Privacy Policy

Introduction

This Privacy Policy applies to all visitors, customers, authorized users, and other individuals who access or use our Services. If you are accessing or using the Services on behalf of a business or organization, you represent that you have the authority to bind that entity to this Policy.

Please read this Privacy Policy carefully. If you do not agree with its terms, please discontinue use of our Services.

1. Information We Collect

We collect information you provide directly to us, information gathered automatically through your use of the Services, and information from third-party sources.

1.1 Information You Provide to Us

• Account Registration: Name, email address, job title, company name, phone number, and password when you create an account.
• Profile Information: Contact details, preferences, and other data you choose to add to your user profile.
• Payment and Billing: Billing address and payment method details. Full card numbers are processed directly by our payment processor and are not stored on Torgix systems.
• Communications: Records of your correspondence with us, including support tickets, emails, chat logs, and survey responses.
• User-Generated Content: Data, files, photos, notes, work orders, asset records, parts data, and other content you create or submit through the Services.

1.2 Information Collected Automatically

• Usage Data: Pages viewed, features used, search queries, work orders created, session duration, and actions taken within the platform.
• Device and Technical Data: IP address, browser type and version, operating system, device identifiers, and screen resolution.
• Log Data: Server logs, error reports, diagnostic data, and timestamps associated with your use of the Services.
• Location Data: Approximate geographic location derived from your IP address. We do not collect precise GPS location unless you explicitly enable location-based features.
• Cookies and Tracking Technologies: See Section 5 for details.

1.3 Information from Third Parties

• Integration Partners: If you connect third-party applications (e.g., telematics systems, ERP platforms, or accounting software) to the Services, we may receive data from those integrations as authorized by you.
• Single Sign-On (SSO): If you authenticate via an SSO provider (e.g., Google, Microsoft, Okta), we receive authentication credentials and basic profile data from your identity provider.
• Business Partners and Resellers: We may receive contact and company information from authorized channel partners or resellers who refer customers to us.

2. How We Use Your Information

We use the information we collect for the following purposes:

2.1 Providing and Improving the Services

• Create and manage your account and subscription.
• Deliver the features and functionality of the platform.
• Process transactions and send related billing communications.
• Respond to support requests, troubleshoot issues, and provide technical assistance.
• Analyze usage patterns to improve, develop, and optimize the Services.
• Conduct internal research and analytics to understand how users interact with the platform.

2.2 Communications

• Send transactional messages such as account confirmations, invoices, and security alerts.
• Provide product updates, release notes, and feature announcements.
• Send marketing communications about Torgix products and services where permitted by applicable law. You may opt out at any time (see Section 8).

2.3 Security and Compliance

• Detect, investigate, and prevent fraudulent transactions, unauthorized access, and other illegal activities.
• Enforce our Terms of Service and other applicable agreements.
• Comply with applicable laws, regulations, legal process, and governmental requests.
• Protect the rights, property, and safety of Torgix, our users, and the public.

2.4 Business Operations

• Administer our business, including accounting, auditing, and compliance functions.
• Evaluate and complete corporate transactions such as mergers, acquisitions, or asset sales (see Section 4.3).
• Fulfill any other purpose disclosed to you at the time you provide information, or for which you provide consent.

3. Legal Bases for Processing (EEA, UK, and Switzerland)

If you are located in the European Economic Area ("EEA"), the United Kingdom, or Switzerland, our legal bases for processing your personal information are:

• Performance of a Contract: Processing necessary to provide the Services you have requested, including account management and billing.
• Legitimate Interests: Processing for our legitimate business interests, such as improving the Services, preventing fraud, and sending relevant business communications, where those interests are not overridden by your rights.
• Compliance with Legal Obligations: Processing required to comply with applicable laws and regulations.
• Consent: Where we rely on your consent (e.g., certain marketing communications or optional cookies), you may withdraw consent at any time without affecting the lawfulness of prior processing.

4. Sharing of Information

We do not sell your personal information. We may share your information in the following circumstances:

4.1 Service Providers and Subprocessors

We engage trusted third-party companies to perform functions on our behalf, such as cloud infrastructure, payment processing, customer support, email delivery, analytics, and security monitoring. These providers access your information only as necessary to perform their functions and are bound by contractual obligations to protect it.

4.2 Customer Administrators

If you are an authorized user accessing the Services through your employer's or organization's account, your account information and activity data may be accessible to administrators designated by that organization. Your use of the Services may be subject to your organization's policies.

4.3 Business Transfers

If Torgix is involved in a merger, acquisition, bankruptcy, reorganization, or sale of all or a portion of its assets, your information may be transferred as part of that transaction. We will notify you by email and/or a prominent notice on our website of any such change in ownership or control of your personal information.

4.4 Legal and Safety Disclosures

We may disclose your information if we believe in good faith that such disclosure is necessary to:

• Comply with applicable law, regulation, legal process, or governmental request;
• Enforce our Terms of Service or other applicable agreements;
• Detect, prevent, or address fraud, security, or technical issues; or
• Protect the rights, property, or safety of Torgix, our users, or others.

4.5 Aggregated and De-Identified Data

We may share aggregated, anonymized, or de-identified information that cannot reasonably be used to identify you. We use such data for industry research, benchmarking, product development, and similar purposes.

4.6 With Your Consent

We may share your information for purposes not described in this Policy with your prior consent.

5. Cookies and Tracking Technologies

We use cookies, web beacons, pixels, and similar tracking technologies to collect information about your interactions with the Services and to improve your experience.

5.1 Types of Cookies We Use

• Strictly Necessary: Required for the Services to function. These include authentication tokens, session management, and security features and cannot be switched off.
• Performance and Analytics: Help us understand how visitors interact with the Services, measure traffic and usage, and identify areas for improvement.
• Functional: Allow us to remember your preferences, such as language settings and display options.
• Targeting and Advertising: Used on our marketing website to measure campaign effectiveness. These are not used inside the authenticated platform.

5.2 Your Cookie Choices

You can manage cookie preferences through the banner displayed on your first visit to our website, or through your browser settings. Disabling certain cookies may affect the functionality of the Services.

6. Data Retention

We retain personal information for as long as necessary to provide the Services, fulfill the purposes described in this Policy, comply with our legal obligations, resolve disputes, and enforce our agreements. Our standard retention practices are:

• Active Accounts: We retain account and usage data for the duration of your subscription and a reasonable period thereafter.
• Terminated Accounts: Following termination or expiration of your subscription, we retain your data for 30 days, during which you may export your data. After 30 days, we permanently delete or anonymize your personal information.
• Marketing Data: We retain contact information for marketing communications until you opt out or request deletion.
• Legal Holds: We may retain data beyond standard retention periods where required by legal obligation or to resolve active disputes.

7. Security

We implement industry-standard technical, administrative, and physical safeguards to protect your personal information. These include:

• Encryption of data in transit (TLS 1.2+) and at rest (AES-256);
• Role-based access controls and multi-factor authentication for internal systems;
• Regular security assessments, penetration testing, and vulnerability management;
• Incident response procedures for detecting, containing, and notifying affected parties of security incidents.

Despite our efforts, no security system is entirely impenetrable. You are responsible for maintaining the confidentiality of your account credentials. Please notify us immediately at security@torgix.ai if you suspect any unauthorized access to your account.

8. Your Rights and Choices

8.1 Access, Correction, and Portability

You may access, update, or correct your personal information through your account settings at any time. You may also request a copy of the personal information we hold about you in a structured, machine-readable format by contacting us at privacy@torgix.ai.

8.2 Deletion

You may request deletion of your personal information by contacting us at privacy@torgix.ai. We will process deletion requests within 30 days, subject to obligations requiring us to retain certain data for legal, accounting, or dispute resolution purposes.

8.3 Marketing Opt-Out

You may opt out of marketing emails by clicking the "unsubscribe" link in any marketing email or by contacting privacy@torgix.ai. You will continue to receive transactional communications related to your account and subscription.

8.4 Cookie Preferences

You may manage cookie preferences at any time through our cookie preference center or through your browser settings. See Section 5 for details.

8.5 Objection and Restriction

Where we process your information based on legitimate interests, you may object to that processing. You may also request restriction of processing under certain circumstances. We will evaluate your request and respond within 30 days.

9. California Privacy Rights (CCPA/CPRA)

If you are a California resident, the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), provides you with specific rights regarding your personal information.

9.1 Categories of Personal Information We Collect

In the preceding 12 months, we have collected the following categories of personal information as defined by the CCPA:

• Identifiers: Name, email address, IP address, account username, and device identifiers.
• Commercial Information: Transaction records, subscription history, and billing information.
• Internet or Electronic Network Activity: Usage data, log data, and platform interactions.
• Professional or Employment-Related Information: Job title, employer name, and work contact details.
• Geolocation Data: Approximate location derived from IP address.
• Inferences: Profile data derived from the above to understand user preferences and improve the Services.

9.2 Your California Rights

• Right to Know: Request disclosure of the categories and specific pieces of personal information we have collected about you in the preceding 12 months.
• Right to Delete: Request deletion of personal information we have collected about you, subject to certain exceptions.
• Right to Correct: Request correction of inaccurate personal information.
• Right to Opt-Out of Sale or Sharing: We do not sell or share personal information for cross-context behavioral advertising.
• Right to Limit Use of Sensitive Personal Information: We do not use sensitive personal information beyond what is necessary to provide the Services.
• Right to Non-Discrimination: We will not discriminate against you for exercising your California privacy rights.

9.3 How to Submit a California Request

Submit your request to privacy@torgix.ai with the subject line "California Privacy Request." We will respond within 45 days and may need to verify your identity before processing your request.

10. Additional Rights for EEA, UK, and Switzerland Residents

If you are located in the European Economic Area, the United Kingdom, or Switzerland, you have additional rights under the General Data Protection Regulation (GDPR) and applicable local data protection laws.

10.1 Your Rights Under GDPR

• Right of Access: Request a copy of the personal data we hold about you.
• Right to Rectification: Request correction of inaccurate or incomplete personal data.
• Right to Erasure: Request deletion of your personal data, subject to legal retention obligations.
• Right to Restrict Processing: Request that we limit how we use your personal data in certain circumstances.
• Right to Data Portability: Receive your personal data in a structured, commonly used, machine-readable format.
• Right to Object: Object to processing based on legitimate interests or for direct marketing purposes.
• Right to Withdraw Consent: Where processing is based on consent, withdraw that consent at any time without affecting prior processing.

10.2 How to Exercise GDPR Rights

Submit your request to privacy@torgix.ai. We will respond within 30 days (extendable to 60 days for complex requests, with notice). We may verify your identity before processing your request.

10.3 Right to Lodge a Complaint

You have the right to lodge a complaint with your local data protection authority. UK residents may contact the Information Commissioner's Office at ico.org.uk. EEA residents may contact their national supervisory authority.

11. International Data Transfers

Torgix is headquartered in the United States. If you access our Services from outside the United States, your information may be transferred to, stored, and processed in the United States and other countries where our service providers operate. Data protection laws in those countries may differ from those in your jurisdiction.

Where we transfer personal data from the EEA, UK, or Switzerland to countries not recognized as providing adequate protection, we rely on appropriate transfer mechanisms including Standard Contractual Clauses approved by the European Commission or equivalent safeguards as required by applicable law.

12. Children's Privacy

The Services are not directed to individuals under the age of 16. We do not knowingly collect personal information from children under 16. If we learn that we have collected personal information from a child under 16, we will take steps to delete that information promptly. If you believe we may have collected information from a child under 16, please contact us at privacy@torgix.ai.

13. Sensitive Personal Information

The Services are designed for commercial fleet and maintenance management. You should not submit the following categories of sensitive information through the platform:

• Government-issued identification numbers (Social Security numbers, passport numbers);
• Financial account numbers or full payment card details;
• Health, medical, or biometric data;
• Information about racial or ethnic origin, political opinions, religious beliefs, or sexual orientation.

If your business has a specific need to process sensitive data through the platform, please contact us at privacy@torgix.ai before doing so to discuss appropriate handling arrangements.

14. Third-Party Services and Links

The Services may contain links to third-party websites, applications, or services not owned or controlled by Torgix. This Privacy Policy does not apply to such third-party services, and we are not responsible for their privacy practices. We encourage you to review the privacy policies of any third-party services you access.

If you connect third-party integrations to the Services (e.g., telematics providers, ERP systems, or payment processors), those third parties process your data in accordance with their own privacy policies. Your use of such integrations is subject to those third parties' terms.

15. Updates to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other business reasons. When we make material changes, we will:

• Post the updated Privacy Policy on our website with a new "Last Updated" date;
• Notify you by email at the address associated with your account; and
• Where required by law, obtain your consent before implementing material changes.

Your continued use of the Services after the effective date of any update constitutes your acceptance of the revised Privacy Policy. We encourage you to review this Policy periodically.

16. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

For EEA, UK, or Switzerland data subject inquiries, please email privacy@torgix.ai with the subject line "GDPR Inquiry." We will respond to all requests within 30 days.

This Privacy Policy is effective as of May 6, 2026.