Privacy Policy

Staxel Inc. ("Staxel", "we", "us", or "our") develops TouchlessOS — a vision-based user-interface control platform that allows people to interact with screens using hand gestures and body posture, without touching any surface.

This Privacy Policy applies to all deployments of the Staxel TouchlessOS software, including embedded kiosk installations, licensed integrations, and related web properties operated by Staxel. It explains what information is processed, how, and your rights in connection with that processing.

TouchlessOS uses an on-device computer-vision framework to recognize hand gestures and body posture in real time. This framework:

• Processes raw camera frames locally, on the device running TouchlessOS.
• Extracts only skeletal keypoints or gesture-classification signals — not photographic images.
• Discards every frame and all intermediate data immediately after each inference pass.
• Never transmits visual data or keypoints to any external server or cloud service.
• Never writes camera frames, depth maps, or biometric data to disk.

The computer-vision pipeline has one and only one purpose: translating physical movement into UI-control events (scroll, select, navigate). It performs no identification, verification, or profiling of individuals.

During standard TouchlessOS operation, Staxel Inc. does not:

• Record, store, or transmit images, video, or depth data.
• Collect names, email addresses, phone numbers, or any contact information.
• Store device identifiers, IP addresses, or usage logs that could identify an individual.
• Build behavioral profiles or track individuals across sessions or locations.
• Share any data with third-party advertisers or data brokers.

Certain optional features — such as Magic Booth — extend TouchlessOS with interactive experiences that produce user-generated media (for example, a captured photo or short video clip created by the user). These features operate under strict additional safeguards:

To maintain the reliability of TouchlessOS installations, devices may transmit anonymized, non-personal operational signals to Staxel infrastructure, including:

• Gesture-recognition success or failure counts (no imagery attached).
• Software version, uptime, and crash reports.
• Aggregate interaction event counts (e.g., number of navigation gestures per hour).

None of these signals are linked to individuals, sessions, or device identifiers that could re-identify a person. They are used exclusively for product improvement and are retained for up to 12 months in aggregate form before being purged.

Staxel Inc. designs TouchlessOS to comply with applicable privacy regulations, including the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and equivalent state and national laws. Because TouchlessOS does not collect personal data in standard operation:

• No legal basis for processing is required for the core computer-vision pipeline — no personal data is processed.
• For opt-in features, the legal basis is freely given, specific, informed, and unambiguous consent obtained at the point of activation.
• Consent records for opt-in features are maintained for audit purposes for 90 days after the associated data is deleted.

For data created through consent-based features (Section 4), you have the following rights regardless of your jurisdiction:

• Access — request a copy of any data we hold about you.
• Erasure — request immediate deletion of your data at any time before the 30-day automatic deletion.
• Withdrawal of consent — withdraw consent at any point; processing will cease immediately.
• Portability — receive your data in a common, machine-readable format.
• Complaint — lodge a complaint with the relevant supervisory authority in your jurisdiction.

To exercise any of these rights, contact us at privacy@staxel.ai. We will respond within 30 days (or within the legally required period, if shorter).

Staxel applies the following safeguards across all TouchlessOS deployments:

• On-device processing — camera data never leaves the installation hardware unencrypted.
• AES-256 encryption at rest for any opt-in feature data.
• TLS 1.3 for all data in transit between devices and Staxel infrastructure.
• Principle of least privilege — software components access only the data they require.
• Regular security reviews of the computer-vision and data-handling pipeline.

TouchlessOS is not directed at children under the age of 13 (or the applicable age of digital consent in your jurisdiction). We do not knowingly collect personal data from children. Because the core platform collects no personal data, standard operation poses no child-privacy risk. Opt-in features such as Magic Booth require explicit consent at the point of use; operators deploying TouchlessOS in environments accessible to children are responsible for implementing appropriate age-verification or parental-consent mechanisms.

Staxel does not sell, rent, or share personal data with third parties for their own purposes. We do not use third-party advertising networks, social-media trackers, or data-enrichment services within TouchlessOS. Any third-party software components embedded in the platform (open-source libraries, OS-level drivers) are evaluated for privacy compliance before inclusion.

We may update this Privacy Policy to reflect changes in our practices or applicable law. When we make material changes, we will update the effective date at the top of this page and, where required by law, provide additional notice (for example, via the TouchlessOS administrative interface or by email to the deploying operator). Continued use of TouchlessOS after the updated policy's effective date constitutes acceptance of the revised terms.

For privacy-related questions, requests, or concerns: privacy@staxel.ai