This Privacy Policy describes how InferX, Inc. ("InferX," "we," "us," or "our") collects, uses, stores, shares, and protects information about you when you access or use our website at getinferx.com, our application programming interfaces, our fraud detection and risk scoring platform, and related services (collectively, the "Services"). By using our Services, you agree to the practices described in this Privacy Policy.
InferX is headquartered at 3000 Hanover Street, Palo Alto, CA 94304, United States. If you have questions about this Privacy Policy or how we handle your data, contact us at hi@getinferx.com.
1. Scope of This Policy
This Privacy Policy applies to:
- Visitors to the getinferx.com website
- Prospective customers who submit inquiries, demo requests, or contact forms
- Customers and their authorized personnel who use the InferX platform under a subscription agreement
- Personnel at payment processors and fintech companies who interact with InferX in a business capacity
This Policy does not cover information processed on behalf of InferX customers in the course of providing fraud detection and risk scoring services. When InferX processes transaction data for customers under a Data Processing Agreement, the customer is the data controller and InferX acts as a data processor. The customer's privacy policy governs the processing of their end users' transaction data, and InferX processes that data only under the customer's documented instructions.
2. Information We Collect
2.1 Information You Provide Directly
When you interact with InferX's website or request information about our Services, you may provide:
- Contact information: Name, business email address, job title, company name, phone number
- Account credentials: Username and password for platform access (passwords stored as salted cryptographic hashes, never in plaintext)
- Payment information: Billing address, credit card or bank account details for subscription payments (processed by Stripe; InferX does not store raw payment card data)
- Communications: Content of emails, chat messages, or support tickets you send to InferX
- Survey and feedback responses: Information you provide in product feedback surveys or customer interviews
2.2 Information Collected Automatically
When you visit getinferx.com, our web servers and analytics services automatically collect:
- Log data: IP address, browser type, browser version, operating system, referring URL, pages visited, time and date of visits, time spent on pages
- Device information: Device type, screen resolution, language settings
- Cookie data: Information stored in cookies or similar tracking technologies as described in our Cookie Policy
- Usage data: Feature usage patterns, API call frequency, dashboard navigation (for platform users)
2.3 Information From Third Parties
We may receive information about you from:
- Business data providers: Company information, industry data, and firmographic information from providers such as Clearbit or ZoomInfo used to improve sales and marketing targeting
- Identity verification services: When required for account verification or compliance purposes
- Analytics and advertising platforms: Aggregate audience data from platforms including Google Analytics where you have visited InferX-related content
3. How We Use Your Information
3.1 Providing and Improving the Services
- Processing and fulfilling your account registration and subscription
- Authenticating your identity when you access the platform
- Providing technical support and responding to service requests
- Monitoring platform performance, diagnosing technical problems, and improving reliability
- Developing new product features based on usage patterns and customer feedback
- Conducting security monitoring to protect against unauthorized access to the platform
3.2 Billing and Account Administration
- Processing subscription payments through our payment processor (Stripe)
- Sending invoices, payment confirmations, and billing statements
- Enforcing usage limits tied to your subscription plan
- Managing account upgrades, renewals, and cancellations
3.3 Communications
- Sending transactional emails related to your account (password resets, security alerts, service notifications)
- Responding to inquiries submitted through contact forms or by email
- Sending product updates, feature announcements, and technical documentation where you have opted in or where we have a legitimate interest in communicating with business contacts
- Marketing communications for InferX products and services where you have provided consent or where applicable law permits
3.4 Legal and Compliance
- Complying with applicable laws, regulations, and legal processes
- Responding to lawful requests from law enforcement or government authorities
- Enforcing our Terms of Service and other agreements
- Protecting InferX's legal rights and interests
4. Legal Basis for Processing (GDPR)
For individuals located in the European Economic Area (EEA), United Kingdom, or Switzerland, InferX processes personal data on the following legal bases under the General Data Protection Regulation (GDPR):
- Contract performance (Article 6(1)(b)): Processing necessary to fulfill a contract with you or to take pre-contractual steps at your request, including providing the Services under a subscription agreement
- Legitimate interests (Article 6(1)(f)): Processing necessary for InferX's legitimate business interests, including fraud prevention within our own systems, improving our Services, and business development communications with professional contacts, where those interests are not overridden by your rights and freedoms
- Consent (Article 6(1)(a)): Processing based on your explicit consent, including marketing communications and certain cookie-based analytics. You may withdraw consent at any time without affecting the lawfulness of processing before withdrawal
- Legal obligation (Article 6(1)(c)): Processing necessary to comply with legal obligations applicable to InferX
5. How We Share Your Information
5.1 Service Providers
InferX engages third-party service providers who process personal data on our behalf under data processing agreements that require them to implement appropriate technical and organizational security measures:
- Amazon Web Services (AWS): Cloud infrastructure for platform hosting, data storage, and compute services. AWS infrastructure is located in the United States (us-east-1 primary region)
- Stripe: Payment processing for subscription billing. Stripe is a PCI DSS Level 1 certified payment processor
- Salesforce / HubSpot: Customer relationship management for managing sales pipeline and customer communications
- Zendesk: Customer support ticket management
- Google Analytics: Website analytics (with IP anonymization enabled)
- Postmark: Transactional email delivery
- PagerDuty: Operational alerting for platform incidents (may include customer contact details for incident notifications)
5.2 Business Transfers
If InferX is acquired by or merged with another company, undergoes a financing transaction, or transfers all or substantially all of its assets, personal data about you may be transferred as part of that transaction. We will provide notice before your personal data becomes subject to a different privacy policy.
5.3 Legal Requirements
We may disclose your information to law enforcement, government authorities, or third parties when we believe disclosure is necessary to comply with a legal obligation, enforce our agreements, protect the safety of any person, or protect InferX's rights or property. We will attempt to notify you of such disclosures where legally permitted.
5.4 What We Do Not Do
InferX does not sell your personal information to third parties. InferX does not share your personal information with third parties for their independent marketing or advertising purposes. InferX does not monetize personal data collected through the platform.
6. Data Retention
We retain personal data for as long as necessary to fulfill the purposes for which it was collected, subject to the following retention periods:
- Account information: Retained for the duration of the customer relationship plus 3 years for tax and legal compliance purposes following account termination
- Transaction and usage logs: Retained for 13 months for operational troubleshooting and security audit purposes, then deleted or anonymized
- Customer support records: Retained for 3 years following resolution of the support interaction
- Marketing contact information: Retained until you opt out or request deletion, with annual list hygiene to remove inactive contacts
- Website analytics data: Retained for 26 months in Google Analytics (default GA4 retention period)
- Billing records: Retained for 7 years as required by US tax law
When retention periods expire, we either delete the data or anonymize it such that it can no longer be associated with any individual. Anonymized, aggregated data may be retained indefinitely for product analytics and business planning purposes.
7. Data Security
InferX implements technical and organizational measures designed to protect personal data against unauthorized access, disclosure, alteration, or destruction. These measures include:
- Encryption of data at rest using AES-256 and in transit using TLS 1.2 or higher
- Access controls limiting employee access to customer data to those with a legitimate business need
- Multi-factor authentication required for employee access to production systems containing customer data
- Regular security vulnerability assessments and penetration testing by qualified third parties
- Security incident response procedures with defined notification timelines
- SOC 2 Type II compliance program (current audit report available to customers under NDA)
Despite these measures, no data transmission over the internet or method of electronic storage is fully secure. If you have reason to believe your interaction with InferX has been compromised, contact us immediately at hi@getinferx.com.
8. International Data Transfers
InferX is based in the United States. If you are accessing our Services from outside the United States, your personal data will be transferred to, stored in, and processed in the United States, where data protection laws may differ from those in your jurisdiction.
For transfers of personal data from the EEA, UK, or Switzerland to the United States, InferX relies on Standard Contractual Clauses (SCCs) approved by the European Commission and UK Information Commissioner's Office as the lawful transfer mechanism. We supplement SCCs with technical and organizational safeguards including encryption and access controls.
Customers processing data subject to GDPR may request a copy of InferX's Data Processing Agreement, which includes applicable SCCs, by contacting hi@getinferx.com.
9. Your Rights
9.1 Rights Under GDPR (EEA, UK, Switzerland)
If you are located in the EEA, UK, or Switzerland, you have the following rights regarding your personal data:
- Right of access: Request a copy of the personal data we hold about you
- Right to rectification: Request correction of inaccurate or incomplete personal data
- Right to erasure: Request deletion of personal data in certain circumstances (where the data is no longer necessary, where you withdraw consent, or where the processing is unlawful)
- Right to restriction: Request that we restrict processing of your personal data in certain circumstances
- Right to data portability: Receive your personal data in a structured, commonly used, machine-readable format where processing is based on consent or contract
- Right to object: Object to processing based on legitimate interests or direct marketing
- Rights related to automated decision-making: Where InferX makes automated decisions that significantly affect you, you have the right to request human review of those decisions
9.2 Rights Under CCPA (California Residents)
If you are a California resident, the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA) provides you with the following rights:
- Right to know: Request disclosure of the categories and specific pieces of personal information we have collected about you, the categories of sources, our business or commercial purpose for collecting it, and the categories of third parties with whom we share it
- Right to delete: Request deletion of personal information we have collected, subject to certain exceptions
- Right to correct: Request correction of inaccurate personal information
- Right to opt out of sale or sharing: InferX does not sell or share personal information as defined under CCPA. This right is not applicable to InferX's current data practices
- Right to limit use of sensitive personal information: Request limitation on the use of sensitive personal information to purposes for which it was collected
- Right to non-discrimination: We will not discriminate against you for exercising your CCPA rights
To exercise your California rights, submit a verifiable consumer request to hi@getinferx.com. We will respond within 45 days. We may extend the response period by an additional 45 days when reasonably necessary.
9.3 How to Exercise Your Rights
To exercise your rights under GDPR, CCPA, or any applicable law, contact us at hi@getinferx.com with "Privacy Request" in the subject line. We will verify your identity before processing your request. We may ask for additional information to confirm your identity and locate your records. We do not charge a fee for responding to rights requests unless a request is manifestly unfounded or excessive.
10. Children's Privacy
The InferX Services are designed for business use by adults and are not directed at children under the age of 16. We do not knowingly collect personal data from children under 16. If we learn that we have collected personal data from a child under 16, we will promptly delete it. If you believe we may have collected information from a child under 16, contact us at hi@getinferx.com.
11. Cookies and Tracking Technologies
InferX uses cookies and similar tracking technologies on getinferx.com. For detailed information about the types of cookies we use, their purposes, and how to manage your cookie preferences, see our Cookie Policy.
12. Links to Third-Party Websites
The InferX website may contain links to third-party websites, including documentation hosted on external platforms, integration partner sites, and industry resources. InferX does not control and is not responsible for the privacy practices of third-party websites. We encourage you to review the privacy policies of any third-party site you visit through a link from the InferX website.
13. Changes to This Privacy Policy
InferX may update this Privacy Policy from time to time as our Services evolve, as laws change, or as we refine our data practices. When we make material changes, we will update the "Last updated" date at the top of this Policy and, where we have your email address and the change significantly affects your rights, we will send you notification by email at least 14 days before the changes take effect.
Your continued use of the Services after the effective date of an updated Privacy Policy constitutes your acceptance of the revised Policy. If you do not agree to the changes, you should discontinue use of the Services and contact us about closing your account.
14. Data Protection Officer and Supervisory Authority
InferX has not appointed a formal Data Protection Officer (DPO) as we do not engage in large-scale systematic processing of special categories of personal data. For privacy-related inquiries, contact Priya Rajapakse at hi@getinferx.com.
If you are located in the EEA and believe InferX has processed your personal data in violation of applicable law, you have the right to lodge a complaint with your local supervisory authority. A list of EEA supervisory authorities is available at the European Data Protection Board website. UK residents may lodge complaints with the Information Commissioner's Office (ICO) at ico.org.uk.
15. Contact Information
For questions, concerns, or requests related to this Privacy Policy or InferX's data practices, contact us:
- Email: hi@getinferx.com
- Mail: InferX, Inc., Attn: Privacy, 3000 Hanover Street, Palo Alto, CA 94304
- Phone: +1 (650) 731-4958
We will respond to privacy inquiries within 30 days of receipt. For complex requests, we may require additional time and will notify you of the extended timeline.
