LENX

Privacy policy

Last updated: June 10, 2026

1. Preamble

Olenx (“we”) attaches particular importance to the protection of your personal data. This policy describes how we collect, use, and protect your information when you use the Olenx platform (Generative Engine Optimization).

It complies with the General Data Protection Regulation (GDPR — EU 2016/679) and the amended French “Informatique et Libertés” data protection act.

2. Data controller

The data controller is Eléna Guigliano, a sole trader operating under the trade name “Olenx” (see Legal notice).

For any question regarding the protection of your data, you can contact the data controller at: team@olenx.com.

3. Data collected

We collect the following categories of data:

  • Identification data: last name, first name, email address, password (hashed).
  • Connection data: IP address, session identifiers, authentication logs.
  • Usage data: projects created, prompts submitted, audit results, analysis history.
  • Technical data: browser type, operating system, pages viewed.
  • Billing data: company name, address, payment information (processed by our payment provider).
  • User API keys: stored encrypted (AES-256-CBC) — we cannot access them in plaintext.

4. Purposes of processing

  • Managing user accounts and authentication.
  • Providing the GEO audit service and generating recommendations.
  • Security auditing and abuse detection.
  • Communication relating to the service (notifications, updates).
  • Marketing communication (subject to consent, opt-out possible at any time).
  • Billing and accounting obligations.
  • Continuous improvement of the platform (aggregated and anonymized statistics).

5. Legal basis

  • Performance of the contract (Terms) for the provision of the service.
  • Consent for marketing communications and certain cookies.
  • Legal obligation for billing and the retention of accounting data.
  • Legitimate interest for security and fraud prevention.

6. Retention period

  • Active account: retained for the entire duration of the contractual relationship.
  • Inactive account: deleted after 3 years of inactivity (following notification).
  • Billing data: 10 years (accounting obligation).
  • Technical logs: 12 months maximum.
  • Prospect data (non-customer): 3 years from the last contact.

7. Subprocessors

We use subprocessors that are contractually bound to comply with the GDPR:

  • Supabase Inc. — database and authentication (European Union)
  • Railway Corp. — application hosting (United States, standard contractual clauses)
  • Resend — sending transactional emails
  • OpenAI — language models (ChatGPT, GPT-4)
  • Anthropic — language models (Claude)
  • Google AI — language models (Gemini)
  • Perplexity — language models and search
  • Tavily — AI-augmented web search

When you use the BYOK (Bring Your Own Key) feature, requests to the LLMs are made via your own API keys, under the responsibility of the corresponding provider.

8. Your rights (GDPR)

In accordance with the GDPR, you have the following rights:

  • Right of access: obtain a copy of your data.
  • Right to rectification: correct inaccurate information.
  • Right to erasure (“right to be forgotten”): request the deletion of your data.
  • Right to portability: retrieve your data in a structured format.
  • Right to object: refuse processing (notably for marketing).
  • Right to restriction: temporarily freeze processing.
  • Right to withdraw consent at any time.
  • Right to set post-mortem directives on the fate of your data.

To exercise these rights, contact us at team@olenx.com. You also have the right to lodge a complaint with the French data protection authority, the CNIL (www.cnil.fr).

9. Cookies

The site uses the following categories of cookies:

  • Strictly necessary cookies: authentication, session, preferences (no consent required).
  • Audience measurement cookies: anonymized statistics (subject to consent).

You can change your preferences at any time from your browser or via the cookie banner.

10. Security

We implement appropriate technical and organizational measures to protect your data: TLS encryption in transit, AES-256 encryption at rest for API keys, strict access controls (RLS), multi-factor authentication, and regular security audits.

11. Changes

This policy may evolve. Any substantial change will be notified to you by email and/or via the service.

Privacy policy — Olenx | Olenx