PRIMEXSign in →

Privacy Policy

Last updated 2026-04-14

Effective date: 2026-04-14 Last updated: 2026-04-14

This document is drafted for engineering + operational accuracy, not legal sufficiency. Have qualified counsel review for your jurisdiction before you publish it at a customer-facing URL. Counsel should confirm language for CCPA/CPRA, VCDPA, CPA, CTDPA, UCPA, TDPSA, and any GDPR obligations you take on if you market outside the United States.

1. Who we are

PrimeX is a field-service operating system for residential service businesses. We provide software that helps businesses manage their customers, jobs, invoices, estimates, schedules, team, and customer communication.

  • Entity: PrimeX (legal entity name to be confirmed at incorporation)
  • Contact: privacy@primex.it.com
  • Data protection contact: privacy@primex.it.com

If you are one of our customers — a business owner or employee using PrimeX to run your operations — we are your service provider and data processor under most US state privacy laws. You are the controller of the personal information of your own customers.

If you are an end customer of one of our customers — for example, someone whose plumber uses PrimeX — please contact that business directly to exercise your rights over your data. They are the data controller.

2. Data we collect

From business users (owners, employees, managers, technicians):

  • Account info: name, work email, phone number, role
  • Authentication credentials (password hashes, session tokens, biometric verification flags)
  • Business profile: legal name, DBA, address, phone, website, logo, brand color, plan tier, license number
  • Team structure and permissions
  • Device information: device model, OS version, app version, crash diagnostics
  • App usage telemetry: screen views, action frequency, error reports
  • Precise location (only while the app is in use, only with explicit permission) — used for territory maps, dispatch, nearby-job discovery
  • Voice recordings and speech input (only when the user explicitly invokes the voice interface)
  • Photos captured through the in-app camera or selected from the gallery (only when the user attaches them to a job or estimate)

From end customers of our business users (collected and stored on behalf of that business):

  • Name, address, phone, email
  • Preferred contact channel (SMS, email, call)
  • Job history, service records, notes, tribal-knowledge tags
  • Invoices, estimates, payment status
  • Messages exchanged with the business (both directions)
  • Consent preferences for marketing SMS and marketing email
  • Property photos and equipment details the business records during service

We do not collect:

  • Advertising identifiers (IDFA, GAID)
  • Browsing history outside the PrimeX app
  • Health or fitness data
  • Financial account credentials (card numbers never touch PrimeX servers — all payment processing runs through Stripe)
  • Social-graph data from outside sources

3. How we use the data

1. To operate the service. Display customers, jobs, schedules, and communication history. Deliver SMS and email on behalf of the business. Power the Prime AI assistant features (drafting, suggestions, schedule optimization). 2. To keep the service secure. Detect abuse, investigate incidents, block unauthorized access, enforce tenant isolation. 3. To improve the service. Analyze anonymized crash reports, diagnose performance issues, measure feature adoption in aggregate. 4. To support customers. Respond to your messages, debug issues you report, recover data you ask us to recover. 5. To comply with law. Respond to lawful legal process, honor statutory data subject rights, cooperate with audits.

We do not use your data to:

  • Sell to third parties (we do not sell personal information, period)
  • Train generic AI models
  • Serve advertising
  • Build cross-service profiles

4. AI features and your data

Prime AI features (chat, drafting, suggestions, schedule optimization, voice input) are powered by Anthropic's Claude API. When you interact with Prime, the relevant context from your PrimeX account is sent to Anthropic solely to generate a response. Anthropic acts as our sub-processor.

  • We do not use customer data to train Anthropic models
  • We have a zero-retention configuration in place via Anthropic's enterprise settings (effective once our enterprise contract is signed; interim builds use standard retention per Anthropic's default policy)
  • Voice recordings are processed for transcription and immediately discarded

5. Who we share data with

Our sub-processors (each under a written data protection agreement):

Sub-processorPurposeData flow
Supabase (hosting + database + auth)Primary data store, authentication, edge functionsAll core app data
AnthropicClaude LLM for Prime AI featuresPrompt payloads (see section 4)
MapboxTerritory map tiles, geocodingMap requests — addresses are not tied to an identifiable user by Mapbox
StripePayment processing for PrimeX subscriptions and invoices the business sendsCard data flows directly to Stripe, never to us
TwilioSMS deliveryPhone number + message body
ResendTransactional and marketing email deliveryEmail address + message body
SentryError monitoring and crash reportingError stack traces, device context, app state at crash time
Apple / GooglePush notificationsDevice push tokens

We will share data with law enforcement only when compelled by valid legal process. We will notify you unless the process prohibits notice.

6. Your rights

Regardless of jurisdiction, you can:

  • Access — export a complete copy of your PrimeX data in JSON format via Settings → Privacy & Data → Export My Data
  • Delete — permanently erase all your PrimeX data via Settings → Privacy & Data → Delete All My Data (two-step confirmation)
  • Correct — update any inaccurate data through the in-app edit flows
  • Object — disable any processing you don't want (marketing emails, AI suggestions, etc.) via Settings → Prime Preferences
  • Appeal — contact privacy@primex.it.com if we decline a request; we will review within 30 days

For residents of California, Colorado, Connecticut, Virginia, Utah, Texas, Oregon, Montana, Delaware, New Hampshire, New Jersey, Minnesota, Maryland, Iowa, Tennessee, or Indiana, the applicable state privacy laws grant the rights listed above and may grant additional rights (opt-out of targeted advertising, opt-out of sale, opt-out of profiling in service of decisions producing legal effects). Contact privacy@primex.it.com to exercise any state-specific right.

7. Data retention

  • Active account data: held for as long as your subscription is active
  • Deleted account data: permanently erased from our live systems within 30 days of deletion request. Backups may retain encrypted copies for up to 90 days, after which they are overwritten on rotation
  • Audit logs: retained for 2 years for security investigation purposes
  • Financial records: retained for 7 years as required by US tax law
  • Marketing suppression list: retained indefinitely so that unsubscribed users stay unsubscribed even if your account is deleted and recreated

8. Security measures

  • All data in transit uses TLS 1.2 or higher
  • At-rest encryption for database, file storage, and secrets
  • Row-level security in our Postgres database enforces strict tenant isolation — we have tooling (see supabase/tools/verify-rls.sql in our engineering repository) that we run before every production deployment to verify coverage
  • JWT-based authentication with hardware-backed secure storage (iOS Secure Enclave, Android Keystore)
  • Audit logging of sensitive operations
  • Error monitoring through Sentry with PII masking
  • Dependency and vulnerability scanning through automated tooling

We cannot guarantee absolute security of any online service. If you believe your account has been compromised, contact security@primex.it.com immediately.

9. International transfers

PrimeX is currently operated from the United States. If you access the service from another country, your data is transferred to the US. We do not currently market to EU residents or offer the service to businesses located in the EU, UK, Switzerland, or EEA. If we do so in the future, this section will be updated to reflect the transfer mechanism (Standard Contractual Clauses, etc.) we rely on.

10. Children

PrimeX is a B2B tool and is not directed to children under 16. We do not knowingly collect personal information from anyone under 16. If you believe we have collected such information, contact privacy@primex.it.com and we will delete it.

11. Changes to this policy

We will notify you of material changes via in-app notice, email, or both, at least 30 days before the change takes effect. The "Last updated" date at the top of this document will always reflect the most recent revision.

12. Contact

privacy@primex.it.com · PrimeX (legal entity name TBD)

For urgent security issues: security@primex.it.com

Questions? Email support@primex.it.com. Data-specific questions: privacy@primex.it.com.