MXR Privacy Policy
Last Updated: [7.3.2026]
Welcome to MXR. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application and AI services. MXR is a specialized technical assistant focused on physical hardware, mechanics, electronics, and system troubleshooting. By using MXR, you agree to the practices described in this policy.
1. Information We Collect
We collect information necessary to provide you with our AI troubleshooting services, manage your account, and improve your experience.
| Data Category | Data Types Collected | Purpose of Collection |
|---|---|---|
| Account & Authentication Data | Email address, Name, Encrypted password, Google/Apple ID tokens (for social login), User ID (Cognito Sub). | To create your account, authenticate your identity, and manage your profile. |
| Chat & Interaction Data | Text prompts, AI-generated responses, uploaded media (Images, PDFs, Documents), and Audio recordings. | To process your requests, provide technical troubleshooting, and maintain your chat history. |
| Subscription & Transaction Data | Subscription status (Free, Pro, Max Pro), expiration date, billing cycle, and quota usage limits. | To manage your subscription tiers, enforce feature limits, and provide premium services. |
| Device & Usage Data | Device type, app version, IP address, and interaction logs with the AI models. | To ensure security, prevent abuse, monitor quota limits, and maintain service stability. |
2. Legal Bases for Processing
If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, we process your personal data under the following legal bases:
| Legal Basis | Description | Applicable Data |
|---|---|---|
| Performance of a Contract | Processing your data to fulfill our obligations under the Terms of Service and provide the MXR app features you requested. | Account Data, Chat Data, Subscription Data. |
| Consent | Processing data based on the consent you provide, which you can withdraw at any time. | Social Login Data, Audio Recordings, Model Improvement Data. |
| Legitimate Interests | Processing data to ensure the security of our services, prevent fraud, and enforce usage limits. | Device & Usage Data, Quota Tracking. |
| Legal Obligation | Processing data to comply with legal requirements, such as financial record-keeping for subscriptions. | Transaction and Billing Data. |
3. How We Use Your Information
We use your data strictly for the following purposes:
- Service Delivery: To send your text, files, and audio to our AI processors (Google Gemini and Groq) and return technical troubleshooting responses.
- Feature Limitation & Quotas: To enforce plan-specific limits (e.g., 10 messages for Lite, context limits for Pro/Max Pro, media upload sizes) and prevent system abuse.
- Audio Transcription: For Max Pro users, audio files are sent to Groq Whisper API for transcription before being processed by the AI.
- Account Management: To authenticate users via AWS Cognito, manage password resets, and handle account deletions.
- Model Improvement: You have the option to opt-in or opt-out of allowing your chat data to be used to improve MXR's underlying models. This can be toggled in the "Data Controls" settings.
4. How We Share Your Information
MXR does not sell your personal data. We share your data only with third-party service providers who help us operate the application:
| Third Party | Service Provided | Data Shared |
|---|---|---|
| Amazon Web Services (AWS) | User authentication (Cognito), Database storage (DynamoDB), File storage (S3), and Backend logic (Lambda). | Account Data, Chat Data, Uploaded Media. |
| Google (Gemini API) | AI text, image, and PDF analysis for troubleshooting. | Text prompts, Images, PDFs, and transcribed audio. |
| Groq (Whisper API & Llama 3.1) | Audio transcription to text and Web Search integration. | Audio files (for Max Pro), text prompts (for Web Search). |
| Apple/Google (App Stores) | In-App Purchase processing and subscription validation. | Purchase tokens, Subscription status. |
Note: Files uploaded to AWS S3 are secured using presigned URLs and are inaccessible to the public. Files are automatically deleted when you delete a chat or your account.
5. Data Retention and Deletion
You have full control over your data.
- Delete Chat History: You can delete individual chats or clear all chat history at once via the "Data Controls" section. This permanently removes the chat messages and associated uploaded files from our database and AWS S3.
- Account Deletion: You can permanently delete your account in the "Account Settings". This action erases your profile, all chat histories, uploaded media (S3), and authentication data (Cognito). This action is irreversible.
- Retention Limits: Lite users have a lifetime chat creation limit. Pro and Max Pro users have 30-day billing cycle quotas. Data is retained as long as your account is active or as required by law.
6. Data Security
We implement strict security measures to protect your data:
- Passwords are securely hashed by AWS Cognito.
- We use JWT (JSON Web Tokens) to verify user identities securely.
- File uploads are protected using short-lived (5-minute) presigned URLs.
- The backend enforces file size limits (e.g., 3MB for Pro, 6MB for Max Pro) and input character limits to prevent system overload and DDoS attacks.
- User enumeration is prevented during login to protect account existence.
7. International Data Transfers
Your information may be transferred to and processed in countries other than your country of residence, including the United States and regions where AWS, Google, and Groq operate. We ensure these transfers are protected by appropriate safeguards, such as Standard Contractual Clauses (SCCs).
8. Your Privacy Rights
Depending on your location, you may have the following rights regarding your personal data:
- Access: Request a copy of your personal data.
- Rectification: Request correction of inaccurate data (e.g., updating your name).
- Deletion: Request the deletion of your account and associated data (available directly in the app).
- Opt-out: Withdraw consent for model improvement training at any time via Data Controls.
- Restriction & Objection: Restrict or object to certain processing of your data.
To exercise these rights, please contact us using the details below.
9. Children’s Privacy
MXR is an advanced technical troubleshooting tool and is not intended for use by children under the age of 13 (or the equivalent minimum age in the applicable jurisdiction). We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, please contact us immediately for deletion.
10. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, or legal requirements. We will notify you of any significant changes by posting the new Privacy Policy within the app and updating the "Last Updated" date at the top of this page.
11. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us at:
MXR Support Team
Email: [support@mxrion.com]
Website: [https://mxrion.com]