Privacy Policy

Last updated: April 18, 2026

Cybereter FZ-LLC ("Foenix", "us", "we", "company" or "our") operates the https://foenix.ai website ("Services"). This page informs you of our policies and practices regarding the collection, use and disclosure of information which personally identifies you ("Personal Information") when you use our Services.

We will not use or share your information with anyone except as described in this Privacy Policy. We use your Personal Information for providing and improving the Services. By using the Services, you agree to the collection and use of your Personal Information in accordance with this Privacy Policy.

1. Information We Collect

A. Personal Data

When you register for an account, we may collect personally identifiable information, such as:

Name
Email address
Billing information (processed by our third-party payment providers)
Company name (optional)

B. Technical Data & Site Access

To provide our core services (WordPress management and code generation), we process:

WordPress Credentials: Application passwords or API keys needed to connect Foenix.ai to your site.
Website Data: Database structure, theme files, plugin lists, and error logs necessary for the AI to analyze and edit your site.
Usage Data: Prompts you enter into the chat, commands sent to agents, and the resulting code generation.

C. Automatically Collected Information

When you access the Services, we automatically collect:

IP address
Browser type and version
Device information
Pages visited and time spent
Referring URL
Log data

2. How We Use Your Information

We use the information we collect for the following purposes:

To provide the Services: Connect to your WordPress site, execute edits, and run autonomous agents.
To improve our Services: Analyze usage patterns to improve the Services.
To train and improve our AI models: We may use aggregated and de-identified data derived from your prompts, generated code, and use of the Services to train, retrain, or fine-tune our proprietary machine learning models. You can opt out at any time by emailing [email protected] (see Section 6 for details).
For billing: Process subscription payments.
For service communications: Send you security alerts, billing notices, support messages, and essential product updates necessary for providing the Services. These are required for the functioning of your account and cannot be opted out.
For marketing communications: Send you newsletters, product tips, and promotional offers. When you create an account, you consent to receive these communications under this Privacy Policy. You can withdraw your consent at any time via the unsubscribe link in any marketing email or in Account Settings. Where applicable law requires separate prior consent for marketing (such as in the European Union and United Kingdom), we will only send marketing communications after you have provided that consent via a dedicated opt-in mechanism.
For security: Detect, prevent, and address technical issues, fraud, and abuse.
For legal compliance: Comply with applicable laws and regulations.
For other purposes: Data analysis, identifying usage trends, determining the effectiveness of our promotional campaigns and to evaluate and improve our Services.

3. Legal Basis for Processing

We process your personal data based on the following legal grounds:

Contract Performance: Processing necessary to provide you with the Services you requested.
Legitimate Interests: Processing for our legitimate business interests, such as improving our Services, fraud prevention, security, and marketing.
Consent: Where you have given us consent to process your data for specific purposes.
Legal Obligation: Processing necessary to comply with applicable laws.

4. Data Sharing and Third Parties

We neither rent nor sell your Personal Information in personally identifiable form to anyone in order to monetize through ads or leads.

However, we do share your Personal Information with third parties as described below:

AI Providers: We use third-party Large Language Model providers to process your prompts and generate code, including OpenAI, Anthropic, Google, and Fireworks AI. Under our API agreements with these providers, your prompts and the data sent for processing are not used to train their models. Processing takes place on the providers infrastructure (primarily in the United States). Processing by these providers is necessary for the performance of our contract with you under Article 6(1)(b) GDPR.
Payment Processors: Stripe, Inc. processes payments on our behalf. Stripe's handling of your payment data is governed by the Stripe Privacy Policy.
Hosting Services: Cloud infrastructure providers to host our platform.
Analytics Providers: To understand how our Services are used.
Business Analytics and Service Providers: Third party vendors to provide services on our behalf for varied purposes like business analytics, customer service, marketing, distribution.
Legal Requirements: If required by law, court order, subpoena, or to protect our rights, property, and safety, or the rights, property, and safety of others.
Business Transfers: In connection with any merger, sale of company assets, financing, or acquisition of all or a portion of our business.
Payment Information: We do not store or process your credit card details on our servers. All payments are handled securely by Stripe, Inc., in accordance with the Stripe Privacy Policy. Cybereter FZ-LLC is the Merchant of Record for all transactions.

We are not responsible for the privacy practices or data security of third-party providers. We encourage you to review the privacy policies of any third-party services you interact with.

5. Data Security

We implement commercially reasonable security measures to protect your data, including encryption of sensitive credentials at rest and in transit.

However, no method of transmission over the Internet or method of electronic storage is 100% secure. We cannot guarantee absolute security and shall not be liable for any unauthorized access, use, or disclosure of your Personal Information.

Data Breach Notification. In the event of a security incident that compromises your Personal Information, we will notify you without undue delay and, where required by applicable law (such as GDPR Art. 33–34), within 72 hours of becoming aware of the breach. Notification will include the nature of the incident, the categories of data affected, likely consequences, and the measures we have taken in response.

6. Data Retention

We retain your Personal Information only for as long as necessary for the purposes described in this Privacy Policy or as required by law. Specific retention periods:

Account information (name, email, company) — retained until you request account deletion by emailing [email protected].
Prompts, generated content, and agent logs — retained to power the Services (conversation history, context memory, analytics) until you request deletion by emailing [email protected].
Heavy files (images, attachments, generated assets) — automatically deleted 30 days after subscription cancellation to free up storage. You can also request earlier deletion at any time.
WordPress credentials and connection data — encrypted and stored for the duration of the connection. Deleted when you disconnect the site, close your account, or request deletion.
Billing and tax records — retained for 7 years as required by UAE tax law.
Usage and analytics data — collected through Google Analytics and our own telemetry; retention periods are governed by those tools' standard settings and may be retained in aggregated form for longer-term trend analysis.

Note: Cancelling your subscription does not automatically delete your account or your data (except for heavy files, as noted above). Your account and remaining data stay accessible in case you decide to return. To fully delete your account and associated data, email [email protected].

Use of Prompts for Service Improvement: Prompts in our Services typically consist of technical content — site structure, code, configuration — rather than personal data. We analyze this content to improve the Services, including debugging, feature development, and product analytics. Where prompts contain personal data, we limit its use to what is necessary for these purposes. We do not sell your prompts or outputs, and we do not share them with third parties for their own marketing purposes.

Use of Data for Model Improvement: We may use your prompts, generated code, site analyses, and usage data to improve our Services and to train, retrain, or fine-tune our proprietary machine learning models. Before any such use, we aggregate and de-identify the data so that it no longer identifies you or your end users. This processing is based on our legitimate interests under Article 6(1)(f) GDPR.

Opting out: If you prefer that your data not be used for model training, you can opt out at any time by emailing us at [email protected] with the subject line "Model Training Opt-Out." Once we receive your request, we will exclude your future data from training datasets within a reasonable period. Opt-out does not affect data used for operational purposes (providing the Services, debugging, security, and support), which are necessary to deliver the Services.

Third-Party LLM Providers: We use the commercial/paid API tiers of OpenAI, Anthropic, Google (Gemini API), and Fireworks AI. Under the terms of service of these providers:

Your prompts and outputs are not used to train their general-purpose AI models.
Providers may temporarily retain prompts and outputs (typically 7–30 days) solely for abuse monitoring, safety enforcement, and legal compliance.
Each provider's specific terms are available on their websites (see OpenAI API Data Usage, Anthropic Commercial Terms, Google Gemini API Paid Services terms, and Fireworks AI Privacy Notice).

After account deletion, we may retain limited information where required by law or for legitimate business purposes (e.g., resolving disputes, enforcing agreements).

7. International Data Transfers

Cybereter FZ-LLC is based in the United Arab Emirates. Our primary infrastructure is hosted on Google Cloud Platform in the United States. Our LLM providers (OpenAI, Anthropic, Google, Fireworks AI) process data primarily in the United States.

If you are located in the European Economic Area, United Kingdom, Switzerland, or any other jurisdiction outside the United States, your Personal Information will be transferred to the United States and other jurisdictions where data protection laws may differ from those in your country.

For such transfers, we rely on appropriate safeguards, including the Standard Contractual Clauses (SCCs) approved by the European Commission, the UK International Data Transfer Addendum, and adequacy decisions where applicable. By using the Services, you acknowledge these international transfers.

8. Your Privacy Rights

Depending on your location and applicable law, you may have certain rights regarding your Personal Information:

Access: Request information about the Personal Information we hold about you.
Correction: Request correction of inaccurate or incomplete data.
Deletion: Request deletion of your Personal Information.
Portability: Request your data in a structured, machine-readable format.
Restriction: Request limitation of processing of your Personal Information.
Objection: Object to processing based on legitimate interests.
Withdraw Consent: Withdraw consent at any time where processing is based on consent.
Right to Lodge a Complaint: You have the right to lodge a complaint with a data protection supervisory authority in your country of residence if you believe our processing of your Personal Information violates applicable law.
Object to Model Training: You may object to the use of your data for training our AI models at any time by emailing [email protected]. See Section 6 for details.
Other Jurisdictions: If you are located in a jurisdiction with additional privacy rights (Canada under PIPEDA or Quebec Law 25, Australia under the Privacy Act, or other applicable laws), you may have additional rights under local law. To exercise such rights, please contact us at [email protected], and we will respond in accordance with applicable law.

To exercise any of these rights, please contact us at [email protected]. We will respond to your request in accordance with applicable law.

We reserve the right to deny requests that are excessive, repetitive, manifestly unfounded, or not required by applicable law.

9. California Privacy Rights (CCPA/CPRA)

If you are a California resident, you may have additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

Right to Know: You may request that we disclose the categories and specific pieces of Personal Information we collected about you, the sources of collection, the purposes for collection, and the categories of third parties with whom we share your information.

Right to Delete: You may request deletion of your Personal Information, subject to certain exceptions.

Right to Correct: You may request correction of inaccurate Personal Information.

Right to Opt-Out: We do not sell your Personal Information. We do not share your Personal Information for cross-context behavioral advertising.

Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA rights.

Categories of Personal Information Collected:

Category	Examples	Collected
Identifiers	Name, email, IP address	Yes
Commercial Information	Purchase history, subscription plan	Yes
Internet Activity	Browsing history, interactions with Services	Yes
Geolocation	General location based on IP	Yes
Professional Information	Company name (if provided)	Yes

To exercise your California privacy rights, contact us at [email protected]. We will respond in accordance with applicable law.

10. CalOPPA Compliance

CalOPPA is the first state law in the nation to require commercial websites and online services to post a privacy policy. The law's reach stretches well beyond California to require a person or company in the United States (and conceivably the world) that operates websites collecting personally identifiable information from California consumers to post a conspicuous privacy policy on its website.

According to CalOPPA we agree to the following:

Our Privacy Policy link includes the word "Privacy", and can easily be found on our website.
Users will be notified of any privacy policy changes on our Privacy Policy page.
Users are able to change their personal information by emailing us at [email protected].

11. Do Not Track Signals

Some browsers have a "Do Not Track" feature. We currently do not respond to Do Not Track signals as there is no consistent industry standard for compliance.

12. Children's Privacy

Our Services are not directed to individuals under the age of 18. We do not knowingly collect Personal Information from children under 18. If we become aware that we have collected Personal Information from a child under 18, we will take steps to delete such information.

If you are a parent or guardian and believe your child has provided us with Personal Information, please contact us at [email protected].

13. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to maintain your session, remember preferences, analyze platform usage, measure marketing campaign performance, and prevent fraud. We use third-party tools including Google Analytics (analytics) and FirstPromoter (affiliate tracking).

A full and up-to-date list of cookies used on our website, along with their purpose and duration, is available in our Cookie Declaration managed by Cookiebot.

Consent: In jurisdictions where applicable law requires prior consent for non-essential cookies (such as the European Union and United Kingdom), we display a cookie banner on your first visit, and analytics and marketing cookies are loaded only after you provide consent. You can change or withdraw your consent at any time via the cookie preferences icon displayed on our website in those regions. In jurisdictions where prior consent is not legally required, non-essential cookies may be loaded by default, and you can opt out through your browser settings.

14. Third-Party Links

Our Services may contain links to third-party websites or services. We are not responsible for the privacy practices or content of such third parties. We encourage you to read the privacy policies of any third-party sites you visit.

15. Governing Law and Dispute Resolution

This Privacy Policy and any disputes arising from it shall be governed exclusively by the laws of the United Arab Emirates, as applicable in the Emirate of Ras Al Khaimah.

Any disputes related to this Privacy Policy shall be resolved in accordance with the Dispute Resolution and Arbitration provisions in our Terms of Service, including mandatory arbitration in Ras Al Khaimah, UAE.

16. Limitation of Liability

TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, CYBERETER FZ-LLC SHALL NOT BE LIABLE FOR ANY UNAUTHORIZED ACCESS, USE, OR DISCLOSURE OF YOUR PERSONAL INFORMATION, OR FOR ANY DAMAGES ARISING FROM YOUR USE OF THE SERVICES OR RELIANCE ON THIS PRIVACY POLICY.

17. Changes to This Privacy Policy

We reserve the right to update or change our Privacy Policy at any time at our sole discretion. We will notify you of any changes by posting the new Privacy Policy on this page.

Your continued use of the Services after we post any modifications to the Privacy Policy on this page will constitute your acknowledgment of the modifications and your consent to abide and be bound by the modified Privacy Policy.

If we make any material changes to this Privacy Policy, we will notify you either through the email address you have provided us, or by placing a prominent notice on our website.

18. Contact Us

If you have any questions about this Privacy Policy, please contact us:

Cybereter FZ-LLC
Ras Al Khaimah, UAE
Email: [email protected]