Privacy Policy

1. Introduction

Antix Interactive, Inc. ("Antix," "we," "our," or "us") is a Delaware corporation that operates the AIGE and AIGORA platforms (collectively, the "Services"). AIGE is an AI-powered creative studio for generating and managing AI characters, imagery, and content. AIGORA is a creator community platform enabling social sharing, collaboration, and monetization of AI-generated creative work.

This Privacy Policy explains how we collect, use, disclose, and protect personal information about you when you use our Services, visit our websites (aige.ws, aigora.ws), use our mobile applications (including the AIGE Studio app), or otherwise interact with Antix. It also describes the rights available to you under applicable privacy laws, including the General Data Protection Regulation ("GDPR"), the California Consumer Privacy Act as amended by the California Privacy Rights Act ("CCPA/CPRA"), the Illinois Biometric Information Privacy Act ("BIPA"), and the Children's Online Privacy Protection Act ("COPPA").

We are committed to handling your personal information with transparency, integrity, and respect. We collect only what we need, retain it only as long as necessary, and give you meaningful controls over your data. If you have questions, please contact us at privacy@antix.ws before using our Services.

Important: By accessing or using the Services you acknowledge that you have read, understood, and agree to this Privacy Policy. If you do not agree, please discontinue use of the Services immediately.

2. Information We Collect

We collect personal information in the following categories, depending on how you interact with the Services.

2.1 Account Data

When you register for an account we collect information necessary to create and maintain your account, including:

Display name, username, and profile photograph or avatar
Email address and, where chosen, phone number
Date of birth (for age verification and COPPA compliance)
Account password (stored as a salted cryptographic hash; never in plaintext)
Blockchain wallet addresses you connect to the Services (e.g., for ANTIX token features) — wallet addresses are pseudonymous public identifiers
Creator profile information you choose to provide: bio, links, social handles, location (city/country)

2.2 AI Generation Data

The core functionality of AIGE involves AI-powered generation. In connection with that functionality we collect and process:

Text prompts, negative prompts, and style parameters you submit to generation pipelines
Generation metadata: model name, sampler settings, resolution, seed values, LoRA configurations, and ControlNet parameters
Generated images, videos, and other AI outputs associated with your account
AI character configurations ("Digital Humans"): character names, personality descriptors, visual reference inputs, voice settings, and behavioral parameters
Prompt history and generation logs, used to power your History view and to provide session continuity
AI assistant interactions — when you use the AIGE AI agent, we store your conversation history with the agent and "agent memory" entries (notes the assistant retains about your stated preferences and creative goals in order to personalize its assistance)

2.3 Social and Community Data

When you participate in AIGORA or use social features on AIGE, we collect:

Posts, captions, and content you publish to feeds
Comments, reactions, and likes you submit on others' content
Follow and follower relationships
Direct messages and group chat content — messages are encrypted in transit and at rest, and may be protected with end-to-end encryption; see Section 14
Community and group memberships
Content you report or flag for moderation

2.4 Voice and Audio Data

Several features of the Services use your device microphone. With your permission, we access and process audio in the following ways:

Voice commands and live assistance — When you use voice control or the Gemini Live assistant in AIGE, microphone audio is streamed in real time to our AI provider for speech recognition. This audio is processed transiently to produce a transcript; Antix does not retain the raw audio.
Voice posts — When you record a voice post on AIGORA, the audio recording is stored as content associated with your account and shared according to the visibility you select.
Live audio and video sessions — Interactive sessions such as AMA broadcasts may transmit your microphone and, where you enable it, camera streams to other participants in real time.
Transcripts generated from your audio, where stored, are kept in your history or with the post.

Microphone access is requested only when you activate a voice feature and can be revoked at any time through your browser or device settings. Voice samples you record specifically for FaceShield vocal-identity protection are treated as biometric data — see Section 2.6 and Section 11.

2.5 Connected Third-Party Accounts

You may choose to connect external accounts — such as Instagram, TikTok, X (Twitter), Pinterest, or Discord — to import content, publish to those platforms, or display cross-platform analytics. Connecting an account is entirely optional. When you do, we receive and store information from that platform, which may include:

Your profile on that platform: username, display name, profile image, and account type
Public account metrics, such as follower, following, post, video, and engagement counts
An OAuth access token and associated identifiers used to maintain the connection
Content (such as media and captions) that you choose to import into the Services

We use this information only to provide the connected-account features you requested. You can disconnect a third-party account at any time through your account settings, which revokes the stored access token and removes the imported account data. Information we receive from a connected platform is also governed by that platform's own privacy policy.

2.6 Biometric Data

Certain features of the Services involve processing biometric data:

Face geometry embeddings — Face-detection, face-swap, and character-consistency pipelines, and the FaceShield protection system, may derive face embeddings — mathematical vector representations of facial geometry — from photographs you upload.
Voice identity samples — The FaceShield vocal-identity protection feature lets you record a voice sample so we can help protect your voice from unauthorized AI cloning. The recording, and any voiceprint derived from it, is biometric data.

Explicit consent required. We will never collect, derive, or process biometric data without first presenting you with a clear, standalone consent prompt that explains the specific purpose, retention period, and your right to withdraw consent. Biometric data collection is strictly opt-in. See Section 11 (BIPA Disclosures) for full details.

2.7 Identity Verification (KYC) Data

To comply with our Acceptable Use Policy and to enable certain creator monetization features, we may require identity verification through our KYC partner. In connection with that process we collect:

Government-issued identity document (passport, national ID, or driver's license)
Selfie photograph used to match against the identity document (processed by our KYC provider, not stored permanently by Antix)
Verification status and outcome (pass/fail) and associated timestamp

Retention: KYC document images are retained for a maximum of 90 days from submission, after which they are permanently deleted. We retain only the verification outcome record and associated timestamp for audit purposes.

2.8 Payment and Payout Data

Payments on the Services are processed by Stripe, Inc., a PCI-DSS Level 1 certified payment processor. Antix does not store full credit card numbers, CVV codes, or raw banking credentials. We do store:

Stripe customer ID and payment method token (last 4 digits, card brand, expiry)
Transaction records: amount, currency, date, product purchased, and transaction status
Subscription status, billing cycle, and plan details
Refund and dispute records where applicable

Creator payouts. If you earn money as a creator, payouts are processed through Stripe Connect. Stripe collects your bank account details and tax identification information directly to verify your payout account; Antix does not receive or store your full bank account number or tax identification number. We do store your Stripe Connect account identifier and status, your bank institution name and account last 4 digits (as reported to us by Stripe), and your payout transaction history. Where required by law, we or Stripe may issue tax forms (such as a 1099-K) reflecting your earnings.

Payment records are retained for 7 years to comply with tax and financial reporting obligations. See Stripe's Privacy Policy at stripe.com/privacy for information about how Stripe handles your payment data.

2.9 Usage, Device, and Analytics Data

We automatically collect technical and behavioral data when you use the Services, including:

IP address and approximate geolocation (city/country level, derived from IP)
Browser type, version, and language preference
Operating system and device type
Mobile app data when you use the AIGE Studio app: device identifiers, app version, push notification tokens, and — only with your permission — camera and photo library access used to capture and upload images
Pages and features accessed, time spent, click paths, and navigation sequences
Generation job metadata: queue times, success/failure rates, feature usage frequencies
Error logs and crash reports
Referring URL and search terms that led you to our Services

2.10 Cookies and Tracking Technologies

We use cookies, local storage, and similar tracking technologies to operate the Services, maintain your session, and understand usage patterns. For full details of the cookies we set, their purposes, retention periods, and your opt-out options, please review our Cookie Policy. See also Section 13 of this Policy.

3. How We Use Your Information

We use the personal information we collect for the following purposes:

3.1 Service Provision and Account Management

Creating, authenticating, and managing your account
Processing and delivering AI generation requests
Storing and displaying your generated content, history, and character configurations
Enabling social features: posting, commenting, messaging, following
Processing payments and managing subscriptions
Providing customer support and responding to your inquiries

3.2 Platform Improvement and AI Development

Monitoring system performance, diagnosing technical issues, and improving infrastructure
Analyzing aggregated, de-identified usage patterns to prioritize feature development — we do not use identifiable prompts or generated outputs for model training without your explicit consent
A/B testing new features and interface improvements
Training internal content moderation classifiers on anonymized moderation outcomes

3.3 Safety, Trust, and Content Moderation

Detecting and preventing fraud, abuse, unauthorized access, and violations of our Acceptable Use Policy
Reviewing flagged content and enforcing community standards
Verifying age and identity for access to age-gated features
Investigating reports submitted by users

3.4 Communications

Sending transactional emails: account confirmation, password reset, payment receipts, subscription notices
Sending service announcements: changes to the Terms of Service, Privacy Policy, or feature availability
Sending promotional and marketing communications about new features, products, and offers — only with your consent and subject to your opt-out preferences

3.5 Legal Compliance

Complying with applicable laws, regulations, court orders, and government requests
Maintaining records required by tax authorities, financial regulators, and data protection supervisory authorities
Asserting, exercising, or defending legal claims

4. Legal Basis for Processing (GDPR Article 6)

For users in the European Economic Area ("EEA"), the United Kingdom, and Switzerland, we are required to identify a lawful basis for each processing activity under Article 6 of the GDPR. The table below sets out the primary legal basis we rely on for each category of data and processing purpose.

Data / Processing Activity	Legal Basis	Details
Account creation and authentication	Contract performance (Art. 6(1)(b))	Necessary to provide the Services you requested
AI generation requests and outputs	Contract performance (Art. 6(1)(b))	Core service functionality
Payment processing and billing	Contract performance (Art. 6(1)(b))	Necessary to complete transactions
Direct messages and social features	Contract performance (Art. 6(1)(b))	Enables platform features you choose to use
Voice and audio features	Contract performance (Art. 6(1)(b))	Microphone-based features you choose to activate
Connected third-party accounts	Consent (Art. 6(1)(a))	Linking an external account is optional and withdrawable
Creator payouts and tax reporting	Contract performance + legal obligation (Art. 6(1)(b)(c))	Paying creators and meeting tax reporting duties
Fraud prevention and security	Legitimate interest (Art. 6(1)(f))	Protecting users and platform integrity
Platform analytics and improvement	Legitimate interest (Art. 6(1)(f))	Improving the Services for all users
Marketing and promotional communications	Consent (Art. 6(1)(a))	Withdrawable at any time via Settings or email
Biometric data (face embeddings, voice identity samples)	Explicit consent (Art. 9(2)(a))	Presented before any biometric processing begins
KYC / identity verification	Legal obligation + legitimate interest (Art. 6(1)(c)(f))	Age-gated content compliance and platform safety
Tax and financial record retention	Legal obligation (Art. 6(1)(c))	Required by tax law (7-year retention)
Responding to legal requests	Legal obligation (Art. 6(1)(c))	Compliance with court orders and regulatory requests

Where we rely on legitimate interests, we have conducted a balancing test to ensure our interests do not override your fundamental rights and freedoms. You may request a copy of our legitimate interests assessment by emailing privacy@antix.ws.

5. Information Sharing and Disclosure

We do not sell your personal information. We do not sell or rent personal information to third parties for monetary consideration. California residents may exercise their opt-out rights at Do Not Sell or Share My Personal Information.

5.1 Service Providers

We share personal information with carefully vetted third-party service providers who process data on our behalf under data processing agreements that prohibit them from using your data for their own purposes. These include:

Stripe, Inc. — payment processing. Stripe processes payment card data under PCI-DSS compliance and has its own privacy policy.
Google Cloud / Firebase — cloud hosting, database (Firestore), authentication, file storage, and serverless functions. Data is stored primarily in the United States.
AI model providers — when processing generation, transcription, or live-assistant requests, your prompts and, where applicable, image and audio inputs may be transmitted to third-party AI inference providers, including Google (Gemini) and fal.ai. We select providers who do not use API inputs for model training by default and who maintain appropriate data security standards.
Connected social platforms — if you link an external account (such as Instagram, TikTok, X, Pinterest, or Discord), we exchange data with that platform's API solely to operate the connection you requested.
KYC verification provider — identity document and selfie data processed for age and identity verification.
Analytics providers — aggregated, pseudonymized usage analytics for platform improvement.
Email and notification services — transactional and marketing communications.

5.2 Legal Obligations

We may disclose personal information when we believe in good faith that disclosure is required or permitted by law, including:

In response to a valid subpoena, court order, or binding government request
To comply with applicable laws or regulations
To protect the rights, property, or safety of Antix, our users, or the public
To detect, prevent, or address fraud, security, or technical issues
To enforce our Terms of Service or other agreements

Where legally permissible, we will notify you of any government request for your personal information before complying.

5.3 Business Transfers

If Antix Interactive, Inc. is involved in a merger, acquisition, asset sale, bankruptcy, or similar corporate transaction, personal information may be transferred as part of that transaction. We will provide notice (via a prominent notice on our website or email) before your personal information is transferred and becomes subject to a different privacy policy, and where required by law, we will seek your consent.

5.4 Public Content

Content you choose to publish publicly on AIGORA (posts, profile information, public character pages) is visible to all users of the Services and may be indexed by search engines. You control the visibility of your content through privacy settings in your account.

6. Data Retention

We retain personal information only for as long as necessary to fulfill the purposes described in this Policy, unless a longer retention period is required by law. The following table summarizes our primary retention periods:

Data Category	Retention Period	Basis
Account profile data	Until account deletion + 30-day grace period	Service provision; deletion processing window
AI-generated outputs and history	Until user deletes content or closes account	User-controlled; deleted on request
AI character configurations	Until user deletes character or closes account	User-controlled
AI agent conversations and memory	Until user deletes the conversation/entry or closes account	User-controlled
Connected third-party account data	Until you disconnect the account or close your account	User-controlled
KYC identity documents (images)	Maximum 90 days from submission	Limited to verification purpose
KYC verification outcome record	Duration of account + 3 years	Compliance and audit
Direct messages	Until user or participant deletes conversation	User-controlled
Payment and transaction records	7 years from transaction date	Tax and financial reporting law
Usage analytics (identified)	24 months from collection	Analytics purpose limitation
Biometric data (face embeddings, voice identity samples)	3 years from collection or until purpose fulfilled, whichever is earlier	BIPA compliance
Security and fraud logs	12 months	Security and fraud prevention
Legal hold data	Duration of legal matter + reasonable buffer	Legal obligation

When you request deletion of your account, we initiate a deletion process within 30 days. Some data may be retained beyond this window where required by law (e.g., payment records) or where data is held in backups (purged within 90 days of account deletion). Anonymized or aggregated data that cannot reasonably be used to identify you is not subject to deletion obligations.

7. International Data Transfers

Antix Interactive, Inc. is based in the United States. Our primary infrastructure (Firebase / Google Cloud) is hosted in the United States, specifically in Google's us-central1 region. If you access the Services from outside the United States, including from the European Economic Area, the United Kingdom, or Switzerland, your personal information will be transferred to and processed in the United States.

The United States does not have an adequacy decision from the European Commission for general commercial data transfers. We rely on the following transfer mechanisms to ensure your data receives an equivalent level of protection:

Standard Contractual Clauses (SCCs) — We incorporate the European Commission's approved Standard Contractual Clauses (2021/914) into our data processing agreements with service providers that receive EEA personal data.
UK International Data Transfer Agreements (IDTAs) — For transfers from the United Kingdom, we use the ICO-approved International Data Transfer Agreement or addendum.
Adequacy decisions — Where applicable, we rely on adequacy decisions issued by the European Commission for transfers to countries deemed to provide adequate protection.

You may request a copy of the relevant transfer mechanisms we rely on by contacting us at privacy@antix.ws.

8. Your Privacy Rights

8.1 GDPR Rights (EEA, UK, and Switzerland)

If you are located in the EEA, the United Kingdom, or Switzerland, you have the following rights under the GDPR and equivalent national legislation:

Right of access (Art. 15) — You may request a copy of the personal information we hold about you and information about how we process it.
Right to rectification (Art. 16) — You may request that we correct inaccurate or incomplete personal information.
Right to erasure / "right to be forgotten" (Art. 17) — You may request deletion of your personal information where we no longer have a legal basis to retain it.
Right to data portability (Art. 20) — You may request your personal information in a structured, commonly used, machine-readable format for transfer to another controller.
Right to restrict processing (Art. 18) — You may request that we limit how we process your personal information in certain circumstances.
Right to object (Art. 21) — You may object to processing based on legitimate interests, including profiling. You may also object at any time to processing for direct marketing purposes.
Right to withdraw consent (Art. 7(3)) — Where processing is based on your consent, you may withdraw that consent at any time without affecting the lawfulness of processing prior to withdrawal.
Right to lodge a complaint — You have the right to lodge a complaint with your local supervisory authority (e.g., the ICO in the UK, or the relevant EU DPA).

8.2 CCPA/CPRA Rights (California Residents)

If you are a California resident, you have the following rights under the California Consumer Privacy Act as amended by the California Privacy Rights Act:

Right to know — You may request disclosure of the categories and specific pieces of personal information we have collected about you, the sources of collection, the purposes for collection, and the categories of third parties with whom we share it.
Right to delete — You may request deletion of personal information we have collected about you, subject to certain exceptions.
Right to correct — You may request correction of inaccurate personal information we maintain about you.
Right to opt out of sale or sharing — You may direct us not to sell or share your personal information with third parties. See our Do Not Sell or Share My Personal Information page.
Right to limit use of sensitive personal information — You may limit our use of sensitive personal information (including biometric data, health information, and precise geolocation) to purposes necessary to provide the Services.
Right to non-discrimination — We will not discriminate against you for exercising your CCPA/CPRA rights. We will not deny services, charge different prices, or provide a different quality of service because you exercised your privacy rights.

8.3 How to Exercise Your Rights

You can exercise most privacy rights directly through your account:

Settings page — Access, download, or delete your data; manage consent preferences; opt out of marketing communications; manage cookie preferences.
Email request — Send a request to privacy@antix.ws with subject line "Privacy Rights Request." Include your name, email address on file, and the specific right you wish to exercise. We will verify your identity before processing the request.

We will respond to verified requests within 30 days (GDPR) or 45 days (CCPA/CPRA, extendable by a further 45 days with notice). We do not charge a fee for reasonable requests. We may decline requests that are manifestly unfounded, repetitive, or require disproportionate technical effort, in which case we will explain our reasons.

Authorized agents: California residents may designate an authorized agent to submit requests on their behalf. We will require written authorization signed by you and may verify your identity directly to prevent fraudulent requests.

9. CCPA/CPRA — Specific California Disclosures

In the preceding 12 months, we have collected the following categories of personal information from California residents:

CCPA Category	Examples	Business Purpose	Categories Shared With
Identifiers	Name, email, username, IP address, wallet address, connected social-account identifiers	Account management, authentication, fraud prevention	Service providers (Firebase, Stripe)
Personal records (Cal. Civ. Code §1798.80)	Name, email, financial info (card last 4 / token), creator bank name and account last 4	Account management, payment processing	Stripe
Protected characteristics	Age (derived from date of birth)	Age verification, COPPA compliance	None
Commercial information	Transaction history, subscription tier	Billing, subscription management	Stripe
Internet/electronic network activity	Browsing behavior on Services, feature usage	Analytics, product improvement, fraud detection	Analytics providers
Geolocation data	City/country level (from IP)	Service localization, fraud detection	None
Sensory / biometric data	Face embeddings and voice identity samples (opt-in); voice and audio you submit to features	Face and voice protection, voice and AI generation features	AI inference providers (with contractual restrictions)
Inferences drawn from personal information	Content preferences, generation style preferences	Personalization, recommendation features	None
Sensitive personal information	Government ID (KYC only), biometric data	Identity verification, age-gated access	KYC verification provider

We do not sell your personal information as defined under the CCPA/CPRA. We do not exchange personal information for monetary consideration with any third party. We do not share personal information with third parties for cross-context behavioral advertising without your consent.

10. Children's Privacy (COPPA)

The Services are not directed to children under the age of 13, and we do not knowingly collect personal information from children under 13. If you are under 13, please do not use the Services or provide any personal information to us.

Certain features of the Services that involve mature or adult content are accessible only to users who have verified they are 18 years of age or older. We use date-of-birth gating at registration and identity verification to enforce these age restrictions.

In compliance with the Children's Online Privacy Protection Act ("COPPA"), if we become aware that a child under 13 has provided personal information to us, we will:

Immediately suspend the account and cease processing that child's personal information
Delete the child's personal information from our systems within 30 days
Notify the parent or guardian if contact information is available

If you are a parent or guardian and believe your child under 13 has created an account or provided personal information to us, please contact us immediately at privacy@antix.ws with the subject line "COPPA — Child Account Report." We will investigate and take prompt action to delete the information and terminate the account.

For users aged 13–17: If you are between 13 and 17 years old, certain features of the Services (including AI generation of mature content and certain creator monetization features) are not available to you. We collect only the minimum personal information necessary to provide age-appropriate features, and we do not use your information for targeted advertising.

11. Biometric Data — Illinois BIPA Disclosures

If you are an Illinois resident or if you choose to use biometric features of the Services, the following disclosures apply under the Illinois Biometric Information Privacy Act, 740 ILCS 14/1 et seq. ("BIPA").

11.1 What We Collect

Two types of biometric identifiers may be collected, in each case only from inputs you voluntarily provide:

Face geometry embeddings — mathematical representations of facial landmarks and structure, derived from photographs for face-detection, face-swap, character-consistency, and FaceShield protection features.
Voiceprints — voice samples, and any voiceprint derived from them, collected when you use the FaceShield vocal-identity protection feature.

These constitute "biometric identifiers" under BIPA.

11.2 Consent Requirement

We will not collect, capture, purchase, receive through trade, or otherwise obtain any biometric identifier or biometric information from you without first:

Informing you in writing of the specific feature that will collect biometric data
Informing you of the purpose of collection and the length of time the data will be retained
Receiving a written release from you — implemented as a clearly labeled, standalone consent toggle or dialog within the product — that is separate from general Terms of Service acceptance

You may withdraw biometric consent at any time through your account Settings. Withdrawal of consent will disable access to biometric-dependent features and will trigger deletion of your stored face embeddings.

11.3 Retention and Destruction Schedule

Biometric data is retained for a maximum of 3 years from the date of collection or until the initial purpose for collection has been fulfilled, whichever occurs first. Specifically:

If you delete your account, all face embeddings and voiceprints associated with your account will be permanently destroyed within 30 days of account deletion.
If you withdraw biometric consent, your face embeddings and voiceprints will be permanently destroyed within 30 days of consent withdrawal.
In all cases, biometric data will be destroyed no later than 3 years from the date it was collected, regardless of account status.

Destruction means permanent deletion from all production systems and from backup systems on the next scheduled backup purge cycle (within 90 days).

11.4 No Sale or Disclosure

We will never sell, lease, trade, or otherwise profit from biometric identifiers or biometric information. We will not disclose or disseminate biometric data to third parties except:

With your prior written consent
When required by state or federal law or municipal ordinance
To AI inference service providers strictly as necessary to complete the generation request you initiated, under contractual data processing agreements that prohibit retention or secondary use

11.5 Security Standards

Biometric data is stored using the same security standards that apply to other sensitive personal information: encryption at rest (AES-256) and in transit (TLS 1.2+), strict access controls, and audit logging of all access events.

12. AI-Generated Content and Prompt Data

12.1 Who Owns AI Outputs

Subject to our Terms of Service and applicable law, you retain ownership of the AI-generated outputs you create using the Services, including images, videos, and character assets. We claim no intellectual property ownership in your outputs. Our use of your outputs is limited to operating, displaying, and improving the Services as described in this Policy and the Terms of Service.

12.2 How We Process Prompts

Text prompts and generation parameters you submit are transmitted to AI model inference endpoints (which may be operated by third-party providers) to generate the requested output. Prompt data is stored in your generation history for your convenience and to enable session replay features. You can delete your generation history at any time through the History page.

12.3 Use of Anonymized Data for Service Improvement

We may analyze de-identified and aggregated generation data (e.g., trends in feature usage, common error patterns, quality metrics) to improve our infrastructure, generation quality, and product roadmap. This analysis does not involve re-identification of individual users and does not constitute training on user content.

We will not use identifiable prompts, generation parameters, or generated outputs to train or fine-tune machine learning models without your explicit, opt-in consent. Any such consent program would be introduced with a separate, clear disclosure and meaningful opt-in mechanism.

12.4 Content Moderation

Generation requests and outputs may be reviewed by automated content safety systems and, in cases of reported violations or system flags, by trained human moderators. Moderation review is conducted for the purpose of enforcing our Acceptable Use Policy and applicable law. Human review of flagged content is conducted under strict access controls and confidentiality requirements.

13. Cookies and Tracking Technologies

We use cookies, local storage, session storage, and similar tracking technologies to provide and improve the Services. Cookies are small text files placed on your device by your browser when you visit our websites. We use both first-party cookies (set by Antix directly) and third-party cookies (set by our service providers).

We use cookies and similar technologies for the following purposes:

Strictly necessary: Session authentication, security tokens, preference persistence. These cannot be disabled without breaking core functionality.
Functional: Remembering your language preference, UI settings, and display choices.
Analytics: Understanding how users navigate the Services, which features are used, and where errors occur. We use aggregated analytics data to improve the product.
Marketing (consent required): Measuring the effectiveness of marketing campaigns. These cookies are deployed only where you have given consent.

For a complete list of cookies we set, their specific purposes, retention periods, the third parties involved, and instructions on how to manage or opt out of cookies, please review our full Cookie Policy. You can also manage your cookie preferences at any time through the cookie preference center accessible in the footer of our websites.

14. Data Security

We implement a layered security program designed to protect personal information against unauthorized access, disclosure, alteration, and destruction. Our security measures include:

Encryption in transit: All data transmitted between your browser and our servers is encrypted using TLS 1.2 or higher. We enforce HTTPS across all Services.
Encryption at rest: Personal information stored in Firestore and Google Cloud Storage is encrypted at rest using AES-256. Sensitive fields (e.g., biometric data, identity documents) are additionally encrypted at the application layer.
Access controls: Access to production systems and personal data is restricted to authorized personnel on a need-to-know basis, enforced through role-based access controls and multi-factor authentication requirements.
Incident response: We maintain an incident response plan. In the event of a data breach affecting your personal information, we will notify you and relevant supervisory authorities as required by applicable law (e.g., within 72 hours under the GDPR).
Vulnerability management: We conduct regular security reviews and promptly address identified vulnerabilities.
Direct message security: All messages are encrypted in transit (TLS) and at rest in Firestore, with access restricted to conversation participants. Conversations may additionally use end-to-end encryption (E2EE), including a post-quantum hybrid mode (X25519 + Kyber-768); for E2EE conversations, message content is encrypted on your device and cannot be read by Antix.

No method of electronic transmission or storage is 100% secure. While we strive to use commercially acceptable means to protect your personal information, we cannot guarantee its absolute security. If you believe your account has been compromised, please contact us immediately at privacy@antix.ws.

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or for other operational reasons. When we make changes, we will:

Update the "Effective Date" and "Version" shown at the top of this Policy
Post the revised Policy on this page and, for material changes, provide at least 30 days' advance notice via email to the address associated with your account and/or a prominent notice on the Services
Where required by law or where changes materially affect your rights, seek your affirmative consent to the updated Policy before the changes take effect

Your continued use of the Services after the effective date of a revised Policy constitutes your acceptance of the changes, except where consent is separately required. We encourage you to review this Policy periodically to stay informed of how we handle your personal information.

Prior versions of this Privacy Policy are available upon request by emailing privacy@antix.ws.

16. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our handling of your personal information, please contact us:

Antix Interactive, Inc.
A Delaware Corporation

Privacy Inquiries and Data Subject Requests:
privacy@antix.ws

Legal and Data Protection Inquiries:
legal@antix.ws

DMCA and Copyright Notices:
See our DMCA Policy for the designated agent contact.

We aim to acknowledge all privacy requests within 5 business days and to provide a substantive response within the statutory timeframe applicable to your jurisdiction.

If you are located in the EEA or the UK and believe we have not adequately addressed your concerns, you have the right to lodge a complaint with your local data protection supervisory authority. A list of EEA supervisory authorities is available at edpb.europa.eu. The UK supervisory authority is the Information Commissioner's Office (ico.org.uk).