Data we collect
We may collect account information, contact information, organization details, role and access data, goals, tasks, projects, deals, files, comments, execution metrics, product usage data, public-form submissions, support communications, security logs, audit records, session metadata, and integration metadata for enabled Microsoft or Google workflows.
How we use data
We use data to provide and secure the service, maintain tenant isolation, authenticate users, support customer workspaces, operate product functionality, respond to inquiries, process security and procurement requests, improve reliability, prevent abuse, and meet legal or contractual obligations.
Lawful basis
Depending on context, we may process personal data to perform a contract, pursue legitimate interests in operating and securing an enterprise SaaS platform, comply with legal obligations, obtain consent, or follow documented customer instructions when acting as processor.
Sharing and subprocessors
We do not sell personal information. We may share limited information with service providers that support hosting, email, identity, calendar integrations, bot protection, certificate management, support, or security. See Subprocessors.
Retention
We retain information for as long as needed to provide the service, maintain security, satisfy customer contracts, resolve disputes, enforce agreements, comply with law, and preserve audit evidence. Security and audit logs may be retained longer where needed for compliance, abuse prevention, or legal defense.
Your rights and choices
Depending on location and relationship to Commandix, you may request access, correction, deletion review, restriction, portability, objection, or consent withdrawal. Authenticated users can export personal data from the Profile page. Public requests can be submitted through the GDPR page. Requests affecting customer-controlled workspace data may be routed to the relevant customer controller.
Security
We use technical and organizational safeguards appropriate for an enterprise SaaS application, including HTTPS, hardened headers, role controls, tenant scoping, session controls, MFA support, rate limiting, security logs, and audit logs. See the Security page and Trust Center.
International transfers
Commandix and its service providers may process data in countries different from where users or customers are located. Customer agreements may include transfer mechanisms, security commitments, and data processing terms for regulated deployments.