Privacy Policy

1. Introduction

Welcome to CxStat ("we," "our," or "us"). We are committed to protecting your privacy and ensuring you have a positive experience while using our web application. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service.

By using CxStat, you agree to the collection and use of information in accordance with this policy. If you do not agree with our policies and practices, please do not use our service.

2. Information We Collect

2.1 Information You Provide to Us

We collect information that you provide directly to us, including:

• Account Information: Email address, password (encrypted), display name, and other account registration details
• Profile Information: User preferences, project settings, and configuration data
• Project Data: Project names, checklists, equipment information, issues, and related project management data
• API Credentials: Encrypted credentials for third-party API integrations (CxAlloy API)
• Communication Data: Any information you provide when contacting us for support or inquiries

2.2 Information Automatically Collected

When you use CxStat, we automatically collect certain information, including:

• Usage Data: Information about how you interact with our service, including pages visited, features used, and time spent on the application
• Device Information: Browser type, device type, operating system, and screen resolution
• Log Data: IP address, access times, and error logs
• Analytics Data: Aggregated usage statistics and performance metrics collected through Google Analytics

2.3 Information from Third-Party Services

We may receive information from third-party services you connect to our application:

• Firebase Authentication: Authentication tokens and user identification data
• CxAlloy API: Project data, checklists, equipment, and issues synchronized through API integrations
• Google Analytics: Website usage statistics and user behavior analytics

3. How We Use Your Information

We use the information we collect for the following purposes:

• Service Provision: To provide, maintain, and improve our web application and its features
• Authentication: To authenticate your identity and manage your account access
• Data Synchronization: To synchronize project data with third-party APIs (CxAlloy) based on your configured credentials
• User Experience: To personalize your experience, remember your preferences, and customize the interface
• Analytics: To analyze usage patterns, improve service performance, and develop new features
• Communication: To send you service-related notifications, updates, and respond to your inquiries
• Security: To detect, prevent, and address technical issues, security threats, and fraudulent activity
• Compliance: To comply with legal obligations and enforce our terms of service

4. Data Storage and Security

4.1 Data Storage

Your data is stored using the following methods:

• Firebase Firestore: User accounts, project data, and encrypted API credentials are stored in Google Firebase Firestore databases
• Firebase Authentication: Authentication data is managed by Google Firebase Authentication service
• Local Storage: Non-sensitive UI preferences (theme, filter panel position, selected project) are stored in your browser's localStorage
• IndexedDB: Cached data for improved performance is stored in your browser's IndexedDB using localforage

4.2 Security Measures

We implement industry-standard security measures to protect your information:

• Encryption: Sensitive data, including API credentials, is encrypted using AES encryption before storage
• Secure Authentication: Passwords are hashed and never stored in plain text
• HTTPS: All data transmission is encrypted using SSL/TLS protocols
• Access Controls: User data is isolated and accessible only by authenticated users
• Regular Security Audits: We conduct regular security assessments and updates
• Rate Limiting: API calls are rate-limited to prevent abuse and ensure service stability

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your information, we cannot guarantee absolute security.

5. Data Sharing and Disclosure

We do not sell, trade, or rent your personal information to third parties. We may share your information only in the following circumstances:

5.1 Service Providers

We may share information with trusted third-party service providers who assist us in operating our service:

• Google Firebase: For authentication, database storage, and cloud functions
• Google Analytics: For website analytics and usage statistics
• CxAlloy API: When you configure API credentials, we transmit data to CxAlloy services as necessary for project synchronization

5.2 Legal Requirements

We may disclose your information if required by law or in response to valid requests by public authorities (e.g., court orders, subpoenas).

5.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change in ownership.

5.4 With Your Consent

We may share your information with your explicit consent or at your direction.

6. Your Rights and Choices

You have the following rights regarding your personal information:

6.1 Access and Portability

• Access your personal data stored in our systems
• Request a copy of your data in a portable format

6.2 Correction and Updates

• Update or correct inaccurate information through your user profile settings
• Modify your project data and preferences at any time

6.3 Deletion

• Request deletion of your account and associated data
• Delete individual projects or data entries through the application interface

6.4 Data Processing Controls

• Opt-out of non-essential data collection where possible
• Disable analytics tracking through browser settings (though this may affect service functionality)

6.5 Account Management

• Update your account settings and preferences
• Change or remove API credentials
• Export your project data

To exercise these rights, please contact us using the information provided in the "Contact Us" section below.

7. Data Retention

We retain your personal information for as long as necessary to provide our services and fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law.

• Account Data: Retained until you delete your account or request deletion
• Project Data: Retained until you delete the project or your account
• Analytics Data: Retained in aggregated, anonymized form for service improvement purposes
• Log Data: Retained for security and troubleshooting purposes, typically for up to 90 days

When you delete your account, we will delete or anonymize your personal information, except where we are required to retain it for legal, regulatory, or legitimate business purposes.

8. Children's Privacy

CxStat is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately. If we become aware that we have collected personal information from a child without parental consent, we will take steps to delete that information.

9. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have data protection laws that differ from those in your country. By using CxStat, you consent to the transfer of your information to these countries.

We ensure that appropriate safeguards are in place to protect your information in accordance with this Privacy Policy, including:

• Standard contractual clauses approved by relevant data protection authorities
• Compliance with applicable data protection laws and regulations
• Use of service providers that maintain adequate data protection standards

10. Third-Party Links and Services

Our service may contain links to third-party websites or integrate with third-party services. We are not responsible for the privacy practices of these third parties. We encourage you to review the privacy policies of any third-party services you access through our application.

Third-party services we integrate with include:

• Google Firebase: Authentication, database, and cloud functions - Privacy Policy
• Google Analytics: Website analytics - Privacy Policy
• CxAlloy API: Project management data synchronization - Please refer to CxAlloy's privacy policy

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of any material changes by:

• Posting the updated policy on this page with a new "Last Updated" date
• Sending you an email notification (if you have provided an email address)
• Displaying a prominent notice within the application

Your continued use of CxStat after any changes to this Privacy Policy constitutes your acceptance of the updated policy. We encourage you to review this Privacy Policy periodically.

12. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

• Right to Know: You have the right to request information about the categories and specific pieces of personal information we collect, use, and disclose
• Right to Delete: You have the right to request deletion of your personal information
• Right to Opt-Out: You have the right to opt-out of the sale of personal information (we do not sell personal information)
• Non-Discrimination: We will not discriminate against you for exercising your privacy rights

To exercise these rights, please contact us using the information provided in the "Contact Us" section.