Privacy Policy

Prixlo LLC ("we", "us", or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use the Prixlo platform ("the Service").

Account Information

• Name and email address
• Organization name and business details
• Billing information (processed securely via Stripe)
• Profile photo (optional)

Usage Data

• Device information (browser type, operating system, screen resolution)
• IP address and approximate location
• Pages visited and features used
• Login timestamps and session duration

Business Data

• Data you enter into the platform (invoices, contacts, tasks, events, files, etc.)
• Files and documents you upload
• Communications sent through the platform

• To provide, maintain, and improve the Service
• To process transactions and manage your subscription
• To send important notifications about your account or the Service
• To authenticate your identity and secure your account
• To detect and prevent fraud, abuse, and security incidents
• To comply with legal obligations

We do not sell your personal information. We may share data with:

• Service providers: Stripe (payments), Resend (email delivery), Railway (hosting), Vercel (frontend hosting), Cloudflare (security and storage)
• Within your organization: Other members of your organization can access shared data based on their role and permissions
• Legal requirements: When required by law, court order, or governmental authority
• Business transfers: In connection with a merger, acquisition, or sale of assets

• All data is transmitted over HTTPS (TLS encryption)
• Passwords are hashed using bcrypt
• Two-factor authentication (2FA) is available for all accounts
• Session tokens are rotated and expire automatically
• Brute force protection with automatic IP blocking
• CSRF protection on all state-changing requests
• Regular security audits of our infrastructure

• Account data is retained as long as your account is active
• Upon account deletion, personal data is permanently removed within 30 days
• Billing records may be retained longer for legal and tax compliance
• Security logs (login attempts, IP addresses) are retained for up to 90 days
• Backups are automatically purged following the retention schedule

• Authentication cookies: Used to maintain your session (essential, cannot be disabled)
• CSRF cookies: Used for security purposes (essential)
• Preferences: Stored in your browser's localStorage (theme, layout, dock settings)
• We do not use third-party tracking cookies or analytics services
• We do not serve ads or share data with advertising networks

Prixlo lets users share folders and files with non-account holders via public links (e.g. prixlo.com/shared/..., prixlo.com/upload-request/...). When a visitor opens one of these links, the platform records access activity so the link owner can see how their content is being used.

What we record per visit

• Action performed (view, download, upload, browse)
• File or folder name involved
• Timestamp of the action
• Visitor's IP address (used to derive approximate city / country only — never resold)
• Browser, operating system, and device type (parsed from the User-Agent header)

Who can see it

• The owner of the link (the Prixlo user who created it) and other authorized members of their organization
• Prixlo staff only when troubleshooting an explicit support request or a security incident

Transparency to visitors

• Every public link page displays a visible notice telling the visitor that access activity is recorded and visible to the link owner
• No tracking cookies or fingerprinting scripts are placed on the visitor's device — all logging is server-side from the connection metadata
• Visitors can choose not to access a public link if they do not consent to this disclosure

Retention

• Access log entries are retained for up to 90 days, then automatically purged
• If the link is deleted by its owner, all associated access logs are deleted with it

To request deletion of access log entries that identify you, contact us at contact@prixlo.com with the link URL and the approximate dates of access.

You have the right to:

• Access: Request a copy of the personal data we hold about you
• Correction: Update or correct inaccurate information
• Deletion: Request deletion of your account and associated data
• Export: Download your data in standard formats (CSV, JSON)
• Restriction: Request that we limit processing of your data
• Objection: Object to processing of your data for specific purposes

To exercise any of these rights, contact us at contact@prixlo.com.

The Service is not intended for individuals under 18 years of age. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child, we will take steps to delete it promptly.

Your data is processed and stored in the United States. By using the Service, you consent to the transfer of your information to the United States and its processing there. We ensure appropriate safeguards are in place for any international data transfers.

We may update this Privacy Policy from time to time. Material changes will be communicated via email or through the Service. The "Last updated" date at the top reflects the most recent revision. Continued use of the Service after changes constitutes acceptance of the updated policy.

If you have questions about this Privacy Policy or our data practices, contact us at contact@prixlo.com.

Prixlo LLC
Florida, United States