR question: support@a1x-panels.com
A1x — Operated from the United Kingdom