Privacy Policy

Dataix is a product of Gul and Metzen Solutions LLC ("Company," "we," "us," or "our"). This Privacy Policy explains how we collect, use, disclose, and protect your information when you use the Dataix platform at dataixai.com. By using Dataix, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree, please do not use the platform.

Account information: When you create an account, we collect your name, email address, organization name, phone number, and role within your organization. Usage data: We collect information about how you use the platform, including pages visited, features used, session duration, and actions taken within the platform. Government operational data: Permits, violations, inspections, and other municipal records submitted by municipality users. This data is owned by the municipality and processed by Dataix solely as a service provider. Device information: We collect IP addresses, browser type, operating system, and device identifiers to provide and secure the platform. Payment information: Processed by Stripe. We do not store credit card numbers or payment credentials. We receive only transaction confirmations and billing summaries. Location data: GPS coordinates may be collected from field inspection submissions by inspectors using mobile devices.

We use your information to: • Provide and operate the Dataix platform • Process transactions and send billing notifications • Send transactional communications including permit status updates, team invitations, and system alerts • Generate anonymized benchmarking data to improve the platform — individual organization data is never shared in benchmarks • Respond to support requests and technical issues • Comply with applicable legal obligations • Detect and prevent fraud and security threats We never sell your data to third parties. We never use your data for advertising or behavioral tracking.

Municipal permit, violation, inspection, property, and contractor data uploaded to or generated within Dataix remains the property of the municipality that owns it. Dataix processes this data solely as a service provider pursuant to our agreement with each municipality. We do not use municipal operational data for any purpose beyond delivering the contracted services. Upon contract termination, municipalities may request export of all their data within 30 days of termination. After 30 days, data is purged from our systems except where legal retention is required.

Contractors and Architects: Data retained for 90 days after subscription ends, then permanently deleted. Users may export all their data during this 90-day window. After deletion, neither the user nor Dataix can access the data. Municipalities, Cities, and Counties: Data retained for 5 years after subscription ends for audit log access and compliance purposes. The municipality owns all their data and may access it during this period. Dataix does not access municipality data unless explicitly requested by the municipality in writing. Enterprise and Large Firms: Data retained for 2 years after subscription ends, then permanently deleted unless extended retention is agreed in writing. All accounts: You have the right to export all your data at any time during your active subscription and within the applicable retention window after cancellation. Audit logs: Retained for 10 years to support legal compliance and dispute resolution. Deleted account data: Personal data is purged within 30 days of account deletion, except where longer retention is required by applicable law or the retention schedules above.

We implement industry-standard security measures including: • All data encrypted in transit using TLS 1.3 • All data encrypted at rest using AES-256 • Role-based access controls with principle of least privilege • Regular third-party security audits • Automated intrusion detection and threat monitoring • Breach notification within 72 hours of discovery No method of electronic transmission or storage is 100% secure. We will notify affected users promptly in the event of a confirmed data breach involving personal information.

Essential cookies (cannot be disabled): Used for session management, authentication, and security. Required for the platform to function. Functional cookies (can be disabled): Store your preferences including theme selection and language settings. Analytics cookies (can be disabled): Used to understand how the platform is used and to improve the user experience, processed by PostHog. Advertising cookies: We do not use advertising cookies. Ever. You can manage cookie preferences in your browser settings or by emailing support@dataixai.com.

You have the right to: • Access a copy of the personal data we hold about you • Request correction of inaccurate personal data • Request deletion of your personal data, subject to legal retention requirements • Export your data in a machine-readable format • Opt out of non-essential communications To exercise any of these rights, email privacy@dataixai.com. We will respond within 30 days.

Dataix uses the following third-party services to operate the platform, each bound by data processing agreements: • Clerk — User authentication and identity management • Supabase — Database hosting and infrastructure • Vercel — Application hosting and content delivery • Stripe — Payment processing • Resend — Transactional email delivery • Mapbox — Mapping and geographic services • Anthropic — AI processing for permit review and analysis • PostHog — Usage analytics • Sentry — Error monitoring • Upstash — Caching infrastructure We do not share personal data with third parties except as necessary to provide the platform or as required by law.

Dataix is not directed at individuals under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that we have collected personal information from a child under 13, we will delete it promptly.

We may update this Privacy Policy periodically. We will notify you of material changes by: • Sending an email notification to the address on file for your account • Posting a notice on the platform dashboard • Publishing a revised effective date at the top of this page Continued use of Dataix after changes take effect constitutes acceptance of the updated policy. We will provide at least 30 days' notice before material changes take effect.

For privacy inquiries, data access requests, or to exercise your rights: Gul and Metzen Solutions LLC New Jersey, United States privacy@dataixai.com inquiries@dataixai.com We will respond to all privacy inquiries within 30 business days.