Volexi

Legal · JOLTCLICK LTD

Privacy Policy

Effective Date: 21 April 2026

This Privacy Policy explains how JOLTCLICK LTD (trading as Volexi) collects, uses and protects your personal data when you use the Volexi web application.

1. Who We Are & How to Contact Us

Volexi is a trading name of JOLTCLICK LTD, a company registered in England and Wales under company number 15175103, with its registered office at 71-75 Shelton Street, Covent Garden, London, WC2H 9JQ, United Kingdom. JOLTCLICK LTD is the data controller for the personal data described in this Privacy Policy.

If you have any questions about this policy, want to exercise your rights, or want to make a complaint, contact us at hello@volexi.com. Please include "Privacy" in the subject line so we can route your request quickly.

2. Scope

This policy explains how we collect and use personal data when you visit volexi.com or use the Volexi web application. It applies to individuals in the UK and EU under the UK GDPR, the Data Protection Act 2018, and the EU GDPR, as well as equivalent laws elsewhere.

3. Personal Data We Collect

  • Account data. Email address, password hash (via Supabase Auth), and profile information you choose to provide.
  • Billing data. Stripe customer ID, purchase history, credit balance, and VAT/tax information where required. We do not store full card numbers, CVVs, or bank credentials — these are held by Stripe.
  • Uploaded content. Architectural images, sketches, 3D model exports, and any other source files you upload, together with the prompts and settings you submit to the service.
  • Generated outputs. Rendered images, edits and upscales produced by the service, linked to your account.
  • Usage data. Logs of actions (renders, edits, logins), IP address, browser and device information, and diagnostic/error data used to operate and debug the service.
  • Communications. Messages you send us, for example support emails to hello@volexi.com.

4. How We Use Your Data & Legal Basis

We only process personal data where we have a lawful basis under UK/EU GDPR:

  • Providing the service (account creation, authentication, running AI renders, storing your outputs, showing your credit balance) — performance of a contract with you.
  • Taking payments and recording transactions performance of a contract and compliance with legal obligations (tax, accounting).
  • Security, fraud prevention, abuse detection, service reliability legitimate interests in protecting our users, our systems and our business.
  • Product improvement and analytics (aggregated usage trends, error tracing) — legitimate interests. We do not use your uploaded images or outputs to train our AI models without your explicit consent.
  • Service and billing emails (receipts, security alerts, important changes) — performance of a contract and legitimate interests.
  • Marketing emails (if we ever send them) — consent, which you can withdraw at any time.

5. Third-Party Processors

We share personal data only with vetted processors that help us run the service, each under a data processing agreement:

  • Supabase — authentication and database (account, credit ledger, metadata).
  • Stripe Payments Europe, Ltd. — payment processing. Stripe acts as an independent controller for payment data it collects directly from you; see stripe.com/privacy.
  • Cloudflare R2 — object storage for uploaded and rendered images.
  • Replicate — hosts the AI models that generate your renders, edits and upscales. When you submit a job, we transmit your source image and prompt to Replicate for processing.
  • Vercel — hosting and CDN for the web application.
  • PostHog — product analytics, hosted in the EU. Captures pageviews, clicks and form interactions to help us understand how the service is used and to improve it.

6. International Transfers

Some of our processors are based outside the UK/EU (notably in the United States). Where personal data is transferred outside the UK or the EEA, we rely on appropriate safeguards, including the UK International Data Transfer Agreement, the UK Addendum to the EU Standard Contractual Clauses, and/or the EU Standard Contractual Clauses, together with additional technical and organisational measures as appropriate.

7. How Long We Keep Your Data

  • Account data: for as long as your account is active, plus up to 30 days after deletion for backups and operational recovery.
  • Uploaded images & rendered outputs: retained while your account is active so you can access them; deleted within 30 days of account deletion, unless you delete specific items sooner via the app.
  • Billing & tax records: retained for at least 6 years from the end of the relevant financial year, as required by UK tax law.
  • Operational logs & usage data: typically up to 12 months, then aggregated or deleted.
  • Support emails: retained for up to 3 years after the last correspondence.

8. Security

We use industry-standard safeguards including TLS in transit, encryption at rest, strict access controls, audit logs, and row-level security (RLS) on our database. No online service can be 100% secure, but we work to protect your data and notify you of any breach affecting your personal data as required by law.

9. Your Rights

Subject to applicable law, you have the right to:

  • Access the personal data we hold about you.
  • Request correction of inaccurate or incomplete personal data.
  • Request deletion of your personal data (the "right to be forgotten").
  • Restrict or object to certain processing (for example, processing based on legitimate interests).
  • Data portability — receive a copy of certain data in a structured, machine-readable format.
  • Withdraw consent at any time, where processing is based on consent.

To exercise any of these rights, email hello@volexi.com. We respond within one month (extendable by two further months for complex requests, with notice). Requests are free unless they are manifestly unfounded or excessive.

10. Complaints & the ICO

If you believe we have handled your personal data unlawfully, we would like the chance to put it right — please contact us first at hello@volexi.com. You also have the right to lodge a complaint with the UK supervisory authority:

Information Commissioner's Office (ICO)
Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
Helpline: 0303 123 1113
ico.org.uk

If you are resident in an EU country, you may alternatively complain to your national data protection authority.

11. Cookies

We use strictly necessary cookies for authentication, session management, CSRF protection and secure checkout. These cookies are required for the service to work and cannot be disabled without breaking sign-in and payments. We do not use advertising or cross-site tracking cookies.

12. Analytics

We use PostHog (EU-hosted) to understand how visitors use Volexi and to improve the product. PostHog captures pageviews, clicks, and form interactions automatically. Anonymous visitors are not personally identifiable — we don't create a profile for you until you sign up. Once you sign up, the events from your session are linked to your account so we can see your journey through the product.

We rely on legitimate interests as the legal basis for this processing. We don't use the data for advertising or share it with third-party marketing networks. You can object to this processing at any time by emailing hello@volexi.com.

13. Children

Volexi is not intended for children under 18. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, contact hello@volexi.com and we will delete it.

14. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be notified by email or in the app before they take effect. The date at the top of the page always reflects the current version.

15. Contact

For privacy questions or to exercise any of your rights under this policy, email hello@volexi.com.

JOLTCLICK LTD

Trading as Volexi · 71-75 Shelton Street, Covent Garden, London, WC2H 9JQ, United Kingdom

Registered in England and Wales · Company number 15175103

hello@volexi.com