Laniakea Enterprises LLP← Return to Home

GDPR.

Last Updated: 1/12/2026

Laniakea Enterprises LLP d/b/a Arlox.io ("Company", "we", "us") is committed to compliance with the General Data Protection Regulation (EU) 2016/679 ("GDPR"), the UK Data Protection Act 2018 ("UK GDPR"), and related international privacy laws.

This Data Protection Statement applies to all Clients ("you") who utilize our Services, including but not limited to "Scientific Scaling," "BROAS Tool," "AI Bot," and consulting frameworks.

2. Distinction of Roles

To ensure clarity under the law, we define our relationship with data as follows:

Arlox.io as Data Controller: We act as a Controller for your account data (billing info, login credentials) and the personal data of our direct marketing leads. We determine the purpose and means of processing this data.
Arlox.io as Data Processor: When you use our Tools (e.g., BROAS, AI Bot) to process data regarding your customers, leads, or audiences ("Client Data"), you are the Controller and Arlox.io is the Processor. You retain full responsibility for the lawful collection of this data.

3. Data Processing Addendum (DPA)

By accessing our Services, you agree to the following processing terms, which satisfy the requirements of Article 28 of the GDPR:

3.1. Documented Instructions & AI Optimization

You hereby instruct Arlox.io to process Client Data for the following purposes:

To provide the Services and technical support.
To detect and prevent fraud or security breaches.
To improve, train, and optimize our proprietary algorithms and AI models. You explicitly authorize Arlox.io to aggregate and anonymize Client Data for the purpose of "Scientific" benchmarking and machine learning development. Once anonymized, this data is no longer considered "Personal Data" under GDPR and becomes the intellectual property of Arlox.io.

3.2. Confidentiality

Arlox.io ensures that all personnel (employees, contractors, and consultants) authorized to process Personal Data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality.

3.3. Security Measures

We implement commercially reasonable technical and organizational measures to ensure a level of security appropriate to the risk, including encryption of data in transit and at rest, access controls, and regular security assessments.

3.4. Sub-Processors

You grant Arlox.io a general written authorization to engage third-party sub-processors (e.g., Amazon Web Services, OpenAI, Stripe, Google Cloud) to support the delivery of Services. We maintain a list of active sub-processors. We remain liable to you for the performance of our sub-processors' data protection obligations.

4. International Data Transfers

Laniakea Enterprises LLP is headquartered in India. By using our Services, you acknowledge and agree that your data will be transferred to, processed, and stored in India and other jurisdictions including the United States. To legitimize these transfers from the EEA/UK:

Standard Contractual Clauses (SCCs): We rely on the European Commission’s Standard Contractual Clauses (Module 2: Controller-to-Processor) for transfers from the EEA.
UK IDTA:We rely on the UK International Data Transfer Addendum for transfers from the United Kingdom.

5. Your Obligations as Controller

You warrant and represent that:

You have a lawful basis (e.g., Consent or Legitimate Interest) to collect and transfer Client Data to Arlox.io.
Ad Compliance: If you use our tools for retargeting or "Smart Scaling," YOU are solely responsible for ensuring your websites display compliant Cookie Banners and Privacy Policies that inform end-users of tracking pixels (Meta Pixel, TikTok Pixel).
Indemnification: You agree to indemnify and hold Laniakea Enterprises LLP harmless from any fines, penalties, or claims arising from your failure to obtain necessary consents from your end-users.

6. Data Subject Rights

If Arlox.io receives a request from one of your customers (a "Data Subject") to exercise their rights (e.g., Right to Access, Right to Erasure), we will:

Promptly notify you of the request.
Not respond directly to the Data Subject unless authorized by you.
Provide reasonable assistance to help you fulfill the request, insofar as this is possible.

7. Data Breach Notification

In the event of a confirmed Personal Data Breach affecting your Client Data, Arlox.io will notify you without undue delay after becoming aware of the breach. We will provide information to assist you in meeting your notification obligations to supervisory authorities.

8. Data Protection Officer (DPO)

We have appointed a Data Protection Officer to oversee our privacy strategy.

Contact: info@arlox.io
Address: Laniakea Enterprises LLP,

BY USING ARLOX.IO SERVICES, YOU AGREE THAT THIS DOCUMENT CONSTITUTES A BINDING DATA PROCESSING AGREEMENT (DPA) UNDER GDPR ARTICLE 28.