PRIVACY POLICY

Last Updated: October 23, 2025

1. INTRODUCTION

PAX ERP ("we," "us," "our," or "Company") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and protect your information when you use our website, mobile application, and related services (the "Service").

This Privacy Policy applies to users in the United States and Canada. If you are located outside these jurisdictions, you may not use our Service.

Please read this Privacy Policy carefully. If you do not agree with our practices, do not use the Service.

2. INFORMATION WE COLLECT

2.1 Information You Provide Directly

Account Registration:

  • Name
  • Email address
  • Password (hashed and encrypted)
  • Company/organization name (if applicable)

Billing Information:

  • Credit card information (processed securely by third-party payment processor; we do not store full card numbers)
  • Billing address
  • Phone number (optional)

Customer Support:

  • Communications with our support team (emails, chat messages, support tickets)

2.2 Information Collected Automatically

Analytics & Usage Data:

  • Event tracking (specific actions you take within the Service)
  • Click tracking (buttons, links, and UI elements you interact with)
  • Dwell time (how long you spend on specific pages or features)
  • Session information (duration and frequency of your use)
  • Device information (browser type, operating system, device type)
  • IP address and approximate location (city/region level only; not precise location)

Cookies & Similar Technologies:

  • Session identifiers for authentication
  • Preference settings
  • Analytics data to improve the Service

We do NOT use cookies for advertising or behavioral tracking outside the Service.

2.3 Information NOT Collected

We do NOT collect:

  • Precise geolocation data (latitude/longitude)
  • Biometric data
  • Payment card details (processed by third-party provider)
  • Health information
  • Social Security numbers or other sensitive personal identifiers
  • Any personally identifiable information beyond what you provide during registration

3. HOW WE USE YOUR INFORMATION

We use the information we collect for the following purposes:

3.1 Service Delivery

  • Providing and maintaining the Service
  • Processing transactions and sending transaction confirmations
  • Responding to your requests and customer support inquiries
  • Troubleshooting and technical support

3.2 Service Improvement

  • Analyzing usage patterns and trends
  • Identifying features that need improvement
  • Developing new features and functionality
  • Improving the Service's performance, security, and stability

3.3 Communications

  • Sending service updates and notifications
  • Notifying you of billing events (renewals, cancellations, inactivity warnings)
  • Responding to your inquiries
  • Sending administrative information

3.4 Legal & Compliance

  • Complying with applicable laws and regulations
  • Enforcing our Terms and Conditions
  • Protecting our rights and the rights of others
  • Responding to legal requests from law enforcement or regulatory agencies

3.5 Security

  • Monitoring and preventing fraud, abuse, and unauthorized access
  • Detecting and responding to security threats
  • Auditing and maintaining system security

3.6 What We Do NOT Do With Your Data

  • No Selling: We do NOT sell your personal information to third parties
  • No Sharing for Marketing: We do NOT share your data with third parties for their marketing purposes
  • No Behavioral Advertising: We do NOT use your data to build behavioral profiles for advertising
  • No Cross-Device Tracking: We do NOT track you across other websites or apps

4. DATA RETENTION

We retain your information as follows:

4.1 Active Accounts

While your account is active, we retain all information necessary to provide the Service.

4.2 Free Tier Accounts

Upon account cancellation (either automatic after 50 days of inactivity or by your request):

  • We will automatically provide you with a complete export of all your account data within five (5) business days of cancellation. No request is required—the export will be sent proactively to your registered email address.
  • All data is permanently deleted within thirty (30) days of cancellation
  • You may request deletion at any time before the 30-day window expires
  • Account recovery is available within the 30-day window

4.3 Paid Tier Accounts

Upon account cancellation:

  • Your data is provided to you within five (5) business days of cancellation request
  • All data is permanently deleted within thirty (30) days of cancellation
  • Account recovery is available within the 30-day window
  • Billing records may be retained as long as required by law (typically 7 years for financial compliance)

4.4 Support & Communications

Emails and support ticket communications are retained for two (2) years or as required by law.

4.5 Analytics Data

Aggregated analytics data (which does not identify you personally) may be retained indefinitely for trend analysis and service improvement.

5. USER RIGHTS & DATA ACCESS

5.1 Right to Access

You have the right to access the personal information we hold about you. To request your data, contact us at support@paxerp.com. We will provide your information within five (5) business days in a commonly used electronic format.

5.2 Right to Correct

You may correct inaccurate or incomplete information by updating your account settings or contacting our support team.

5.3 Right to Delete

You may request deletion of your account and associated data by contacting us or deleting your account through your account settings. Your data will be deleted in accordance with the retention schedule in Section 4.

5.4 Right to Data Portability

Upon request, we will provide your data in a structured, commonly used, and machine-readable format (e.g., CSV) within five (5) business days.

5.5 Right to Restrict Processing

You may request that we restrict the processing of your data in certain circumstances (e.g., if you dispute the accuracy of data). During the restriction period, we will not process your data except as necessary to maintain system integrity or comply with legal obligations.

5.6 Right to Account Recovery

If your account is cancelled or suspended, you may request account recovery within thirty (30) days by contacting our support team at support@paxerp.com. Upon verification of your identity and email ownership, we will restore your account and all associated data within one (1) business day. After the 30-day recovery window, permanent deletion cannot be reversed.

6. ANALYTICS & TRACKING METHODS

6.1 What We Track

Our analytics system monitors:

  • Actions: Buttons clicked, forms submitted, features accessed
  • Session Data: Login time, session duration, login frequency
  • Engagement: Pages visited, time spent on each page, features used
  • Device & Browser: Browser type, operating system, device type
  • General Location: State or province (NOT specific latitude/longitude)

6.2 How We Track

  • First-Party Cookies: We use session cookies (automatically deleted after your session ends) to maintain authentication and user preferences
  • Server Logs: We capture IP addresses and device information
  • Analytics Tools: We use both in-house analytics and third-party analytics tools to track usage and improve the Service

6.3 What We Do NOT Sell or Share

We do NOT sell, share, or disclose your personal information to third parties for marketing, advertising, or behavioral profiling. We do not share personal data with external analytics providers for commercial purposes.

We may disclose limited information (name, email, payment status) to our payment processor (Stripe, PayPal, Square) solely to process payments and comply with their requirements. This is service provider disclosure, not data sharing for commercial purposes.

6.4 How You Can Control Tracking

  • Browser Settings: You can disable cookies through your browser settings
  • Do Not Track: If you enable "Do Not Track" signals in your browser, we will honor this request and limit analytics tracking
  • Account Preferences: You may adjust privacy preferences in your account settings (if available)

Currently, we do NOT provide opt-out buttons within the Service because we believe the tracking is non-intrusive and supports service improvement. However, respecting browser-level privacy settings (Do Not Track) is standard practice.

7. THIRD-PARTY SERVICE PROVIDERS

We may share your information with third-party service providers who assist us in operating the Service:

7.1 Payment Processors

  • Stripe, PayPal, or Square: Process payment transactions securely. They receive only the information necessary to process payments.
  • Data Protection: These providers have their own privacy policies; their use of your data is governed by their terms.

7.2 Analytics Providers

  • We use Google Analytics and Google Search Console to monitor, analyze, and improve the Service
  • Google Analytics: Tracks user interactions, page views, session duration, and other usage metrics to understand user behavior and service performance
  • Google Search Console: Monitors search engine visibility, search queries, and website performance in search results
  • These providers have their own privacy policies; their use of your data is governed by their terms
  • Google Analytics and Google Search Console comply with applicable privacy laws and do not resell personal data for marketing purposes
  • Any changes to analytics providers will be reflected in updates to this Privacy Policy

7.3 Other Service Providers

  • Hosting providers, email service providers, customer support platforms
  • All service providers are contractually obligated to maintain confidentiality and comply with applicable privacy laws

7.4 Law Enforcement

We may disclose information to law enforcement, regulatory agencies, or other third parties when:

  • Required by law or legal process (subpoena, warrant, court order)
  • We believe in good faith that disclosure is necessary to protect our rights, your safety, or the safety of others
  • We believe disclosure is necessary to prevent or investigate illegal conduct

8. CCPA COMPLIANCE (CALIFORNIA USERS)

If you are a California resident, the California Consumer Privacy Act (CCPA) provides you with specific rights:

8.1 Right to Know

You have the right to know what personal information we collect, use, and share. We disclose this information in this Privacy Policy and upon direct request.

8.2 Right to Delete

You may request deletion of personal information we have collected from you. We will delete information in accordance with our data retention schedule (Section 4), except where retention is required by law.

8.3 Right to Opt-Out

We do not sell or share your personal information with third parties for commercial purposes. We do not sell your personal data, and we do not share it for behavioral advertising or marketing. No opt-out is necessary.

Disclosure of limited personal information (name, email, payment status) to payment processors is required for payment processing only and is not "sharing" under CCPA.

8.4 Right to Non-Discrimination

We will not discriminate against you for exercising your CCPA rights.

8.5 How to Exercise Your Rights

To exercise any CCPA right, contact us at support@paxerp.com or through your account settings. We will respond within 45 calendar days.

9. USER-GENERATED DATA OWNERSHIP

All data you enter into PAX ERP—including CRM records, customer information, inventory data, financial records, and production planning details—belongs entirely to you.

We do not own, claim rights to, or resell any of your business data. We use your data only to provide the Service as described in this Privacy Policy. Upon account cancellation, your data will be provided to you within five (5) business days, and you retain the right to export your data within the 30-day window before permanent deletion.

10. PIPEDA COMPLIANCE (CANADIAN USERS)

If you are a Canadian resident, the Personal Information Protection and Electronic Documents Act (PIPEDA) protects your personal information:

10.1 Consent

By using our Service, you consent to our collection, use, and disclosure of your personal information as described in this Privacy Policy.

10.2 Access & Correction

You have the right to access and request correction of your personal information. Contact us at support@paxerp.com.

10.3 Complaints

If you have concerns about our privacy practices, you may file a complaint with the Office of the Privacy Commissioner of Canada.

10.4 Third-Party Disclosure

We will not disclose your personal information to third parties without your consent, except as required by law or as necessary for service delivery (e.g., payment processors).

11. SECURITY & DATA PROTECTION

11.1 Security Measures

We implement industry-standard security measures to protect your information:

  • Encryption in Transit: All data transmitted between your device and our servers is encrypted using TLS/SSL protocols
  • Encryption at Rest: Sensitive data stored on our servers is encrypted
  • Authentication: Account access is protected by password and optional multi-factor authentication
  • Access Controls: Only authorized employees with a legitimate need can access personal information
  • Regular Audits: We conduct regular security assessments and penetration testing

11.2 Limitations on Security

While we implement reasonable security measures, no system is completely secure. We cannot guarantee absolute security. You acknowledge the risk of unauthorized access and assume responsibility for protecting your account credentials.

11.3 Data Breach Notification

If we discover a security breach involving personal information, we will notify affected users without unreasonable delay, and in no case later than thirty (30) days after discovery. When feasible, we will notify affected users within 72 hours of discovery.

12. INTERNATIONAL DATA TRANSFERS

Our Service is hosted in and accessible from the United States. By using our Service, you consent to your information being transferred to, stored in, and processed in the United States.

13. CHILDREN'S PRIVACY

Our Service is not directed to children under 18. We do not knowingly collect information from children under 18. If a parent or guardian identifies a child's account, they should contact us immediately at support@paxerp.com.

If we become aware that a child under 18 has created an account without parental consent, we will delete the account and associated data.

14. DO NOT TRACK SIGNALS

Some browsers include a "Do Not Track" (DNT) feature. When we detect a DNT signal, we will honor it by limiting our collection of analytics data. However, our Service may not function optimally if DNT is enabled.

15. THIRD-PARTY LINKS

Our Service may contain links to third-party websites and services. We are not responsible for the privacy practices of third parties. We encourage you to review the privacy policies of any third-party services you access.

16. MODIFICATIONS TO THIS PRIVACY POLICY

We reserve the right to modify this Privacy Policy at any time. Material changes will be communicated via email or a prominent notice on the website at least thirty (30) days before taking effect.

Your continued use of the Service after modifications constitutes acceptance of the updated Privacy Policy.

17. CONTACT INFORMATION

For questions about this Privacy Policy or to exercise your privacy rights, please contact us:

PAX ERP Support

Email: support@paxerp.com

Website: www.paxerp.com

Data Rights Requests: Please allow five (5) business days for a response to data access, correction, or deletion requests.