SPX LogoBETA

Privacy Policy

Last updated: September 17, 2025

SPX is committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, and safeguard your data.

Table of Contents
1. Information We Collect2. How We Use Your Data3. Document Handling4. Cookies and Tracking5. Third-Party Services6. Data Security7. Your Rights8. AI Training Program9. Legal Compliance10. Contact Information
1. Information We Collect

Personal Information

  • Name and email address (required for account creation)
  • Company name and job title (optional)
  • Profile information and bio (optional)
  • Payment information (processed securely through third-party providers)

Usage Data

  • Specifications generated and their metadata
  • Feature usage patterns and preferences
  • Credit consumption and usage analytics
  • Interaction patterns with our four core services
  • Login times and session duration
  • Device information and browser type

Technical Data

  • IP address and location data
  • Log files and error reports
  • Performance metrics and analytics
2. How We Use Your Data

We use your information for the following purposes:

Service Provision

  • Browse manufacturer catalogs
  • Generate AI-powered specifications
  • Score tender compliance
  • Verify submittal compliance
  • Manage your account and preferences
  • Process payments and subscriptions
  • Provide customer support

Service Improvement

  • Analyze usage patterns
  • Improve AI model performance
  • Develop new features
  • Ensure service security
  • Optimize credit consumption
  • Enhance user experience

AI Training Disclosure: We use anonymized interaction patterns to improve our AI services. Your uploaded documents are NEVER used for training. You may opt-in to our improvement program for additional features while maintaining complete document privacy.

3. Document Handling & Processing

Your Documents Are Secure

All uploaded documents and generated specifications are encrypted and stored securely. We implement industry-standard security measures to protect your intellectual property.

Document Processing

  • Documents are processed in secure, isolated environments
  • Temporary processing files are automatically deleted after use
  • Access is restricted to authorized personnel only
  • All processing activities are logged and monitored

Data Retention

  • Your documents are stored only as long as necessary for service provision
  • You can delete your documents at any time from your account
  • Deleted documents are permanently removed within 30 days
  • Backup copies are securely destroyed according to our retention schedule
4. Cookies and Tracking Technologies

We use cookies and similar technologies to enhance your experience and analyze service usage.

Essential Cookies

Required for basic site functionality, authentication, and security.

Analytics Cookies

Help us understand how you use our service to improve performance.

Preference Cookies

Remember your settings and preferences for a better experience.

You can control cookie preferences through your browser settings. Note that disabling essential cookies may affect service functionality.

5. Third-Party Integrations

We work with trusted third-party services to provide our functionality. All partners are carefully vetted for security and privacy compliance.

AI Processing

  • Google Cloud AI Platform for specification generation
  • OpenAI API for advanced language processing
  • AWS services for infrastructure and computing
  • All data is encrypted in transit and at rest

Payment Processing

  • Stripe for secure payment processing
  • PayPal for alternative payment methods
  • We never store your payment card information
  • All transactions are PCI DSS compliant

Infrastructure & Analytics

  • Supabase for database and authentication
  • Google Analytics for usage insights
  • Sentry for error monitoring and debugging
  • Data is anonymized where possible
6. Data Security Measures

Enterprise-Grade Security

We implement multiple layers of security to protect your data, including encryption, access controls, and regular security audits.

Technical Safeguards

  • AES-256 encryption for data at rest
  • TLS 1.3 encryption for data in transit
  • Regular security vulnerability assessments
  • Automated backup and disaster recovery

Access Controls

  • Multi-factor authentication for all accounts
  • Role-based access control for team members
  • Regular access reviews and audits
  • Secure API authentication and authorization
7. Your Privacy Rights

You have several rights regarding your personal data. We are committed to honoring these rights and making them easy to exercise.

Access & Portability

Request a copy of your personal data in a portable format.

Correction

Update or correct inaccurate personal information.

Deletion

Request deletion of your personal data and account.

Processing Restriction

Limit how we process your personal data.

Objection

Object to certain types of data processing.

Withdraw Consent

Withdraw consent for data processing at any time.

How to Exercise Your Rights:

Contact us at info@spxid.ai or use the privacy controls in your account settings. We will respond to your request within 30 days.

8. AI Training & Service Improvement

Your Documents Are Never Used

We NEVER use your uploaded documents, generated specifications, or project content to train our AI models. Your intellectual property remains completely private and secure.

Default Privacy Mode

  • No training on your data
  • Only aggregated, anonymized metrics
  • Complete document privacy
  • Your interactions remain private

Opt-In Improvement Program

  • Help improve SPX services
  • Share anonymized interaction patterns
  • Earn bonus credits monthly
  • Documents still remain private

What We Learn From: Feature usage patterns, query types, correction patterns, and success rates - never your actual content. You can opt-out anytime from account settings.

9. Legal Compliance
GDPR

European Union

We comply with the General Data Protection Regulation (GDPR) for all EU residents. This includes lawful basis for processing, data minimization, and enhanced user rights.

CCPA

California

We comply with the California Consumer Privacy Act (CCPA) for California residents, including rights to know, delete, and opt-out of the sale of personal information.

Kuwait Data Protection

As a Kuwait-based company, we comply with local data protection regulations and ensure that all data processing meets or exceeds international standards. Our primary servers are located in Kuwait with redundancy in secure international locations.

International Data Transfers

When we transfer personal data internationally, we use appropriate safeguards such as Standard Contractual Clauses (SCCs) and ensure adequate protection levels. Our primary data processing occurs within Kuwait, the United States, and European Union.

Data Breach Notification

In the unlikely event of a data breach, we will notify affected users within 72 hours via email and provide detailed information about the incident and steps we're taking to protect your data.

Children's Privacy

SPX services are not intended for users under 18 years of age. We do not knowingly collect personal information from children. If we discover such data, it will be immediately deleted.

Do Not Sell My Information

SPX does not sell, rent, or trade your personal information to third parties for their marketing purposes. Your data is used solely to provide and improve our services.

10. Contact Information

If you have any questions about this Privacy Policy or our data practices, please contact us:

Privacy Officer

Email: info@spxid.ai

Response Time: Within 48 hours

Mailing Address

SPX Privacy Team

P.O. Box 4997

Safat, Kuwait 13038

Data Protection Officer (EU): For EU-related privacy matters, contact our Data Protection Officer at info@spxid.ai

Policy Updates

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. When we make significant changes, we will:

  • Notify you via email at least 30 days before changes take effect
  • Display a prominent notice on our website
  • Update the "Last Updated" date at the top of this policy
  • Provide a summary of key changes

Current Version: This Privacy Policy was last updated on September 17, 2025 and is effective immediately.