Privacy Policy

Privacy is architecture

RAXE processes everything locally. Your prompts, your data, your infrastructure. This policy describes what little data we do collect and how we handle it.

Last updated: March 14, 2026

Our Core Principle
100% local processing. Zero data transit. Your prompts never leave your infrastructure. RAXE was designed so that privacy is enforced by architecture, not by policy alone.

1. Data We Collect

RAXE Sensor & Gateway (On-Premise)

RAXE Sensor and RAXE Gateway run entirely within your infrastructure. All prompt scanning, threat detection, and policy enforcement happen locally. We do not receive, transmit, or store any of your prompts, model inputs, model outputs, or application data.

Website (raxe.ai)

When you visit our website, we may collect:

  • Contact information you voluntarily provide (name, email, company) when filling out forms such as demo requests, enterprise inquiries, or waitlist signups.
  • Usage analytics such as pages visited, referral source, and session duration. We use this to improve the website experience.
  • Browser-based demo data entered into the live demo is processed entirely in your browser using client-side ONNX models. No demo input is transmitted to our servers.

Signature Updates

RAXE products may periodically check for updated detection signatures. These requests contain only version identifiers and no customer data.

2. How We Use Data

We use collected information to:

  • Respond to your inquiries and demo requests
  • Provide product updates and security advisories you have opted into
  • Improve our website and documentation
  • Deliver detection signature updates to deployed products
  • Comply with legal obligations

We do not sell, rent, or trade your personal information to third parties. We do not use your data for advertising purposes.

3. Cookies

Our website uses minimal cookies:

  • Essential cookies required for website functionality (session management, security).
  • Analytics (Google Analytics 4 and PostHog) to understand how visitors use the site. Google Analytics is loaded only after you explicitly accept analytics via our consent banner. PostHog uses localStorage only (no cookies), does not capture form inputs, email addresses, or prompt text, and collects only first-party session context (page views, navigation, and interaction events). On enterprise, intelligence, and RAXE Labs pages, PostHog runs automatically as a first-party analytics tool; on the rest of the public website it requires consent. Session replay is disabled by default. You can withdraw consent at any time using the “Cookies” link in the page footer.

We do not use third-party advertising cookies or cross-site tracking pixels. No prompt text, email addresses, or personally identifiable information is sent to analytics services.

4. Third-Party Services

We use a limited number of third-party services to operate our website:

  • Google Cloud Platform for website hosting and infrastructure.
  • Google Analytics 4 for aggregate website usage analytics. Loaded only after explicit consent. No prompt text, emails, or personally identifiable information is sent. See Section 3 for details.
  • PostHog for first-party product analytics. Runs automatically on enterprise, intelligence, and RAXE Labs pages, and only after consent on the rest of the public website. Uses localStorage (no cookies). Does not capture form inputs, email content, or prompt text. Session replay is disabled by default and enabled only on specific pages after input masking verification.
  • Airtable for waitlist and contact form submissions.

These services process data only as necessary to provide their functionality and are bound by their own privacy policies.

5. Data Retention

We retain contact information for as long as necessary to fulfil the purpose for which it was collected, or as required by law. You may request deletion of your data at any time. Website analytics data collected via Google Analytics is retained for 14 months and then automatically deleted. PostHog analytics data is retained for 12 months. You can withdraw consent at any time using the “Cookies” link in the page footer.

Shared Scan Results. When you share a scan result from our Live Scanner, the scanned prompt (if you choose to include it) and the classification output are stored for 90 days and then automatically deleted. Shared results are anonymous — no personal data is associated with them. You can share results with or without the scanned prompt text.

6. Data Security

We protect data using industry-standard security measures including encryption in transit (TLS), access controls, and regular security reviews. Our products are designed with security at their core—we apply the same rigor to our own operations that we provide to our customers.

7. Your Rights (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or a jurisdiction with similar data protection laws, you have the following rights:

  • Access — Request a copy of the personal data we hold about you.
  • Rectification — Request correction of inaccurate or incomplete data.
  • Erasure — Request deletion of your personal data.
  • Restriction — Request that we restrict processing of your data.
  • Portability — Request your data in a structured, machine-readable format.
  • Objection — Object to processing based on legitimate interests.

To exercise any of these rights, contact us at privacy@raxe.ai. We will respond within 30 days.

8. Changes to This Policy

We may update this privacy policy from time to time. Material changes will be posted on this page with an updated revision date. Your continued use of our website after changes constitutes acceptance of the revised policy.

9. Contact Us

For privacy-related inquiries, data access requests, or concerns:

Email: privacy@raxe.ai

Talk to an Engineer Request a Demo