Privacy Policy

Last Updated: 8 March 2026

1. Introduction and Global Scope

Leox AI Ltd ("we," "our," or "us"), incorporated in England and Wales (Company No: 16943657), operates the domain leoxapp.ai and a portfolio of AI-driven mobile applications. We provide a "Limitless Empowered Optimised Xperience" (L.E.O.X.) while strictly adhering to the UK GDPR (as amended by the Data (Use and Access) Act 2025), EU GDPR, CCPA/CPRA, and LGPD.

2. Lawful Bases for Processing

We process data under the following legal justifications:

  • Contractual Necessity: For providing requested AI services.

  • Explicit Consent: For Google AdMob and specific AI feature opt-ins.

  • Legitimate Interests: For security and "Recognised Legitimate Interests" under UK law.

  • Legal Obligation: To comply with statutory requirements.

3. Tiered AI Model Architecture & Privacy by Design

We utilise a three-layer AI processing logic to ensure maximum data sovereignty:

  • Tier 1: Device-Native AI (System Level): Prioritises Apple Intelligence or Android AICore. Data is processed locally and never leaves your device.

  • Tier 2: Integrated Local Models (App Level): Uses lightweight embedded models for private, offline inference.

  • Tier 3: Enterprise Cloud AI (Server Level): For complex tasks, we utilise Enterprise APIs. Data is encrypted (AES-256) and strictly not used to train third-party foundational models.

4. AI Ethics, Transparency, and Labeling

  • AI-Powered Insights: All AI-generated content is clearly labeled to ensure transparency.

  • No Foundational Training: We do not use your private interaction data to train global AI models.

  • Human Oversight: No automated decision-making with legal effects is performed without human intervention.

5. Cookies and Tracking Technologies

  • Website (leoxapp.ai): Our website utilizes a "Privacy-First" approach. We only employ Strictly Necessary Cookies required for the core functional operation, security, and stability of the site. We do not use any non-essential, marketing, or analytical cookies on our website.

  • Mobile Applications: Our mobile applications do not utilize traditional browser cookies. However, they incorporate Google AdMob, which uses mobile advertising identifiers (such as IDFA on iOS and Advertising ID on Android) to facilitate ad serving and frequency capping. The collection and use of these identifiers are strictly subject to your device's privacy settings and explicit consent (e.g., via the App Tracking Transparency framework on iOS).

  • User Control: Website visitors can manage cookie preferences via their browser settings. Mobile app users can reset or opt-out of advertising identifiers through their device's "Privacy" or "Ads" settings menu.

6. Global Children’s Privacy

We adhere to regional age thresholds (e.g., 13 in US/UK, 16 in EU/Brazil). Guardians may exercise their rights by contacting privacy@leoxapp.ai.

7. Account Deletion and the "Right to be Forgotten"

  • Registered Users: Applications include a permanent "Delete Account" button in Settings. Upon activation, all personal identifiers, credentials, and AI history will be permanently and irreversibly purged from our active databases within 72 hours.

  • Non-Registered Users: As no account is stored, users may reset their device-level Advertising ID to terminate tracking associations.

  • Manual Requests: You may also exercise your rights via privacy@leoxapp.ai.

8. International Data Transfers

Managed via Standard Contractual Clauses (SCCs) or the 2026 UK "Data Protection Test", ensuring global transfers meet UK-equivalent protection standards.

9. Data Breach Notification Protocol

In the highly unlikely event of a data breach, we are committed to notifying relevant supervisory authorities (e.g., the UK ICO) and affected users within 72 hours of discovery where a high risk to rights and freedoms is identified.

10. Jurisdiction-Specific Provisions

  • California (CCPA/CPRA): We honour Global Privacy Control (GPC) signals and provide a "Do Not Sell/Share" opt-out for ad tracking.

  • Brazil (LGPD): We respect local data residency requirements and confirmation rights as mandated by local laws.

11. Governing Law and Dispute Resolution

  • Jurisdiction: Governed by the laws of England and Wales.

  • Mandatory Complaints Procedure (DUAA 2025): Users must first seek resolution via Submit a Formal Privacy Complaint Here.

  • Tracking: We will acknowledge receipt within 30 days and provide a unique reference number for tracking.

  • Vexatious Complaints: We reserve the right to charge a fee or refuse action on complaints deemed manifestly unfounded under UK law.

  • Binding Arbitration: Any unresolved dispute shall be resolved via private, binding arbitration in London under the Arbitration Act 2025. You hereby waive your right to a trial by jury or participation in a class-action lawsuit.

12. Security and Technology Stack

  • Website: Strictly TLS 1.3 encrypted and marketing-cookie-free.

  • Access Control: Multi-factor authentication (MFA) is required for all administrative access to our AI frameworks.

13. Data Retention Period

We retain your personal data only for as long as necessary to provide the Services, or for a maximum period of 5 years unless otherwise mandated by UK tax or legal requirements.

14. Contact our Data Protection Officer (DPO)

  • Email: privacy@leoxapp.ai

  • Office: 3rd Floor, 86-90 Paul Street, London, EC2A 4NE, United Kingdom.

Contact

Reach out to Leox AI for professional mobile solutions that elevate your brand.

Email

hello@leoxapp.ai

© 2026 Leox AI Ltd. All rights reserved. Registered in England and Wales. Company No: 16943657. Registered Office: 3rd Floor, 86-90 Paul Street, London, England, United Kingdom, EC2A 4NE

Privacy Policy

Terms of Service