Privacy Policy

Introduction

Prox Technologies, Inc. ("Prox," "we," "us," or "our") is a Delaware corporation that provides an AI-native product workspace. This Privacy Policy explains how we collect, use, disclose, and protect information when you use our platform at useprox.com and related services (collectively, the "Services").

Prox operates in two distinct roles:

• As a data controller — for information about our direct customers (businesses and their employees who use our platform)
• As a data processor — for information contained in product data, knowledge sources, documents, and other materials our business customers upload or process through the platform

This policy covers both roles. If your information appears in data uploaded by one of our business customers, that customer's own privacy policy governs their data practices — this policy describes how Prox handles that data on their behalf.

Who This Policy Covers

• Platform Users — employees, contractors, or agents of businesses that have contracted with Prox to use our Services
• Customer Data Subjects — individuals whose information may appear in product documentation, knowledge sources, uploaded files, or other customer-provided materials
• Website Visitors — anyone who visits useprox.com

Information We Collect

Information You Provide Directly

From Platform Users (business customers and their teams):

• Account registration: name, work email address, company name, job title
• Authentication credentials managed through our identity provider
• Configuration data: product settings, business rules, knowledge base content
• Communications with our support team

From customer-provided product data:

• Product documentation, knowledge base content, images, and attachments
• Product identifiers, metadata, and business context provided by the customer
• Personal information only where it appears in customer-provided materials

Information Collected Automatically

From Platform Users:

• Log data: IP addresses, browser type, pages visited, session timestamps
• Usage data: features accessed, actions taken within the platform
• Device information: browser, operating system, screen resolution
• Error and diagnostic data to maintain platform reliability

From customer-provided materials:

• Metadata associated with uploaded files and processing activity
• We do not independently collect or track individuals outside of customer-directed product data processing

Information from Third Parties

We may receive limited information from our business customers' integrated systems or files to contextualize product knowledge and generated outputs, as directed by those business customers.

How We Use Information

Platform Users

• Provide, operate, and maintain the Services
• Authenticate users and manage access
• Process payments and administer accounts
• Send service-related communications (onboarding, security alerts, product updates)
• Provide customer support
• Improve platform reliability and performance
• Comply with legal obligations

Customer-Provided Data

We process customer-provided data solely on behalf of and at the direction of our business customers to ingest product documentation, organize knowledge sources, generate AI-assisted product answers and artifacts, provide review workflows, and maintain audit trails as directed.

We do not use customer-provided data for our own marketing, analytics, or product improvement purposes, nor to train or fine-tune any AI or machine learning models.

AI Processing

Our platform uses enterprise-grade AI services to process product and knowledge content. All AI processing is conducted under enterprise agreements that prohibit the use of our customers' data for training third-party models. Data is processed transiently for the purpose of generating responses and is not retained by AI providers beyond the scope of the immediate request.

How We Share Information

We do not sell personal information. We share information only in the following circumstances.

Service Providers

We engage vetted third-party service providers to operate our infrastructure. These providers operate under data processing agreements and are limited to processing data only as necessary to provide their services to us. Categories of providers include:

• Cloud infrastructure and hosting providers
• Authentication and identity management providers
• Error monitoring and application reliability services
• Business communications tools used by our internal team
• Payment processing providers
• Customer support tools

Our security posture and vendor management practices are documented in our Trust Center.

Business Customers

As a data processor, we share processed data back to the relevant business customer as part of normal platform operation, including review results, generated artifacts, and product knowledge outputs.

Legal Requirements

We may disclose information if required to do so by law, regulation, legal process, or governmental request, or where we believe disclosure is necessary to protect the rights, property, or safety of Prox, our customers, or others.

Business Transfers

In connection with a merger, acquisition, reorganization, or sale of assets, personal information may be transferred as a business asset. We will provide notice before any such transfer and before information becomes subject to a materially different privacy policy.

With Your Consent

We may share information for other purposes with your explicit consent.

Data Retention

We retain personal information for as long as necessary to provide the Services, fulfill the purposes described in this policy, and comply with our legal obligations. Our retention practices align with SOC 2 Type II standards and are defined in our internal data retention policy.

Business customers may request deletion of their data and end consumer data in accordance with their service agreement. Upon account termination, we will delete or return customer data within the timeframes specified in the applicable agreement.

Security

Prox is SOC 2 Type II certified. We implement technical and organizational measures designed to protect personal information against unauthorized access, disclosure, alteration, and destruction. These include:

• Encryption of data in transit and at rest
• Strict access controls and authentication requirements
• Tenant isolation architecture (each business customer's data is logically separated)
• Regular security reviews and vulnerability assessments
• Employee security training

No system is perfectly secure. If you believe your information has been compromised, contact us immediately at security@useprox.com.

International Data Transfers

Prox is headquartered in the United States. If you are accessing our Services from the European Economic Area (EEA), United Kingdom, Canada, or other regions with data protection laws, your information may be transferred to and processed in the United States or other countries.

For transfers of personal data from the EEA or UK, we rely on appropriate transfer mechanisms including Standard Contractual Clauses (SCCs) where required. Business customers in the EU/UK may request a Data Processing Agreement (DPA) by contacting privacy@useprox.com.

Your Privacy Rights

All Users

Regardless of location, you may:

• Request access to personal information we hold about you
• Request correction of inaccurate information
• Request deletion of your information (subject to legal retention requirements)
• Withdraw consent where processing is based on consent

EEA and UK Residents (GDPR / UK GDPR)

If you are located in the EEA or UK, you have additional rights:

• Right to restriction — request that we limit processing of your data
• Right to portability — receive your data in a structured, machine-readable format
• Right to object — object to processing based on legitimate interests
• Right to lodge a complaint — with your local supervisory authority

Our legal bases for processing platform user data include: performance of a contract (providing the Services), legitimate interests (security, fraud prevention, product improvement), and compliance with legal obligations.

California Residents (CCPA / CPRA)

California residents have the right to:

• Know what personal information we collect and how it is used
• Delete personal information we have collected
• Correct inaccurate personal information
• Opt out of the sale or sharing of personal information (we do not sell or share personal information)
• Non-discrimination for exercising privacy rights

To submit a request, contact privacy@useprox.com. We will respond within 45 days.

Customer Data Subjects

If your data was processed through our platform on behalf of one of our business customers, your primary point of contact for privacy requests is that customer — not Prox. We act as a data processor on their behalf and will cooperate with any requests they relay to us.

Cookies and Tracking

We use essential cookies required for platform authentication and session management. We do not currently use marketing, advertising, or analytics tracking cookies on our platform or website.

Children's Privacy

Our Services are not directed to individuals under the age of 16. We do not knowingly collect personal information from children under 16. If you believe we have inadvertently collected such information, contact us at privacy@useprox.com and we will promptly delete it.

Data Processing Agreements

Business customers who process personal data of EEA, UK, or other protected data subjects on our platform may require a Data Processing Agreement (DPA). Please contact privacy@useprox.com to request a DPA.

Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify platform users by email or through a notice within the Services at least 30 days before the changes take effect. Your continued use of the Services after the effective date constitutes acceptance of the updated policy.

The most current version of this policy is always available at useprox.com/privacy.

Contact Us

For privacy-related questions, requests, or complaints:

Prox Technologies, Inc. is incorporated in Delaware, United States.