Privacy Policy

Last updated: 2026-05-08 · Effective: 2026-05-08

What we collect: account info, billing info, the data you upload to TexAu, and basic usage analytics. Why: to deliver the Service, bill you, and improve product reliability. We don't sell personal data. We don't train models on your data. We list every subprocessor at /trust-center.

1. Who we are

TexAu is operated by TexAu Technologies — registered entity and address on file with counsel. For privacy questions, contact [email protected].

For EU/UK users, our representative will be appointed and listed here once finalized by counsel.

2. What we collect

We collect the following categories of personal data:

Account information — name, email, password (hashed), workspace name, billing contact. Source: provided by you at signup. Purpose: deliver the Service, authenticate you, send service emails.

Billing information — card details (tokenized via our payment processor; we don't see card numbers), billing address, tax ID where applicable. Source: provided by you when subscribing. Purpose: process payments.

Customer Data uploaded to TexAu — lead lists, contact records, prompts, scoring models, CRM mappings, AI column inputs and outputs. Source: uploaded by you or returned by enrichment vendors at your request. Purpose: deliver the Service. We act as a data processor for this category.

Usage data — page views, feature usage, action invocations, error logs, performance metrics. Source: collected automatically. Purpose: operate, secure, and improve the Service.

Communications — support tickets, sales calls, in-app chat messages, survey responses. Source: provided by you. Purpose: support, sales follow-up, product feedback.

Cookies and similar technologies — session cookies (essential for login), preference cookies, limited analytics cookies.

3. How we use it

  • Service delivery: authenticating you, running enrichment, syncing CRMs, processing AI column transforms, generating scores.
  • Billing and account management: processing payments, sending invoices, managing subscriptions.
  • Customer support: responding to tickets, resolving issues. PII is redacted from any internal training material.
  • Service improvement: analyzing aggregate usage to fix bugs and prioritize features. Individual customer data is not used to train models.
  • Security: detecting fraud, abuse, and security incidents.
  • Legal compliance: responding to lawful requests, enforcing our Terms.
  • Marketing communications: only with your consent, opt-out at any time.

Legal bases under GDPR Article 6 — contract performance, legitimate interest, consent, and legal obligation — to be finalized per purpose by counsel.

4. Who we share it with

Plain English: We do not sell personal data. We do not train models on Customer Data.

Subprocessors — vendors that process data to deliver the Service: cloud hosting, payment processing, transactional email, error monitoring, AI providers (when you use TexAu credits for AI columns), and enrichment providers. Complete current list at /trust-center.

Third parties at your direction — when you connect your CRM, outbound rail, or BYOK AI provider, we transmit data to those services as you've configured. They are independent data controllers for that data.

Legal compliance — when required by valid legal process (subpoena, court order, regulatory request), we disclose only what's required and notify you when legally permitted.

In a business transaction — if TexAu is acquired or merged, your data may transfer subject to this Privacy Policy or a successor with equivalent protections.

We do not sell personal data. We do not share data with advertisers.

5. International transfers

Data residency, processing regions, and transfer mechanisms (Standard Contractual Clauses, DPF participation, equivalent safeguards) — specifically EU → US and UK → US transfers — final language by counsel.

Standard Contractual Clauses (SCCs) are incorporated into our DPA for transfers from the EEA, UK, and Switzerland. The DPA is available on request via [email protected].

6. Retention

Retention windows by category — to be finalized by counsel:

  • Account information: while account is active + 60 days post-deletion.
  • Billing records: per applicable tax law (typically 7 years).
  • Customer Data (your tables, prompts): while account is active + 30 days post-deletion, unless you export earlier.
  • Usage analytics: aggregate retained indefinitely; per-user logs purged after 90 days.
  • Support communications: 3 years for service-quality and legal-defense purposes.

You can request deletion at any time via [email protected] or account settings; legal-retention requirements (billing records) may extend retention for specific categories.

7. Your rights

Depending on your jurisdiction, you have the following rights:

  • Access — request a copy of your personal data.
  • Correction — request that inaccurate data be fixed.
  • Deletion — request that we erase your data (subject to legal retention).
  • Restriction — restrict processing in specific cases.
  • Portability — receive your data in a portable format.
  • Object — object to processing based on legitimate interest.
  • Withdraw consent — for processing based on consent (e.g., marketing emails).
  • Lodge a complaint with your supervisory authority (ICO in the UK, your DPA in the EU, the California Attorney General in CA).

To exercise these rights, contact [email protected]. We respond within 30 days for GDPR / 45 days for CCPA.

For end-customers (data subjects) whose data is processed by a TexAu customer (data controller): contact the customer first. We assist customers in fulfilling these requests but cannot act unilaterally on their data.

8. California-specific disclosures (CCPA/CPRA)

CCPA-specific disclosures — categories of personal information, sources, business purposes, third parties shared with, sale/share opt-out (we don't sell), notice of right to know, right to delete, right to correct, right to opt out of sharing for cross-context behavioral advertising (not applicable to TexAu), right to limit use of sensitive personal information, anti-discrimination commitment — final language by counsel.

9. Children

TexAu is not directed at children under 16. We don't knowingly collect personal data from children. If you believe we have, contact [email protected] and we will delete the account.

10. Security

We use industry-standard security controls — encryption in transit and at rest, access controls, audit logging, third-party penetration testing. Full security architecture at /trust-center.

No system is perfectly secure. If we detect a breach affecting your data, we will notify affected users within 72 hours for GDPR-relevant incidents.

11. Cookies

Cookie categories, purposes, retention, and opt-in mechanism (where required by EU law) — final list by counsel.

12. Changes to this Policy

We may update this Privacy Policy. Material changes (new categories of data collected, new purposes, new categories of third parties) get notice via email or in-app banner 30 days before they take effect.

13. Contact