Privacy Policy
We believe you have the right to know exactly what data Golex collects, why we collect it, how it's used, and what control you have over it. This document explains all of that plainly.
Information We Collect
| Data | Why it's collected |
|---|---|
| Email address | Authentication via Firebase Auth. Used for login, account recovery, and security emails. |
| User ID (UID) | A unique identifier generated by Firebase when you create an account. Used internally to link all your data. |
| Username | Your public display handle on Golex. Required to use the platform. |
| Profile photo URL | Stored in Firebase Storage. Displayed on your profile, posts, and in chats. |
| Tagline | A short bio (max 80 characters) you optionally set on your profile. |
| Skill category | Your primary skill tag, used for leaderboards, collaboration matching, and guild placement. |
When you use Golex, you create content that is stored and associated with your account:
Content you post publicly (feed posts, community posts, guild messages) is visible to all authenticated Golex users. Content in private channels (DMs, private project workspaces) is restricted to participants.
| Data | Description |
|---|---|
| Points | Earned through activity (e.g. completing tasks). Displayed on the leaderboard. |
| Follows / followers | Stored as a reverse-indexed list. Visible to authenticated users for connection counts. |
| Endorsements | Skill endorsements you give or receive, including the skill type and timestamp. |
| Likes & votes | Your post likes, community post upvotes/downvotes, and poll votes. |
| Saved posts | Feed posts and community posts you save. Visible only to you. |
| Profile views | A count of unique profile visits. Full viewer UID list visible only to you (Pro feature). |
| Notifications | Follow, message, community, project, and work-ad alerts. Visible only to you. |
| Blocked users list | UIDs you have blocked. Visible only to you and never shared. |
When you make or receive calls on Golex, we store the minimum signalling data necessary for WebRTC connections. This includes:
- Caller and receiver UIDs (for 1-on-1 calls), or project ID (for group calls)
- WebRTC offer/answer/ICE candidate payloads — these are ephemeral and exist only during the call session
- Sketch board strokes created during a call (stored per session in Firebase)
We do not record, store, or process audio or video streams. All media is transmitted peer-to-peer via WebRTC and never passes through our servers.
- Browser type and version (collected by Firebase Analytics if enabled)
- Theme preference and auth session hint stored in
localStorage - Firebase App Check tokens, used to verify requests come from legitimate app instances
How We Use Your Data
We use the data we collect solely to operate, maintain, and improve the Golex platform. Specifically:
| Purpose | Data used |
|---|---|
| Authenticating your account | Email, UID, Firebase Auth session |
| Displaying your profile | Username, photo, tagline, skill, points, isPro status |
| Delivering messages & notifications | UID, message content, notification records |
| Skill-based matching & discovery | Skill tag, username, profile data |
| Leaderboard & points system | Points, username, skill |
| Golex Pro subscription | Payment ID, Pro status, expiry date |
| Moderation & safety | Posts, messages, reports, ban/mute flags |
| Platform analytics & improvement | Aggregated usage data (not sold or shared) |
| WebRTC call facilitation | Signalling data (ephemeral, deleted after call) |
| Nova AI assistant | Screen context & messages you send to Nova — see Section 07 |
Who We Share Data With
We share your data with the following third-party service providers who are necessary to operate Golex. We do not share data with anyone else.
We may disclose your information if required to do so by law, or in response to a valid legal request by public authorities (e.g. a court order or law enforcement request). We will attempt to notify you of such requests unless prohibited from doing so by law.
If Golex or its parent service is acquired, merged, or undergoes a substantial change in ownership, user data may be transferred as part of that transaction. We will notify you via an in-app notice or email before your data is transferred and becomes subject to a different privacy policy.
Data Retention
We retain all account data, content, and activity records for as long as your account exists on Golex. This is necessary to provide the service — for example, your posts must persist so other users can read and interact with them.
When you delete your account, the following data is removed from Golex's systems:
- Your user profile record (
users/$uid) - Your username reservation
- All posts you created and their associated likes and comments. Note: public posts and replies you made in community spaces that were visible to other members may be retained in an anonymised or dissociated form that no longer identifies you, in order to preserve the integrity of community discussions.
- Your notifications, saved posts, blocked list, and follow/follower records
- Your endorsements (given and received)
- Your membership records in communities, projects, guilds, and rooms
- Your profile photo from Firebase Storage
Some residual data may remain in the following circumstances:
- DM message history: Messages you sent in direct chats remain in the chat node until the other participant also deletes their side, or until we run periodic cleanup.
- Admin logs: Action logs in the HQ admin panel (
hq/logs) may retain records of moderation actions for up to 90 days for safety and auditing purposes. - Payment records: Cashfree transaction records are retained as required by applicable financial regulations (typically 7 years under Indian law). Your Golex Pro payment ID (
proPaymentId) may be retained in our records for this period. - Backups: Your data may persist in backup snapshots for up to 30 days after deletion.
Your Rights & Controls
You have meaningful control over your data on Golex. The following rights are available to all users:
Golex Pro & Payments
Golex Pro is a paid subscription tier offering premium features. Payments are processed exclusively by Cashfree Payments. Golex does not collect or store your card number, CVV, bank details, or UPI credentials — these are handled entirely by Cashfree on their secure infrastructure.
| Field | Visibility | Description |
|---|---|---|
isPro | All authenticated users | Boolean flag used to show/hide the Pro badge on your profile, posts, and work ads. |
proExpiry | All authenticated users | Unix timestamp of when your Pro subscription expires. Used to enforce access on the client. |
proSince | You only | The date your Pro membership started. Visible only to you in your account settings. |
proPaymentId | You only | The Cashfree order ID for your most recent payment. Visible only to you for reference. |
Nova AI Assistant
Nova is an AI assistant built into Golex, powered by Anthropic's Claude API. When you use Nova, the following data is sent to Anthropic's servers to generate a response:
- The message you type to Nova
- Contextual information about the current screen you're on (e.g. "you are viewing the Communities screen")
- Cached summaries of users you have recently interacted with, used for contextual suggestions
Nova does not have access to your private DMs, your blocked list, or your payment information. The context it receives is limited to what is relevant to the screen you are currently using.
Nova interactions have per-user cooldown periods enforced to prevent excessive API usage. These cooldown records are stored locally in your browser.
Cookies & Local Storage
Golex is a web application and uses your browser's localStorage to remember certain preferences between sessions. We do not use advertising cookies or third-party tracking cookies.
| Key | Purpose | Persists? |
|---|---|---|
golex-theme | Remembers your chosen theme (light or dev/dark) so it applies immediately on next visit. | Until you change theme or clear storage |
golex-authed | A hint that you were logged in, used to skip the loading screen for returning users. Cleared on sign-out. | Until sign-out |
| Firebase Auth token | Stored by the Firebase SDK to maintain your login session securely. | Until session expires or sign-out |
| Nova cooldown data | Stores the timestamp of your last Nova interaction to enforce rate limits client-side. | Session-based |
You can clear all locally stored Golex data at any time via your browser's developer tools or settings. Clearing Firebase Auth tokens will log you out of the app.
Golex does not use cookies for tracking, analytics profiling, retargeting, or cross-site tracking purposes.
Security
We take reasonable technical and organisational measures to protect your data. These include:
- Firebase Security Rules: All database access is gated by granular rules enforced server-side. No user can read or write data they are not explicitly authorised for.
- Firebase App Check: Requests to the database are verified to originate from the legitimate Golex web app, preventing unauthorised direct API access.
- Encrypted transport: All data is transmitted over HTTPS / TLS. WebRTC connections are end-to-end encrypted by the browser's DTLS/SRTP standard.
- Admin-only sensitive writes: Critical fields such as
isPro,proExpiry, and ban/mute flags cannot be written by regular users — only by admin accounts or verified payment flows. - No password storage: Golex does not store passwords. Authentication is handled entirely by Firebase Auth (email/password, OAuth), which manages credential security.
- Blocked user enforcement: Your block list is private and enforced at the database rules level, not just the client UI.
Children's Privacy
Golex is intended for users who are 13 years of age or older. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has created an account on Golex, please contact us immediately at support@axikora.me and we will promptly delete the account and all associated data.
Users between the ages of 13 and 17 should use Golex only with the consent and supervision of a parent or legal guardian. By creating an account, you represent that you meet the minimum age requirement.
Policy Changes
We may update this Privacy Policy from time to time to reflect changes in our practices, features, or legal requirements. When we make material changes, we will:
- Update the "Last updated" date at the top of this page
- Post an in-app notification to all users via the Golex notification system
- For significant changes that affect how we process personal data, send an email notice to your registered address
Continued use of Golex after the effective date of any updated Privacy Policy constitutes your acceptance of the revised terms. If you do not agree with the updated policy, you should delete your account before the effective date.
We encourage you to review this page periodically. The "Last updated" date at the top always reflects the most recent revision.
Contact Us
If you have questions, concerns, or requests regarding this Privacy Policy or your personal data, please reach out. We respond to all privacy-related enquiries within 30 days.
For privacy requests, data deletion, or any concerns about how Golex handles your information — contact us directly. We take every message seriously.
We aim to respond to all privacy requests within 30 days of receipt.