Privacy Policy

1. About this policy

This privacy policy explains how we handle personal information collected through the Hixel platform — including the marketing site at get.hixel.space, the My admin portal at my.hixel.space, customer-managed sites we host on behalf of our customers, the messaging channels (SMS, WhatsApp, email) we operate on our customers' behalf, the AI-assisted features that draft and review content within those channels, and the integrations we run against third-party services for our customers.

It is written to align with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). For visitors located in the European Union or the United Kingdom, we also observe the GDPR and UK GDPR where they apply to the processing described below.

2. Who is responsible for your information

For information you provide to Hixel directly — including when you sign up for an account, contact us, browse get.hixel.space, or use the My admin portal — Hexonova Pty. Ltd. is the data controller.

For information that flows through customer-managed sites and channels (for example, an enquiry submitted to a clinic that uses Hixel as their website platform, or an SMS reply sent by that clinic's customer to a message the clinic sent through Hixel), Hexonova acts as a processor on behalf of that Hixel customer. The customer is the controller for their end users' data and publishes their own privacy policy on their site.

3. The information we collect

3.1 Account and billing information

• Name, business name, contact email and phone, and the role of the person creating the account.
• Billing entity, ABN, billing address, and the partial card / payment metadata returned to us by our payment processor (Stripe). Hixel does not store full card numbers.
• Login credentials, multi-factor authentication state, and audit metadata (sign-in times, IP addresses, user agent).

3.2 Content and configuration data

• Pages, posts, services, locations, photos, products, prices, and other content you author in the CMS.
• Site configuration: theme selection, custom domains, SEO settings, footer copy, social links.
• Member and team data: invited collaborators, their roles, and their access logs within your account.
• Message templates, campaign drafts, and audience lists you maintain inside the My admin portal for SMS, WhatsApp, and email sends.

3.3 End-user data flowing through customer sites and channels

• Contact form submissions: name, email, phone, the message body, and the time/source page of the submission.
• Booking enquiries and bookings: contact details and the requested service/time/location.
• Storefront orders: items ordered, fulfilment address, and payment metadata returned by the relevant payment processor.
• Browser-side analytics events captured by tags the customer has chosen to enable on their site.
• SMS messages sent by the customer through Hixel: recipient phone number, message body, send time, delivery status, and any reply the recipient sends back into the conversation thread.
• WhatsApp messages sent by the customer through Hixel: recipient phone number, the selected Meta-approved template (where used) and its rendered variables, the message body, send time, delivery status, and inbound replies received inside the 24-hour service window.
• Marketing and transactional emails sent by the customer through Hixel: recipient address, subject, body, send time, delivery and bounce status.

3.4 Integration and channel credentials

When a Hixel customer connects a third-party integration or messaging channel (for example, a Google account for analytics, a Meta Business Account for Facebook / Instagram / WhatsApp, or a ClickSend account for SMS), we store the credentials needed to act on their behalf:

• The OAuth refresh token, long-lived access token, or API key issued by the third party, encrypted at rest in a Key Vault that is dedicated to customer integration secrets and is segregated from the platform's own secret store.
• The connected account identifier (for example, the Google account email and stable subject identifier, the Meta Business Account ID, the WhatsApp Business Account ID and Phone Number ID, the ClickSend account username) so we can show the customer which account is connected and which scopes they have authorised.
• An audit trail of every action Hixel has taken on the customer's behalf using that connection — what was changed, when, and by which Hixel user.

Each integration is scoped to a single purpose. A customer who connects a Google account for analytics has not, by that act, authorised Hixel to manage their Google Business Profile; that requires a separate, explicit consent flow with its own credentials. Connections can be revoked at any time from the Channels and Integrations pages in the My admin portal.

3.5 Diagnostic and operational data

• Server logs, application telemetry (errors, performance, request patterns), and security logs.
• Cookie identifiers and similar technologies — see section 11 for detail.

3.6 AI-assisted processing inputs

Several Hixel features use generative AI to help our customers work faster — including drafting email and SMS templates, suggesting rewrites, generating image alt-text, qualifying leads, and pre-flighting outbound messages for carrier-compliance review (see section 9). When a customer uses one of these features, the inputs needed for the AI to do its job are forwarded to our AI sub-processor in real time. These inputs may include:

• The prompt, template body, draft message, contact name, or other content the customer has typed or selected for processing.
• A small amount of business context required for the feature (for example, the customer's brand name and trading style when generating marketing copy).
• For the compliance pre-flight: the proposed outbound message body and a short history of recent provider rejections for that customer's channel, used as few-shot examples so the model can learn the per-customer rejection pattern.

We do not send end-user personal information to the AI sub-processor beyond what is strictly required to perform the requested action. Where a feature can reach the same outcome without including a piece of personal information in the prompt, we exclude it. The model deployments Hixel uses run on Microsoft's Global Standard service tier, which can route inference to Microsoft-operated regions outside Australia — see section 6 for the cross-border processing disclosure.

3.7 Compliance audit records

To protect the upstream providers Hixel depends on (and the customers who share those providers with you), we record an audit row when a message sent through Hixel is rejected by the provider's content filter or is reported as a rejection by the customer. The audit row captures the message body, the rejection reason, the channel, the time, and a link to the original message; it sits behind a Hixel-internal review process before any rejection is cleared. See section 9 for how this record is used.

4. How we use your information

• To operate the service. Authenticating users, rendering pages, processing payments, dispatching messages, executing the integrations a customer has connected.
• To support customers. Diagnosing issues a customer has reported, responding to their questions, and improving the product based on aggregated usage signals.
• To run AI-assisted features the customer has invoked. Drafting copy, suggesting rewrites, qualifying leads, and pre-flighting outbound messages for compliance with the upstream provider's rules. See section 9 for the boundary between AI assistance and automated decision-making.
• To protect Hixel, our customers, and their end users. Detecting abuse, enforcing acceptable use, recording compliance audit rows (section 3.7), suspending channels that have crossed the three-strike threshold described in the Terms of Service, and responding to security incidents.
• To meet legal and contractual obligations. Tax, accounting, anti-fraud, the contractual commitments in our customer agreements, and the Notifiable Data Breaches Scheme described in section 10.

We do not sell personal information. We do not use customer content, end-user data, or any input submitted to an AI-assisted feature to train or fine-tune any machine-learning model — neither one operated by us nor one operated by our AI sub-processor. Our AI sub-processor (Microsoft Azure AI Foundry, also known as Azure OpenAI Service) commits to this position in its commercial-customer terms and we have no opt-out arrangement that would change it.

5. Who we share information with

We use a small number of subprocessors to operate the platform. Each is bound by a written agreement that requires them to handle data only on our instructions and to apply security controls equivalent to ours:

• Microsoft Azure — primary hosting, including compute, storage, databases, and Key Vault, in Australian regions for Australian customers.
• Microsoft Azure AI Foundry (also marketed as Azure OpenAI Service) — generative AI processing for the features described in section 3.6. Inputs are processed under Microsoft's commercial terms and are not used by Microsoft for model training.
• Stripe — payment processing for Hixel subscription fees and for storefront orders on customer-managed sites.
• Google — only when a customer has explicitly connected a Google account to Hixel for analytics or Google Business Profile management. Hixel uses only the access scopes the customer has authorised; Google's own privacy policy applies to processing on Google's side.
• Meta Platforms, Inc. — only when a customer has explicitly connected a Facebook page, Instagram account, or WhatsApp Business Account to Hixel. Meta's own privacy and platform terms apply to processing on Meta's side.
• ClickSend — SMS dispatch and inbound SMS reply routing. Messages sent through ClickSend are subject to ClickSend's Sending Guidelines and content review.
• Microsoft Azure Communication Services — transactional and marketing email dispatch for sends originated through Hixel.

We may also disclose information when required to do so by law, in response to a valid legal request, or where necessary to protect the rights, property, or safety of Hixel, our customers, or the public.

6. Where your information is stored

Customer data for accounts billed in Australia is stored primarily in Microsoft Azure data centres in Australia East (Sydney) with replication to Australia Southeast (Melbourne) for disaster recovery. Some of our subprocessors (for example, Stripe, Google, Meta, and ClickSend) store data outside Australia; we choose subprocessors who maintain data-protection standards consistent with Australian and EU norms.

The Azure AI Foundry resource Hixel uses is provisioned in the Australia East region. However, the underlying model deployments operate on Microsoft's Global Standard service tier. Under that tier, when one of our AI-assisted features sends a prompt for inference, Microsoft routes the request to whichever Azure OpenAI region has available capacity at the time — most commonly Microsoft-operated regions in the United States, Europe, or elsewhere outside Australia. This means that inputs you submit to an AI-assisted feature (section 3.6) may be processed transiently outside Australia.

All such cross-border processing is governed by Microsoft's commercial-customer terms for Azure OpenAI Service, which include the commitments that prompts and completions are not stored by Microsoft after the response is returned and are not used to train any model. We disclose this cross-border disclosure for the purposes of Australian Privacy Principle 8 and treat it as a necessary part of operating the AI-assisted features described in section 3.6. If you would prefer not to have your inputs processed across borders, you can avoid using the AI-assisted features; the rest of the platform operates without invoking the Global Standard tier.

7. How long we keep information

• Account and billing records — for the life of your account plus seven years after closure, to meet Australian tax and record-keeping obligations.
• Content and configuration data — until you delete it, or 30 days after account closure, whichever is sooner.
• Integration refresh tokens and channel credentials — until the customer disconnects the integration or the third party revokes the token. Soft-deleted tokens are purged from the customer integrations Key Vault after a 90-day retention window kept for incident-response purposes.
• SMS, WhatsApp, and email message bodies dispatched through Hixel — retained for the life of the account so the customer can read their own conversation history; permanently deleted on account closure under the same 30-day grace window above.
• AI-assisted feature inputs — not retained by our AI sub-processor beyond the immediate request, per its commercial terms. The customer's prompt and the rendered output are retained by Hixel only where the surface that generated them is naturally persisted (for example, an SMS template body the customer saved into their template library).
• Compliance audit rows — retained for the life of the account so the audit trail remains available to a Hixel reviewer; specific rows are marked resolved by the reviewer rather than deleted, so the history of why a channel suspension was lifted is preserved.
• Diagnostic logs — typically 90 days, longer where required for security or audit.

8. Your rights

If you are a Hixel customer (you hold a Hixel account, or a member of your team does), you can:

• Access the personal information we hold about you, and request a copy in a portable format.
• Correct information that is inaccurate, incomplete, or out of date.
• Ask us to delete personal information we no longer need a lawful basis to retain.
• Withdraw consent for an integration at any time; revocation takes effect immediately on the Hixel side, though it may take Google, Meta, or another third party additional time to propagate the change on their side.
• Lodge a complaint with the Office of the Australian Information Commissioner (OAIC). For EU/UK visitors, the relevant local data-protection authority is also available.

If you are an end user of a Hixel customer's site or channel (for example, a customer of a clinic that uses Hixel as their website + booking platform), the Hixel customer is the controller of your data. To exercise your rights — access, correction, deletion, or withdrawal of consent — please contact that business directly. Hixel acts as a processor on their behalf and will support them in responding to your request. If you cannot reach the business, contact us and we will make reasonable efforts to put you in touch.

Contact details for privacy requests are listed in the intro card above.

9. Automated decision-making and AI-assisted features

The AI-assisted features described in section 3.6 produce suggestions, drafts, and pre-flight verdicts — they do not make decisions about you or about a recipient that materially affect rights or contractual outcomes. A Hixel user is always in the loop: the user chooses whether to publish a draft, send a message, or accept a suggestion. The compliance pre-flight that runs on outbound messages is advisory only and does not prevent the user from sending a message the model flagged.

The three-strike channel-suspension mechanism described in our Terms of Service is triggered by recorded provider rejections rather than by an automated content score. Suspensions are reviewed by a Hixel reviewer before they are lifted.

10. Notifiable Data Breaches Scheme

If we become aware of an eligible data breach — meaning unauthorised access to, disclosure of, or loss of personal information likely to result in serious harm — we will follow the Notifiable Data Breaches Scheme under Part IIIC of the Privacy Act 1988 (Cth). That includes notifying affected individuals and the Office of the Australian Information Commissioner where the threshold is met, providing the information required by section 26WK, and taking steps to contain and remediate the breach. Where the affected information sits inside a customer's end-user data set (section 3.3), we will notify the customer as the controller so they can meet their own notification obligations and we will support them in doing so.

11. Cookies and similar technologies

Hixel uses a small number of strictly necessary cookies to keep you signed in, remember your cookie preferences, and protect the service against abuse. Customer-managed sites may set additional cookies based on the integrations and analytics tags their owner has enabled — those cookies are governed by the customer's own privacy policy.

You can review and change non-essential cookie consent at any time using the cookie consent control on every page.

12. Security

We apply layered security controls including TLS in transit, encryption at rest for databases and Key Vault secrets, multi-factor authentication for staff with production access, principle-of-least-privilege role-based access controls, audit logging, and regular review of subprocessor security posture. No system is impenetrable, but we treat security as a first-class concern and respond to identified vulnerabilities with documented incident response procedures.

13. Children

Hixel is a business platform and is not directed to children. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact our privacy officer (details in the intro card) and we will delete it.

14. Changes to this policy

We may update this policy as the service evolves, as our subprocessor list changes, or as the law changes. Material changes will be communicated via email to the account owner; minor changes will be reflected by a new "last reviewed" date below. Continued use of Hixel after a change takes effect constitutes acceptance of the updated policy.