This Policy explains how we process personal data for websites we build/host and for our own business operations.
1. Data We Process
For typical client websites we build and host, we process:
- Contact form data: name, email, phone number, message content
- Technical data: IP address, user agent, reCAPTCHA tokens, timestamps
- CRM sync events: Dialpad contact creation IDs and status
- Server logs: access logs, error logs, application logs
2. Purposes & Legal Bases
We process personal data for the following purposes:
- Service delivery: Provide and secure website services (legitimate interests/contract)
- Fraud prevention: Prevent abuse and spam using reCAPTCHA
- Communication: Respond to contact form submissions (contract/consent)
- System operation: Monitor performance, troubleshoot issues, ensure security
3. Disclosures & Processors
We may share data with the following third-party processors to deliver services:
- AWS: Cloud hosting infrastructure
- Dialpad: CRM and telephony integration
- Google reCAPTCHA: Spam and bot protection
- AWS SES / SendGrid: Email delivery services
- DNS/Registrars: Domain management services
We share only what is necessary to operate the service.
4. Data Retention
- Access/error logs: 30-90 days (configurable per client)
- Backups: 30 days (unless extended by contract)
- CRM records: Retained per client policy
- Contact form submissions: Retained as long as necessary for business purposes
5. Security Measures
We implement industry-standard security practices:
- TLS 1.2/1.3 encryption for data in transit
- HSTS (HTTP Strict Transport Security) enforcement
- Key-based SSH authentication
- Role-based access control
- Encryption at rest where supported
- Nightly encrypted backups
- 24/7 monitoring and alerting
6. Your Rights & Choices
Depending on your location, you may have rights to:
- Access: Request a copy of your personal data
- Correction: Request correction of inaccurate data
- Deletion: Request deletion of your data
- Portability: Receive your data in a structured format
- Object: Object to certain processing activities
To exercise these rights, contact us at privacy@redexct.xyz. Requests are subject to legal and contractual limitations.
7. HIPAA & Protected Health Information (PHI)
Important: We are NOT a Business Associate under HIPAA unless a Business Associate Agreement (BAA) has been executed. Clients must not submit PHI unless:
- A BAA is in place with REDEX
- HIPAA-compliant configurations have been enabled
- Appropriate technical safeguards are implemented
Contact us if you require HIPAA compliance for your project.
8. International Data Transfers
We primarily process data in the United States. If you are located outside the U.S., your data may be transferred to and processed in the United States. By using our services, you consent to this transfer.
9. Children's Privacy
Our services are not directed to individuals under the age of 18. We do not knowingly collect personal information from children.
10. Changes to This Policy
We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated "Effective" date. Continued use of our services after changes constitutes acceptance of the updated policy.
11. Contact Information
For privacy-related inquiries, data access requests, or security concerns:
Email: privacy@redexct.xyz
Mail: REDEX LLC, 71 Oronoque Tr, Shelton, CT 06484
Phone: (475) 455-1907