Privacy Policy

Last updated: December 28, 2025

Our Commitment: ProlixoTech is designed with privacy at its core. We encourage hashing of sensitive data before logging, and we never require you to store personally identifiable information (PII) in evidence records.

1. Introduction

Prolixotech ("ProlixoTech", "we", "us", "our") respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our services.

2. Information We Collect

2.1 Account Information

When you create an account, we collect:

Email address
Company name
Password (hashed and salted)
Billing information (processed by Stripe)

2.2 Evidence Data

When you use our SDK, you control what data is logged. We recommend:

Hashing inputs/outputs: Hash sensitive data before logging (e.g., hashlib.sha256(data).hexdigest()) to store only cryptographic digests
Avoiding PII: Do not include personal information in log metadata
Policy Context: Log policy names and versions, not the actual policy content

2.3 Technical Data

We automatically collect:

IP addresses (for security and rate limiting)
API usage metrics
SDK version and platform information
Timestamps and event counts

Data Type	Purpose	Retention
Account Data	Service delivery, billing	Duration of account + 7 years
Evidence Records	Compliance evidence	Duration of subscription + 7 years
API Logs	Security, debugging	90 days
Analytics	Service improvement	Aggregated indefinitely

3. How We Use Your Information

We use your information to:

Provide and maintain the ProlixoTech services
Process transactions and send billing notifications
Generate attestation documents and compliance reports (on applicable plans)
Respond to your inquiries and support requests
Detect, prevent, and address technical issues or fraud
Comply with legal obligations

4. Data Sharing

We do not sell your data. We may share data with:

Service Providers: AWS (infrastructure), Stripe (payments), for service delivery only
Legal Compliance: When required by law, court order, or government request
Business Transfers: In connection with merger, acquisition, or asset sale
With Your Consent: For any purpose you explicitly authorize

5. Data Security

We implement robust security measures:

Encryption in Transit: TLS 1.3 for all API communications
Encryption at Rest: AES-256 for stored data
HSM Protection: AWS KMS uses FIPS-validated HSMs; we use KMS for all ECDSA signing operations
Access Controls: Role-based access, audit logging, MFA supported and recommended
Security Assessments: Periodic internal security reviews; we may engage third-party assessors as the platform matures

6. Your Rights

Depending on your jurisdiction, you may have the right to:

Access: Request a copy of your personal data
Rectification: Correct inaccurate data
Erasure: Request deletion of your data (subject to legal retention requirements)
Portability: Receive your data in a structured format
Objection: Object to certain processing activities

To exercise these rights, contact privacy@prolixotech.com.

7. International Transfers

We process data in the United States. For EU/EEA users, we rely on Standard Contractual Clauses for lawful data transfers. Our services are designed to support GDPR compliance requirements.

8. Children's Privacy

ProlixoTech is not intended for individuals under 18 years of age. We do not knowingly collect personal information from children.

9. Cookies and Tracking

We use essential cookies for authentication and session management. We do not use advertising or tracking cookies. You can control cookies through your browser settings.

10. Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of material changes via email or through the Services. The "Last updated" date indicates when the policy was last revised.

11. Contact Us

For privacy-related inquiries:

Email: privacy@prolixotech.com
Data Protection Officer: dpo@prolixotech.com
Address: Prolixotech, Delaware, USA