Privacy Policy

This Privacy Policy describes how Lexopoly Inc. ("we," "us," or "our") collects, uses, and protects information when you use ComplianceLogger ("the Service").

1. Information We Collect

Account Information

When you create an account, we collect:

• Email address (required for login and communication)
• Password (encrypted and hashed using bcrypt)
• Company name (optional)
• Account creation date

Waste Log Data

When you use ComplianceLogger, you create waste disposal records containing:

• Project names and descriptions
• Waste types, quantities, and classifications
• Disposal locations and hauler information
• Manifest numbers and EPA tracking data
• Cost estimates and actual costs
• Confidence levels (Documented/Estimated/Reconstructed)
• Creation timestamps and modification history
• Internal notes and reconstruction methodology

Photo Uploads

Photos you upload are stored securely and may include:

• Waste material images
• Disposal site photos
• Manifest and receipt documentation
• Equipment and container photos

Payment Information

We use Stripe for payment processing. We store:

• Subscription status (active/cancelled)
• Billing cycle dates
• Payment history

We do NOT store credit card numbers. All payment card information is handled directly by Stripe in compliance with PCI-DSS standards.

Technical Information

We automatically collect:

• IP address (for security and fraud prevention)
• Browser type and version
• Device information (desktop/mobile/tablet)
• Login timestamps and session data
• Error logs and performance metrics

2. How We Use Your Information

Service Delivery

• Provide access to ComplianceLogger features
• Store and retrieve your waste tracking data
• Generate compliance reports and exports
• Process subscription payments via Stripe

Communication

• Send account notifications (password resets, billing updates)
• Respond to support requests
• Notify you of service updates or maintenance
• Send product announcements (you can opt out)

Improvement & Security

• Monitor service performance and reliability
• Detect and prevent fraud or abuse
• Debug technical issues
• Analyze usage patterns to improve features

3. Data Storage & Security

Infrastructure

Your data is hosted on secure cloud infrastructure:

• Database: managed PostgreSQL service with encryption at rest
• Photo Storage: S3-compatible secure storage with redundancy
• Application Hosting: cloud hosting platform with SSL/TLS encryption

Security Measures

• Encryption in transit: All data transmitted over HTTPS (TLS 1.2+)
• Encryption at rest: Database and file storage encrypted
• Password security: Passwords hashed using bcrypt (never stored in plain text)
• Access control: Row-level security ensures you only see your own data
• Backups: Automatic daily backups with 3-year retention

Data Retention

• Active accounts: Data retained indefinitely while subscription is active
• Cancelled accounts: Data retained for 90 days after cancellation, then permanently deleted
• Trial accounts: Data deleted 30 days after trial expiration if not converted to paid
• Backups: Database backups retained for 3 years for disaster recovery

4. Data Sharing & Disclosure

We Do NOT Sell Your Data

We do not sell, rent, or trade your personal information or waste tracking data to third parties.

Third-Party Services

We share limited data with trusted service providers:

• Stripe: Payment processing (email, billing info)
• Email service (future): Transactional emails only

These providers are contractually bound to protect your data and use it only for services we request.

Legal Requirements

We may disclose information if required by law:

• In response to valid subpoenas or court orders
• To comply with EPA or regulatory investigations
• To protect our legal rights or prevent fraud
• In connection with a business sale or merger (with notice)

5. Your Rights & Choices

Access & Export

You can access and export your data at any time:

• View all waste logs via the dashboard
• Export individual logs or bulk data to CSV
• Download your uploaded photos
• Request a complete data export by emailing support@lexopoly.com

Correction & Deletion

• Edit or delete waste logs directly in the app
• Update account information in settings
• Request account deletion by emailing support@lexopoly.com

Marketing Communications

• You can opt out of product announcements and marketing emails
• You cannot opt out of transactional emails (billing, security alerts)
• Unsubscribe links included in all marketing emails

6. Cookies & Tracking

Essential Cookies

We use cookies to maintain your login session:

• Session cookies: Required for authentication (expires on logout)
• Preference cookies: Remember your settings (optional)

Analytics (Future)

We may add privacy-focused analytics in the future to understand usage patterns. If implemented, you will be notified and given opt-out options.

7. Children's Privacy

ComplianceLogger is not intended for users under 18. We do not knowingly collect information from children. If you believe a child has created an account, contact us immediately at support@lexopoly.com.

8. International Users

ComplianceLogger is operated from the United States. If you access the Service from outside the US, your data will be transferred to and stored in the US. By using ComplianceLogger, you consent to this transfer.

9. Changes to This Policy

We may update this Privacy Policy as the Service evolves. If we make material changes:

• We will notify you via email at least 30 days before changes take effect
• The "Effective Date" at the top will be updated
• Continued use of the Service constitutes acceptance of the new policy

10. Contact Us

Questions about this Privacy Policy or how we handle your data?

Email: support@lexopoly.com
Company: Lexopoly Inc.
Support Hours: Monday–Friday, 9:00 AM – 5:00 PM MT

11. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

• Right to know: What personal information we collect and how we use it
• Right to delete: Request deletion of your personal information
• Right to opt-out: We do not sell personal information, so opt-out is not applicable
• Right to non-discrimination: We will not discriminate against you for exercising your rights

To exercise these rights, email support@lexopoly.com with "CCPA Request" in the subject line.

12. European Users (GDPR)

If you are in the European Economic Area (EEA), you have rights under the General Data Protection Regulation (GDPR):

• Legal basis for processing: Contract fulfillment (providing the Service)
• Data portability: Export your data in CSV format
• Right to erasure: Request account deletion
• Right to object: Object to data processing (may result in service termination)

To exercise these rights, contact support@lexopoly.com.

---

Summary: We collect only what we need to run ComplianceLogger. We don't sell your data. We encrypt everything. You can export or delete your data anytime.