Privacy Policy – Trajectix

1. Introduction and Scope

Trajectix LLC, a Utah limited liability company ("Trajectix," "we," "our," or "us"), is committed to being transparent about how we collect, use, store, and share information in connection with the Trajectix Platform. This Privacy Policy ("Policy") describes our data practices and your rights with respect to your information.

This Policy applies to all Users of the Platform, including Sales Users (sales representatives, brokers, and agents who subscribe to the Platform) and Prospect Users (businesses and employers who submit documents and information through the Platform at the request of a Sales User). Where our practices differ based on user type, we note this expressly.

This Policy should be read together with our Terms and Conditions of Service ("Terms"), which govern your use of the Platform and contain additional terms regarding data rights, AI training, and data licensing. In the event of any conflict between this Policy and the Terms with respect to data rights and licensing, the Terms control.

By using the Platform, you acknowledge that you have read and understood this Policy and agree to the collection, use, and disclosure of your information as described herein.

2. Information We Collect

We collect several categories of information in connection with your use of the Platform:

2.1 Information You Provide Directly

We collect information that you voluntarily provide when you register for an account, use Platform features, or communicate with us, including:

Account registration information: name, email address, phone number, job title, company name, and account credentials
Billing and payment information provided by Sales Users (processed by our third-party payment processor; we do not store full payment card numbers)
Communications you send to us, including support requests and feedback

2.2 User Content

As described in the Terms, Prospect Users and Sales Users submit User Content through the Platform in connection with sales and underwriting workflows. User Content may include highly sensitive business and personal information, including:

Payroll records, payroll tax filings (such as Form 941, state unemployment reports), and wage data
Employee census data, including employee names, dates of birth, job classifications, compensation, and tenure information
Health insurance information, including current plan details, carrier information, and claims data
Workers' compensation insurance information, including current policies, loss runs, and claims history
Business financial information, including revenue, headcount, and industry classification
Government-issued identification numbers and tax identification numbers (EINs)
Any other documents or data submitted by a User in connection with a quote or underwriting review

Sales Users are responsible for ensuring they have obtained all necessary consents and authorizations before submitting Prospect User data through the Platform, as required by the Terms.

2.3 Usage Data

We may automatically collect Usage Data when you interact with the Platform, including:

Log data: IP address, browser type, operating system, referring URLs, pages viewed, and timestamps
Device information: device type, unique device identifiers, and network information
Clickstream data and feature interaction data: how you navigate and use Platform features
Session data: session duration, actions taken within a session, and workflow completion data
Performance and error data: crash reports, error logs, and response time data

2.4 Cookies and Similar Technologies

We may use cookies, web beacons, pixel tags, and similar tracking technologies to collect information about your use of the Platform. These technologies help us authenticate users, remember preferences, analyze usage, and improve the Platform. You may control cookie settings through your browser; however, disabling certain cookies may affect Platform functionality. We do not currently respond to "Do Not Track" signals.

2.5 Information from Third Parties

We may receive information about you from third-party sources, including:

Third-Party Services that integrate with the Platform, such as identity verification or document management tools
Payment processors, for billing and fraud prevention purposes
Analytics providers who help us understand Platform usage

3. How We Use Your Information

We use the information we collect for the following purposes:

3.1 Providing and Operating the Platform

Creating and managing user accounts
Processing and facilitating document collection and workflow requests
Enabling communication between Sales Users and Prospect Users
Processing payments from Sales Users
Providing customer support and responding to inquiries
Sending transactional communications, such as account confirmations, notifications, and security alerts

3.2 Improving and Developing the Platform

Analyzing usage patterns to understand how the Platform is used and identify areas for improvement
Developing and testing new features and functionality
Conducting internal research and product development
Monitoring and improving Platform performance, security, and reliability

3.3 Artificial Intelligence and Machine Learning

As described more fully in Section 8 of the Terms, we use User Content, Usage Data, metadata, and derived data to train, fine-tune, test, and improve our artificial intelligence and machine learning models, including models for document classification, data extraction, workflow automation, and predictive analytics. This use is a core part of how we build and improve the Platform.

We will use commercially reasonable efforts to anonymize or de-identify User Content prior to use in AI training where practicable. However, we do not guarantee that all AI training uses will involve only anonymized data. Your acceptance of the Terms and this Policy constitutes your consent to these uses, including non-anonymized uses, to the maximum extent permitted by applicable law.

3.4 Aggregated and De-identified Data

We create and use Aggregated Data derived from User Content and Usage Data. Trajectix owns all Aggregated Data and may use it without restriction for any business purpose, including benchmarking, industry research, product development, marketing, and publication. Aggregated Data is not reasonably traceable to any individual or business.

3.5 Legal, Compliance, and Safety

Complying with applicable laws, regulations, and legal processes
Enforcing the Terms and this Policy
Detecting, preventing, and responding to fraud, security incidents, and other harmful or unlawful activity
Protecting the rights, property, and safety of Trajectix, our Users, and the public

3.6 Marketing and Communications

We may use your contact information to send you marketing communications about Trajectix products, features, and updates. Sales Users may opt out of marketing communications at any time by following the unsubscribe instructions in those communications or contacting us directly. We do not use Prospect User data for marketing purposes directed at Prospect Users.

4. How We Share Your Information

We do not sell your personal information to third parties. We may share your information in the following circumstances:

4.1 Between Sales Users and Prospect Users

The Platform is designed to facilitate document sharing between Sales Users and Prospect Users. Accordingly, User Content submitted by a Prospect User is accessible to the Sales User who invited them to the Platform. Prospect Users should be aware of this access when submitting information. Sales Users may also share Prospect User data with their affiliated carriers, underwriters, service providers, or insurance partners in connection with generating a quote or completing an underwriting review.

4.2 Service Providers and Subprocessors

We share information with third-party vendors and service providers who perform services on our behalf, including:

Cloud hosting and infrastructure providers
Payment processors
Analytics and monitoring providers
Customer support tools
Email and communication service providers
Security and fraud prevention providers

These service providers are contractually obligated to use your information only as directed by us and in accordance with this Policy, and to implement appropriate security measures.

4.3 Business Transfers

If Trajectix is involved in a merger, acquisition, financing, reorganization, bankruptcy, or sale of all or a portion of our assets, your information may be transferred as part of that transaction. We will provide notice of such a transfer as required by applicable law, and any successor entity will be required to honor the terms of this Policy or provide you with notice of any material changes.

4.4 Legal Requirements and Protection of Rights

We may disclose your information if we believe in good faith that disclosure is necessary to: (a) comply with applicable law, regulation, legal process, or governmental request; (b) enforce the Terms or this Policy; (c) detect, prevent, or address fraud, security, or technical issues; or (d) protect the rights, property, or safety of Trajectix, our Users, or others.

4.5 With Your Consent

We may share your information with third parties when you have given us your explicit consent to do so.

5. Data Retention

We retain your information for as long as necessary to fulfill the purposes described in this Policy, to comply with our legal obligations, resolve disputes, and enforce our agreements. Our general retention practices are:

Account information: retained for the duration of your account and for a reasonable period thereafter to comply with legal obligations and resolve disputes
User Content: retained during the active relationship between a Sales User and Trajectix; Sales Users may request deletion of their own User Content or Prospect User Content subject to this Policy and Trajectix's rights under Section 8 of the Terms
Usage Data and logs: generally retained for up to 24 months for operational and security purposes, and may be retained longer in anonymized form
Aggregated and de-identified data: retained indefinitely, as this data is not reasonably linked to individuals
Data incorporated into AI models: not subject to deletion upon account termination, as it is not technically feasible to extract specific data points from trained models

When User Content is deleted, we will use commercially reasonable efforts to remove it from active systems within a reasonable timeframe, subject to backup retention cycles and our rights under the Terms.

6. Data Security

We take the security of your information seriously and implement commercially reasonable technical, administrative, and physical safeguards designed to protect your information from unauthorized access, disclosure, alteration, and destruction. Our security measures include:

Encryption of data in transit using TLS/SSL protocols
Encryption of data at rest
Access controls and authentication requirements for Platform access
Regular security assessments and vulnerability testing
Employee security training and access limitations on a need-to-know basis

No security system is impenetrable. We cannot guarantee the absolute security of your information, and we are not responsible for unauthorized access to your information that results from circumstances beyond our reasonable control. You are responsible for maintaining the security of your account credentials and access.

In the event of a security breach that materially affects your information, we will notify you as required by applicable law.

7. Health-Related Information; No HIPAA Compliance Representation

Trajectix recognizes that Users may submit documents and data through the Platform that include health insurance information, employee benefits data, and related materials in connection with the underwriting and quote generation process. Trajectix has designed the Platform with data security as a priority and has implemented commercially reasonable administrative, physical, and technical safeguards intended to protect the confidentiality and integrity of data submitted through the Platform, including data of a sensitive or health-related nature.

NOTWITHSTANDING THE FOREGOING, TRAJECTIX DOES NOT REPRESENT, WARRANT, OR COVENANT THAT THE PLATFORM IS COMPLIANT WITH THE HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 OR ITS IMPLEMENTING REGULATIONS (COLLECTIVELY, "HIPAA"). TRAJECTIX IS NOT ACTING AS A COVERED ENTITY OR BUSINESS ASSOCIATE (AS THOSE TERMS ARE DEFINED UNDER HIPAA) IN CONNECTION WITH THE PLATFORM, AND THIS POLICY DOES NOT CONSTITUTE, AND TRAJECTIX DOES NOT OFFER, A BUSINESS ASSOCIATE AGREEMENT. TRAJECTIX EXPRESSLY DISCLAIMS ANY OBLIGATION TO COMPLY WITH HIPAA OR ANY OTHER HEALTH INFORMATION PRIVACY LAW IN CONNECTION WITH ITS PROVISION OF THE PLATFORM OR SERVICES.

Users are solely responsible for determining whether any data they submit through the Platform is subject to HIPAA or other applicable health information privacy laws, and for ensuring their own compliance with all such laws. Users who are Covered Entities or Business Associates under HIPAA should not submit Protected Health Information through the Platform without independently evaluating and satisfying their own HIPAA compliance obligations. Please refer to Section 9.3 of the Terms and Conditions for the full disclaimer and limitation of liability applicable to health-related information.

8. State Privacy Rights

8.1 Utah Consumer Privacy Act (UCPA)

Utah residents have the following rights with respect to their personal data under the Utah Consumer Privacy Act:

Right to know: the right to confirm whether Trajectix processes your personal data and to access that data
Right to delete: the right to request deletion of personal data you have provided to us, subject to certain exceptions
Right to data portability: the right to obtain a copy of your personal data in a portable format
Right to opt out of certain processing: the right to opt out of the sale of personal data or the processing of personal data for targeted advertising

Please note that Utah's consumer privacy law applies to personal data processed in a commercial context. Certain exemptions apply, including for data processed in the context of employment relationships and certain business-to-business data. To the extent Trajectix qualifies for applicable exemptions, this Section may not apply to all data we process.

8.2 California Consumer Privacy Act (CCPA) / CPRA

California residents have additional rights under the California Consumer Privacy Act, as amended by the California Privacy Rights Act ("CCPA/CPRA"), including:

Right to know what personal information is collected, used, shared, or sold
Right to delete personal information
Right to correct inaccurate personal information
Right to opt out of the sale or sharing of personal information
Right to limit use of sensitive personal information
Right to non-discrimination for exercising privacy rights

Trajectix does not sell personal information as defined by the CCPA/CPRA. California residents may submit privacy rights requests as described in Section 9 below.

8.3 Other State Privacy Laws

Residents of other states with applicable consumer privacy laws (including Virginia, Colorado, Connecticut, Texas, and others) may have similar rights as described above. We will honor verified privacy rights requests from residents of any state where such rights are required by applicable law.

9. Your Choices and Privacy Rights Requests

9.1 How to Submit a Request

To exercise any of the privacy rights described in this Policy, you may contact us at:

Trajectix LLC — Privacy Requests
Email: contact@trajectix.com
Website: www.trajectix.com

We will acknowledge your request within ten (10) business days and respond within the timeframe required by applicable law (generally 45–90 days, depending on jurisdiction, with one permitted extension where permitted by law).

9.2 Verification

To protect your privacy and security, we will verify your identity before processing a privacy rights request. We may ask you to provide information sufficient to verify your identity, such as your account email address or other identifying information we have on file.

9.3 Prospect User Requests

Because Prospect Users are invited to the Platform by Sales Users and may not have a direct account relationship with Trajectix, Prospect Users seeking to exercise data rights should also notify the Sales User who invited them. In some cases, Trajectix will coordinate with the Sales User to fulfill a Prospect User's data rights request.

9.4 Limitations on Deletion

Your right to request deletion of your data is subject to certain limitations, including our rights under Section 8 of the Terms (including our AI training rights), our legal obligations to retain certain records, and technical limitations associated with removing data from trained AI models. We will honor deletion requests to the extent technically and legally feasible.

9.5 Marketing Opt-Out

Sales Users may opt out of marketing communications at any time by clicking "unsubscribe" in any marketing email or by contacting us at contact@trajectix.com. Opting out of marketing communications will not affect transactional or account-related communications.

10. Children's Privacy

The Platform is intended for use by businesses and business professionals only. The Platform is not directed to individuals under the age of 18, and we do not knowingly collect personal information from children under 18. If we become aware that we have collected personal information from a child under 18, we will take steps to delete such information promptly. If you believe we have inadvertently collected information from a minor, please contact us at contact@trajectix.com.

11. Third-Party Links and Services

The Platform may contain links to or integrations with Third-Party Services. This Policy does not apply to any third-party websites, applications, or services. We are not responsible for the privacy practices of any third party, and we encourage you to review the privacy policies of any Third-Party Services you access in connection with your use of the Platform.

12. International Data Transfers

Trajectix is headquartered in the United States, and your information is collected, stored, and processed in the United States. If you are located outside the United States, please be aware that your information will be transferred to, stored, and processed in the United States, where data protection laws may differ from those in your home country. By using the Platform, you consent to the transfer of your information to the United States.

If you are located in the European Economic Area, the United Kingdom, or Switzerland, please contact us at contact@trajectix.com for information about the legal mechanisms we use to transfer data internationally, if applicable to your situation.

13. Changes to This Privacy Policy

We reserve the right to modify this Policy at any time. If we make material changes to how we collect, use, or share your information, we will provide notice by posting the updated Policy on the Platform and updating the "Effective Date" above, and/or by notifying you via the email address associated with your account. Your continued use of the Platform after the effective date of any changes constitutes your acceptance of the updated Policy.

We encourage you to review this Policy periodically to stay informed about our data practices.

14. Contact Us

If you have any questions, concerns, or complaints about this Privacy Policy or our data practices, please contact us:

Trajectix LLC
Attn: Privacy / Legal Department
Email: contact@trajectix.com
Website: www.trajectix.com

We take privacy concerns seriously and will respond to your inquiry promptly.