Roxi
Back to Home
Information Governance

Privacy Policy

Last Updated: June 8, 2026

Our Data Sale Protection Commitment

We understand that trust is the foundation of your business operations. Roxi strictly enforces a no-sale data architecture. **We do not sell, rent, lease, or share personal data or business lead metrics with brokers or third-party advertisers.**

1. Overview and Scope

Roxi Platform ("Roxi", "we", "our", or "us") is committed to protecting the privacy of our Customers (businesses subscribing to our services) and their leads, customers, and visitors. This Privacy Policy outlines how we collect, store, secure, process, and discard information through our landing pages, workflows, dashboard, and Unified Inbox.

Please note that Roxi operates primarily as a **Data Processor** for the business communications, contacts, and messaging records you manage using our platform ("Customer Data"). Our business customers act as the **Data Controllers** and are responsible for setting their own privacy rules and obtaining consents.

2. Information We Never Sell

We stand firmly by our B2B commitment: **Roxi will never sell your personal information, your customer directories, or your communication histories.** We do not monetize data for behavioral advertising, and we do not profile your customers for third-party commercial campaigns. All lead details and contact histories remain isolated to your specific organization account.

3. Information We Collect

We collect information in three ways: direct input from you, automation logs when your business uses our tools, and cookies or web trackers on our public pages.

  • Account & Registration Details: When you open a business account, we collect names, organization names, email addresses, phone numbers, and physical business addresses.
  • Billing Metadata: Subscription payments are processed via Stripe. We do not store full credit card details. Stripe provides us with transaction tokens, billing status, and payment coordinates.
  • Customer Data and Messaging Directories: Leads generated through your forms, SMS records, calendar bookings, and inbound chats in the Unified Inbox. This data is stored securely on our systems solely to execute your workflows.
  • Technical Logs & Analytics: IP addresses, browser agents, access times, click counts, and session metrics to help diagnose bugs, prevent DDoS attacks, and measure page load efficiency.

4. How We Use Collected Data

We use information strictly for business operations, optimization, and platform maintenance:

  • To run, configure, and maintain your business account and dashboards.
  • To deliver communications (SMS, emails, chat feeds) requested by your automated workflows.
  • To invoice and process payments securely via Stripe.
  • To troubleshoot account bugs, improve API response times, and identify platform vulnerabilities.
  • To enforce our Terms of Service and protect against network attacks or spam operations.

5. Third-Party Subprocessors and Sharing

To deliver high-speed message delivery and payment processing, we share data with a limited group of verified third-party subprocessors. These include hosting providers (e.g., database clusters), secure messaging APIs (e.g., SMTP relays and SMS gateways), and Stripe for subscription management. All subprocessors are vetted for compliance and are contractually forbidden from utilizing, selling, or sharing your data for any purpose other than providing the specific services requested by Roxi.

6. Data Security and Encryption

We implement industry-standard administrative, physical, and digital safeguards. All data transmitted to or from Roxi is encrypted in transit using SSL/TLS protocols, and all customer databases are encrypted at rest. We run regular firewall tests, isolate tenant accounts, and monitor access keys. However, no digital system can guarantee 100% security, and users are responsible for keeping their passwords and webhook signatures confidential.

7. Data Retention

We retain Customer Data for as long as your organization subscription remains active, or as needed to comply with our commercial auditing and legal tax obligations. If you close your account, we will systematically delete or anonymize your organization profile and lead databases within a reasonable period, except where carrier compliance audits require us to retain messaging logs.

8. International Data Transfers

Roxi servers are located primarily in North America. By using the Service, you acknowledge that data may be transferred to and processed in jurisdictions where database infrastructure is deployed. We ensure all such transfers comply with standard contractual clauses and security regulations.

9. Contact and Privacy Officer

If you have any questions about this Privacy Policy, wish to request database extraction, or have inquiries regarding GDPR, CCPA, or PIPEDA compliance, please reach out to our privacy coordinator at **legal@roxi.ca**.