Privacy Policy

2.1 Account & Registration Data

When you register for Galaxias Labs, we collect:

• Name, business email address, and password (hashed)
• Company name, industry, and company size
• Billing information handled by third-party payment processors; we do not store full credit card details
• Subscription tier and plan details

2.2 Customer Data You Upload (CRM/CDP Data)

As a CRM and CDP platform, Users may upload, import, or generate significant amounts of customer data, including:

This data is referred to as "Customer Data". You, as the Subscriber, are the data controller of all Customer Data. Galaxias Labs Limited acts as a data processor on your behalf.

• Customer personal details such as names, email addresses, phone numbers, and mailing addresses
• Order history, transaction records, and purchase behaviour
• Customer segmentation data, tags, and notes
• Custom attributes and field data as defined by the User
• Loyalty programme data, membership records, and reward points

2.3 Communication Content

When you use Galaxias Labs to send communications to customers through email, WhatsApp, or other integrated channels, we collect and process:

• Message content and templates
• Recipient contact information and delivery metadata
• Send, open, click, and delivery status logs
• Campaign settings and scheduling data

2.4 AI Interaction Data

Galaxias Labs includes AI-powered features. When you use these features, we may collect:

Please refer to Section 5 for more information on how AI interaction data is handled.

• Your queries, prompts, and inputs submitted to the AI
• AI-generated responses and outputs
• Metadata related to AI sessions, including timestamps, feature type, and session identifiers

2.5 Usage & Technical Data

• Log data such as IP address, browser type, operating system, pages visited, and timestamps
• Device identifiers and session tokens
• Feature usage patterns and in-app behaviour for product improvement
• Error logs and crash reports

3.1 Service Delivery

• To operate, maintain, and improve the Galaxias Labs platform
• To process and store your CRM/CDP data as instructed by you
• To facilitate communications sent through the platform on your behalf
• To provide AI-assisted features and recommendations

3.2 Account Management

• To manage your account, subscription, and billing
• To authenticate users and maintain access security
• To send service-related notifications such as payment confirmations and system updates

3.3 Support & Communication

• To respond to your support enquiries
• To send product updates, feature announcements, and tips, with opt-out available at any time

3.4 Security & Compliance

• To detect and prevent fraud, abuse, and unauthorised access
• To comply with applicable legal obligations under Hong Kong law and international regulations

3.5 Product Improvement

• To analyse aggregated usage patterns and improve platform performance
• To develop new features and enhance AI capabilities using anonymised or aggregated data where possible

4.1 Sub-Processors & Service Providers

We engage trusted third-party service providers to help us operate the platform, including:

All sub-processors are required to handle data in accordance with our instructions and applicable data protection laws.

• Cloud infrastructure providers for hosting and data storage
• Email and messaging delivery providers such as SMTP or WhatsApp Business API partners
• Payment processors for billing and subscription management
• Analytics and monitoring tools for platform performance and error tracking
• AI model providers for AI-powered features described in Section 5

4.2 Legal Requirements

We may disclose information where required by law, court order, or government authority in Hong Kong or other applicable jurisdictions, or where we believe disclosure is necessary to protect rights, property, or safety.

4.3 Business Transfers

If Galaxias Labs Limited undergoes a merger, acquisition, or sale of assets, your data may be transferred as part of that transaction. We will provide advance notice and ensure that your data remains protected.

5.1 What We Collect

When you use the platform's AI features, such as content generation, customer insight queries, or AI-assisted suggestions, we collect the prompts, inputs, and outputs generated during those interactions. These interactions may be logged for service delivery, quality assurance, and platform improvement.

5.2 How AI Interaction Data Is Used

• To provide accurate and contextual AI responses within your session
• To improve AI model quality and platform accuracy using anonymised or aggregated data
• To monitor for misuse, safety, and compliance with our Acceptable Use Policy

5.3 Third-Party AI Providers

Some AI features may rely on third-party AI model APIs. Your prompts and relevant contextual data may be sent to those providers so that a response can be generated. We select AI partners that commit to protecting data confidentiality and that do not use your data to train their general models without explicit consent.

5.4 Your Responsibility

You are responsible for ensuring that any Customer Data or personal data included in AI prompts complies with applicable privacy laws and your obligations as a data controller. We recommend that you avoid submitting unnecessary personal data in AI queries.