H Hexalian
Last updated: November 23, 2025

Privacy Policy

This Privacy Policy applies to citizens and legal permanent residents of the United States who use hexalian.com. In our processing we comply with applicable US state privacy laws and, to the extent applicable, the principles of the EU General Data Protection Regulation (GDPR).

1. What Data We Collect and Why

We may collect or receive personal information for business operations purposes including:

  • Contact & Communication — Name, email address, and message content when you contact us through forms or email
  • Payments — Purchase amount, currency, payment method type (we do not store raw card details — all payment processing is handled by Stripe)
  • Account Registration — Email and hashed password if you create an account
  • Module Downloads — Download token usage, IP address (for security and anti-fraud)
  • Analytics — Anonymized usage statistics, page views, and navigation patterns (with consent)
  • Legal Obligations — Data necessary to comply with applicable laws, court orders, or regulatory requirements

2. How We Use Your Data

We use personal data to: fulfill purchased orders and deliver download access; communicate with you about your purchases, inquiries, and service updates; issue invoices and process refunds; detect and prevent fraud; improve the performance and usability of our platform; and comply with legal obligations.

We do not sell your personal data to third parties. We do not use your data for automated decision-making or profiling that produces significant legal effects.

3. Legal Basis for Processing (GDPR)

For EU/EEA residents, we process your data on the following bases: contract performance (fulfilling your purchase); legitimate interests (security, fraud prevention, service improvement); legal obligation; and consent (for analytics and marketing cookies, which you may withdraw at any time).

4. Disclosure Practices

We disclose personal information only:

  • If required by law, court order, or law enforcement agency
  • To third-party service providers (Stripe, Resend email) who process data on our behalf under data processing agreements
  • In the event of a merger, acquisition, or sale of assets, to relevant advisers and new owners

5. Third-Party Service Providers

We use the following sub-processors to operate our service:

  • Stripe Inc. — Payment processor (handles card data under PCI DSS)
  • Resend Inc. — Transactional email delivery
  • Groq Inc. — AI text generation (no personal data is sent to Groq; only editorial prompts)
  • Unsplash (Splice Inc.) — Stock photography API (no personal data transmitted)

6. Do Not Track & Global Privacy Control

Our website does not currently respond to the Do Not Track (DNT) request header. However, we fully honor the Global Privacy Control (GPC) signal where technically feasible. You can also manage your cookie preferences at any time via the cookie consent banner on our site.

7. Cookies

Our website uses cookies and similar tracking technologies to operate core functionality (authentication, secure checkout) and, with your consent, to collect analytics data. For full details on which cookies we use and how to manage them, see our Cookie Policy.

8. Data Retention

We retain personal data only as long as necessary to fulfill the purposes for which it was collected, or as required by law. Purchase records are retained for a minimum of 7 years for tax and accounting compliance. Account data is deleted upon account closure request.

9. Security

We are committed to the security of personal data. We implement appropriate technical and organizational measures including: encrypted database storage, HTTPS/TLS transport encryption, hashed password storage, time-limited and single-use download tokens, and regular security reviews. Access to personal data is restricted to authorized personnel only.

10. Third-Party Websites

This privacy statement does not apply to third-party websites connected by links on our website. We cannot guarantee that these third parties handle your personal data in a reliable or secure manner. We recommend you read the privacy statements of these websites prior to using them.

11. Your Rights

You have the following rights with respect to your personal data:

  • Access — Request a copy of the personal data we hold about you
  • Correction — Request correction of inaccurate or incomplete data
  • Deletion — Request deletion of your personal data (“right to be forgotten”) where legally applicable
  • Portability — Request your data in a machine-readable format
  • Objection — Object to processing of your data based on legitimate interests
  • Withdraw consent — Withdraw consent for analytics/marketing cookies at any time via the cookie banner
  • Appeal — Appeal our decision when we refuse to take action on a request

To exercise any of these rights, contact us at [email protected].

12. Children

Our website is not designed to attract children and it is not our intent to collect personal data from children under the age of consent in their country of residence. We request that children under the age of 13 (or the applicable age of consent) do not submit any personal data to us.

13. Amendments

We reserve the right to make amendments to this privacy statement. It is recommended that you consult this privacy statement regularly in order to be aware of any changes. In addition, we will actively inform you wherever possible.

14. Contact Us

Hexalian LLC
30 N Gould St Ste R, Sheridan, WY 82801, United States
Website: hexalian.com
Email: [email protected]
Phone: +1 (724) 215-3235