Legal

Privacy Policy

Last updated: April 16, 2026

1. Information We Collect

When you use our website or services, we may collect:

  • Contact information: Name, email address, phone number — when you fill out a form, subscribe to our newsletter, or contact us.
  • Project details: Information about your business, requirements, and preferences shared through our forms or chatbot.
  • Usage data: Pages visited, time spent, browser type, device type — collected automatically through analytics.
  • Cookies: We use essential cookies for authentication (admin panel) and functional cookies for preferences (theme, chat sessions).

2. How We Use Your Information

  • To respond to your inquiries and provide project estimates
  • To deliver and improve our services
  • To send project updates and relevant communications (only if you've opted in)
  • To improve our website experience through anonymized analytics
  • To prevent spam and abuse (honeypot fields, rate limiting)

We never sell, rent, or share your personal information with third parties for marketing purposes.

3. Data Storage & Security

  • Your data is stored on Neon PostgreSQL (cloud database with encryption at rest and in transit).
  • Media files are stored on Cloudinary with secure HTTPS delivery.
  • Admin authentication uses JWT tokens stored in httpOnly cookies (not accessible via JavaScript).
  • All data transmission is encrypted via TLS/SSL.
  • We do not store payment information — all payments are handled through third-party processors.

4. Third-Party Services

We use the following third-party services that may process your data:

  • Vercel — Website hosting and analytics
  • Neon — Database hosting
  • Cloudinary — Media storage and delivery
  • Resend — Email notifications
  • OpenAI — AI chatbot responses (conversation data is sent to OpenAI for processing)

Each service has its own privacy policy and complies with industry-standard security practices.

5. Your Rights

You have the right to:

  • Access your personal data we hold
  • Correct any inaccurate information
  • Delete your data from our systems
  • Opt out of any marketing communications
  • Export your data in a portable format

To exercise any of these rights, email us at hello@vaxalor.com.

6. Cookies

We use minimal cookies:

  • Authentication cookie — For admin panel access (httpOnly, secure, 24h expiry)
  • Session storage — For chatbot conversation continuity (browser session only)
  • Local storage — For popup dismissal preference and theme choice

We do not use advertising cookies or tracking pixels.

7. Contact

For privacy-related questions or data requests, contact us at hello@vaxalor.com.