Last Updated: January 5, 2026

1\. Introduction

Welcome to RequestFX, a service provided by Fifth Axiom d.o.o. ("we," "us," or "our"). This Privacy Policy governs your use of the RequestFX Web Platform (our primary service) and the RequestFX Chrome Extension (a supplementary tool).

The RequestFX Chrome Extension is an accessory to our main Web Platform. It cannot be used standalone and is designed specifically so that users can solve web-based questionnaires.

2\. Data Controller

Fifth Axiom d.o.o. is the data controller responsible for your personal data.

  • Address: Fifth Axiom d.o.o., Srednje Gameljne 69, 1211 Ljubljana, Slovenia
  • Email: info@requestfx.com

    • 3\. Information We Collect

    We collect data to enable the functionality of the RequestFX Platform and its accompanying Extension:

    A. Platform Account Data (Web App)

    To use the Service (including the Extension), you must register on our Web Platform. We collect:

  • Identification Data: Name, email address, occupation, and company name.
  • Credentials: Authentication is managed via Firebase Authentication. We do not store your raw password; instead, we store secure authentication tokens provided by this service.

    • B. Extension Usage Data (Chrome Extension)

    The Chrome Extension is used strictly to automate specific form-filling tasks. It collects data only when active:

  • Page Content: When you trigger the Extension on a vendor questionnaire (e.g., an RFP or security assessment page), the Extension reads the form fields on that specific page to map them to your RequestFX project data.
  • Transient Data: The Extension does not permanently store your browsing history. It only processes the content of the active tab where you have explicitly engaged the tool.

    • C. User Uploaded Content

    To provide our AI automation services, we store and process documents you voluntarily upload to the Platform:

  • Knowledge Base Assets: Documents such as security policies, past RFPs, and whitepapers that you upload to build your organization's knowledge context.
  • Project Files: Vendor questionnaires (e.g., Excel, Word, PDF) and related attachments that you upload for processing and answering.

    • D. Technical & Log Data (Analytics)

    We use third-party analytics tools to help us understand how our Service is used and to improve your experience.

  • Usage Analytics: We utilize Google Analytics and PostHog to collect aggregated data on page views, feature usage, and navigation paths.
  • Device Info: IP address, browser type, and operating system.
  • Usage Logs: Interaction data (e.g., successful form fills) to help us debug and improve the system.

    • 4\. How We Use Your Data

    We process your data for the following purposes:

  • Core Service Delivery: To manage your projects on the Web Platform, process your uploaded documents, and generate AI-driven answers for questionnaires.
  • Extension Functionality: To inject your saved answers from the Web Platform into external web pages via the Chrome Extension.
  • Authentication: To ensure only authorized users can access project data via the Extension.
  • Service Improvement: To train our AI models on response accuracy (processed anonymously where possible).
  • Communication: To send system updates, security alerts, and support messages.

    • 5\. Data Storage and Location

    All personal data and customer project data (including uploaded documents and knowledge base files) are securely stored on servers located exclusively within the European Union (EU).

    We ensure that our hosting providers adhere to strict security standards (ISO 27001) and GDPR compliance requirements. We do not transfer your data to jurisdictions without adequate data protection levels unless appropriate safeguards (such as Standard Contractual Clauses) are in place.

    6\. Data Sharing and Disclosure

    We do not sell your personal data. We share data only with the following categories of trusted third-party providers (sub-processors) who assist us in operating our Service:

  • Cloud Infrastructure: We rely on Google Cloud Platform (GCP) and Google Firebase for our core infrastructure. This includes:
    • - Cloud Run: For hosting our application services. - Cloud SQL: For securely storing structured application data. - Google Cloud Storage (GCS): For storing user-uploaded documents and files. - Vertex AI Search: For indexing and retrieving information from your knowledge base. - Memory Store: For high-performance caching to improve service speed. - Firebase Authentication: For secure identity management.
  • Analytics: We use Google Analytics and PostHog to analyze service usage and improve functionality.
  • AI Processing: We use trusted third-party AI providers to process text and generate responses under strict confidentiality agreements.

    • All sub-processors are bound by data processing agreements (DPAs) to ensure compliance with GDPR.

    7\. Chrome Extension Permissions

    The RequestFX Extension requests specific permissions to ensure a seamless and secure workflow:

  • Interface & Navigation (sidepanel, tabs): Enables the extension to open a persistent side-by-side interface and synchronize the AI solver's state with the specific tab you are working on.
  • Page Access (activeTab): Grants temporary access to the current page to analyze form structures and auto-fill answers only when you explicitly trigger the extension.
  • Storage (storage): Securely saves your authentication state and local preferences.
  • Network Communication (host\_permissions): The extension communicates securely with specific endpoints to function:
    • - RequestFX API: To retrieve your organization's data and initiate AI processing. - Firebase & Google Services: To handle real-time state synchronization and secure user authentication.

    8\. Data Retention

    We retain your data only as long as your account is active on the RequestFX Web Platform. You may request the deletion of your account and all associated data at any time. Upon request, data is permanently removed from our active databases.

    9\. Your Rights (GDPR)

    Under the GDPR, you have the right to:

  • Access: Request a copy of the data we hold about you.
  • Rectification: Correct inaccurate data.
  • Erasure: Request that we delete your data ("Right to be Forgotten").
  • Portability: Receive your data in a structured format.
  • Objection: Object to processing based on legitimate interests.

    • To exercise these rights, please contact us at info@requestfx.com.

    10\. Security

    We implement industry-standard technical and organizational measures to protect your data, including encryption in transit (TLS) and at rest.

    11\. Changes to This Policy

    We may update this policy to reflect changes in our service. Significant changes will be communicated via email or a notification on the Web Platform.

    12\. Contact Information

    If you have questions about this Privacy Policy, please contact us:

    Fifth Axiom d.o.o.
    Srednje Gameljne 69, 1211 Ljubljana, Slovenia
    Email: info@requestfx.com