Privacy Policy

Last Updated: September 2025

At Progentix Limited ("Progentix", "we", "our", "us"), we respect your privacy and are committed to protecting your personal information. This Privacy Policy explains how we collect, use, store, and safeguard your data when you use proptix.ai and related services.

We are committed to complying with applicable privacy and data protection laws in the regions where we operate and where our users are located. This includes, but is not limited to:

• the General Data Protection Regulation (GDPR) in the European Union and United Kingdom,
• the California Consumer Privacy Act (CCPA) in the United States,
• the Privacy Act 1988 and equivalent frameworks in Australia and New Zealand, and
• relevant privacy legislation in Canada and other jurisdictions.

Data Controller: For users globally, the data controller is Progentix Limited, 14/1411, 183 Queen’s Road Central, Sheung Wan, Hong Kong 999077. Data Protection Officer: Please contact info@proptix.ai for privacy matters.

Information We Collect

We may collect personal information such as:

• Contact details (name, email address, phone number)
• Payment information (processed securely by trusted third-party providers)
• Subscription and account details
• Usage data and analytics (via cookies, log files, and similar technologies)

We only collect personal information that is reasonably necessary to provide our Services.

How We Use Your Information

We use your personal information to:

• Provide access to our AI software and services
• Process payments and manage subscriptions
• Deliver updates, service notifications, and customer support
• Improve the functionality, security, and performance of our Services
• Comply with legal and regulatory requirements

We do not sell your personal information. We only share it with trusted third-party service providers (e.g. hosting providers, payment processors, analytics partners) who help us deliver the Services.

Legal Bases (EU/UK only). Where GDPR/UK-GDPR applies, we process personal data on the following lawful bases:

• Contract (Art. 6(1)(b)): to provide the Services you request, including account creation and support.
• Legitimate interests (Art. 6(1)(f)): to secure and improve the Services, prevent abuse, and communicate service notices.
• Consent (Art. 6(1)(a)): for optional analytics/marketing where required. You may withdraw consent at any time.
• Legal obligation (Art. 6(1)(c)): to comply with applicable laws.

Categories, Sources and Sharing

Categories we collect: Identifiers (name, email, phone), commercial information (purchases), internet activity (usage, device, approximate location), and user-generated content (photos, prompts).

Sources: Directly from you; automatically via the Services; and from service providers (e.g., payments, analytics, hosting).

Disclosures for business purposes: We disclose personal information to service providers and sub-processors who assist us (hosting, payments, communications, analytics). We do not “sell” or “share” personal information as defined by the CCPA/CPRA.

Cookies and Consent

We use cookies and similar technologies to operate the site, remember preferences, and measure performance. Where required by law (e.g., EU/UK), we obtain your consent via a cookie banner before setting non-essential cookies (e.g., analytics/advertising). You can change cookie preferences at any time via Cookie Settings in the site footer or your browser controls. Blocking cookies may affect some features.

AI, Outputs and Decision-Making

AI & Automated Outputs: Our Services generate Outputs (e.g., renders, cost estimates, timeframes) using AI models. These Outputs are estimates and may contain errors; you must verify before relying on them.

Profiling/Automated Decisions: We do not make decisions with legal or similarly significant effects solely via automated processing. If this changes, we will provide required notices and rights (including the right to request human review where applicable).

Sub-processors & List

We use vetted third parties to help deliver the Services (e.g., hosting, analytics, communications). We remain responsible for their performance. A current list is available on request.

Security

We use reasonable technical and organisational measures to protect personal information against unauthorised access, loss, or alteration, including encryption in transit, access controls, and security monitoring. No method is 100% secure; you are responsible for keeping your account credentials confidential.

Retention

We retain personal information for as long as needed to provide the Services, comply with legal obligations, resolve disputes, and enforce agreements. Typical retention periods include:

• Account data: for the life of the account and up to 7 years after closure (tax/audit).
• Payment records: 7 years (tax/accounting).
• Customer support & logs: 12–24 months.
• Marketing preferences: until you opt out or the address bounces.

Actual periods may vary by jurisdiction and legal requirements.

International Transfers

We may store or process information in Hong Kong, Australia, the United States, and other jurisdictions where we or our United States, and other jurisdictions where we or our sub-processors operate. Where personal data is transferred from the EU/UK to countries without an adequacy decision, we implement appropriate safeguards such as the EU Standard Contractual Clauses and the UK International Data Transfer Addendum, plus technical and organisational measures

Your Rights and How To Exercise Them

EU/UK: You may request access, rectification, erasure, restriction, portability, and objection to processing, and withdraw consent at any time.

California (CCPA/CPRA): You may request to know/access, delete, and correct personal information, and to opt out of sale/share of personal information (if applicable).

We do not use or disclose sensitive personal information for purposes beyond those permitted by CPRA §1798.121.

Australia/NZ/Canada: You may request access and correction and lodge a complaint with your regulator.

How to exercise: Email info@proptix.ai with your request. We may need to verify your identity and will respond within applicable timeframes (generally 30 days). Authorised agents (California). If you use an authorised agent, we may require proof of authorisation and identity verification.

If you have concerns, contact info@proptix.ai. We aim to respond within 30 days. If you are not satisfied, you may contact your local regulator. For EU/UK residents, you may also lodge a complaint with your supervisory authority in your habitual residence or place of work.

Children

Children’s Privacy: The Services are not directed to individuals under 18. We do not knowingly collect personal information from children. If you believe a child has provided personal information, contact info@proptix.ai to request deletion.

Marketing & SMS Consent

We may send you service-related messages (access links, security alerts, transactional notices). With your consent, where required, we may send marketing emails/SMS about new features or programmes. You can unsubscribe via the link in our emails or by replying STOP to S

Do Not Track / Global Privacy Control

Some browsers transmit “Do Not Track” or Global Privacy Control (GPC) signals. Where legally required, we treat valid GPC signals as opt-out requests for the device/browser that sends them.

Changes To This Policy

If we make material changes, we will provide a prominent notice (e.g., banner, email) and update the “Last Updated” date. Please review this Policy periodically.

Training Use Of Customer Content

Model Training: We do not use your Customer Content to train or improve foundation models for unrelated products without your consent. We may use anonymised and aggregated usage data to improve Service performance and security.