Policy

Privacy policy

How we collect, store, and process personal data in line with UK and EU GDPR.

Privacy Policy

Last updated: 03 October 2025

This Privacy Policy explains how Neorex AI Holding B.V. ("rex.ai", "we", "our", "us") processes personal data in accordance with the General Data Protection Regulation (GDPR) and related laws.


1. Who We Are

rex.ai is a news aggregation and content creation business, operated by Neorex AI Holding B.V., registered in Amsterdam, the Netherlands, Dutch Chamber of Commerce no. 96601450.

If you have questions about this policy or your data, contact us at: info@rex.ai


2. Roles Under Data Protection Law

Client as Controller: When you use our Applications and provide personal data (e.g., about employees, customers, or third parties), you remain the controller under GDPR. You are responsible for ensuring that such data is lawfully collected and shared.

rex.ai as Processor: For the purposes of operating our Applications, we act as a processor, handling data strictly in accordance with your instructions and the Agreement.


3. What Data We Collect

We keep our data collection to a minimum. The following personal data may be processed:

Authentication Data (via Auth0) Name, email, login credentials.

Finance Data Contracts, billing contact details, and payment information (held by our finance team).

Company Information Company-related data entered into our Applications.

We do not use our own systems to store personal information beyond authentication and finance records, except as necessary for providing and improving our service.


4. Why We Process Data (Purpose & Lawful Basis)

We only process personal data where lawful and necessary, including:

BasisPurpose
ContractTo provide secure access to our Applications.
Legitimate InterestTo maintain system security, role management, support, and debugging.
Legal ObligationTo meet financial and tax recordkeeping requirements.
Service ImprovementWe may use anonymised or aggregated output from the Applications to improve and optimise our systems (see Article 10 of the Terms and Conditions).

5. Who Has Access

Access to personal data is restricted and role-based:

Developers Limited access to Auth0 authentication data for debugging.

Finance Team Contracts and billing details for invoicing.

Management Access for account and role management.

We may engage trusted third parties (see Section 6) to support delivery of our services.


6. Third-Party Processors

We rely on carefully selected third-party providers:

ProviderPurpose
Auth0Authentication and session management.
Google Cloud Platform (GCP)Hosting.
Google WorkspaceBusiness operations (email, document storage).

If new processors (e.g., analytics tools) are added, this policy will be updated. All such processors are bound by contractual safeguards, including the EU Standard Contractual Clauses where applicable.


7. International Transfers

Some providers (e.g., Auth0, Google) may process data outside the European Economic Area (EEA). Where this occurs, appropriate safeguards such as EU Standard Contractual Clauses (SCCs) are applied to protect your data.


8. Cookies

We only use essential cookies:

Auth0 session cookies For authentication.

TanStack session cookies For session management.

These cookies are cleared upon new login. We do not use advertising or tracking cookies.


9. How Long We Keep Data

Data TypeRetention Period
Auth0 DataRetained while your account is active.
Finance RecordsRetained for as long as required under Dutch and EU law (typically 7 years).
Other RecordsDeleted within 72 hours of an opt-out or deletion request, except for finance data that we must legally retain.

10. Your Rights

Under GDPR, you may:

  • Access, correct, or delete your personal data
  • Restrict or object to processing
  • Request data portability To exercise your rights, email us at info@rex.ai.

11. Complaints

If you are not satisfied with how we handle your personal data, you may lodge a complaint with your local supervisory authority. In the Netherlands, this is the Autoriteit Persoonsgegevens.


12. Changes to this Policy

We may update this Privacy Policy from time to time, in line with updates to our services or legal requirements. Any significant changes will be reflected here with an updated "last updated" date.