Privacy Policy

Multinex AI, Inc. (“Multinex,” “we,” “our,” or “us”) is committed to protecting the privacy, security, and sovereignty of data entrusted to us by our customers, users, and website visitors.

This Privacy Policy describes how we collect, use, store, share, and protect personal information when you visit our website (multinex.ai), use our products — including AIEGES Shield, MemQ, Multinex Legion, Airlock-VISA, and the munx-cli — or interact with our services in any capacity.

By accessing our website or using our services, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree, please discontinue use of our services.

Our infrastructure is architected around the principle of absolute data sovereignty. In sovereign and self-hosted deployment modes, your data — including vector memory, graph relationships, conversational prompts, policy decisions, and telemetry — is stored and processed entirely within environments you control.

Multinex does not collect, index, transmit, or train on your proprietary data unless explicitly authorized by your organizational administrators. Where AIEGES Shield operates as a reverse proxy, traffic flows through Zero-Trust perimeters with real-time redaction — unredacted payloads are never persisted by Multinex cloud services.

We use collected information to:

• Provision, maintain, and improve our services
• Process payments and manage your subscription or enterprise agreement
• Provide customer support and respond to your requests or inquiries
• Send transactional communications (account confirmations, billing notices, security alerts)
• Enforce our Terms of Service, detect fraud, and maintain platform security
• Conduct anonymized and aggregated analysis to improve product performance, reliability, and security posture
• Comply with legal obligations, regulatory requirements, and lawful requests from authorities

We do not sell, rent, or lease your personal information to third-party data brokers, advertisers, or marketing partners under any circumstances.

We share personal information only in the following limited circumstances:

• Service Providers: Infrastructure hosting (Google Cloud, Cloudflare), payment processing (Stripe), customer support tooling, and analytics services — each bound by data processing agreements.
• Legal Compliance: When required by applicable law, subpoena, court order, or governmental regulation.
• Business Transfers: In connection with a merger, acquisition, reorganization, or sale of assets, subject to the acquiring entity honoring this policy.
• With Your Consent: When you explicitly authorize sharing with a specific third party.

We implement industry-standard technical and organizational measures to protect your data, including:

• Encryption at rest (AES-256) and in transit (TLS 1.3)
• Network isolation, role-based access control (RBAC), and least-privilege principles across all internal systems
• Real-time PII/PHI redaction through AIEGES Shield's zero-copy Aho-Corasick classification engine
• Cryptographic identity verification and organization-scoped boundaries via Airlock-VISA
• Regular security assessments, penetration testing, and vulnerability management
• Employee background checks, security training, and strict access-control policies

No system is 100% secure. While we take commercially reasonable precautions, we cannot guarantee absolute security of transmitted or stored data.

We retain personal information only for as long as necessary to fulfill the purposes for which it was collected, provide our services, comply with legal obligations, resolve disputes, and enforce our agreements.

• Account Data: Retained for the duration of your account plus 30 days after deletion request.
• Billing Records: Retained for 7 years to comply with financial reporting and tax obligations.
• Usage Telemetry: Anonymized and aggregated telemetry is retained for up to 24 months. Raw telemetry is purged within 90 days.
• Support Records: Retained for 3 years from resolution, unless longer retention is required for legal purposes.

For sovereign and self-hosted deployments, data retention is entirely governed by your organization's policies and infrastructure.

Multinex processes data primarily in the United States. If you access our services from the European Economic Area (EEA), United Kingdom, Switzerland, or other jurisdictions with data transfer restrictions, your data may be transferred to, stored, and processed in the United States or other countries.

We rely on the following transfer mechanisms to ensure adequate protections:

• Standard Contractual Clauses (SCCs) approved by the European Commission
• Data Processing Agreements with all sub-processors
• Sovereign deployment options that keep all data within your jurisdiction

Enterprise customers requiring data residency guarantees should contact us about sovereign or regional deployment options.

Depending on your jurisdiction, you may have the following rights regarding your personal data:

To exercise any of these rights, contact privacy@multinex.ai. We will respond within the timeframes required by applicable law (30 days for GDPR, 45 days for CCPA).

Our website uses the following categories of cookies:

• EssentialRequired for core site functionality, session management, and security. Cannot be disabled.
• AnalyticsAnonymized usage data to understand how visitors interact with our site. We use privacy-respecting analytics. No data is shared with advertising networks.
• FunctionalPreference cookies to remember your settings (theme, language, consent choices) across sessions.

We do not use advertising cookies, retargeting pixels, or cross-site tracking. You can manage cookie preferences through your browser settings at any time.

Given the nature of our products, we maintain specific commitments regarding AI data handling:

• No Training on Customer Data: Multinex does not use customer prompts, responses, memory content, or any data flowing through our products to train, fine-tune, or improve AI models.
• Redaction Before Transit: AIEGES Shield classifies and redacts PII, PHI, and sensitive business data before it reaches any external model provider. Unredacted content is never stored by Multinex cloud services.
• Memory Sovereignty: MemQ memory (hot, warm, and cold tiers) belongs to the organization that created it. In sovereign deployments, all memory resides in your infrastructure.
• Audit Trail Integrity: Policy decisions, agent execution records, and compliance events logged by Legion are append-only and cryptographically verifiable.
• Model Agnosticism: Your choice of model provider is independent of Multinex. We do not route data to undisclosed third-party models.

Our services are designed for enterprise and professional use and are not directed at individuals under the age of 16 (or the applicable age of consent in your jurisdiction). We do not knowingly collect personal information from children.

If we become aware that we have collected personal information from a child without parental or guardian consent, we will take immediate steps to delete that information. Please contact privacy@multinex.ai if you believe a child has provided us with personal information.

We may update this Privacy Policy from time to time to reflect changes in our practices, products, legal requirements, or industry standards. When we make material changes, we will:

• Update the “Last Updated” date at the top of this page
• Notify enterprise customers via email
• Provide at least 30 days' notice before material changes take effect for existing customers

Continued use of our services after the effective date of changes constitutes acceptance of the updated policy.

For privacy inquiries, data subject requests, Data Processing Agreements (DPAs), or questions about our Zero-Trust architecture and data handling practices: