Privacy Policy

1. Who we are

Paxa Media operates Signal API and related websites and client portal. We process data as a data controller for the purposes described below. For privacy enquiries, contact us at privacy@paxa.media.

2. Data we collect and why

2.1 Data underlying our APIs

Our products rely on publicly available information: we ingest, normalize, and process news and event-related content from public sources (e.g. feeds, publicly accessible websites, and licensed or open datasets). We do not collect this data from you personally; we aggregate and structure it to power our Events API and News Synthesis API. The resulting data (events, trends, synthesized articles) is part of our service and may be supplied to our B2B clients under contract. We do not sell personal data. We may retain raw and processed data for as long as needed to provide the services, comply with law, and improve our systems.

2.2 Website and portal visitors

When you use our marketing website or client portal we may collect: (a) technical data (IP address, browser type, device information) for security and operation; (b) usage data (pages visited, actions taken) to improve the site and analyse trends; (c) cookies and similar technologies as described in our Cookies Policy.

2.3 Portal account and client data

If you sign up or are given access to our client portal, we collect and process: email address, password (stored in hashed form), role (admin/client), and, where applicable, association with a client account. We use this to authenticate you, manage API keys, and provide usage and support. We may also store business contact details (e.g. client name, email, admin notes) that you or your organisation provide. This data is necessary for contract performance and our legitimate interests in providing and securing the service.

2.4 API usage

When our B2B clients use our APIs, we log usage (e.g. endpoint, timestamp, API key identifier) for rate limiting, billing, support, and security. We do not log the content of your API requests beyond what is needed for these purposes.

3. Legal basis and purposes

We process personal data where: (a) necessary to perform our contract with you or your organisation; (b) necessary for our legitimate interests (e.g. security, improving services, analytics) where not overridden by your rights; (c) required by law; or (d) with your consent where we ask for it explicitly (e.g. optional marketing). We do not use the data underlying our APIs to profile or identify individuals; that data is aggregated and business-oriented.

4. Sharing and disclosure

We may share data with: (i) service providers (hosting, email, analytics) under strict confidentiality and data-processing terms; (ii) regulators or law enforcement when required by law; (iii) potential acquirers in the context of a merger or sale of assets, under confidentiality. We do not sell your personal data to third parties for their marketing. Aggregated or anonymised data used in our APIs may be delivered to our B2B clients as part of the product.

5. International transfers

Our systems and some of our service providers may be located outside your country. Where we transfer personal data from the EEA or UK, we use appropriate safeguards (e.g. standard contractual clauses or adequacy decisions) to ensure an adequate level of protection.

6. Retention

We retain personal data only as long as necessary for the purposes above: e.g. account data for the life of the account and a reasonable period after; usage and logs as required for security and legal obligations; cookies as set out in our Cookies Policy. Data underlying our APIs may be retained longer for product and compliance reasons.

7. Your rights

Depending on where you live, you may have the right to: access your data; correct it; request erasure; restrict or object to certain processing; data portability; withdraw consent; and complain to a supervisory authority. To exercise these rights, contact us at privacy@paxa.media. We will respond within the timeframes required by applicable law.

8. Security

We use technical and organisational measures (e.g. encryption, access controls, secure hosting) to protect personal data against unauthorised access, loss, or misuse. No system is completely secure; we encourage you to use strong passwords and keep your API keys confidential.

9. Children

Our services are not directed at minors. We do not knowingly collect personal data from children. If you believe we have collected such data, please contact us and we will delete it.

10. Changes

We may update this policy from time to time. We will post the revised version on this page and, for material changes, we will indicate the “Last updated” date. Continued use of the service after changes constitutes acceptance of the updated policy where permitted by law.

11. Contact

For privacy questions or to exercise your rights: Paxa Media, email privacy@paxa.media. For general contact: lukar@paxa.media.