Privacy Policy

1. Introduction

PRJCT X ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our construction project management software and services (collectively, the "Service").

By accessing or using the Service, you agree to this Privacy Policy. If you do not agree with the terms of this Privacy Policy, please do not access or use the Service.

Contact Information:
PRJCT X
Email: privacy@prjctx.com
For general inquiries: info@prjctx.com

2. Information We Collect

2.1 Information You Provide to Us

We collect information that you voluntarily provide to us when you:

• Register for an account: Name, email address, company name, job title, phone number, and password
• Use the Service: Project data, construction documents, schedules, budgets, vendor information, property details, and other content you upload or create
• Subscribe to services: Billing information (processed securely by our payment processor), subscription preferences, and payment history
• Contact us: Any information you provide when you contact our support team, participate in surveys, or communicate with us

2.2 Information Collected Automatically

When you access the Service, we automatically collect certain information, including:

• Usage data: Pages viewed, features used, actions taken, time spent on pages, and other usage statistics
• Device information: IP address, browser type and version, operating system, device type, and unique device identifiers
• Log data: Server logs, error reports, system events, and access times
• Cookies and tracking technologies: We use cookies, web beacons, and similar technologies to track activity and maintain sessions (see Section 8 for details)

2.3 Information from Third Parties

We may receive information from third-party services you connect to the Service:

• Authentication services (e.g., Google, Microsoft Azure AD) for single sign-on
• Payment processors for transaction verification
• Analytics providers for usage insights
• Integration partners (e.g., accounting software, file storage services)

3. How We Use Your Information

We use the information we collect for the following purposes:

3.1 To Provide and Maintain the Service

• Create and manage your account
• Process transactions and send transaction notifications
• Provide customer support and respond to inquiries
• Store and manage your project data
• Enable collaboration features with your team members

3.2 To Improve and Develop the Service

• Analyze usage patterns to improve features and user experience
• Conduct research and development for new features
• Monitor and analyze trends and usage
• Test new features and functionality

3.3 To Communicate with You

• Send service announcements and updates
• Provide technical notices and security alerts
• Respond to your comments and questions
• Send marketing communications (with your consent, and you may opt out at any time)

3.4 For Security and Legal Compliance

• Detect, prevent, and address fraud and security issues
• Protect against harmful or illegal activity
• Comply with legal obligations and enforce our terms
• Respond to legal requests and prevent harm

4. How We Share Your Information

We do not sell your personal information. We may share your information in the following circumstances:

4.1 With Your Consent

We may share your information with third parties when you have given us explicit consent.

4.2 Service Providers

We share information with trusted third-party service providers who perform services on our behalf, including:

• Cloud infrastructure providers (e.g., AWS, Azure) for hosting and storage
• Payment processors (e.g., Stripe) for billing and payment processing
• Analytics providers (e.g., Google Analytics) for usage analysis
• Customer support tools for help desk functionality
• Email service providers for communications

These service providers are bound by contractual obligations to keep your information confidential and use it only for the purposes for which we disclose it to them.

4.3 Within Your Organization

Information you submit to the Service may be accessible to other users within your organization based on the permissions you configure.

4.4 Legal Requirements

We may disclose your information if required to do so by law or in response to:

• Valid legal processes (subpoenas, court orders, search warrants)
• Governmental or regulatory requests
• Situations involving potential threats to safety, security, or legal rights

4.5 Business Transfers

If we are involved in a merger, acquisition, financing, reorganization, bankruptcy, or sale of assets, your information may be transferred as part of that transaction.

5. Data Security

We implement industry-standard security measures to protect your information from unauthorized access, use, disclosure, alteration, or destruction:

• Encryption: Data is encrypted in transit using TLS 1.3 and at rest using AES-256 encryption
• Access controls: Role-based access controls and multi-factor authentication options
• Security monitoring: Continuous monitoring for security threats and vulnerabilities
• Regular audits: Periodic security assessments and penetration testing
• Secure infrastructure: Hosted on secure, SOC 2 Type II compliant infrastructure
• Employee training: Regular security awareness training for our team
• Incident response: Documented procedures for handling security incidents

While we strive to protect your information, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security but are committed to protecting your data using industry best practices.

6. Data Retention

We retain your information for as long as necessary to fulfill the purposes outlined in this Privacy Policy:

• Active accounts: We retain your account information and project data for the duration of your subscription and as long as your account remains active
• Deleted accounts: After account deletion, we retain your data for 30 days to allow for account recovery. After this period, your data is permanently deleted from our active systems
• Backup retention: Data may persist in backup systems for up to 90 days after deletion
• Legal obligations: We may retain certain information for longer periods if required by law, for legal proceedings, or to comply with regulatory requirements (e.g., tax records, audit trails)
• Anonymized data: We may retain anonymized or aggregated data indefinitely for analytics and research purposes

7. Your Privacy Rights

Depending on your location, you may have the following rights regarding your personal information:

7.1 Access and Portability

• Request a copy of the personal information we hold about you
• Export your project data in common formats (CSV, JSON, PDF)
• Request information about how we use your data

7.2 Correction and Updates

• Update your account information through the Service settings
• Request correction of inaccurate or incomplete information

7.3 Deletion

• Delete your account and associated data at any time
• Request deletion of specific information (subject to legal retention requirements)

7.4 Opt-Out Rights

• Unsubscribe from marketing emails using the link in any marketing communication
• Disable non-essential cookies through your browser settings
• Opt out of certain data collection and analytics

7.5 California Privacy Rights (CCPA)

California residents have additional rights under the California Consumer Privacy Act:

• Know what personal information is collected, used, shared, or sold
• Delete personal information held by us
• Opt out of the sale of personal information (note: we do not sell personal information)
• Non-discrimination for exercising CCPA rights

7.6 European Privacy Rights (GDPR)

European Economic Area residents have rights under the General Data Protection Regulation:

• Right to access, rectification, and erasure
• Right to restrict or object to processing
• Right to data portability
• Right to withdraw consent
• Right to lodge a complaint with a supervisory authority

7.7 How to Exercise Your Rights

To exercise any of these rights, please contact us at privacy@prjctx.com. We will respond to your request within 30 days. We may require verification of your identity before processing your request.

8. Cookies and Tracking Technologies

We use cookies, web beacons, and similar tracking technologies to collect information and improve the Service.

8.1 Types of Cookies We Use

• Essential cookies: Required for the Service to function properly (e.g., session management, authentication, security)
• Functional cookies: Remember your preferences and settings (e.g., language preference, timezone)
• Analytics cookies: Help us understand how users interact with the Service (e.g., Google Analytics, usage tracking)
• Performance cookies: Monitor Service performance and identify issues

8.2 Third-Party Cookies

We use third-party services that may set cookies, including:

• Google Analytics: For usage analytics and website traffic analysis
• Payment processors: For secure payment processing
• Authentication providers: For single sign-on functionality

8.3 Your Cookie Choices

You can control cookies through your browser settings:

• Most browsers allow you to refuse or accept cookies
• You can delete cookies stored on your device
• Browser settings can be configured to notify you when cookies are being set
• Note: Disabling essential cookies may affect Service functionality

To opt out of Google Analytics tracking, visit: https://tools.google.com/dlpage/gaoptout

9. Children's Privacy

The Service is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children under 18. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at privacy@prjctx.com, and we will take steps to delete such information.

10. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have data protection laws that are different from the laws of your country.

When we transfer personal information from the European Economic Area to other countries, we use legal mechanisms such as Standard Contractual Clauses approved by the European Commission to ensure appropriate safeguards are in place.

For self-hosted deployments, data location is controlled by your organization's chosen infrastructure.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make changes:

• We will update the "Last Updated" date at the top of this Privacy Policy
• For material changes, we will provide prominent notice through the Service or via email
• Your continued use of the Service after changes become effective constitutes acceptance

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.

12. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us:

We will respond to privacy inquiries within 30 days. For urgent security concerns, please email security@prjctx.com.