Privacy Policy

1. Introduction

ProxCore ("we", "us", "our"), a product of ProxCentral Platforms developed by DEVIPROX, provides a multi-tenant business management platform. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform, including all features and services offered through it.

By accessing or using ProxCore, you agree to this Privacy Policy. If you do not agree, please discontinue use immediately.

2. Information We Collect

2.1 Account & Organisation Information

When you register or are invited to an organisation, we collect:

• Full name, email address, and encrypted password
• Organisation name, slug, and your role within the organisation
• Billing and subscription details (plan tier, payment method via Stripe)

2.2 Business Data You Store

ProxCore stores the business data you create and manage, including but not limited to:

• CRM Data: Customer records, contacts, leads, lead scores, pipeline stages, and activity logs
• Financial Records: Quotes, invoices, expenses, payments, accounting journal entries, and bank reconciliation data
• Project Management: Projects, task boards, task assignments, and statuses
• Time Tracking: Time entries, tracked hours, and associated project/task linkages
• Proposals: Proposal documents, templates, and client-facing content
• Asset Management: Hardware, software, and asset inventory records
• Password Vault: Encrypted credentials stored on your behalf
• Calendar Events: Scheduled meetings, reminders, and event data
• Reports: Generated analytics and performance reports

2.3 Files & Documents

Files you upload (attachments, documents, images) are stored securely in cloud storage and referenced in your organisation's database records.

2.4 Communication Data

• WhatsApp Integration: Conversation history, message content, contact phone numbers, and delivery status when you connect the WhatsApp Business API
• Twilio / Call Logs: Call records, call duration, phone numbers, recordings (if enabled), and call status data
• Email: SMTP configuration settings (server, port, credentials) and email sending logs

2.5 Client Portal Data

When your clients access the Client Portal, we collect their access tokens, viewing activity, and any interactions (e.g., accepting quotes, viewing invoices or proposals).

2.6 Usage & Technical Data

• Browser type, device information, IP address
• Pages visited, features used, timestamps
• Error logs and performance metrics

3. How We Use Your Information

We use the information we collect to:

• Provide, operate, and maintain the ProxCore platform and all its modules
• Process transactions and manage subscriptions through Stripe
• Enable multi-tenant data isolation so each organisation's data remains separate and secure
• Facilitate third-party integrations (WhatsApp Business API, Twilio) on your behalf
• Generate reports, analytics, and dashboards for your business
• Send system notifications, billing alerts, and service communications
• Monitor platform security, detect fraud, and prevent abuse
• Improve our services, fix bugs, and develop new features

4. Data Sharing & Third-Party Services

We do not sell your personal data. We share data only in the following circumstances:

4.1 Service Providers

• Stripe: Payment processing and subscription management. Stripe receives billing details necessary to process payments. See Stripe's Privacy Policy.
• Amazon Web Services (AWS): Cloud infrastructure and file storage (S3). See AWS Privacy Policy.
• Meta (WhatsApp Business API): When you enable WhatsApp integration, message data is processed through Meta's platform. See WhatsApp Privacy Policy.
• Twilio: When you enable call integration, call data is processed through Twilio. See Twilio Privacy Policy.
• CurrencyFreaks: Optional currency exchange rate data. No personal data is shared — only API requests for exchange rates.

4.2 Legal Requirements

We may disclose information if required by law, regulation, legal process, or governmental request, or to protect the rights, safety, or property of ProxCore, our users, or the public.

4.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, user data may be transferred as part of the transaction. We will notify affected users of any change in ownership or data handling practices.

5. Data Security

• All passwords are hashed using bcrypt before storage
• Password Vault entries are encrypted at rest
• All data transmission uses TLS/HTTPS encryption
• Multi-tenant architecture ensures strict organisation-level data isolation
• Role-based access control (Member, Admin, Sudo) limits data exposure
• Third-party API credentials (WhatsApp, Twilio, SMTP) are stored securely and masked in the UI
• Stripe webhook signatures are verified using HMAC to prevent tampering
• File uploads use pre-signed URLs with time-limited access

While we implement industry-standard security measures, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security.

6. Data Retention

We retain your data for as long as your account is active or as needed to provide services. Specifically:

• Account data: Retained until account deletion is requested
• Business data: Retained for the lifetime of the organisation's account
• Communication logs: Retained while the respective integration is active
• Uploaded files: Retained until manually deleted or account closure
• Billing records: Retained as required by applicable tax and financial regulations

Upon account deletion, we will remove your data in accordance with our User Data Deletion Policy.

7. Your Rights

Depending on your jurisdiction, you may have the following rights:

• Access: Request a copy of the personal data we hold about you
• Rectification: Request correction of inaccurate or incomplete data
• Erasure: Request deletion of your personal data (see our Data Deletion Policy)
• Portability: Request your data in a structured, machine-readable format
• Restriction: Request that we limit processing of your data
• Objection: Object to processing of your data for certain purposes

To exercise any of these rights, please contact us at [email protected].

8. Cookies & Tracking

ProxCore uses essential cookies for authentication (session tokens) and preference storage (theme selection). We do not use third-party advertising cookies or tracking pixels. Analytics, when enabled, use aggregated platform-level data and do not track individual users across external sites.

9. Children's Privacy

ProxCore is not intended for individuals under the age of 18. We do not knowingly collect personal data from minors. If we become aware that we have collected data from a minor, we will take steps to delete it promptly.

10. International Data Transfers

Your data may be processed and stored in jurisdictions outside your country of residence where our infrastructure providers operate. We ensure appropriate safeguards are in place for any such transfers in compliance with applicable data protection laws.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify registered users of material changes via email or an in-app notification. Continued use of ProxCore after changes constitutes acceptance of the updated policy.

12. Contact Us

If you have questions or concerns about this Privacy Policy, please contact us:

• Email: [email protected]
• Platform: ProxCentral Platforms