Privacy Policy

1. Introduction

Proign LLC ("PROIGN", "we", "our", or "us") is committed to protecting the privacy and security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you access or use the PROIGN platform, including all 16 modules, our website at proign.com, our mobile applications, and any related services (collectively, the "Services").

By accessing or using our Services, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with our practices, please do not use our Services.

PROIGN operates as a multi-tenant platform, meaning multiple organizations ("Tenants") use our infrastructure while maintaining complete data isolation. Each Tenant's data is stored separately and is never accessible to other Tenants.

2. Information We Collect

2.1 Information You Provide

• Account information: Name, email address, phone number, company name, and job title when you register for an account.
• Organization data: Company details, billing address, tax identification numbers, and tenant configuration settings.
• Payment information: Credit card numbers, billing addresses, and payment details processed securely through our payment processor, Stripe. We do not store full credit card numbers on our servers.
• Support requests: Communications, attachments, and metadata submitted through our contact forms and support portal.
• User content: Documents uploaded for e-signatures, product catalog data, warranty registrations, inventory records, and other business data you input into the platform.
• Authentication credentials: Passwords (stored as salted hashes, never in plaintext), passkey public keys, and Apple Sign-In identifiers.

2.2 Information Collected Automatically

• Usage data: Pages visited, features used, actions taken, timestamps, and module-specific activity logs.
• Device information: Browser type, operating system, device type, screen resolution, and language preferences.
• Network data: IP addresses, approximate geographic location (city/region level), and referring URLs.
• Performance data: Page load times, error logs, and application performance metrics used to maintain service quality.

2.3 Information from Third Parties

• Shopify: Order data, customer information, product details, and inventory levels when you connect your Shopify store.
• UPS: Shipping rates, tracking information, and delivery status updates.
• TaxJar: Tax calculation data, nexus information, and exemption certificate validation results.
• Apple Sign-In: Name and email address when you choose to sign in with Apple.

3. How We Use Your Information

We use the information we collect for the following purposes:

• Provide and operate the Services: Process orders, generate shipping labels, manage inventory, run marketing campaigns, handle support tickets, and deliver all platform functionality.
• Process payments: Charge subscription fees, handle billing, issue invoices, and manage plan upgrades or downgrades.
• Authenticate users: Verify identity, manage sessions, enforce role-based access controls, and maintain account security.
• Send communications: Transactional emails (order confirmations, shipping notifications, password resets), support ticket updates, and service announcements.
• Maintain and improve: Monitor performance, fix bugs, optimize user experience, develop new features, and ensure platform reliability.
• Security and compliance: Detect and prevent fraud, enforce terms of service, comply with legal obligations, and protect against unauthorized access.
• Analytics: Generate aggregated, anonymized insights about platform usage to improve our Services. Individual user behavior is never sold or shared with advertisers.

4. Cookies and Tracking Technologies

We use the following cookies and similar technologies:

We do not use advertising cookies or third-party tracking pixels. We do not participate in ad networks or sell data to data brokers. Cloudflare may set additional security cookies as part of our DDoS protection and CDN services.

5. How We Share Your Information

We do not sell your personal information. We share data only in the following circumstances:

• Service providers: We share data with trusted third-party providers who assist in operating our Services:
  • Cloudflare — Infrastructure, CDN, DNS, and security services (data processed at edge locations globally)
  • Stripe — Payment processing (PCI DSS Level 1 certified)
  • Resend — Transactional email delivery
  • UPS — Shipping label generation and package tracking
  • TaxJar — Sales tax calculation and compliance
  • Shopify — E-commerce data synchronization
• Legal requirements: When required by law, subpoena, court order, or government regulation, or when we believe disclosure is necessary to protect our rights, your safety, or the safety of others.
• Business transfers: In connection with a merger, acquisition, or sale of assets, your data may be transferred to the acquiring entity. We will notify you before your data becomes subject to a different privacy policy.
• With your consent: When you explicitly authorize us to share your information with a specific third party.

6. Data Security

We implement comprehensive technical and organizational measures to protect your data:

• Encryption in transit: All data transmitted between your device and our servers is encrypted using TLS 1.3.
• Encryption at rest: Data stored in our databases is encrypted using AES-256 encryption.
• Tenant isolation: Each organization's data is stored in isolated databases with strict access controls. Cross-tenant data access is architecturally impossible.
• Authentication: JWT-based authentication with secure, HttpOnly cookies. Support for passkeys (WebAuthn) and Apple Sign-In for passwordless authentication.
• Access controls: Role-based access control (owner, admin, operator, warehouse-device, dealer) with least-privilege principles.
• Webhook security: All incoming webhooks (Shopify, UPS, payment) are validated using HMAC signatures.
• Infrastructure: Hosted on Cloudflare's global network with built-in DDoS protection, WAF, and bot management.

7. Data Retention

We retain your data for as long as necessary to provide our Services and fulfill the purposes described in this policy:

• Account data: Retained for the duration of your account. Upon account deletion, personal data is removed within 30 days, though anonymized analytics data may persist.
• Transaction records: Retained for 7 years to comply with financial and tax regulations.
• Support tickets: Retained for 3 years after resolution for quality assurance and legal compliance.
• Audit logs: E-signature audit trails and security logs retained for 7 years for legal compliance.
• Server logs: Automatically deleted after 90 days.

8. Your Rights

Depending on your jurisdiction, you may have the following rights:

• Access: Request a copy of the personal data we hold about you.
• Correction: Request correction of inaccurate or incomplete data.
• Deletion: Request deletion of your personal data, subject to legal retention requirements.
• Portability: Request your data in a structured, machine-readable format (JSON or CSV export).
• Restriction: Request that we limit processing of your data in certain circumstances.
• Objection: Object to processing of your data for specific purposes.
• Withdraw consent: Where processing is based on consent, you may withdraw it at any time without affecting prior processing.

To exercise any of these rights, contact us at proign.com/contact. We will respond within 30 days. We may ask you to verify your identity before processing your request.

9. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

• Right to know: You may request details about the categories and specific pieces of personal information we have collected, the sources, business purposes, and third parties with whom we share it.
• Right to delete: You may request deletion of your personal information, subject to legal exceptions.
• Right to opt-out of sale: We do not sell personal information. No opt-out is necessary.
• Non-discrimination: We will not discriminate against you for exercising your CCPA rights.

To submit a CCPA request, contact us through our contact form or email us. We will verify your identity and respond within 45 days.

10. International Data Transfers

PROIGN is headquartered in the United States. Our Services are delivered through Cloudflare's global edge network, which means your data may be processed at the Cloudflare edge location nearest to you for optimal performance.

If you are accessing our Services from outside the United States, please be aware that your data may be transferred to, stored in, and processed in the United States and other countries where our service providers operate. By using our Services, you consent to such transfers. We ensure appropriate safeguards are in place through contractual obligations with our service providers.

11. Children's Privacy

Our Services are designed for business use and are not directed at children under the age of 16. We do not knowingly collect personal information from children under 16. If we become aware that we have inadvertently collected such information, we will take steps to delete it promptly. If you believe a child has provided us with personal information, please contact us.

12. Data Breach Notification

In the event of a data breach that affects your personal information, we will notify affected users via email and, where required by law, the relevant supervisory authorities within 72 hours of becoming aware of the breach. Notification will include the nature of the breach, the data affected, steps we are taking to address it, and recommended actions you can take to protect yourself.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page with a new "Last updated" date, and by sending an email to the address associated with your account at least 30 days before the changes take effect. Your continued use of the Services after the effective date constitutes acceptance of the updated policy.

14. Contact Us

If you have questions about this Privacy Policy, our data practices, or wish to exercise your rights, please contact us: