🗂️
ComplianceLogger

ComplianceLogger - Privacy Policy

Effective Date: October 15, 2025 Last Updated: October 15, 2025

1. Introduction

Lexopoly LLC ("ComplianceLogger," "we," "us," or "our") respects your privacy and is committed to protecting your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our waste tracking service ("Service").

By using ComplianceLogger, you agree to the collection and use of information in accordance with this Privacy Policy.

⚠️ IMPORTANT NOTICE ABOUT EPA DATA SHARING

PLEASE READ CAREFULLY:

WE DO NOT:

  • Sell your personal information to third parties
  • Share your waste log data with EPA or other regulatory agencies (except when legally compelled by subpoena, court order, or law)
  • Use your data for advertising or marketing to third parties
  • Provide your data to competitors

WE ONLY SHARE DATA WITH:

  • Cloud infrastructure providers (hosting - required to operate the Service)
  • Stripe (payment processing - required for subscriptions)
  • Government agencies (ONLY if legally compelled; we will notify you if permitted by law)

2. Information We Collect

2.1 Information You Provide Directly

Account Information:

  • Name
  • Email address
  • Password (encrypted)
  • Company name (optional)
  • Phone number (optional)

Waste Log Data:

  • Project names
  • Waste types and classifications
  • Disposal dates and locations
  • Hauler information
  • Manifest numbers
  • Quantity and cost data
  • Notes and reconstruction information
  • Confidence level indicators (documented, estimated, reconstructed)

Photos and Documents:

  • Photos of waste disposal receipts, manifests, and weight tickets
  • Images are stored as binary data (BYTEA) in our database
  • Photos may contain metadata (EXIF data including GPS coordinates, timestamps, device information)

Payment Information:

  • Credit card information (processed by Stripe; we do NOT store full card numbers)
  • Billing address
  • Transaction history

Communications:

  • Support emails and chat messages
  • Feedback and survey responses

2.2 Information Collected Automatically

Usage Data:

  • IP address
  • Browser type and version
  • Device type and operating system
  • Pages visited and features used
  • Time and date of access
  • Referring/exit pages
  • Click data and navigation patterns

Authentication Data:

  • Login timestamps
  • Session duration
  • Authentication tokens (JWT tokens stored client-side)

Technical Data:

  • Error logs and crash reports
  • Performance metrics
  • API usage data

2.3 Cookies and Tracking Technologies

We use cookies and similar tracking technologies to:

  • Maintain your login session
  • Remember your preferences
  • Analyze usage patterns
  • Improve Service performance

Types of Cookies:

  • Essential Cookies: Required for authentication and core functionality (NextAuth.js session cookies)
  • Analytics Cookies: Help us understand how users interact with the Service
  • Performance Cookies: Monitor Service performance and identify issues

Managing Cookies:

  • You can disable cookies through your browser settings
  • Disabling essential cookies may prevent you from using certain features
  • See Section 10 for cookie opt-out instructions

3. How We Use Your Information

3.1 Service Provision

  • Create and manage your account
  • Process waste log entries and generate reports
  • Store and display photos and documents
  • Enable search and filtering functionality
  • Provide customer support

3.2 Payment Processing

  • Process subscription payments via Stripe
  • Manage billing and invoicing
  • Handle refunds and disputes
  • Detect and prevent fraud

3.3 Service Improvement

  • Analyze usage patterns to improve features
  • Identify and fix technical issues
  • Develop new features based on user needs
  • Conduct research and analytics

3.4 Communication

  • Send transactional emails (account verification, password resets, payment confirmations)
  • Provide customer support responses
  • Send Service announcements and updates (with opt-out option)
  • Request feedback (optional)

3.5 Legal and Security

  • Comply with legal obligations
  • Enforce our Terms of Service
  • Protect against fraud, abuse, and security threats
  • Respond to legal requests and prevent harm

3.6 What We Do NOT Do

  • We do NOT sell your personal information to third parties
  • We do NOT share your waste log data with EPA or other regulatory agencies (unless legally required)
  • We do NOT use your data for advertising purposes
  • We do NOT share your data with competitors or marketers

4. How We Share Your Information

4.1 Third-Party Service Providers

We share information with trusted service providers who help us operate the Service:

Hosting & Infrastructure:

  • U.S.-based cloud hosting infrastructure for application and database
  • Data: All application data, including waste logs, photos, and account information

Payment Processing:

  • Stripe - Payment processing and subscription management (Privacy Policy: https://stripe.com/privacy)
  • Data: Payment information, billing address, transaction history
  • Note: Stripe stores your payment card information; we only store the last 4 digits

Email Services:

  • Transactional email service provider
  • Data: Email address, name, email content

Analytics & Monitoring:

  • None currently deployed
  • Future analytics will be disclosed here if implemented

4.2 Legal Requirements

We may disclose your information if required by law or in response to:

  • Subpoenas, court orders, or legal process
  • EPA or other regulatory agency investigations (only if legally compelled)
  • Law enforcement requests
  • National security demands
  • Protection of our rights or safety of others

Government Requests:

  • If legally permitted, we will notify you before disclosing your information to government agencies
  • We will challenge overly broad or improper requests
  • We maintain a log of government requests (aggregate statistics available upon request)

4.3 Business Transfers

If ComplianceLogger is acquired, merged, or undergoes bankruptcy:

  • Your information may be transferred to the successor entity
  • You will be notified via email and/or Service notice
  • The successor will be bound by this Privacy Policy unless you consent to changes

4.4 With Your Consent

We may share information with third parties when you explicitly consent (e.g., exporting data to other services).

5. Data Storage and Security

5.1 Where We Store Your Data

Primary Storage:

  • Application & Database: U.S.-based cloud infrastructure
  • Location: United States
  • Backup: Automated daily backups retained for 30 days

Photo Storage:

  • Photos are stored as binary data in our database
  • Photos are encrypted at rest
  • Database size is monitored to prevent performance degradation

5.2 Security Measures

We implement reasonable security measures including:

Technical Safeguards:

  • Encryption in transit (TLS/SSL for all connections)
  • Encryption at rest (database-level encryption)
  • Password hashing (bcrypt with salting)
  • JWT token-based authentication with 30-day expiration
  • Secure session management
  • Input validation and sanitization
  • Protection against SQL injection and XSS attacks

Access Controls:

  • Role-based access control (users can only access their own data)
  • Secure database connections (TLS required)
  • Restricted administrative access
  • Multi-factor authentication for admin accounts

Monitoring:

  • Automated security scanning
  • Log monitoring for suspicious activity
  • Regular security updates and patches

5.3 Data Retention

Active Accounts:

  • We retain your data for as long as your account is active
  • You can delete specific waste logs at any time
  • You can export all your data at any time

Inactive Accounts:

  • If you cancel your subscription, data is retained for 90 days to allow reactivation
  • After 90 days, data is permanently deleted unless legally required to retain

Backups:

  • Deleted data may persist in backups for up to 30 days
  • Backups are securely deleted after the retention period

Legal Retention:

  • We may retain data longer if required by law or for legal defense

5.4 Data Security Limitations

No Guarantee of Absolute Security:

  • No system is 100% secure
  • We cannot guarantee absolute security of your data
  • You are responsible for maintaining the security of your account credentials
  • Report suspected security breaches immediately to [SECURITY EMAIL]

Your Responsibility:

  • Use a strong, unique password
  • Do not share your account credentials
  • Log out of shared devices
  • Enable two-factor authentication when available
  • Maintain backups of critical data
  • Report suspected security breaches immediately to [email protected]

6. Your Rights and Choices

6.1 Access and Control

You have the right to:

  • Access all personal information we hold about you
  • Export your data in machine-readable format (CSV/JSON)
  • Correct inaccurate or incomplete information
  • Delete specific waste logs or photos
  • Permanently delete your account and all associated data

How to Exercise Rights:

  • Access data: Use the "Export Data" feature in account settings
  • Correct data: Edit your profile or waste logs directly in the Service
  • Delete data: Use the delete buttons in the interface or contact support
  • Account deletion: Contact [email protected] with subject line "Account Deletion Request"

6.2 Marketing Communications

Opt-Out Rights:

  • You can opt out of promotional emails by clicking "Unsubscribe" in any marketing email
  • You can manage email preferences in account settings
  • Transactional emails (password resets, payment confirmations) cannot be disabled

6.3 Do Not Track Signals

  • Our Service does not currently respond to Do Not Track (DNT) browser signals
  • We do not track you across third-party websites

6.4 California Residents (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act:

Right to Know:

  • Request details about personal information collected in the past 12 months
  • Request specific pieces of personal information we hold
  • Request categories of sources, purposes, and third-party sharing

Right to Delete:

  • Request deletion of personal information (subject to exceptions)

Right to Opt-Out:

  • We do NOT sell personal information, so no opt-out is necessary

Right to Non-Discrimination:

  • We will not discriminate against you for exercising CCPA rights

How to Exercise CCPA Rights:

  • Email: [email protected] with subject line "CCPA Request"
  • We will verify your identity before processing requests
  • Responses provided within 45 days (may extend to 90 days if complex)

6.5 European Residents (GDPR)

If you are in the European Economic Area (EEA), UK, or Switzerland, you have rights under GDPR:

Legal Basis for Processing:

  • Contract Performance: Processing necessary to provide the Service
  • Legitimate Interests: Service improvement, security, analytics
  • Consent: Marketing communications (with opt-in)
  • Legal Obligations: Compliance with laws

Your GDPR Rights:

  • Right of access
  • Right to rectification
  • Right to erasure ("right to be forgotten")
  • Right to restrict processing
  • Right to data portability
  • Right to object to processing
  • Right to withdraw consent
  • Right to lodge a complaint with supervisory authority

Data Transfers:

  • Your data may be transferred to and stored in the United States
  • We use Standard Contractual Clauses (SCCs) to protect international transfers
  • Our cloud infrastructure providers comply with GDPR requirements

How to Exercise GDPR Rights:

  • Email: [email protected] with subject line "GDPR Request"
  • Responses provided within 30 days

Supervisory Authority:

  • You may lodge a complaint with your local data protection authority
  • EU Data Protection Authorities: https://edpb.europa.eu/about-edpb/board/members_en

7. Children's Privacy

ComplianceLogger is NOT intended for children under 18.

  • We do not knowingly collect information from individuals under 18
  • If you believe a child under 18 has provided information, contact us immediately
  • We will promptly delete such information upon verification

8. International Data Transfers

United States-Based Service:

  • ComplianceLogger is operated from the United States
  • Data is stored on U.S.-based cloud infrastructure
  • By using the Service, you consent to transfer of your information to the United States

International Safeguards:

  • We comply with applicable data transfer frameworks
  • Standard Contractual Clauses (SCCs) for EU data transfers
  • Data Processing Agreements available upon request

9. Third-Party Links and Services

The Service may contain links to third-party websites or integrate with third-party services.

  • We are not responsible for third-party privacy practices
  • Review the privacy policies of any third-party services you use
  • Third-party services have their own terms and data practices

Key Third Parties:

  • Stripe: Payment processing (https://stripe.com/privacy)
  • Cloud infrastructure providers for hosting and storage

10. Cookie Management

How to Control Cookies:

Browser Settings:

  • Most browsers allow you to refuse cookies or alert you when cookies are being sent
  • See your browser's help documentation for instructions

Specific Browser Instructions:

  • Chrome: Settings → Privacy and security → Cookies
  • Firefox: Options → Privacy & Security → Cookies
  • Safari: Preferences → Privacy → Cookies
  • Edge: Settings → Cookies and site permissions

Note: Disabling cookies may prevent certain features from working properly.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time.

Notification of Changes:

  • Material changes will be announced via email or Service notification
  • The "Last Updated" date at the top will be revised
  • Continued use after changes constitutes acceptance

Reviewing Changes:

  • We recommend reviewing this Privacy Policy periodically
  • Previous versions available upon request

12. Data Breach Notification

In the event of a data breach:

  • We will notify affected users within 72 hours of discovery (if feasible)
  • Notification will include nature of breach, affected data, and mitigation steps
  • We will notify relevant supervisory authorities as required by law

What to Do if Breached:

  • Change your password immediately
  • Monitor your accounts for suspicious activity
  • Contact us for assistance: [email protected]

13. Contact Information

For privacy-related questions, concerns, or requests:

Privacy Officer: Lexopoly LLC Email: [email protected] Website: https://compliancelogger.lexopoly.com

Response Time:

  • General inquiries: 5-7 business days
  • Data requests (CCPA/GDPR): 30-45 days
  • Security concerns: Within 24 hours

14. Consent

By using ComplianceLogger, you consent to:

  • Collection and use of information as described in this Privacy Policy
  • Processing of your data in the United States
  • Use of cookies and tracking technologies
  • Sharing of information with service providers as described

Withdrawal of Consent:

  • You may withdraw consent by deleting your account
  • Contact [email protected] for assistance with account deletion

Privacy Policy Summary

What We Collect:

  • Account information (name, email, password)
  • Waste tracking data (logs, photos, disposal information)
  • Payment information (via Stripe)
  • Usage data (IP address, browser, device)

How We Use It:

  • Provide and improve the Service
  • Process payments
  • Customer support
  • Legal compliance

Who We Share With:

  • Cloud hosting providers (infrastructure)
  • Stripe (payment processing)
  • Email service providers (transactional emails)
  • Government agencies (only if legally required)

Your Rights:

  • Access, correct, and delete your data
  • Export your data
  • Opt out of marketing emails
  • CCPA and GDPR rights (if applicable)

Security:

  • Encryption in transit and at rest
  • Secure authentication
  • Regular security updates
  • No guarantee of absolute security

Contact: [email protected]

Last Updated: October 15, 2025