DRAFT — not legal advice, not enforceableThe Privacy Policy below is a placeholder skeleton for layout and review purposes only. It has not been reviewed by counsel and must be replaced with legal-team-approved copy before the public site goes live. If you are a tenant relying on these terms today, please contact legal@projexcloud.com for the current signed agreement.

Privacy Policy

Last updated: TBD — DRAFT

1. Overview

This Privacy Policy explains how ProjexCloud Inc. ("we", "us") collects, uses, and shares information when you visit projexcloud.com, sign up for an account, or use the Service. For tenants subject to GDPR, UK GDPR, or DPDP, the Data Processing Agreement supplements this Policy.

2. Information We Collect

Account data: email, name, company, password hash, MFA factors.
Tenant data: content you upload, configure, or process via the Service.
Usage data: API call metadata, audit ledger rows, meter events, traces.
Device data: IP, user agent, device fingerprint for fraud detection.
Payment data: processed by a third-party PCI-DSS-certified processor; we do not store card numbers.

3. How We Use Information

Provide, operate, and improve the Service.
Authenticate users, enforce access policies, and prevent abuse.
Bill and collect for usage as set forth in the pricing tier.
Send service announcements, incident notifications, and security advisories.
Comply with legal obligations and respond to lawful requests.

4. Sharing & Subprocessors

We share tenant data only with subprocessors necessary to provide the Service (e.g., cloud infrastructure providers, payment processor, email delivery). A current list of subprocessors is available on request. We do not sell tenant data.

5. Customer-Managed Encryption

Tenants on Pro and Enterprise tiers may bind a customer-managed key (BYOK / CMEK) so that ProjexCloud cannot decrypt their data without a live grant on the customer's KMS. See the Security page for details.

6. Retention

Audit ledger entries are retained per their retention class — transient (7 days), operational (90 days), or regulated (7 years). Tenant content retention follows the tenant's configuration and the applicable law. On account closure, an export window applies before final deletion.

7. Your Rights

Depending on your jurisdiction, you may have the right to access, correct, delete, or port your personal data, and to withdraw consent. Tenants can exercise these rights via the data-rights endpoints in the tenant-admin console; individuals can email privacy@projexcloud.com.

8. International Transfers

For tenants in sovereign regions (EU, UK, etc.), data is processed in the chosen region and does not cross region boundaries except via an explicit data-residency event. Transfers outside the chosen region use Standard Contractual Clauses or equivalent safeguards.

9. Children's Privacy

The Service is not directed to children under 16. We do not knowingly collect personal data from children.

10. Contact

Privacy questions: privacy@projexcloud.com. GDPR/UK GDPR Data Protection Officer: dpo@projexcloud.com.