humex.ai
Start selling

Legal

Privacy policy

We only collect what we need to run the marketplace, and we never sell your personal data.

Last updated May 5, 2026

The short version

  • We collect the minimum needed to run accounts, payments, and downloads.
  • Stripe processes all payments — we never see your full card number.
  • We never sell your data to advertisers or third parties.
  • You can export or delete your account at any time.
  • Questions? Email privacy@humexai.com.

What we collect

Account data

When you sign up, we store your email address, hashed password, username, and any profile information you choose to add (display name, bio, avatar, links).

Order data

When you buy, we record the purchase amount, currency, product, buyer email, and Stripe payment-intent ID. Your card details are handled by Stripe and never reach our servers.

Creator data

If you sell, Stripe collects KYC information (legal name, address, tax ID, bank account) directly from you to enable payouts. We store only the resulting Stripe account ID and onboarding status.

Usage data

We log basic technical data — IP address, browser, page visited — for security and rate limiting. Logs are retained for 30 days.

Cookies

We use a small set of essential cookies for sign-in sessions and preferences. See our Cookie policy for details.

How we use it

  • To create and operate your account.
  • To process payments, deliver downloads, and pay creators.
  • To send transactional emails (purchase receipts, sale notifications, password resets).
  • To prevent fraud, abuse, and chargebacks.
  • To comply with our legal obligations (tax, accounting, anti-money laundering).
  • With your explicit opt-in: to send occasional product updates.

Who we share with

We share data only with vetted processors who help us run the Service:

  • Stripe — payments and Connect payouts.
  • Supabase — database, auth, and file storage.
  • Resend — transactional email delivery.
  • Vercel — hosting and edge delivery.
  • Anthropic — AI-assisted listing features (only the listing fields you choose to send for AI generation).

Each processor has a data-processing agreement in place. We do not sell, rent, or trade personal data with anyone for marketing purposes.

Retention

  • Account data: kept while your account is active, deleted within 30 days of closure (except where retained by law, e.g. tax records for 10 years).
  • Order data: kept for 10 years for accounting and legal compliance.
  • Logs: 30 days.
  • Email addresses for unsubscribed lists: kept indefinitely as a suppression list to honour your opt-out.

Your rights

Wherever you are based, you have the right to:

  • Access the personal data we hold about you.
  • Correct data that's inaccurate or out of date.
  • Delete your account and personal data (subject to legal retention rules).
  • Export your data in a portable format.
  • Object to processing or restrict it.
  • Withdraw consent for any optional processing (e.g. marketing emails).

To exercise any right, email privacy@humexai.com. We respond within 30 days.

International transfers

We are based in the European Union. Some of our processors (e.g. Stripe, Vercel, Anthropic) operate globally. Where data leaves the EU/EEA, we rely on Standard Contractual Clauses approved by the European Commission to ensure equivalent protection.

Security

We use industry-standard measures: TLS encryption in transit, AES at rest, hashed passwords, scoped admin access, and audit logs. No system is perfectly secure — if you believe your account has been compromised, change your password and contact us immediately.

Children

HumexAI is not intended for anyone under 18. We do not knowingly collect data from children. If you believe a child has provided us with personal data, contact us and we will delete it.

Changes to this policy

We may update this policy as the Service evolves. Material changes will be announced by email and on this page at least 14 days before they take effect.

Contact

Privacy questions: privacy@humexai.com. You can also reach our data protection contact at the same address.