observix logo
observix logo
Get started

Privacy Policy

Last updated: January 15, 2025

Our Commitment to Your Privacy

At ObserviX ("ObserviX", "we", "us", or "our"), we are committed to protecting your privacy and ensuring the security of your personal data. We NEVER sell your data to anyone.

This Privacy Policy explains how ObserviX processes personal data collected through our marketing analytics and attribution platform, our website https://observix.ai, and other services we provide (collectively, the "Services").

1. Who We Are

ObserviX, Inc. is a bootstrapped SaaS company that provides advanced marketing analytics and multi-touch attribution solutions. We specialize in helping businesses track visitor behavior, visualize customer journeys, and connect marketing efforts to real business outcomes like ROI, ROAS, and profit margins.

Data Controller Information:

  • Company: ObserviX, Inc.
  • Founded: January 1, 2025
  • Address: 20 N Wacker Dr, Suite 1200, Chicago, IL 60606, USA
  • Email: info@observix.ai
  • Phone: +1-626-866-1457

2. Information We Collect

2.1 Information You Provide Directly

When you interact with our Services, we may collect:

Account Information:

  • Full name, email address, phone number
  • Company name, job title, department, seniority level
  • Billing information (processed securely through our payment provider)
  • Login credentials and authentication data
  • Subscription tier selection (Basic, Professional, Enterprise)

Communication Data:

  • Information provided when you contact us for support
  • Feedback, survey responses, and feature requests
  • Demo requests and sales inquiries
  • Onboarding form responses

Integration Data:

  • API keys and credentials for third-party services you connect
  • CRM integration settings (HubSpot, Salesforce, etc.)
  • Configuration settings for your tracking setup
  • Custom event definitions in Event Manager

2.2 Information We Collect Automatically

Usage Data:

  • IP address (processed during session for geo-location, deleted before storage)
  • Device information (type, operating system, browser, language)
  • Pages visited, features used, time spent
  • Referral source and exit pages
  • Pixel script implementation status

Tracking Data (for our own website):

  • Unique visitor IDs and session identifiers
  • Session fingerprints for cross-device tracking
  • UTM parameters and campaign data
  • Channel attribution data (Paid Search, Organic Social, Direct, etc.)
  • Conversion events and full customer journey data
  • Multi-touch attribution touchpoints

Platform Analytics Data:

  • Feature usage patterns within ObserviX dashboard
  • API call volumes and endpoint usage
  • Token consumption metrics
  • Attribution model preferences

2.3 Information from Third Parties

We may receive information from:

  • OAuth providers (Google, Microsoft, LinkedIn, X) for authentication
  • CRM systems you integrate for offline conversion tracking
  • Ad platforms (Google Ads, Meta, LinkedIn) for conversion syncing
  • Marketing partners for co-branded events or webinars

3. How We Use Your Information

We use your personal data to:

Provide Core Services:

  • Deploy and manage your ObserviX Pixel tracking
  • Process visitor sessions and attribution data
  • Generate multi-touch attribution insights
  • Create visual customer journey timelines
  • Calculate ROI, ROAS, and profit margin analytics
  • Manage your subscription and token allocation

Platform Operations:

  • Create and manage your tenant database
  • Configure multi-tenant isolation
  • Process real-time tracking events
  • Generate attribution reports and dashboards
  • Sync offline conversions to ad platforms

Enhance User Experience:

  • Personalize your attribution model preferences
  • Remember your dashboard configurations
  • Optimize platform performance based on usage
  • Provide intuitive, no-code event tracking

Communication:

  • Send service notifications and system alerts
  • Provide onboarding guidance and tutorials
  • Share product updates and new features
  • Notify about token usage and billing

Security and Compliance:

  • Detect and prevent tracking fraud
  • Ensure multi-tenant data isolation
  • Monitor for anomalous usage patterns
  • Comply with legal obligations

Product Development:

  • Improve attribution algorithms
  • Enhance customer journey visualization
  • Develop new integration capabilities
  • Optimize platform simplicity and usability

4. Legal Basis for Processing (EEA/UK Residents)

We process your personal data based on:

  • Contract Performance: To provide the ObserviX Services you've subscribed to
  • Legitimate Interests: For platform security, fraud prevention, and service improvements
  • Consent: For marketing communications and beta features
  • Legal Obligations: To comply with tax, data protection, and other legal requirements

5. How We Share Your Information

We do not sell, rent, or trade your personal data. We share information only:

With Service Providers:

  • Cloud infrastructure (Microsoft Azure - Container Apps, SQL, Redis, CDN)
  • Payment processing (Stripe - post-MVP implementation)
  • Email delivery services for transactional emails
  • Development and deployment tools (Azure DevOps)

For Platform Functionality:

  • Ad platforms for offline conversion syncing (with your authorization)
  • CRM systems for two-way data synchronization (with your consent)
  • Analytics services for our own website optimization

For Legal Reasons:

  • To comply with legal obligations or court orders
  • To protect our rights, property, and safety
  • To investigate suspected fraud or security issues
  • In response to lawful requests from authorities

Business Transfers:

  • In connection with a merger, acquisition, or sale of assets
  • To investors or advisors under confidentiality agreements

6. Data Security

We implement enterprise-grade security measures:

Infrastructure Security:

  • Azure Container Apps with isolated environments
  • Multi-tenant database isolation with separate schemas
  • Encryption in transit (TLS 1.3) and at rest (AES-256)
  • Azure CDN for secure Pixel script delivery

Access Controls:

  • Role-based access control (Admin, Analyst, Viewer)
  • Secure API endpoints with JWT token authentication
  • OAuth 2.0 for third-party integrations
  • Multi-factor authentication support

Operational Security:

  • Automated security scanning in CI/CD pipelines
  • Regular penetration testing and vulnerability assessments
  • 24/7 monitoring and alerting
  • Disaster recovery with geo-redundant backups

Data Protection:

  • Pixel authentication to prevent unauthorized tracking
  • Session data anonymization options
  • PII encryption for sensitive fields
  • Audit logs for all data access

7. Data Retention

We retain your data according to these policies:

  • Account Data: Active for subscription duration
  • Tracking Data: Based on your subscription tier and retention settings
  • Attribution Data: Preserved for historical analysis per your plan
  • Session Data: Automatically aggregated after 90 days
  • Deleted Accounts: Permanently removed after 30-day grace period
  • Backup Data: Retained for 30 days for disaster recovery
  • Legal Holds: Extended as required by law or legal proceedings

8. Your Privacy Rights

You have the following rights regarding your personal data:

Universal Rights:

  • Access: Download your personal data in JSON format
  • Rectification: Update incorrect information via your account settings
  • Deletion: Request account termination and data removal
  • Portability: Export your data in machine-readable formats
  • Object: Opt-out of marketing and non-essential processing
  • Restrict: Limit processing while disputes are resolved

Region-Specific Rights:

For EEA/UK Residents:

  • Withdraw consent without affecting prior processing
  • Lodge complaints with your local Data Protection Authority
  • Object to automated decision-making

For California Residents (CCPA/CPRA):

  • Know what personal information we collect and how it's used
  • Request deletion of personal information
  • Opt-out of any "sale" of personal information (we don't sell data)
  • Non-discrimination for exercising privacy rights

For Other US States:

  • Virginia (VCDPA), Colorado (CPA), and other state-specific rights

To exercise these rights, contact us at info@observix.ai.

9. Cookie and Tracking Policy

Essential Cookies:

  • Authentication tokens for secure login
  • Session management for platform access
  • Security cookies for CSRF protection
  • Load balancing for optimal performance

Analytics Cookies (with consent):

  • First-party analytics for website improvement
  • Attribution tracking for our own marketing
  • Feature usage analytics for product development

ObserviX Pixel Technology:

  • Our JavaScript Pixel uses first-party cookies only
  • Unique visitor identification via secure fingerprinting
  • Session tracking with automatic timeout
  • No third-party cookies or cross-site tracking

You can manage preferences via our cookie banner or browser settings.

10. International Data Transfers

As a global service provider operating from the United States, we ensure secure international data handling:

Data Location:

  • Primary processing in the United States
  • Future EU data centers planned for European customers
  • Real-time replication for business continuity

Transfer Safeguards:

  • Standard Contractual Clauses (SCCs) for EEA/UK/Swiss transfers
  • Binding Corporate Rules for intra-company transfers
  • Encryption for all cross-border data movement
  • Compliance with local data localization requirements

Regional Compliance:

  • GDPR compliance for European data subjects
  • CCPA/CPRA compliance for California residents
  • Adherence to sectoral requirements (HIPAA-ready infrastructure)

11. Children's Privacy

Our Services are designed for business use and not intended for individuals under 18. We do not knowingly collect data from children. If you believe we have inadvertently collected such data, please contact us immediately at info@observix.ai for prompt deletion.

12. Third-Party Services and Links

Integrated Services: Our platform integrates with various third-party services at your direction. Each integration is governed by that service's privacy policy:

  • CRM systems (HubSpot, Salesforce)
  • Ad platforms (Google Ads, Meta Business)
  • Payment processors (Stripe)

External Links: Our Services may contain links to third-party websites. We are not responsible for their privacy practices. Please review their policies before providing personal information.

13. Changes to This Policy

We may update this policy to reflect:

  • New features or services
  • Legal or regulatory changes
  • Security improvements
  • User feedback

Notification Methods:

  • Email to all registered users for material changes
  • In-app notifications for active users
  • Banner on our website
  • 30-day notice for significant changes

Continued use after the effective date constitutes acceptance.

14. Contact Us

For all privacy-related inquiries, requests, or concerns:

ObserviX, Inc. 20 N Wacker Dr, Suite 1200 Chicago, IL 60606 United States

Email: info@observix.ai Phone: +1-626-866-1457 Business Hours: Monday-Friday, 9 AM - 6 PM CST

Data Protection Officer: Igor Flyunt, Founder & CEO

Response Commitment:

  • Acknowledgment within 48 hours
  • Full response within 30 days
  • Expedited handling for urgent matters

15. Additional Provisions

15.1 Data Processing Agreement (DPA)

Enterprise customers may request a comprehensive DPA including:

  • Detailed data processing terms
  • Security addendum
  • Liability provisions
  • Audit rights

15.2 Privacy Shield and Frameworks

While Privacy Shield is no longer valid, we maintain equivalent protections and are prepared to adopt successor frameworks as they emerge.

15.3 Industry-Specific Compliance

We can accommodate industry-specific requirements:

  • HIPAA Business Associate Agreements (future)
  • Financial services compliance (SOC 2 planned)
  • Marketing industry standards (IAB Transparency)

15.4 Accessibility and Translations

  • This policy is available in accessible formats
  • Translations available upon request for Enterprise customers
  • Plain language summary available for non-legal audiences

15.5 Beta Features and Pilot Programs

Participation in beta features may involve:

  • Additional data collection for feature improvement
  • Separate consent requirements
  • Enhanced feedback mechanisms

Effective Date: This Privacy Policy is effective as of January 15, 2025.

Version: 1.0

Questions? For any questions about this Privacy Policy or ObserviX's data practices, please contact us at info@observix.ai or call +1-626-866-1457. We're committed to transparency and are here to help you understand how we protect your privacy.