← Prox

Privacy Policy

Effective March 18, 2026 · Last updated June 27, 2026

Introduction

Prox Technologies, Inc. ("Prox," "we," "us," or "our") is a Delaware corporation that provides an AI-native product workspace. This Privacy Policy explains how we collect, use, disclose, and protect information when you use our platform at useprox.com and related services (collectively, the "Services").

Prox operates in two distinct roles:

  • As a data controller — for information about our direct customers (businesses and their employees who use our platform)
  • As a data processor — for information contained in product data, knowledge sources, documents, and other materials our business customers upload or process through the platform

This policy covers both roles. If your information appears in data uploaded by one of our business customers, that customer's own privacy policy governs their data practices — this policy describes how Prox handles that data on their behalf.

Who This Policy Covers

  • Platform Users — employees, contractors, or agents of businesses that have contracted with Prox to use our Services
  • Customer Data Subjects — individuals whose information may appear in product documentation, knowledge sources, uploaded files, or other customer-provided materials
  • Website Visitors — anyone who visits useprox.com

Information We Collect

Information You Provide Directly

From Platform Users (business customers and their teams):

  • Account registration: name, work email address, company name, job title
  • Authentication credentials managed through our identity provider
  • Configuration data: product settings, business rules, knowledge base content
  • Chat messages, prompts, and other content you submit to the AI agent
  • Voice input: when you choose to use voice dictation, microphone audio is streamed to our speech-to-text provider and converted to text. Microphone access is optional, used only while you are actively dictating, and processed transiently to produce the transcript
  • Communications with our support team

From customer-provided product data:

  • Product documentation, knowledge base content, images, and attachments
  • Product identifiers, metadata, and business context provided by the customer
  • Personal information only where it appears in customer-provided materials

Information Collected Automatically

From Platform Users:

  • Log data: IP addresses, browser type, pages visited, session timestamps
  • Usage data: features accessed, actions taken within the platform
  • Device information: browser, operating system, screen resolution
  • Error and diagnostic data to maintain platform reliability

From customer-provided materials:

  • Metadata associated with uploaded files and processing activity
  • We do not independently collect or track individuals outside of customer-directed product data processing

Information from Third Parties

We may receive limited information from our business customers' integrated systems or files to contextualize product knowledge and generated outputs, as directed by those business customers.

How We Use Information

Platform Users

  • Provide, operate, and maintain the Services
  • Authenticate users and manage access
  • Process payments and administer accounts
  • Send service-related communications (onboarding, security alerts, product updates)
  • Provide customer support
  • Improve platform reliability and performance
  • Comply with legal obligations

Customer-Provided Data

We process customer-provided data solely on behalf of and at the direction of our business customers to ingest product documentation, organize knowledge sources, generate AI-assisted product answers and artifacts, provide review workflows, and maintain audit trails as directed.

We do not use customer-provided data for our own marketing, analytics, or product improvement purposes, nor to train or fine-tune any AI or machine learning models.

AI Processing

Our platform uses enterprise-grade AI services to process product and knowledge content. All AI processing is conducted under enterprise agreements that prohibit the use of our customers' data for training third-party models. Data is processed transiently for the purpose of generating responses and is not retained by AI providers beyond the scope of the immediate request.

How We Share Information

We do not sell personal information. We share information only in the following circumstances.

Service Providers

We engage vetted third-party service providers to operate our infrastructure. These providers operate under data processing agreements and are limited to processing data only as necessary to provide their services to us. Categories of providers include:

  • Cloud infrastructure and hosting providers
  • Authentication and identity management providers
  • Error monitoring and application reliability services
  • Enterprise AI and large language model providers
  • Speech-to-text providers for optional voice dictation
  • Business communications tools used by our internal team
  • Payment processing providers
  • Customer support tools

Our security posture and vendor management practices are documented in our Trust Center.

Business Customers

As a data processor, we share processed data back to the relevant business customer as part of normal platform operation, including review results, generated artifacts, and product knowledge outputs.

Legal Requirements

We may disclose information if required to do so by law, regulation, legal process, or governmental request, or where we believe disclosure is necessary to protect the rights, property, or safety of Prox, our customers, or others.

Business Transfers

In connection with a merger, acquisition, reorganization, or sale of assets, personal information may be transferred as a business asset. We will provide notice before any such transfer and before information becomes subject to a materially different privacy policy.

With Your Consent

We may share information for other purposes with your explicit consent.

Data Retention

We retain personal information for as long as necessary to provide the Services, fulfill the purposes described in this policy, and comply with our legal obligations. Our retention practices align with SOC 2 Type II standards and are defined in our internal data retention policy.

Business customers may request deletion of their data and end consumer data in accordance with their service agreement. Upon account termination, we will delete or return customer data within the timeframes specified in the applicable agreement.

Security

Prox is SOC 2 Type II certified. We implement technical and organizational measures designed to protect personal information against unauthorized access, disclosure, alteration, and destruction. These include:

  • Encryption of data in transit and at rest
  • Strict access controls and authentication requirements
  • Tenant isolation architecture (each business customer's data is logically separated)
  • Regular security reviews and vulnerability assessments
  • Employee security training

No system is perfectly secure. If you believe your information has been compromised, contact us immediately at security@useprox.com.

International Data Transfers

Prox is headquartered in the United States. If you are accessing our Services from the European Economic Area (EEA), United Kingdom, Canada, or other regions with data protection laws, your information may be transferred to and processed in the United States or other countries.

For transfers of personal data from the EEA or UK, we rely on appropriate transfer mechanisms including Standard Contractual Clauses (SCCs) where required. Business customers in the EU/UK may request a Data Processing Agreement (DPA) by contacting privacy@useprox.com.

Your Privacy Rights

All Users

Regardless of location, you may:

  • Request access to personal information we hold about you
  • Request correction of inaccurate information
  • Request deletion of your information (subject to legal retention requirements)
  • Withdraw consent where processing is based on consent

EEA and UK Residents (GDPR / UK GDPR)

If you are located in the EEA or UK, you have additional rights:

  • Right to restriction — request that we limit processing of your data
  • Right to portability — receive your data in a structured, machine-readable format
  • Right to object — object to processing based on legitimate interests
  • Right to lodge a complaint — with your local supervisory authority

Our legal bases for processing platform user data include: performance of a contract (providing the Services), legitimate interests (security, fraud prevention, product improvement), and compliance with legal obligations.

California Residents (CCPA / CPRA)

California residents have the right to:

  • Know what personal information we collect and how it is used
  • Delete personal information we have collected
  • Correct inaccurate personal information
  • Opt out of the sale or sharing of personal information (we do not sell or share personal information)
  • Non-discrimination for exercising privacy rights

To submit a request, contact privacy@useprox.com. We will respond within 45 days.

Customer Data Subjects

If your data was processed through our platform on behalf of one of our business customers, your primary point of contact for privacy requests is that customer — not Prox. We act as a data processor on their behalf and will cooperate with any requests they relay to us.

Lawful Bases for Processing

Prox relies on the following lawful bases: performance of a contract for customer-requested product processing; legitimate interests for security, reliability, usage and spend monitoring, and support; and consent for optional microphone dictation. Legitimate interests assessments have been completed for the processing carried out on that basis, including where we share personal data with third-party service providers. Processing is limited to what is necessary to deliver the product's stated functions, and Prox applies data minimisation by restricting collection to service-relevant data.

Individuals' rights of access, rectification, erasure, restriction, portability, and objection are supported through the customer/controller relationship or directly through Prox where Prox is the controller.

Prox relies on the published data processing addenda and standard contractual clauses of its subprocessors and is executing signed copies as part of its vendor management process.

Data Subject Access Requests

You may submit a data subject access request or other privacy rights request by contacting us at privacy@useprox.com. We may ask for information reasonably necessary to verify your identity and locate responsive records before processing your request.

Where Prox acts as a data controller, we will review the request, identify personal information we process about you, and respond in accordance with applicable law. Depending on your location and the law that applies, this may include rights to access, correct, delete, restrict, object to, or receive a copy of your personal information.

Where Prox processes personal information on behalf of one of our business customers, that customer is generally the controller of the data. In those cases, your primary point of contact for privacy requests is the relevant customer, and Prox will assist the customer with requests they relay to us in accordance with our contractual obligations and applicable law.

Access and Portability Requests

If you request a copy of your personal information, including under GDPR Article 15, we will provide confirmation of whether we process personal data about you and, where required, provide access to that personal data along with relevant information about the purposes of processing, categories of data, recipients or recipient categories, retention periods or criteria, data sources, and applicable rights.

Where GDPR Article 20 data portability applies, you may request to receive the personal data you provided to us in a structured, commonly used, machine-readable format. Where technically feasible and legally required, you may also request that we transmit that data directly to another controller.

We provide access and portability responses securely and may redact or withhold information where necessary to protect the rights and freedoms of others, safeguard security, comply with legal obligations, protect confidential information, or address requests that are not legally required. Where GDPR or UK GDPR applies, we will respond without undue delay and generally within one month, unless an extension is permitted by law.

Cookies and Tracking

We use essential cookies required for platform authentication, security, routing, and cookie preference storage. In the EEA, United Kingdom, Switzerland, and locations where we cannot determine whether consent is required, optional preference, analytics, and diagnostics tools run only after you opt in through our cookie controls. Elsewhere, optional tools may run by default and can be disabled in Cookie Settings. We do not use advertising, retargeting, or marketing tracking cookies.

You can review cookie categories, purposes, durations, and preference controls in our Cookie Policy.

Children's Privacy

Our Services are not directed to individuals under the age of 16. We do not knowingly collect personal information from children under 16. If you believe we have inadvertently collected such information, contact us at privacy@useprox.com and we will promptly delete it.

Data Processing Agreements

Business customers who process personal data of EEA, UK, or other protected data subjects on our platform may require a Data Processing Agreement (DPA). Please contact privacy@useprox.com to request a DPA.

Data Protection Officer & EU/UK Representatives

Data Protection Officer

Greg Makodzeba

Privacy Management Leader / DPO

greg@useprox.com

Our EU Representative

Under Article 27 of the GDPR, we have appointed an EU Representative to act as our data protection agent. Our nominated EU Representative is:

Instant EU GDPR Representative Ltd.

Adam Brogden

contact@gdprlocal.com

Tel: +353 1 554 9700

Office 2, 12A Lower Main Street, Lucan, Co. Dublin, K78 X5P8, Ireland

Our UK Representative

Under Article 27 of the UK GDPR, we have appointed a UK Representative to act as our data protection agent. Our nominated UK Representative is:

GDPR Local Ltd.

Adam Brogden

contact@gdprlocal.com

Tel: +44 1772 217800

1st Floor Front Suite, 27-29 North Street, Brighton, England

Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify platform users by email or through a notice within the Services at least 30 days before the changes take effect. Your continued use of the Services after the effective date constitutes acceptance of the updated policy.

The most current version of this policy is always available at useprox.com/privacy.

Contact Us

For privacy-related questions, requests, or complaints:

Prox Technologies, Inc.

Privacy: privacy@useprox.com

Security: security@useprox.com

Website: useprox.com

Prox Technologies, Inc. is incorporated in Delaware, United States.