PRIVACY POLICY

2.1 Information You Provide Directly

2.2 Information Collected Automatically

2.3 Information NOT Collected

We do NOT collect:

• Precise geolocation data (latitude/longitude)
• Biometric data
• Payment card details (processed by third-party provider)
• Health information
• Social Security numbers or other sensitive personal identifiers
• Any personally identifiable information beyond what you provide during registration

3.1 Service Delivery

• Providing and maintaining the Service
• Processing transactions and sending transaction confirmations
• Responding to your requests and customer support inquiries
• Troubleshooting and technical support

3.2 Service Improvement

• Analyzing usage patterns and trends
• Identifying features that need improvement
• Developing new features and functionality
• Improving the Service's performance, security, and stability

3.3 Communications

• Sending service updates and notifications
• Notifying you of billing events (renewals, cancellations, inactivity warnings)
• Responding to your inquiries
• Sending administrative information

3.4 Legal & Compliance

• Complying with applicable laws and regulations
• Enforcing our Terms and Conditions
• Protecting our rights and the rights of others
• Responding to legal requests from law enforcement or regulatory agencies

3.5 Security

• Monitoring and preventing fraud, abuse, and unauthorized access
• Detecting and responding to security threats
• Auditing and maintaining system security

3.6 Our Practices on Data Use

• No Sale for Money: We do not sell your personal information to third parties in exchange for monetary consideration.
• Advertising and Retargeting: We work with advertising partners — Meta Platforms, Inc. (Facebook and Instagram) and Microsoft Corporation (Microsoft Advertising) — to measure ad performance and to show you relevant ads for our Service on their platforms. To enable this, we share limited information such as cookie identifiers, page views, and conversion events with these partners. Under the California Consumer Privacy Act ("CCPA/CPRA"), this activity is considered "sharing" for cross-context behavioral advertising. You can opt out at any time using the controls described in Section 6.5.
• No Other Marketing Sharing: We do not share your personal data with any third party for that party's independent marketing purposes.

4.1 Active Accounts

While your account is active, we retain all information necessary to provide the Service.

4.2 Free Trial Accounts

Upon trial expiration (after the 14-day trial period) or account cancellation by your request:

• While your account is active, you may export your account data tables at any time directly from your account settings
• Upon cancellation, you may request a complete export of your account data by contacting support@paxerp.com within sixty (60) days of cancellation. We will provide the export within ten (10) business days of a verified request.
• All data is permanently deleted within sixty (60) days of cancellation
• You may request deletion at any time before the 60-day window expires
• Account recovery is available within the 60-day window

4.3 Paid Tier Accounts

Upon account cancellation:

• While your account is active, you may export your account data tables at any time directly from your account settings
• Upon cancellation, you may request a complete export of your account data by contacting support@paxerp.com within sixty (60) days of cancellation. We will provide the export within ten (10) business days of a verified request.
• All data is permanently deleted within sixty (60) days of cancellation
• Account recovery is available within the 60-day window
• Billing records may be retained as long as required by law (typically 7 years for financial compliance)

4.4 Support & Communications

Emails and support ticket communications are retained for two (2) years or as required by law.

4.5 Analytics Data

Aggregated analytics data (which does not identify you personally) may be retained indefinitely for trend analysis and service improvement.

5.1 Right to Access

You have the right to access the personal information we hold about you. To request your data, contact us at support@paxerp.com. We will provide your information within five (5) business days in a commonly used electronic format.

5.2 Right to Correct

You may correct inaccurate or incomplete information by updating your account settings or contacting our support team.

5.3 Right to Delete

You may request deletion of your account and associated data by contacting us or deleting your account through your account settings. Your data will be deleted in accordance with the retention schedule in Section 4.

5.4 Right to Data Portability

Upon request, we will provide your data in a structured, commonly used, and machine-readable format (e.g., CSV) within five (5) business days.

5.5 Right to Restrict Processing

You may request that we restrict the processing of your data in certain circumstances (e.g., if you dispute the accuracy of data). During the restriction period, we will not process your data except as necessary to maintain system integrity or comply with legal obligations.

5.6 Right to Account Recovery

If your account is cancelled or suspended, you may request account recovery within sixty (60) days by contacting our support team at support@paxerp.com. Upon verification of your identity and email ownership, we will restore your account and all associated data within one (1) business day. After the 60-day recovery window, permanent deletion cannot be reversed.

6.1 What We Track

Our analytics system monitors:

• Actions: Buttons clicked, forms submitted, features accessed
• Session Data: Login time, session duration, login frequency
• Engagement: Pages visited, time spent on each page, features used
• Device & Browser: Browser type, operating system, device type
• General Location: State or province (NOT specific latitude/longitude)

6.2 How We Track

We use the following categories of cookies and similar technologies. The third-party providers listed below receive data through cookies and pixels installed on our website and process it under their own privacy policies.

Strictly Necessary

• Session cookies for authentication and security, automatically deleted when your session ends
• Server logs capturing IP address, device information, and request details

Analytics

• Google Analytics 4 (GA4): Operated by Google LLC. Tracks user interactions, page views, session duration, and conversion events to help us understand and improve the Service.
• Google Search Console: Operated by Google LLC. Provides aggregated search-engine visibility, search query data, and website performance in search results.

Behavioral Analytics and Session Replay

• Microsoft Clarity: Operated by Microsoft Corporation. Captures behavioral metrics, heatmaps, and session replays of how visitors interact with our website. We use this information to understand and improve the Service. For details on how Microsoft collects and uses this data, see the Microsoft Privacy Statement.

Advertising and Retargeting

• Meta Pixel: Operated by Meta Platforms, Inc. Enables us to measure conversions and to show ads for our Service on Facebook and Instagram to people who have visited our website.
• Microsoft Advertising UET Tag: Operated by Microsoft Corporation. Enables us to measure conversions and to show ads for our Service on Bing, Microsoft properties, and the Microsoft advertising network to people who have visited our website.

6.3 What We Share and Why

We do not sell your personal information for monetary consideration. We disclose limited information to the following categories of third parties for the purposes described:

• Payment processors (Stripe): name, email, and payment status, solely to process transactions and comply with their requirements.
• Analytics and behavioral-analytics providers (Google Analytics 4, Google Search Console, and Microsoft Clarity): pseudonymous usage data, session interactions, and session replays to help us understand and improve the Service.
• Advertising partners (Meta Platforms, Inc. and Microsoft Corporation): cookie identifiers, page views, and conversion events to measure ad performance and to show you ads for our Service on Facebook, Instagram, Bing, and the Microsoft advertising network. Under California law this is "sharing" for cross-context behavioral advertising; you may opt out at any time (see Section 6.5).
• Hosting and infrastructure providers, email service providers, and customer-support platforms: operational data necessary to deliver the Service, under contractual obligations of confidentiality.
• Law enforcement and regulators: when legally required, as further described in Section 7.4.

We do not share your personal data with any third party for that third party's independent marketing purposes.

6.4 How You Can Control Tracking

• Browser Settings: You can block or delete cookies through your browser's settings, which will prevent most analytics and advertising tracking.
• Global Privacy Control (GPC): If your browser sends a Global Privacy Control signal, we treat it as an opt-out of the "sale" and "sharing" of your personal information for cross-context behavioral advertising.
• Do Not Track: If your browser sends a "Do Not Track" signal, we honor it by limiting our analytics tracking.
• Advertising Opt-Outs: See Section 6.5 for direct opt-outs with our advertising partners and industry-wide tools.
• Account Preferences: You may adjust privacy preferences in your account settings (where available).

6.5 Your Advertising Choices

You can opt out of interest-based advertising in several ways. The simplest is to use our Your Privacy Choices page, which sets an opt-out cookie that we honor on this device and browser. You can also opt out directly with each partner or through industry-wide tools:

• Meta (Facebook and Instagram): Adjust your ad preferences at facebook.com/adpreferences and instagram.com/accounts/ads_preferences/.
• Microsoft Advertising: Manage ad preferences at account.microsoft.com/privacy/ad-settings.
• Microsoft Clarity: Microsoft Clarity is automatically disabled when your browser sends a Global Privacy Control signal or when you opt out using our Your Privacy Choices page. For information on Microsoft's data practices, see the Microsoft Privacy Statement.
• Google (Analytics and Ads): Visit myadcenter.google.com to manage Google ad preferences, or install the Google Analytics opt-out browser add-on at tools.google.com/dlpage/gaoptout.
• Industry-wide opt-outs: Digital Advertising Alliance (DAA) at optout.aboutads.info, and Network Advertising Initiative (NAI) at optout.networkadvertising.org.
• Direct request: Email support@paxerp.com to request that we cease sharing your personal information for advertising purposes.

Opt-outs are typically tied to specific browsers and devices, so you may need to repeat these steps on each browser and device you use. Opting out of interest-based advertising does not stop all ads — you may still see generic, non-targeted ads.

7.1 Payment Processors

• Stripe: Processes payment transactions securely. Stripe receives only the information necessary to process payments.
• Data Protection: Stripe has its own privacy policy; its use of your data is governed by its terms.

7.2 Analytics and Advertising Providers

We use the following third-party services to measure usage of the Service and to show you relevant ads for our Service. Each provider receives data through cookies or pixels installed on our website and processes it under its own privacy policy. For a full description of how these technologies work, see Section 6.2.

• Google Analytics 4 and Google Search Console (Google LLC): used to track interactions, page views, session duration, conversion events, and search-engine visibility.
• Meta Pixel (Meta Platforms, Inc.): used to measure conversions and to show ads for our Service on Facebook and Instagram to people who have visited our website.
• Microsoft Advertising UET Tag (Microsoft Corporation): used to measure conversions and to show ads for our Service on Bing and the Microsoft advertising network to people who have visited our website.
• Microsoft Clarity (Microsoft Corporation): used to capture behavioral metrics, heatmaps, and session replays of how visitors interact with our website to help us understand and improve the Service.

These providers' use of your data is governed by their own privacy policies. For direct opt-outs and industry-wide opt-out tools, see Section 6.5. Any changes to analytics or advertising providers will be reflected in updates to this Privacy Policy.

7.3 Other Service Providers

• Hosting providers, email service providers, customer support platforms
• All service providers are contractually obligated to maintain confidentiality and comply with applicable privacy laws

7.4 Law Enforcement

We may disclose information to law enforcement, regulatory agencies, or other third parties when:

• Required by law or legal process (subpoena, warrant, court order)
• We believe in good faith that disclosure is necessary to protect our rights, your safety, or the safety of others
• We believe disclosure is necessary to prevent or investigate illegal conduct

8.1 Right to Know

You have the right to know what personal information we collect, use, and share. We disclose this information in this Privacy Policy and upon direct request.

8.2 Right to Delete

You may request deletion of personal information we have collected from you. We will delete information in accordance with our data retention schedule (Section 4), except where retention is required by law.

8.3 Right to Opt-Out of Sale or Sharing

8.4 Right to Non-Discrimination

We will not discriminate against you for exercising your CCPA rights.

8.5 How to Exercise Your Rights

To exercise any CCPA right, contact us at support@paxerp.com or through your account settings. We will respond within 45 calendar days.

10.1 Security Measures

We implement industry-standard security measures to protect your information:

• Encryption in Transit: All data transmitted between your device and our servers is encrypted using TLS/SSL protocols
• Encryption at Rest: Sensitive data stored on our servers is encrypted
• Authentication: Account access is protected by password and optional multi-factor authentication
• Access Controls: Only authorized employees with a legitimate need can access personal information
• Regular Audits: We conduct regular security assessments and penetration testing

10.2 Limitations on Security

While we implement reasonable security measures, no system is completely secure. We cannot guarantee absolute security. You acknowledge the risk of unauthorized access and assume responsibility for protecting your account credentials.

10.3 Data Breach Notification

If we discover a security breach involving personal information, we will notify affected users without unreasonable delay, and in no case later than thirty (30) days after discovery. When feasible, we will notify affected users within 72 hours of discovery.