Sixfactors Logo
ContactSchedule Free Assessment

Privacy Policy

Effective Date: February 25, 2026

Introduction

Sixfactors AI Labs (d/b/a Vimix Inc) ("Sixfactors," "we," "us," or "our") is committed to protecting the privacy of individuals who visit our website at sixfactors.ai ("Website"), use our platform and associated products ("Services"), or otherwise interact with us. Our Services include AI Assessment, Agent Studio, and Agent Ops.

This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you access or use our Services. It also describes your rights and choices regarding your personal information. By accessing or using our Services, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with our practices, please do not access or use our Services.

For purposes of this Privacy Policy, "Personal Data" means any information that relates to an identified or identifiable individual. This includes information such as your name, email address, IP address, or any other identifier that can be used to identify you directly or indirectly.

When we act as a data processor on behalf of our business customers (for example, when a customer uploads data to Agent Studio or Agent Ops), the customer's privacy policy governs the processing of that data. This Privacy Policy applies to the personal data we collect and process as a data controller.

Information We Collect

Information You Provide Directly

We collect personal information that you voluntarily provide to us when you register for an account, use our Services, make a purchase, contact us for support, participate in surveys or promotions, or otherwise communicate with us. The types of personal information we may collect include:

  • Account information: Your name, email address, password, company name, job title, and phone number when you create an account or update your profile
  • Payment information: Billing address, payment method details, and transaction history. We use third-party payment processors (such as Stripe) to handle payment transactions, and we do not store your complete credit card numbers on our servers
  • Assessment data: Responses, configurations, and results generated through our AI Assessment tool, including information about your organization's workflows, team structure, and technology stack
  • Agent configurations: Data you provide when building, testing, and deploying AI agents through Agent Studio, including agent parameters, workflow definitions, and integration settings
  • Communications: Messages, feedback, and other information you provide when you contact our support team, respond to surveys, participate in research studies, or communicate with us through any channel
  • User-generated content: Any content, data, or materials you upload, submit, or create using our Services, including documents, prompts, knowledge base entries, and custom configurations
  • Job application data: If you apply for a position with us, we may collect your resume, cover letter, work history, education, and other information relevant to your application

Information Collected Automatically

When you access or use our Services, we automatically collect certain information about your device and your use of the Services. This information may include:

  • Device information: Hardware model, operating system and version, browser type and version, device identifiers, screen resolution, and language preferences
  • Usage data: Pages and features you access, actions you take within the platform, time spent on pages, navigation paths, search queries, and interaction patterns with our AI agents and tools
  • Log data: IP address, access times and dates, referring URL, pages viewed, links clicked, error logs, and diagnostic information
  • Location data: Approximate geographic location derived from your IP address. We do not collect precise geolocation data
  • Performance data: Page load times, response times, system errors, and other performance metrics that help us maintain and improve our Services

Information from Third Parties

We may receive personal information about you from third-party sources, including:

  • Authentication providers: When you sign in using a third-party service (such as Google or GitHub), we receive your name, email address, and profile information as authorized by your settings with that service
  • Analytics providers: We receive aggregated analytics data from services such as Google Analytics that helps us understand how visitors use our Website
  • Business partners: We may receive information from referral partners, resellers, or integration partners in connection with our business relationships
  • Public sources: We may collect information from publicly available sources, such as public social media profiles or business directories, to supplement the information we hold about you

Customer Data

Our business customers may upload data to our platform in connection with their use of Agent Studio and Agent Ops ("Customer Data"). We process Customer Data on behalf of our customers in accordance with our agreements with them. Our customers are responsible for ensuring they have the appropriate legal basis to share this data with us. We do not use Customer Data for our own purposes except as necessary to provide the Services, comply with applicable law, or as otherwise permitted by our agreements.

How We Use Your Information

We use the personal information we collect for the following purposes:

Providing and Operating Our Services

  • Create and manage your account, authenticate your identity, and maintain your profile
  • Process your AI Assessment responses and generate personalized recommendations for your organization
  • Enable you to build, test, deploy, and monitor AI agents through Agent Studio and Agent Ops
  • Process payments, manage subscriptions, and send transaction confirmations and invoices
  • Provide customer support, respond to your requests, and resolve technical issues

Improving and Developing Our Services

  • Analyze usage patterns, trends, and user behavior to understand how our Services are used and identify areas for improvement
  • Conduct research and development to build new features, products, and capabilities
  • Test and evaluate the effectiveness of our Services, including A/B testing and user experience research
  • Generate aggregated and de-identified analytics and reports

Communicating with You

  • Send technical notices, updates, security alerts, and administrative messages related to your account and the Services
  • Send marketing communications about new features, products, events, and promotions that may be of interest to you (you can opt out of marketing emails at any time)
  • Respond to your comments, questions, and feedback

Safety, Security, and Compliance

  • Detect, investigate, and prevent security incidents, fraud, abuse, and other harmful or unauthorized activity
  • Enforce our Terms of Service, Acceptable Use Policy, and other agreements
  • Comply with applicable laws, regulations, legal processes, and governmental requests
  • Protect the rights, property, and safety of Sixfactors, our users, and the public

AI Model Improvement

We may use aggregated and de-identified usage data to improve the performance and accuracy of our AI capabilities. We do not use your proprietary Customer Data or personally identifiable information to train general-purpose AI models without your explicit consent. Any AI training on customer-specific data is performed only within the scope of services we provide to that customer and in accordance with our agreements.

Legal Bases for Processing

If you are located in the European Economic Area (EEA), the United Kingdom, or another jurisdiction that requires a legal basis for processing personal data, we rely on the following legal bases:

  • Contractual necessity: Processing your personal data is necessary to perform our contract with you, including providing the Services, managing your account, and processing payments
  • Legitimate interests: Processing is necessary for our legitimate business interests, such as improving our Services, conducting analytics, preventing fraud, and marketing our products. We balance our interests against your rights and only rely on this basis where our interests are not overridden by your data protection rights
  • Consent: Where required by law, we obtain your consent before processing your personal data for certain purposes, such as sending marketing communications or using non-essential cookies. You may withdraw your consent at any time
  • Legal obligation: Processing is necessary to comply with a legal obligation to which we are subject, such as tax reporting, regulatory requirements, or responding to lawful requests from public authorities
  • Vital interests: In rare cases, processing may be necessary to protect someone's vital interests

Information Sharing and Disclosure

We do not sell your personal information. We do not share your personal information with third parties for their own direct marketing purposes. We may share your information in the following circumstances:

Service Providers

We share personal information with third-party service providers who perform services on our behalf. These service providers are contractually obligated to use your information only for the purposes we specify and are required to maintain appropriate security measures. Our service providers include:

  • Cloud hosting and infrastructure providers (e.g., AWS, Vercel)
  • Payment processors (e.g., Stripe)
  • Analytics and monitoring services (e.g., Google Analytics, Vercel Analytics)
  • Email and communication platforms
  • Customer support tools
  • Security and fraud prevention services

Business Transfers

If Sixfactors is involved in a merger, acquisition, bankruptcy, reorganization, or sale of all or a portion of its assets, your personal information may be transferred as part of that transaction. We will notify you via email and/or a prominent notice on our Website of any change in ownership or uses of your personal information, as well as any choices you may have regarding your personal information.

Legal Requirements

We may disclose your personal information if we believe in good faith that such disclosure is necessary to:

  • Comply with applicable law, regulation, legal process, or governmental request
  • Enforce our Terms of Service or other agreements, including investigation of potential violations
  • Detect, prevent, or address fraud, security issues, or technical problems
  • Protect the rights, property, or safety of Sixfactors, our users, or the public as required or permitted by law

With Your Organization

If you use our Services through an enterprise or team account, we may share your account information and usage data with the administrator of your organization's account, as permitted by our agreement with that organization.

With Your Consent

We may share your personal information for other purposes with your explicit consent or at your direction.

Aggregated and De-Identified Data

We may share aggregated or de-identified information that can no longer reasonably be used to identify you. This data may be used for industry analysis, benchmarking, and other business purposes.

Cookies and Tracking Technologies

We use cookies, web beacons, pixels, and similar tracking technologies to collect information about your interactions with our Services. Cookies are small data files stored on your device that help us improve your experience and our Services.

Types of Cookies We Use

  • Strictly necessary cookies: These cookies are essential for the operation of our Services. They enable core functionality such as authentication, session management, and security features. You cannot opt out of these cookies as the Services cannot function without them
  • Analytics and performance cookies: These cookies help us understand how visitors interact with our Website by collecting information about pages visited, time spent on pages, and error messages encountered. We use Google Analytics and Vercel Analytics for this purpose. The information collected is aggregated and used to improve our Website and Services
  • Functional cookies: These cookies enable enhanced functionality and personalization, such as remembering your language preferences, display settings, and previously viewed content. If you do not allow these cookies, some or all of these features may not function properly

Managing Cookie Preferences

Most web browsers are set to accept cookies by default. You can modify your browser settings to block or delete cookies, but doing so may affect the functionality of our Services. The specific steps to manage cookies vary by browser:

  • Chrome: Settings > Privacy and Security > Cookies and other site data
  • Firefox: Settings > Privacy & Security > Cookies and Site Data
  • Safari: Preferences > Privacy > Manage Website Data
  • Edge: Settings > Cookies and site permissions
You can also opt out of Google Analytics by installing the Google Analytics Opt-out Browser Add-on.

Do Not Track

Some web browsers offer a "Do Not Track" ("DNT") signal. Because there is no accepted standard for how to respond to DNT signals, our Website does not currently respond to DNT browser signals. We will continue to monitor developments in DNT technology and update our practices accordingly.

Data Retention

We retain your personal information for as long as necessary to fulfill the purposes for which it was collected, including to satisfy any legal, accounting, or reporting requirements. The retention period may vary depending on the context of our relationship with you and the type of information involved.

In general, we apply the following retention guidelines:

  • Account data: Retained for as long as your account is active and for a reasonable period thereafter to allow you to reactivate your account or to comply with legal obligations
  • Transaction data: Retained for as long as required to complete the transaction and for the period required by applicable tax and accounting laws (typically 7 years)
  • Usage and analytics data: Generally retained in identifiable form for up to 26 months, after which it is aggregated or deleted
  • Marketing preferences: Retained until you unsubscribe or request deletion, plus a suppression record to honor your opt-out preferences
  • Support communications: Retained for up to 3 years after the last interaction to provide continuity in customer support
When we no longer need your personal information, we will securely delete or anonymize it in accordance with our data retention policies and applicable law. If deletion is not immediately possible (for example, because the information is stored in backup archives), we will securely store it and isolate it from further processing until deletion is feasible.

Data Security

We implement appropriate technical and organizational measures designed to protect the security, confidentiality, and integrity of your personal information. These measures include:

  • Encryption: Data is encrypted in transit using TLS 1.2 or higher and at rest using AES-256 encryption
  • Access controls: We implement role-based access controls and the principle of least privilege to limit access to personal data to authorized personnel who need it to perform their job functions
  • Infrastructure security: Our Services are hosted on enterprise-grade cloud infrastructure with physical security controls, network firewalls, and intrusion detection systems
  • Security assessments: We conduct regular security reviews, vulnerability assessments, and code audits to identify and address potential security risks
  • Incident response: We maintain an incident response plan to detect, respond to, and recover from security incidents in a timely manner
  • Employee training: Our team members receive regular training on data protection and security best practices
Despite these measures, no method of transmission over the Internet or method of electronic storage is completely secure. While we strive to protect your personal information, we cannot guarantee its absolute security. If we become aware of a security breach that affects your personal information, we will notify you and the relevant authorities in accordance with applicable law.

Your Privacy Rights and Choices

Depending on your location and applicable law, you may have certain rights regarding your personal information. These rights may include:

  • Right to access: You may request a copy of the personal information we hold about you, including the categories of data collected, the purposes of processing, and the categories of recipients with whom your data has been shared
  • Right to rectification: You may request that we correct or update inaccurate or incomplete personal information
  • Right to erasure: You may request that we delete your personal information, subject to certain exceptions (such as legal retention requirements or ongoing contractual obligations)
  • Right to restrict processing: You may request that we restrict the processing of your personal information in certain circumstances, such as while we verify the accuracy of your data
  • Right to data portability: You may request a copy of your personal information in a structured, commonly used, and machine-readable format, and you may request that we transmit that data to another controller
  • Right to object: You may object to the processing of your personal information based on our legitimate interests. We will cease processing unless we demonstrate compelling legitimate grounds that override your interests
  • Right to withdraw consent: Where we rely on your consent as the legal basis for processing, you may withdraw your consent at any time. Withdrawal of consent does not affect the lawfulness of processing carried out before the withdrawal
  • Right to opt out of marketing: You may unsubscribe from our marketing communications at any time by clicking the "unsubscribe" link in any email or by contacting us directly
To exercise any of these rights, please contact us at privacy@sixfactors.ai. We will respond to your request within 30 days (or within the timeframe required by applicable law). We may need to verify your identity before processing your request. We will not discriminate against you for exercising your privacy rights.

If you have an account with us, you can also access, update, and delete certain personal information through your account settings.

California Privacy Rights (CCPA/CPRA)

If you are a California resident, the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA) provides you with additional rights regarding your personal information. This section supplements the information in the rest of this Privacy Policy.

Categories of Personal Information

In the preceding 12 months, we may have collected the following categories of personal information as defined by the CCPA:

  • Identifiers (name, email address, IP address, account name)
  • Commercial information (purchase history, subscription details)
  • Internet or electronic network activity (browsing history, usage data, interactions with our Services)
  • Geolocation data (approximate location derived from IP address)
  • Professional or employment-related information (company name, job title)
  • Inferences drawn from the above to create a profile about you

Your California Rights

As a California resident, you have the right to:

  • Right to know: Request that we disclose what personal information we have collected, used, disclosed, and sold about you in the past 12 months
  • Right to delete: Request that we delete the personal information we have collected about you, subject to certain exceptions
  • Right to correct: Request that we correct inaccurate personal information
  • Right to opt out: We do not sell or share your personal information for cross-context behavioral advertising as defined by the CCPA/CPRA
  • Right to non-discrimination: We will not discriminate against you for exercising any of your CCPA/CPRA rights
  • Right to limit use of sensitive personal information: If applicable, you may request that we limit the use and disclosure of your sensitive personal information
To exercise your rights, contact us at privacy@sixfactors.ai. You may also designate an authorized agent to make a request on your behalf. We will verify your identity (and, if applicable, the authority of your agent) before processing your request.

Shine the Light

California Civil Code Section 1798.83 permits California residents to request information about our disclosure of personal information to third parties for their direct marketing purposes. We do not share your personal information with third parties for their direct marketing purposes.

European Privacy Rights (GDPR)

If you are located in the European Economic Area (EEA), the United Kingdom, or Switzerland, the General Data Protection Regulation (GDPR) and applicable national data protection laws provide you with specific rights regarding your personal data.

Data Controller

For the purposes of the GDPR, Sixfactors AI Labs (d/b/a Vimix Inc) is the data controller for the personal data we collect directly from you as described in this Privacy Policy. When we process Customer Data on behalf of our business customers, we act as a data processor.

Your GDPR Rights

In addition to the general privacy rights described above, you have the following rights under the GDPR:

  • The right to lodge a complaint with a supervisory authority. If you believe that our processing of your personal data infringes the GDPR, you have the right to lodge a complaint with the data protection authority in the EU/EEA member state of your habitual residence, your place of work, or the place of the alleged infringement
  • The right to object to processing based on legitimate interests, including profiling
  • The right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you
To exercise any of these rights, please contact us at privacy@sixfactors.ai. We will respond within one month of receiving your request, or within the extended timeframe permitted by the GDPR for complex requests.

International Data Transfers

Sixfactors is based in the United States, and your personal information may be transferred to, stored, and processed in the United States or other countries where our service providers maintain facilities. These countries may have data protection laws that differ from the laws of your country of residence.

When we transfer personal data from the EEA, UK, or Switzerland to countries that have not been deemed to provide an adequate level of data protection, we implement appropriate safeguards to ensure that your personal data receives an adequate level of protection. These safeguards may include:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • The UK International Data Transfer Agreement or UK Addendum to the EU SCCs, as applicable
  • Binding corporate rules, where applicable
  • Your explicit consent to the transfer, where appropriate and permitted by law
By using our Services, you acknowledge that your information may be transferred to and processed in the United States and other countries as described in this Privacy Policy. We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Policy.

Children's Privacy

Our Services are not directed to individuals under the age of 16 (or the applicable age of consent in your jurisdiction). We do not knowingly collect personal information from children under 16. If you are a parent or guardian and you become aware that your child has provided us with personal information without your consent, please contact us at privacy@sixfactors.ai. If we become aware that we have collected personal information from a child under 16 without verification of parental consent, we will take steps to delete that information promptly.

Third-Party Links and Services

Our Services may contain links to third-party websites, services, or applications that are not operated or controlled by Sixfactors. This Privacy Policy does not apply to those third-party services, and we are not responsible for their content, privacy policies, or practices. We encourage you to review the privacy policies of any third-party services you access through our Services. The inclusion of a link to a third-party service does not imply endorsement by Sixfactors.

Our Services may also integrate with third-party platforms and tools at your direction (for example, connecting Agent Studio to your existing software). Any data shared with third-party integrations is subject to the privacy policies and terms of those third parties. You are responsible for reviewing and understanding those policies before enabling integrations.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes to this Privacy Policy, we will notify you by:

  • Posting the updated Privacy Policy on our Website
  • Updating the "Effective Date" at the top of this page
  • Sending you an email notification if the changes are significant and we have your email address
  • Displaying a prominent notice within our Services
We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information. Your continued use of our Services after any changes to this Privacy Policy constitutes your acceptance of the updated policy.

Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

Sixfactors AI Labs (d/b/a Vimix Inc) Email: privacy@sixfactors.ai

We will make every effort to respond to your inquiry within 30 days. If you are not satisfied with our response, you may have the right to lodge a complaint with the relevant data protection authority in your jurisdiction.