Data subject rights
Commandix provides request channels for access, rectification, erasure review, restriction, portability, objection, and consent withdrawal. Authenticated app users can export their own personal data from Profile. Requests that affect company records are reviewed because execution data may belong to an employer, customer, or contractual account owner.
Controller and processor roles
For customer workspace data, the customer is typically the controller and Commandix acts as processor. For website, sales, security, billing, support, and product operations data, Commandix may act as controller. Enterprise agreements may define these roles in more detail.
Lawful basis and retention
Processing may rely on contract performance, legitimate interests, legal obligations, consent, or documented customer instructions depending on the context. Retention is based on account operation, security, legal, support, and customer contract needs. See the Privacy Policy, Cookie Policy, and DPA overview.
Privacy request
Technical and organizational controls
| Area | Commandix readiness control |
|---|---|
| Access | Role-based access, tenant scoping, MFA support, session management, password policy, OAuth options, and forced password reset controls. |
| Security | HTTPS, HSTS, hardened headers, rate limiting, CSRF protection, CrowdSec scanner protection, audit logs, and security event logging. |
| Data rights | Authenticated user export, public and in-app request intake, durable request logging, and review workflows for deletion/restriction requests. |
| Subprocessors | Subprocessor disclosure, vendor review path, and procurement channel for customer security review. |