Privacy Policy

Last Updated: December 15, 2024

CapexIQ ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform and services.

This policy complies with the Personal Information Protection Act (PIPA) of Alberta, Canada, the Personal Information Protection and Electronic Documents Act (PIPEDA) of Canada, and the General Data Protection Regulation (GDPR) for users in the European Economic Area.

1. Information We Collect

1.1 Information You Provide

We collect information you voluntarily provide when using our services:

Account Information: Name, email address, company name, job title, phone number
Project Documents: P&IDs, equipment lists, scope documents, and other files you upload for analysis
Payment Information: Billing address and payment details (processed securely by third-party payment processors)
Communications: Messages, feedback, and support requests you send to us
Pilot Application Data: Information submitted through our pilot request forms

1.2 Information Collected Automatically

When you access our platform, we automatically collect:

Usage Data: Features accessed, actions taken, time spent on platform
Device Information: Browser type, operating system, device identifiers
Log Data: IP address, access times, pages viewed, referring URLs
Cookies and Tracking: Session cookies, analytics cookies (see Section 7)

2. How We Use Your Information

We use collected information for the following purposes:

Service Delivery: To provide, maintain, and improve our FEL estimation and scope intelligence services
Document Analysis: To process and analyze your uploaded project documents using our AI-powered tools
Account Management: To create and manage your account, process transactions, and provide customer support
Communication: To send service updates, security alerts, and respond to inquiries
Product Improvement: To analyze usage patterns and improve our platform functionality
Legal Compliance: To comply with applicable laws, regulations, and legal processes
Security: To detect, prevent, and address fraud, security issues, and technical problems

3. Legal Basis for Processing (GDPR)

For users in the European Economic Area, we process personal data based on:

Contract Performance: Processing necessary to fulfill our service agreement with you
Legitimate Interests: Processing for our legitimate business interests, such as improving services and ensuring security
Consent: Where you have provided explicit consent for specific processing activities
Legal Obligation: Processing required to comply with applicable laws

4. Data Sharing and Disclosure

We do not sell your personal information. We may share information in the following circumstances:

4.1 Service Providers

We engage trusted third-party service providers who assist in operating our platform:

Cloud hosting and infrastructure providers
Payment processors
Analytics services
Customer support tools

All service providers are contractually bound to protect your information and use it only for specified purposes.

4.2 Legal Requirements

We may disclose information when required by law, court order, or government request, or when necessary to:

Comply with legal obligations
Protect our rights, privacy, safety, or property
Enforce our terms of service
Respond to claims of content violations

4.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of the transaction. We will notify you of any such change.

5. Data Retention

We retain your information for as long as necessary to:

Provide our services and maintain your account
Comply with legal and regulatory requirements
Resolve disputes and enforce agreements
Support legitimate business purposes

Project Documents: Uploaded documents are retained for the duration of your subscription plus 90 days, unless you request earlier deletion or configure custom retention policies (available for Enterprise tiers).

Account Data: Retained for 3 years after account closure for legal and audit purposes.

6. Your Rights

6.1 Rights Under Canadian Law (PIPA/PIPEDA)

You have the right to:

Access your personal information held by us
Request correction of inaccurate information
Withdraw consent for certain processing activities
File a complaint with the Office of the Information and Privacy Commissioner of Alberta

6.2 Rights Under GDPR (European Users)

If you are in the European Economic Area, you have additional rights:

Right of Access: Obtain a copy of your personal data
Right to Rectification: Correct inaccurate or incomplete data
Right to Erasure: Request deletion of your data ("right to be forgotten")
Right to Restrict Processing: Limit how we use your data
Right to Data Portability: Receive your data in a structured, machine-readable format
Right to Object: Object to processing based on legitimate interests
Right to Withdraw Consent: Withdraw consent at any time where processing is based on consent

To exercise these rights, contact us at contact@capexiq.io. We will respond within 30 days (or 72 hours for GDPR requests where required).

7. Cookies and Tracking Technologies

We use cookies and similar technologies to:

Essential Cookies: Enable core platform functionality and security
Analytics Cookies: Understand how users interact with our platform
Preference Cookies: Remember your settings and preferences

You can manage cookie preferences through your browser settings. Note that disabling certain cookies may affect platform functionality.

8. Data Security

We implement robust security measures to protect your information:

Encryption in transit (TLS 1.3) and at rest (AES-256)
Access controls and authentication mechanisms
Regular security assessments and penetration testing
Employee training and confidentiality agreements
Incident response procedures

For detailed security information, see our Security page.

9. International Data Transfers

Your information may be processed in Canada and other countries where our service providers operate. For transfers outside Canada or the EEA, we ensure appropriate safeguards are in place, including:

Standard Contractual Clauses approved by the European Commission
Adequacy decisions where applicable
Binding corporate rules for service providers

10. Children's Privacy

Our services are not intended for individuals under 18 years of age. We do not knowingly collect personal information from children. If we become aware of such collection, we will delete the information promptly.

11. Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of material changes by:

Posting the updated policy on our website
Sending email notification to registered users
Displaying a prominent notice on our platform

Your continued use of our services after changes constitutes acceptance of the updated policy.

12. Contact Us

For privacy-related inquiries or to exercise your rights, contact us:

CapexIQ

Email: contact@capexiq.io

Subject Line: Privacy Inquiry

13. Governing Law

This Privacy Policy is governed by the laws of the Province of Alberta, Canada, without regard to conflict of law principles. Any disputes arising from this policy shall be subject to the exclusive jurisdiction of the courts of Alberta, Canada.