DATAx Privacy Policy

ContractorCTO LLC (“DATAx,” “we,” “us,” or “our”) respects your privacy and is committed to protecting your personal information. This Privacy Policy describes how we collect, use, disclose, and safeguard your information when you use the DATAx platform and related services (the “Service”).

By accessing or using the Service, you agree to this Privacy Policy. If you do not agree with our policies and practices, do not use the Service. We may change this Privacy Policy from time to time. Your continued use of the Service after we make changes is deemed acceptance of those changes.

1. Information We Collect

We collect several types of information from and about users of the Service, including:

1.1 Personal Information You Provide to Us

We collect information that personally identifies you and other personal information that you voluntarily provide to us when you sign up for or use the Service (“Personal Information”). This includes:

• Account Registration Data: Name, email address, username, password, company name, job title, phone number, and other contact details
• Profile Information: Biographical information, profile photos, and other information you add to your user profile
• Payment Information: Credit card number, billing address, and other financial account information necessary to process payments (processed securely by our payment processor, Stripe)
• Customer Data: Construction project information, JOBTREAD data, job details, messages, attachments, files, tasks, daily logs, invoices, photographs, videos, client information, analytics data, and any other content you upload, submit, or transmit through the Service
• User Management Data: Information about other individuals when you add authorized users to your organization account
• Integration Data: Grant keys, API credentials, and authentication tokens for third-party integrations (e.g., JOBTREAD)
• Communications: Information you provide when you contact us for support, provide feedback, participate in surveys, or communicate with us through any channel

The decision to provide this information is optional. However, if you choose not to provide requested information, you may not be able to use some or all features of the Service.

1.2 Information We Collect Automatically

When you access or use the Service, we automatically collect information about your device and how you interact with the Service, including:

• Device Information: Device type, operating system, browser type and version, screen resolution, device identifiers, mobile network information
• Usage Information: Pages viewed, features accessed, links clicked, time spent on pages, navigation paths, search queries within the Service
• Log Data: IP address, access times and dates, referring and exit URLs, crash reports, error logs
• Location Information: General geographic location (city/state level) inferred from IP address
• Performance Data: Page load times, response times, API call metrics, and other performance statistics

We collect this information using various technologies including cookies, web beacons, pixels, log files, and similar tracking technologies as described in Section 2.

1.3 Information from Third-Party Sources

We may receive information about you from third-party sources, including:

• Third-Party Integrations: When you connect third-party services (like JOBTREAD) to your account, we receive information from those services in accordance with their authorization and your permissions
• Business Partners: Marketing and referral partners who help us promote the Service
• Public Sources: Publicly available information such as business listings and social media profiles
• Authentication Services: When you use single sign-on (SSO) or social login features, we receive information from the authentication provider

1.4 Aggregated and De-Identified Data

We may create aggregated, anonymized, or de-identified data from the information we collect, including by removing information that identifies you. We may use this data for any lawful purpose, including to analyze usage patterns, improve the Service, develop new features, and generate benchmarks and industry insights.

2. Tracking Technologies and Cookies

We and our service providers use various technologies to collect information automatically when you use the Service, including:

2.1 Cookies

Cookies are small data files stored on your device. We use both session cookies (which expire when you close your browser) and persistent cookies (which remain on your device until deleted or until they expire). We use cookies for:

• Essential Cookies: Necessary for authentication, security, and basic Service functionality
• Preference Cookies: Remember your settings, preferences, and customizations
• Analytics Cookies: Help us understand how you use the Service to improve performance and user experience
• Advertising Cookies: May be used to deliver relevant advertisements and measure campaign effectiveness (only with your consent)

2.2 Web Beacons and Pixels

We use web beacons (also known as pixels or tracking pixels) — small electronic images embedded in web pages and emails — to track user interactions, measure campaign effectiveness, and gather usage statistics.

2.3 Analytics Services

We use third-party analytics services, including Google Analytics and similar tools, to analyze Service usage and improve functionality. These services use cookies and similar technologies to collect information about your use of the Service. You can opt out of Google Analytics by installing the Google Analytics Opt-out Browser Add-on.

2.4 Your Cookie Choices

Most web browsers are set to accept cookies by default. You can usually modify your browser settings to decline cookies if you prefer. However, disabling cookies may prevent you from using certain features of the Service. You can also manage your cookie preferences through our cookie consent tool when you first visit the Service.

For mobile devices, you can manage tracking through your device settings or by adjusting app-level permissions.

2.5 Do Not Track

Some web browsers offer a “Do Not Track” (“DNT”) signal. Because there is not yet a common understanding of how to interpret DNT signals, we do not currently respond to DNT signals on our Service.

3. How We Use Your Information

We use the information we collect for various purposes, including:

3.1 Providing and Maintaining the Service

• Creating and managing your account
• Providing access to Service features and functionality
• Processing transactions and managing subscriptions
• Authenticating users and maintaining security
• Storing and processing your Customer Data
• Facilitating integrations with third-party services

3.2 Improving and Developing the Service

• Analyzing usage patterns and trends
• Conducting research and development for new features
• Testing and troubleshooting new functionality
• Monitoring and improving performance, reliability, and security
• Developing machine learning models and algorithms (using anonymized data)

3.3 Communicating with You

• Sending transactional emails related to your account and Service usage (e.g., confirmations, receipts, notifications, security alerts)
• Responding to your inquiries, support requests, and feedback
• Sending administrative information, such as changes to our terms or policies
• Sending promotional communications and marketing materials about our Service, new features, special offers, and events (with your consent or where permitted by law)
• Conducting surveys and collecting feedback
• Sending SMS/text messages for account notifications and alerts (with your consent)

3.4 Ensuring Security and Compliance

• Detecting, preventing, and responding to fraud, security threats, and illegal activity
• Monitoring and enforcing our Terms of Service
• Complying with legal obligations and responding to lawful requests from government authorities
• Protecting our rights, property, and the safety of DATAx, our users, and the public
• Conducting audits, investigations, and risk assessments

3.5 Business Operations

• Managing our relationship with you
• Processing payments and preventing payment fraud
• Conducting analytics and generating business intelligence
• Managing and evaluating partnerships
• In connection with or during negotiation of any merger, sale of company assets, financing, or acquisition of all or a portion of our business

3.6 Legal Basis for Processing (GDPR)

If you are located in the European Economic Area (EEA), UK, or Switzerland, our legal basis for collecting and using your personal information depends on the specific information and context:

• Contract Performance: Processing necessary to provide the Service and fulfill our contractual obligations to you
• Consent: When you have given explicit consent (e.g., for marketing communications)
• Legitimate Interests: When necessary for our legitimate business interests (e.g., improving the Service, security, fraud prevention) that are not overridden by your rights
• Legal Obligation: When required to comply with applicable laws and regulations

4. How We Share Your Information

We do not sell your Personal Information. We may share your information in the following circumstances:

4.1 Service Providers and Subprocessors

We share information with third-party service providers, contractors, and subprocessors who perform services on our behalf, including:

• Cloud Infrastructure: Google Cloud Platform / Firebase (hosting, database, authentication)
• Payment Processing: Stripe (payment and subscription management)
• Third-Party Integrations: JOBTREAD (construction management data integration) and other services you connect to your account
• Web Hosting: DigitalOcean (web application hosting and cloud infrastructure)
• Email Delivery: Resend (transactional email delivery), Kit (email marketing and campaigns)
• Analytics Providers: Tools that help us understand Service usage
• Customer Support: Tools for managing support tickets and communications

These service providers are contractually obligated to protect your information, use it only for the purposes we specify, and comply with applicable data protection laws. A current list of subprocessors is available at winyourdata.com/subprocessors.

4.2 Within Your Organization

If you use the Service as part of an organization, we share information with other authorized users within your organization account as necessary to provide the Service. Your organization administrator may have access to your account information and Customer Data.

4.3 Business Transfers

We may share or transfer your information in connection with, or during negotiations of, any merger, sale of company assets, financing, acquisition, bankruptcy, dissolution, or all or a portion of our business to another company. If such a transaction occurs, we will notify you and provide choices regarding your information.

4.4 Legal Requirements and Protection

We may disclose your information if required to do so by law or if we believe in good faith that such disclosure is necessary to:

• Comply with legal obligations, court orders, subpoenas, or other legal processes
• Enforce or apply our Terms of Service and other agreements
• Protect the rights, property, or safety of DATAx, our users, or the public
• Detect, prevent, or address fraud, security, or technical issues
• Respond to government requests or law enforcement investigations

4.5 With Your Consent

We may share your information with third parties when you have given us explicit consent to do so.

4.6 Aggregated or De-Identified Information

We may share aggregated, anonymized, or de-identified information that does not directly identify you for any lawful business purpose, including industry analysis, benchmarking, marketing, and research.

4.7 Business Partners

We may share limited information with business partners for co-marketing initiatives, referral programs, or integration partnerships, but only with your consent or where permitted by law.

5. International Data Transfers

DATAx is based in the United States. If you access the Service from outside the United States, please be aware that your information may be transferred to, stored, and processed in the United States and other countries where we or our service providers operate.

These countries may have data protection laws that are different from the laws of your country. By using the Service, you consent to the transfer of your information to the United States and other countries.

5.1 European Economic Area, UK, and Switzerland

If you are located in the EEA, UK, or Switzerland, we comply with applicable data protection laws regarding the transfer of personal data to countries outside of the EEA, UK, and Switzerland. We use the following safeguards:

• Standard Contractual Clauses: We use EU Standard Contractual Clauses (SCCs) approved by the European Commission for transfers to third countries
• Adequacy Decisions: We may transfer data to countries recognized by the European Commission as providing adequate data protection
• Other Safeguards: Additional contractual protections and technical measures as appropriate

For more information about international data transfers and to request a copy of the safeguards we have in place, please contact us at [email protected].

6. Data Security

We implement and maintain commercially reasonable administrative, physical, and technical security measures designed to protect your information from unauthorized access, loss, misuse, disclosure, alteration, and destruction. These measures include:

• Encryption of data in transit using TLS 1.2 or higher
• Encryption of sensitive data at rest using industry-standard algorithms
• Regular security assessments, vulnerability scanning, and penetration testing
• Access controls and authentication mechanisms, including multi-factor authentication
• Employee security training and background checks
• Incident response procedures and monitoring systems
• Regular data backups and disaster recovery capabilities
• Network security measures including firewalls and intrusion detection systems

However, no method of transmission over the internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your information, we cannot guarantee its absolute security. You are responsible for maintaining the confidentiality of your account credentials and for any activity under your account.

6.1 Data Breach Notification

In the event of a data breach that affects your personal information, we will notify you and applicable regulatory authorities without undue delay and as required by applicable data protection laws. Our notification will include information about the nature of the breach, the data affected, and steps we are taking to address it. We maintain incident response procedures to detect, investigate, and respond to security incidents promptly.

7. Data Retention

We retain your information for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law. Retention periods vary depending on the type of information and the purpose for which it was collected:

• Account Information: Retained for the duration of your account plus a reasonable period thereafter for business continuity and legal compliance purposes
• Customer Data: Retained during your subscription and for 30 days after termination (unless you request earlier deletion), except as required by law or as specified in our Terms of Service
• Payment Information: Retained as required for tax, accounting, and legal compliance purposes (typically 7 years)
• Usage and Analytics Data: Typically retained for 2 years, except in aggregated or anonymized form
• Communications: Support tickets and communications retained for 3 years for customer service and quality assurance purposes
• Backup Data: May be retained in backup systems for up to 90 days after deletion from production systems

When we no longer have a legitimate business need to process your information, we will delete or anonymize it, or if this is not possible, we will securely store it and isolate it from further processing until deletion is possible.

You may request deletion of your information as described in Section 8 (Your Privacy Rights).

8. Your Privacy Rights and Choices

Depending on your location and applicable law, you may have certain rights regarding your personal information:

8.1 Access and Portability

You have the right to access your personal information and request a copy of it. You can access much of your information directly through your account settings. You may also request a portable copy of your information in a commonly used, machine-readable format.

8.2 Correction and Update

You have the right to correct or update inaccurate or incomplete personal information. You can update most information directly through your account settings or by contacting us.

8.3 Deletion

You have the right to request deletion of your personal information, subject to certain exceptions (e.g., when we need to retain information for legal compliance, fraud prevention, or to complete transactions). You can delete your account through account settings or by contacting [email protected].

8.4 Restriction and Objection

You may have the right to restrict or object to our processing of your personal information in certain circumstances, such as when you contest the accuracy of the data or object to processing based on legitimate interests.

8.5 Withdraw Consent

Where we rely on your consent to process your information, you have the right to withdraw that consent at any time. This will not affect the lawfulness of processing based on consent before its withdrawal.

8.6 Marketing Communications

You can opt out of receiving promotional emails and marketing communications by:

• Clicking the “unsubscribe” link in any marketing email
• Updating your notification preferences in account settings
• Contacting us at [email protected]

Please note that even if you opt out of marketing communications, we will still send you transactional and Service-related messages (e.g., account notifications, security alerts, billing information).

8.7 SMS/Text Messages

If you have opted in to receive SMS messages, you can opt out at any time by replying STOP to any message or updating your notification settings.

8.8 Cookie Preferences

You can manage your cookie preferences as described in Section 2.4.

8.9 How to Exercise Your Rights

To exercise any of these rights, please:

• Use your account settings for self-service options
• Email us at [email protected]

We will respond to your request within the timeframe required by applicable law (typically 30 days). We may need to verify your identity before processing your request to protect your information from unauthorized access.

8.10 Additional Rights for California Residents (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

• Right to Know: Request disclosure of the categories and specific pieces of personal information we have collected about you, the sources, purposes, and third parties with whom we share it
• Right to Delete: Request deletion of your personal information (subject to exceptions)
• Right to Correct: Request correction of inaccurate personal information
• Right to Opt-Out of Sale/Sharing: While we do not sell personal information, you can opt out of sharing for cross-context behavioral advertising
• Right to Limit Sensitive Personal Information: Limit the use of sensitive personal information (if applicable)
• Right to Non-Discrimination: You will not receive discriminatory treatment for exercising your privacy rights

To exercise these rights, contact us at [email protected]. You may designate an authorized agent to submit requests on your behalf, provided the agent has written authorization and you verify your identity.

8.11 Additional Rights for EEA, UK, and Switzerland Residents (GDPR)

If you are located in the EEA, UK, or Switzerland, you have additional rights under the General Data Protection Regulation (GDPR):

• Right to Lodge a Complaint: You have the right to lodge a complaint with your local data protection authority if you believe we have violated your privacy rights
• Right to Object to Automated Decision-Making: You have the right not to be subject to decisions based solely on automated processing that produce legal or similarly significant effects (we do not currently engage in such processing)

For EEA, UK, or Switzerland residents, contact us at [email protected].

9. Children's Privacy

The Service is not intended for children under the age of 16 (or under 13 in the United States), and we do not knowingly collect personal information from children under these ages. If you are under 16 (or 13 in the U.S.), do not use the Service or provide any information to us.

If we learn that we have collected personal information from a child under the applicable age without parental consent, we will take steps to delete that information as quickly as possible. If you believe we have collected information from a child under the applicable age, please contact us immediately at [email protected].

10. Third-Party Services and Links

The Service may contain links to, integrate with, or provide access to third-party websites, applications, services, and APIs (“Third-Party Services”), including JOBTREAD, Stripe, and others. This Privacy Policy does not apply to Third-Party Services.

We are not responsible for the privacy practices, content, or security of Third-Party Services. Third-Party Services are governed by their own privacy policies and terms of service. We encourage you to review the privacy policies of any Third-Party Services you access through or in connection with the Service.

When you connect third-party accounts or services to DATAx, you authorize us to access and process information from those services in accordance with your permissions and this Privacy Policy.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make changes, we will:

• Update the “Last Updated” date at the top of this Privacy Policy
• Post the revised Privacy Policy on our website and in the Service
• Notify you of material changes by email, in-app notification, or other prominent means

The revised Privacy Policy will be effective immediately upon posting for new users, or 30 days after notification for existing users. Your continued use of the Service after the effective date constitutes acceptance of the revised Privacy Policy.

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.

12. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us:

We will respond to your inquiry within 30 days.