NEOXIS Back to site
Legal — 01

Privacy & Cookies Policy

Last updated: 14 May 2026 · Effective immediately

This page explains how Neoxis Corp. (the "Company", "we", "us") collects, uses and protects personal data when you visit neoxis.ai, in accordance with the EU General Data Protection Regulation 2016/679 ("GDPR") and applicable Bulgarian data-protection law.

1. Data controller

Neoxis Corp.
Sofia, Bulgaria
EU / BG VAT registered · BG208772721
Email: [email protected]
Phone: +359 88 638 1915

2. What we collect

This site is intentionally minimal. We do not run analytics, advertising pixels, social-media trackers or any third-party identifier scripts. We collect only what is technically required to serve the site:

  • Server access logs — IP address, user-agent, referer, timestamp. Retained 30 days for security and abuse prevention. Legal basis: legitimate interest (Art. 6(1)(f) GDPR).
  • Display preferences — your chosen layout density and hero atmosphere are saved in your own browser via localStorage so they persist between visits. This data never leaves your device.
  • Contact correspondence — if you email or call us, we keep that correspondence for as long as necessary to respond and for any subsequent business relationship. Legal basis: consent / contract performance / legitimate interest.

3. Cookies & local storage

The site uses one category of storage only:

  • Strictly necessary — site preferences and your cookie-consent choice. Stored in localStorage on your device. No expiry; you can clear it at any time via your browser settings.

We do not set advertising, analytics or fingerprinting cookies. Our hosting provider (Hostinger) and CDN (Cloudflare) may set their own minimal security cookies as required to deliver the site over HTTPS — these are out of our control and necessary for site operation.

4. How we use the data

  • To deliver the website to your browser.
  • To remember your display preferences across visits.
  • To respond to enquiries you send us.
  • To confirm that business correspondence we send has reached the intended recipient (see section 7 below).
  • To investigate abuse, security incidents and technical errors.

We do not sell, rent or transfer your data to third parties for marketing purposes. We do not profile you. We do not transfer data outside the EU/EEA except where strictly necessary to deliver the site (e.g. CDN edge nodes operated by Cloudflare under EU Standard Contractual Clauses).

5. Your rights under GDPR

Where we hold personal data about you, you have the right to:

  • Request access to your personal data (Art. 15);
  • Request rectification of inaccurate data (Art. 16);
  • Request erasure ("right to be forgotten") (Art. 17);
  • Restrict or object to processing (Art. 18, 21);
  • Receive your data in a portable format (Art. 20);
  • Withdraw consent at any time, where processing is based on consent;
  • Lodge a complaint with the Bulgarian Commission for Personal Data Protection (cpdp.bg).

To exercise any of these rights, write to [email protected]. We will respond within 30 days.

6. Security

The site is served over HTTPS only. Server access is restricted, audited and protected by the hosting provider's standard controls. We do not run any client-side data collection beyond what is described above.

7. Email open tracking

Outbound business emails from @neoxis.ai addresses include a small, transparent 1×1 pixel image hosted at neoxis.ai/track/pixel.php. When your email client downloads remote images, that pixel request is logged on our server. We use this signal solely to confirm that proposals, quotes and other business correspondence have actually reached you, and to time follow-ups appropriately.

What we record

  • The timestamp of each pixel load;
  • The IP address that requested the pixel (often a proxy IP from Apple, Google or Outlook rather than your personal IP);
  • The User-Agent string of the email client (e.g. "Gmail", "Outlook", "Apple Mail proxy");
  • An opaque per-email tracking ID we generate (this links the open back to the specific message we sent — it does not identify any data about you that we did not already have).

What we do not do

  • We do not track keystrokes, link clicks beyond what is in the email body, scrolling, mouse movement, or any reading behaviour beyond "the email was rendered at least once".
  • We do not enrich the IP address against any third-party identity database.
  • We do not share open data with third parties or use it for advertising or profiling.
  • Marketing newsletters and bulk email — we do not run them. This signal is for direct business correspondence only.

Legal basis & retention

Processing is carried out under our legitimate interest (Art. 6(1)(f) GDPR) in efficiently managing business correspondence and reducing duplicate follow-ups. We have weighed this against your rights and consider the impact minimal: the data is technical, the volume is small and we never publish or transfer it. Open events are retained for 12 months and then deleted automatically.

How to opt out

  • Block remote images in your email client (default in many corporate Outlook installations and Thunderbird) — the pixel will simply not load and nothing is recorded.
  • Apple Mail Privacy Protection (iOS 15+ / macOS Monterey+) preloads images via Apple's proxy. With this enabled, all you reveal to us is "your Apple device fetched the image at some point" — no real IP, no clear timing.
  • Email us at [email protected] with subject "No tracking" and we will switch your address to plain-text correspondence with no embedded pixel.

8. Changes to this policy

We may update this policy occasionally to reflect operational, legal or regulatory changes. The "Last updated" date at the top will reflect the most recent revision. Material changes will be communicated on the homepage.

Questions about this policy? [email protected]