Privacy Policy

1. Introduction

Reconix ("we", "us", or "our") operates the website intelligence platform available at reconix.ai and its associated APIs and services. This Privacy Policy explains how we collect, use, store, and protect information when you use Reconix.

We have written this policy to be readable, not just legally defensible. If something is unclear, please reach out to privacy@reconix.ai and we will explain it in plain language.

By creating an account or using the Reconix service, you acknowledge that you have read and understood this policy. If you do not agree with these practices, please do not use the service.

2. Information We Collect

We collect the following categories of information:

Account information

• Email address — used for authentication, transactional emails, and support.
• Name — optional, used for personalizing your dashboard experience.
• Company name — optional, collected during Team and Enterprise onboarding.
• Billing information — your billing address and payment method, handled exclusively by Stripe (see Section 5).

Lookup data

• URLs you submit — the web addresses you send to our intelligence engine.
• Intelligence profiles — the analysis output generated for each URL, including detected technologies, AI signals, consent audit findings, and security headers.
• Lookup metadata — timestamps, lookup duration, and configuration options.

Usage data

• Dashboard activity — pages visited, features used, and interactions within the Reconix application.
• API usage — API endpoint calls, request counts, and response codes, used for quota enforcement and debugging.
• Session data — an authentication session token stored in a secure cookie (see Section 9).

We do not use third-party analytics scripts (such as Google Analytics) on the Reconix marketing site. We do not build behavioral profiles, do not serve advertising, and do not sell any data.

3. How We Use Your Information

We use the information we collect for the following purposes:

• Providing the service — running lookups, generating profiles, serving your dashboard, and delivering API responses.
• Authentication and security — verifying your identity, protecting your account, and detecting abuse.
• Billing and payments — creating Stripe subscriptions, processing invoices, and enforcing plan limits.
• Product improvement — understanding which features are used, diagnosing errors, and prioritizing development. This is done in aggregate and does not involve reviewing individual lookup content.
• Transactional communication — sending you receipts, lookup completion notifications, plan limit warnings, and security alerts. These are service communications, not marketing.
• Product updates — if you opt in, notifying you about new features and significant changes. You can unsubscribe at any time from any email we send.

We will not use your email address or account data to send you unrelated marketing, partner offers, or third-party promotions. We do not engage in behavioral advertising.

4. Lookup Data and Intelligence Profiles

Because Reconix is a website intelligence tool, it is important to be explicit about how your lookup data is handled.

• Your lookups are private. URLs you submit and their intelligence profiles are stored under your account and are not accessible to other customers, visible in search, or shared in any way.
• We do not resell your data. Reconix does not aggregate or resell lookup results. The profiles generated by your lookups belong to you.
• We do not read your lookup content for our benefit. We do not manually review individual profiles to learn about your clients or business. Automated systems may process lookup data for error detection or quota tracking, but humans do not access your data without your request (e.g., during support).
• Retention. Intelligence profiles are retained for 90 days on Professional and Business plans, after which they are automatically and permanently deleted. Enterprise plans can configure custom retention periods, including zero-retention mode for highly sensitive workflows.
• Export and deletion. You can export all your lookup data or request permanent deletion at any time from your dashboard settings. Deletion is irreversible. We will complete deletion within 30 days of your request.

5. Payment Processing

All payment processing is handled by Stripe, Inc. Reconix does not collect, store, or transmit credit card numbers, debit card numbers, bank account details, or any other raw payment instrument data. When you add a payment method, that information goes directly to Stripe's secure servers.

Stripe is PCI DSS Level 1 certified. We receive and store only non-sensitive billing information: your billing name, billing address, last four digits of the card, card brand, and Stripe customer and subscription identifiers. This information is used for displaying your billing history and for customer support purposes.

Stripe's privacy practices are governed by the Stripe Privacy Policy.

6. Data Sharing and Third Parties

We do not sell, rent, or trade your personal data. We do not share your data with advertisers, data brokers, or marketing platforms. The only third parties that receive any data about you are:

• Stripe — receives your billing information for payment processing, as described in Section 5.
• Cloudflare — our infrastructure and CDN provider. Cloudflare processes network traffic to protect the service and improve performance. This means HTTP requests pass through Cloudflare's network. Cloudflare's privacy policy governs how they handle this data.

We may disclose information if required to do so by law, in response to a valid court order, or to protect the rights, property, or safety of Reconix, our users, or the public. We will notify affected users of legal demands where legally permitted to do so.

In the event of a merger, acquisition, or sale of all or part of our assets, customer data would be transferred to the acquiring entity. We will notify you of any such change via email before your data is transferred or becomes subject to a different privacy policy.

7. Data Security

We take security seriously and implement appropriate technical and organizational measures to protect your data:

• Encryption in transit — all communication between your browser and our servers uses TLS 1.2 or higher. HTTP connections are automatically redirected to HTTPS.
• Encryption at rest — stored data, including intelligence profiles and account information, is encrypted at rest.
• Access controls — access to production systems and databases is restricted to authorized personnel and enforced via multi-factor authentication.
• Isolation — customer lookup data is logically separated; one customer's data cannot be accessed via another customer's account.

No system is perfectly secure. If you discover a security vulnerability in Reconix, please report it to security@reconix.ai. We take all reports seriously and will respond promptly.

8. Your Rights

GDPR (European Economic Area and UK)

If you are located in the EEA or the UK, you have the following rights under the General Data Protection Regulation:

• Right of access — request a copy of the personal data we hold about you.
• Right to rectification — request correction of inaccurate or incomplete data.
• Right to erasure — request deletion of your personal data ("right to be forgotten"), subject to legal obligations.
• Right to data portability — receive your data in a structured, machine-readable format.
• Right to restriction — request that we limit the processing of your data in certain circumstances.
• Right to object — object to processing based on our legitimate interests.

CCPA (California)

If you are a California resident, you have the following rights under the California Consumer Privacy Act:

• Right to know — request disclosure of the categories and specific pieces of personal information we have collected about you.
• Right to delete — request deletion of your personal information, subject to certain exceptions.
• Right to opt out of sale — we do not sell personal information, so this right is inherently satisfied.
• Right to non-discrimination — we will not discriminate against you for exercising these rights.

Exercising your rights

To exercise any of these rights, email privacy@reconix.ai with a description of your request. We will respond within 30 days. We may ask you to verify your identity before processing your request. There is no fee for reasonable requests.

9. Cookies

We use cookies minimally and only where necessary:

• Session cookie — a single secure, HTTP-only cookie is set when you log in to maintain your authenticated session. This cookie is essential for the application to function and expires when you log out or after a period of inactivity. It cannot be used to track you across other websites.

We do not use tracking cookies, advertising cookies, or third-party analytics cookies on the Reconix marketing site or within the application. We do not participate in cross-site tracking or behavioral advertising networks.

Because we only use one essential session cookie, there is no cookie consent banner on the Reconix app. If we ever add non-essential cookies in the future, we will update this policy and implement appropriate consent mechanisms.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by sending an email to the address associated with your account at least 14 days before the changes take effect. The updated policy will also be published at reconix.ai/privacy with the revised "Last updated" date.

If you continue to use Reconix after the effective date of the changes, you agree to the updated policy. If you do not agree, you can delete your account before the changes take effect.

11. Contact

If you have questions, concerns, or requests related to this Privacy Policy or your personal data, please contact us at: