Privacy Policy

This Privacy Policy explains how CategoriX collects, uses, protects, and shares your personal information when you use our platform and services.

1. Introduction and Scope

1.1 About This Policy

This Privacy Policy ("Policy") describes how CategoriX, a Delaware corporation ("CategoriX," "we," "us," or "our"), collects, uses, processes, stores, shares, and protects personal information in connection with our AI-powered product categorization platform and related services (the "Service").

1.2 Scope and Application

This Policy applies to:

• Our website at categorix.ai and all subdomains
• Our web-based application and dashboard
• Our API services and integrations
• All related services, features, and functionalities
• Communications between you and CategoriX

1.3 Your Consent

By accessing or using our Service, you acknowledge that you have read, understood, and agree to the collection, use, and disclosure of your personal information as described in this Policy. If you do not agree with this Policy, please do not use our Service.

1.4 Data Controller

CategoriX is the data controller responsible for the personal information collected and processed through our Service, as described in this Policy.

2. Information We Collect

2.1 Account and Registration Information

When you create an account or register for our Service, we collect:

• Personal Identifiers: Full name, email address
• Account Credentials: Username, encrypted password, security questions
• Business Information: Company name, industry, job title (if provided)
• Verification Data: Email verification tokens and status
• Account Management: Account creation date, last login, account status
• Profile Information: User preferences, settings, and customizations

2.2 Payment and Billing Information

For paid subscriptions, we collect:

• Payment Information: Credit card details, billing address (processed securely through our payment processor)
• Transaction Data: Payment amounts, dates, subscription plans, billing history
• Tax Information: Tax identification numbers, if required by law
• Customer IDs: Payment processor customer and subscription identifiers
• Billing Preferences: Invoice delivery preferences, payment method preferences

Important: We do not store complete credit card numbers. All payment processing is handled securely by our certified payment processor.

2.3 Product Data and File Content

When using our categorization services, we process:

• Uploaded Files: CSV, Excel, JSON, XML files containing product information
• Product Information: Product titles, descriptions, categories, SKUs, and other product attributes
• Mapping Data: Category assignments, confidence scores, user corrections
• Processing Results: Categorized data, generated reports, download files
• Custom Taxonomies: User-created categorization structures and hierarchies

2.4 Usage and Technical Information

We automatically collect technical information about your use of our Service:

• Device Information: IP address, browser type, operating system, device identifiers
• Usage Analytics: Pages visited, features used, session duration, click patterns
• Performance Data: Page load times, error rates, system performance metrics
• API Usage: API calls made, endpoints accessed, request/response data
• Log Data: Server logs, error logs, security logs with timestamps

2.5 Communication Data

When you communicate with us, we collect:

• Contact Form Data: Name, email, company, message content, inquiry type
• Support Communications: Help requests, bug reports, feature requests
• Email Communications: Email content, attachments, delivery status
• Feedback: Product feedback, survey responses, user experience data

2.6 Cookies and Tracking Technologies

We use various tracking technologies including:

• Essential Cookies: Authentication tokens, session management, security features
• Analytics Cookies: Website analytics for usage patterns and optimization
• Functional Cookies: User preferences, settings, dashboard configurations
• Performance Cookies: System performance monitoring and error tracking
• Security Cookies: Fraud prevention and security monitoring

2.7 Automatically Collected Information

We automatically collect additional information including:

• Geolocation Data: Approximate location based on IP address
• Referral Information: How you found our Service
• Browser Fingerprinting: Device characteristics for security purposes
• Network Information: Connection type, ISP information

3. How We Use Your Information

3.1 Service Provision and Platform Operation

We use your information to:

• Provide and maintain our AI-powered categorization platform
• Process and categorize your product data using machine learning algorithms
• Manage your account, authentication, and access controls
• Enable file uploads, processing, and result downloads
• Deliver categorization results and analytics dashboards
• Provide API access and integration capabilities
• Customize your user experience and interface

3.2 AI Processing and Machine Learning

We process your product data through advanced artificial intelligence services, specifically:

• Using enterprise-grade language models to analyze and categorize product information
• Generating category mappings and confidence scores
• Processing product titles, descriptions, and attributes for taxonomy matching
• Improving categorization accuracy through feedback and corrections
• Analyzing usage patterns to optimize algorithm performance

Important: We do not use your product data to train AI models. Your data is processed only to provide categorization services and is not shared with AI providers for training purposes.

3.3 Payment and Billing

We use payment information to:

• Process subscription payments and billing transactions
• Manage subscription renewals, upgrades, and cancellations
• Generate invoices and payment confirmations
• Prevent fraud and unauthorized transactions
• Comply with tax and financial reporting requirements

3.4 Communication and Support

We use your contact information to:

• Send service-related notifications and updates
• Provide customer support and technical assistance
• Respond to inquiries, feedback, and support requests
• Send important account and security notifications
• Deliver email confirmations for transactions and actions

3.5 Service Improvement and Analytics

We analyze usage data to:

• Monitor and improve platform performance and reliability
• Understand usage patterns and optimize user experience
• Develop new features and enhance existing functionality
• Identify and fix bugs, errors, and security vulnerabilities
• Generate aggregated, non-personally identifiable analytics

3.6 Security and Compliance

We process information to:

• Detect and prevent fraud, abuse, and unauthorized access
• Investigate security incidents and potential violations
• Comply with legal obligations and regulatory requirements
• Enforce our Terms of Service and acceptable use policies
• Protect our rights, property, and the safety of our users

3.7 Legal Basis for Processing (GDPR/CCPA)

Our legal bases for processing personal information include:

• Contractual Necessity: Processing required to provide our Service under our Terms of Service
• Legitimate Interests: Service improvement, security, fraud prevention, and business operations
• Legal Compliance: Meeting legal obligations under applicable laws and regulations
• Consent: Where you have explicitly consented to specific processing activities

4. Information Sharing and Disclosure

4.1 Third-Party Service Providers

We share information with trusted service providers who assist in operating our platform:

• Cloud Infrastructure: Secure hosting, storage, and computing services
• Payment Processing: Secure payment processing and subscription management
• Email Services: Transactional email delivery and communication services
• AI Processing: Advanced artificial intelligence processing for product categorization
• Analytics Services: Website analytics and usage tracking
• Security Services: Fraud prevention, monitoring, and security enhancement
• Customer Support: Help desk and customer service platforms

These service providers are contractually bound to protect your information and use it only for providing services to us. We conduct due diligence on all service providers and maintain data processing agreements with appropriate security and privacy protections.

4.2 Business Transfers

If CategoriX is involved in a merger, acquisition, or sale of assets, your personal information may be transferred as part of that transaction. We will provide notice before your personal information is transferred and becomes subject to a different privacy policy.

4.3 Legal Requirements and Protection

We may disclose your information when required by law or when we believe disclosure is necessary to:

• Comply with legal obligations, court orders, or government requests
• Protect and defend our rights, property, or safety
• Protect the rights, property, or safety of our users or the public
• Investigate fraud, security, or technical issues
• Prevent or investigate possible wrongdoing in connection with the Service

4.4 Aggregated and De-Identified Data

We may share aggregated, anonymized, or de-identified information that cannot reasonably be used to identify you for business purposes, including:

• Industry analytics and market research
• Platform usage statistics and trends
• Improving our AI algorithms and categorization accuracy
• Academic research and development

4.5 No Sale of Personal Information

We do not sell, rent, or trade your personal information to third parties for their marketing purposes. We do not engage in data brokerage activities.

5. Data Security and Protection

5.1 Security Measures

We implement comprehensive security measures to protect your information:

• Encryption: Data encrypted in transit using TLS/SSL and at rest using AES-256
• Access Controls: Role-based access, multi-factor authentication, and principle of least privilege
• Infrastructure Security: Secure cloud hosting with AWS security controls and monitoring
• Network Security: Firewalls, intrusion detection, and network segmentation
• Regular Audits: Security assessments, penetration testing, and vulnerability scanning
• Employee Training: Security awareness training and background checks

5.2 Payment Security

Payment processing is handled by Stripe, which is PCI DSS Level 1 certified. We do not store complete credit card information on our servers.

5.3 Data Breach Response

In the event of a data breach that affects your personal information, we will:

• Notify affected users within 72 hours of discovery
• Report to relevant authorities as required by law
• Implement immediate containment and remediation measures
• Provide guidance on protective steps you can take
• Conduct a thorough investigation and implement preventive measures

5.4 Limitations

While we implement robust security measures, no system is completely secure. We cannot guarantee absolute security of your information, and you provide information at your own risk.

6. Data Retention and Deletion

6.1 Retention Periods

We retain personal information for different periods based on the type of data:

• Account Information: Retained while your account is active and for up to 7 years after account closure for legal compliance
• Product Data: Uploaded files and processing results retained for 90 days after processing completion
• Payment Data: Transaction records retained for 7 years for tax and accounting purposes
• Usage Data: Analytics data retained for up to 26 months for service improvement
• Support Communications: Retained for 3 years for quality assurance and legal purposes

6.2 Data Deletion

You can request deletion of your data in the following ways:

• Delete specific files and processing results through your dashboard
• Request account deletion through your account settings
• Contact us at admin@categorix.ai for manual deletion requests
• Exercise your right to erasure under applicable privacy laws

6.3 Legal Retention Requirements

Some information may be retained longer when required by law, including:

• Financial records for tax and accounting compliance
• Data subject to legal holds or litigation
• Information needed for fraud prevention and security
• Records required by regulatory authorities

7. International Data Transfers

7.1 Cross-Border Processing

CategoriX operates from the United States, and your information may be transferred to, stored, and processed in the United States and other countries where our service providers operate. These countries may have different data protection laws than your country of residence.

7.2 Safeguards for International Transfers

When transferring personal information internationally, we implement appropriate safeguards including:

• Standard Contractual Clauses (SCCs) approved by the European Commission
• Adequacy decisions for countries with sufficient data protection
• Privacy Shield frameworks where applicable
• Your explicit consent for specific transfers
• Binding corporate rules and codes of conduct

7.3 Data Processing Agreements

We maintain data processing agreements with all third-party service providers that process personal information on our behalf, ensuring appropriate protection regardless of location.

8. Your Privacy Rights and Choices

8.1 Access and Information Rights

You have the right to:

• Access your personal information and obtain copies
• Request information about how your data is processed
• Receive data in a portable, machine-readable format
• Review and update your account information

8.2 Correction and Update Rights

You can:

• Update your account information through your dashboard
• Correct inaccurate or incomplete personal information
• Request updates to outdated information
• Modify your communication preferences

8.3 Deletion and Erasure Rights

You can request deletion of:

• Specific uploaded files and processing results
• Your entire account and associated data
• Personal information no longer needed for original purposes
• Data processed based on consent that you withdraw

8.4 Restriction and Objection Rights

You can:

• Restrict processing of your information in certain circumstances
• Object to processing based on legitimate interests
• Opt out of marketing communications
• Disable certain cookies and tracking technologies

8.5 California Privacy Rights (CCPA/CPRA)

California residents have additional rights including:

• Right to know what personal information is collected and how it's used
• Right to delete personal information
• Right to opt-out of the sale of personal information (we don't sell data)
• Right to non-discrimination for exercising privacy rights
• Right to correct inaccurate personal information

8.6 Exercising Your Rights

To exercise your privacy rights:

• Use the privacy controls in your account dashboard
• Email us at admin@categorix.ai with your request
• Include sufficient information to verify your identity
• Specify which rights you want to exercise

We will respond to your request within 30 days (or as required by applicable law) and may need to verify your identity before processing your request.

9. Cookies and Tracking Technologies

9.1 Types of Cookies We Use

We use the following types of cookies and tracking technologies:

Essential Cookies

• Authentication and session management
• Security features and fraud prevention
• Load balancing and performance optimization
• User preferences and settings
• CSRF protection and security tokens

Analytics Cookies

• Website analytics for usage analysis and optimization
• Performance monitoring and error tracking
• User behavior analysis and A/B testing
• Feature usage and adoption metrics
• Conversion tracking and funnel analysis

Functional Cookies

• Dashboard customization and layout preferences
• Language and region settings
• Notification preferences and settings
• Recently accessed data and shortcuts
• Form data persistence and auto-save features

9.2 Cookie Management and Control

You can control cookies through:

• Browser settings to block, delete, or manage cookies
• Our cookie preference center and consent management
• Opt-out tools provided by analytics providers
• Privacy-focused browser extensions and tools
• Private browsing or incognito mode

Note: Disabling essential cookies may significantly affect the functionality and security of our Service.

9.3 Third-Party Tracking and Do Not Track

Third-party services may set their own cookies when you use our Service. We honor Do Not Track signals where technically feasible and legally required. Some third-party tracking may persist based on their own policies and your browser settings.

10. Children's Privacy

10.1 Age Restrictions and Compliance

Our Service is not intended for children under 18 years of age (or the minimum age for digital consent in your jurisdiction). We do not knowingly collect personal information from children under the applicable minimum age. If you are under the required age, please do not provide any information through our Service.

10.2 Parental Notice and Rights

If we become aware that we have collected personal information from a child under the applicable minimum age without verification of parental consent, we will take immediate steps to remove that information from our servers. Parents and guardians have the right to review, modify, or delete their child's personal information.

10.3 Reporting Concerns

If you believe we have collected information from a child under the applicable minimum age, or if you are a parent seeking to exercise rights regarding your child's information, please contact us immediately at admin@categorix.ai with "Child Privacy" in the subject line.

11. Changes to This Privacy Policy

11.1 Policy Updates and Notification

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or Service features. When we make material changes, we will:

• Update the "Last updated" date at the top of this Policy
• Notify you via email if you have an account with us
• Display a prominent notice on our website and dashboard
• Provide 30 days' advance notice for significant changes affecting your rights
• Obtain additional consent where required by law

11.2 Continued Use and Acceptance

Your continued use of our Service after any changes to this Policy will constitute your acceptance of such changes, unless additional consent is required by law. If you do not agree with any changes, please stop using our Service and close your account before the changes take effect.

11.3 Previous Versions and Version Control

Previous versions of this Privacy Policy are available upon request and may be required for legal or compliance purposes. Contact us at admin@categorix.ai if you need access to earlier versions or have questions about policy changes.

12. Regional Privacy Information

12.1 European Union and United Kingdom

For users in the EU and UK, this Policy complies with the General Data Protection Regulation (GDPR) and UK GDPR. You have additional rights including:

• Right to lodge a complaint with your local supervisory authority
• Right to withdraw consent at any time
• Right to data portability
• Right to object to automated decision-making
• Right to restrict processing under certain circumstances
• Right to rectification of inaccurate data

12.2 California, USA

California residents have rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA), including the right to know, delete, correct, and opt-out of certain data processing. We do not sell personal information as defined by California law.

12.3 Other Jurisdictions

We comply with applicable privacy laws in other jurisdictions where we operate, including but not limited to Canada's PIPEDA, Australia's Privacy Act, and Brazil's LGPD. If you have specific questions about privacy rights in your jurisdiction, please contact us.

13. Automated Decision-Making and Profiling

13.1 Automated Processing

Our Service uses automated processing to:

• Categorize products using AI algorithms
• Detect fraud and security threats
• Personalize user experience and recommendations
• Optimize system performance and resource allocation

13.2 Your Rights Regarding Automated Decisions

Where automated decision-making significantly affects you, you have the right to:

• Request human intervention in the decision-making process
• Express your point of view regarding the automated decision
• Contest decisions made solely by automated means
• Request explanation of the logic involved in automated decision-making

13.3 Profiling Activities

We may create profiles based on your usage patterns to improve service delivery and detect anomalies. These profiles are used solely for service provision and security purposes, not for marketing or advertising.

14. Marketing and Communications

14.1 Types of Communications

We may send you different types of communications:

• Transactional: Account notifications, billing, security alerts (cannot opt-out)
• Service Updates: Product updates, feature announcements, maintenance notices
• Marketing: Promotional content, product recommendations, industry insights (opt-in required)
• Educational: Best practices, tutorials, webinar invitations

14.2 Opt-Out and Preferences

You can manage your communication preferences by:

• Using unsubscribe links in our emails
• Updating preferences in your account dashboard
• Contacting us directly at admin@categorix.ai
• Using email filtering and blocking tools

14.3 Third-Party Marketing

We do not share your personal information with third parties for their marketing purposes without your explicit consent. We do not participate in data broker activities or sell contact lists.

15. Data Breach Notification

15.1 Breach Detection and Response

We maintain comprehensive security monitoring to detect potential data breaches. Our incident response procedures include:

• Immediate containment and investigation of security incidents
• Assessment of breach scope and affected data
• Notification to relevant authorities within required timeframes
• User notification within 72 hours of confirmed breach
• Implementation of remediation measures and security improvements

15.2 User Notification

If a data breach affects your personal information, we will notify you via:

• Email to your registered email address
• Notice posted on our website and service dashboard
• Direct communication for high-risk breaches
• Public disclosure if required by law

15.3 Breach Information

Our breach notifications will include:

• Description of the incident and affected data types
• Approximate number of affected users
• Steps taken to address the breach
• Recommended actions for affected users
• Contact information for questions and support

16. Third-Party Links and Services

16.1 External Links

Our Service may contain links to third-party websites, applications, or services. This Privacy Policy does not apply to these external sites. We encourage you to review the privacy policies of any third-party services you access.

16.2 Third-Party Integrations

When you connect third-party services to your CategoriX account, additional data sharing may occur subject to the terms of those integrations. You are responsible for reviewing and managing these connections.

16.3 Social Media and Public Forums

Any information you share in public forums, social media, or community features becomes publicly available and is not covered by this Privacy Policy.

17. Contact Information and Complaints

17.1 Privacy Questions and Requests

If you have questions about this Privacy Policy or want to exercise your privacy rights, please contact us at:

17.2 Response Time

We will respond to your privacy requests within 30 days (or as required by applicable law). For complex requests, we may extend this period by an additional 60 days with notice to you.

17.3 Complaints and Supervisory Authorities

If you believe we have not addressed your privacy concerns adequately, you have the right to lodge a complaint with:

• Your local data protection authority (for EU/UK residents)
• The California Attorney General (for California residents)
• The Federal Trade Commission (for US residents)
• Other relevant privacy regulators in your jurisdiction

17.4 Data Protection Officer

For privacy matters requiring specialized attention, you can contact our Data Protection Officer at admin@categorix.ai with "DPO" in the subject line.