PrimeX

Last updated 2026-05-10

Privacy Policy

What personal information PrimeX collects, how we use it, who we share it with, and the rights you have over your data.

Effective date: 2026-04-14 Last updated: 2026-05-14

This document is drafted for engineering + operational accuracy, not legal sufficiency. Have qualified counsel review for your jurisdiction before you publish it at a customer-facing URL. Counsel should confirm language for CCPA/CPRA, VCDPA, CPA, CTDPA, UCPA, TDPSA, and any GDPR obligations you take on if you market outside the United States.

1. Who we are

PrimeX is a field-service operating system for residential service businesses. We provide software that helps businesses manage their customers, jobs, invoices, estimates, schedules, team, and customer communication.

  • Entity: PrimeX LLC, a South Carolina limited liability company
  • Registered address: 2559 Brescia St, Myrtle Beach, SC 29579, USA
  • Contact: [email protected]
  • Data protection contact: [email protected]

If you are one of our customers — a business owner or employee using PrimeX to run your operations — we are your service provider and data processor under most US state privacy laws. You are the controller of the personal information of your own customers.

If you are an end customer of one of our customers — for example, someone whose plumber uses PrimeX — please contact that business directly to exercise your rights over your data. They are the data controller.

2. Data we collect

From business users (owners, employees, managers, technicians):

  • Account info: name, work email, phone number, role
  • Authentication credentials (password hashes, session tokens, biometric verification flags)
  • Business profile: legal name, DBA, address, phone, website, logo, brand color, plan tier, license number
  • Team structure and permissions
  • Device information: device model, OS version, app version, crash diagnostics
  • App usage telemetry: screen views, action frequency, error reports
  • Precise location (only while the app is in use, only with explicit permission) — used for territory maps, dispatch, nearby-job discovery
  • Voice recordings and speech input (only when the user explicitly invokes the voice interface)
  • Photos captured through the in-app camera or selected from the gallery (only when the user attaches them to a job or estimate)

From end customers of our business users (collected and stored on behalf of that business):

  • Name, address, phone, email
  • Preferred contact channel (SMS, email, call)
  • Job history, service records, notes, tribal-knowledge tags
  • Invoices, estimates, payment status
  • Messages exchanged with the business (both directions)
  • Consent preferences for marketing SMS and marketing email
  • Property photos and equipment details the business records during service

We do not collect:

  • Advertising identifiers (IDFA, GAID)
  • Browsing history outside the PrimeX app
  • Health or fitness data
  • Financial account credentials (card numbers never touch PrimeX servers — all payment processing runs through a PCI DSS-certified payments processor)
  • Social-graph data from outside sources

3. How we use the data

1. To operate the service. Display customers, jobs, schedules, and communication history. Deliver SMS and email on behalf of the business. Power the Prime AI assistant features (drafting, suggestions, schedule optimization). 2. To keep the service secure. Detect abuse, investigate incidents, block unauthorized access, enforce tenant isolation. 3. To improve the service. Analyze anonymized crash reports, diagnose performance issues, measure feature adoption in aggregate. 4. To support customers. Respond to your messages, debug issues you report, recover data you ask us to recover. 5. To comply with law. Respond to lawful legal process, honor statutory data subject rights, cooperate with audits.

We do not use your data to:

  • Sell to third parties (we do not sell personal information, period)
  • Train generic AI models
  • Serve advertising
  • Build cross-service profiles

4. AI features and your data

Prime AI features (chat, drafting, suggestions, schedule optimization, voice input) are powered by an enterprise large language model accessed through a contracted AI sub-processor. When you interact with Prime, the relevant context from your PrimeX account is sent to that sub-processor solely to generate a response.

  • We do not use customer data to train generic AI models
  • A zero-retention configuration is in place via the sub-processor's enterprise settings (effective once our enterprise contract is signed; interim builds use the sub-processor's standard retention policy)
  • Voice recordings are processed for transcription and immediately discarded

5. Who we share data with

We use vetted third-party sub-processors to operate the service. Each is engaged under a written data protection agreement. We do not sell, rent, or otherwise transfer your personal information to third parties for their marketing purposes.

The categories of sub-processors we rely on:

CategoryPurposeData flow
Cloud hosting + database + authenticationPrimary data store, authentication, edge functionsAll core app data
Enterprise AI providerPowers Prime AI features (drafting, suggestions, optimization)Prompt payloads (see section 4)
Mapping + geocodingTerritory map tiles and address lookupMap requests — addresses are not tied to an identifiable user
Payments processorSubscription billing and invoice processingCard data flows directly to the processor, never to us
SMS messaging carrierDelivers operational SMS on behalf of the businessPhone number + message body
Transactional email providerDelivers operational and notification emailEmail address + message body
Error monitoringCrash reporting and runtime diagnosticsError stack traces, device context, app state at crash time
Push notificationsMobile push deliveryDevice push tokens

A current list of named sub-processors is available on request to [email protected].

We will share data with law enforcement only when compelled by valid legal process. We will notify you unless the process prohibits notice.

6. SMS / Text Message Communications

How we collect your phone number and consent

PrimeX customers ("Service Businesses") use our platform to message their own end customers ("Homeowners"). When a Homeowner provides their phone number to a Service Business — whether by signing up through a Service Business's website, providing it during a service appointment, or being added to the business's customer list with their permission — they are giving consent to receive SMS messages from that Service Business through PrimeX.

What kinds of messages we send

Operational and transactional messages only:

  • Appointment confirmations and reminders
  • "Tech is on the way" arrival notifications
  • Job status updates (rescheduled, completed, missed)
  • Invoice and payment notifications
  • Service plan agreements and renewals
  • Estimate delivery and follow-ups
  • Direct one-to-one replies from your Service Business

We do not send marketing or promotional broadcast SMS through this channel.

Frequency

Message frequency varies based on the appointments and services you have scheduled with your Service Business. Most Homeowners receive between 2 and 8 messages per scheduled appointment.

Carrier and data charges

Standard message and data rates may apply, depending on your mobile carrier and plan.

How to stop receiving messages

You can stop receiving SMS at any time by replying STOP to any PrimeX-delivered message. Replying STOP unsubscribes you from all SMS for that Service Business. Reply HELP for help. Replying START or UNSTOP re-subscribes you.

Privacy of your phone number

We do not sell, rent, or otherwise share your phone number with third parties for their marketing purposes. Your phone number is used solely to deliver the operational messages described above on behalf of the Service Business you authorized.

Disputes and questions

For SMS-related questions or to dispute a message, contact [email protected].

7. Your rights

Rights for everyone

Regardless of your location, you have the right to:

  • Access your data — download a complete copy of all data PrimeX holds about you in portable JSON format. Submit a request at primex.it.com/privacy-request or, if you are a PrimeX account holder, through Settings → Privacy & Data.
  • Delete your data — request permanent erasure of your personal information. We will anonymize or delete your data from live systems within 30 days. Financial records (invoices, payment records) are retained in de-identified form as required by accounting law; your name, contact details, and all other identifying information are removed.
  • Correct inaccurate data — update any inaccurate or incomplete information through the in-app edit flows or by contacting us.
  • Object to processing — opt out of specific processing activities such as marketing email or AI-powered suggestions. Manage these in Settings → Notifications or contact us at [email protected].
  • Withdraw consent — where processing is based on your consent (e.g., marketing SMS, property photos), you may withdraw that consent at any time without affecting the lawfulness of processing before withdrawal.
  • Appeal — if we decline your request, contact [email protected] within 30 days of our response. We will conduct a fresh review within 30 days of your appeal.

How to submit a request

Submit any privacy rights request at primex.it.com/privacy-request. You will receive a confirmation email with a verification link. Once verified, we will process your request within 30 days (45 days where permitted by applicable law with notice).

If you are an end customer of a business that uses PrimeX to manage their operations, please contact that business directly. They are the controller of your data and are responsible for honoring your rights under their applicable law.

What deletion covers

When a deletion request is processed:

  • Your profile, contact information, job notes, messages, photos, and preferences are permanently erased.
  • Financial records (invoices, estimates, payment records) are retained in anonymized form, without any information identifying you, as required by US federal and state accounting and tax law.
  • Anonymized records are not linked to you in any way.

GDPR (EU / EEA / UK / Switzerland)

If you are located in the European Economic Area, the United Kingdom, or Switzerland, or if a business using PrimeX processes your data as a data subject in those jurisdictions, you have additional rights under the GDPR / UK GDPR:

  • Right of access (Art. 15): obtain a copy of your personal data and information about how it is processed
  • Right to rectification (Art. 16): correct inaccurate personal data
  • Right to erasure (Art. 17): request deletion of your personal data under the grounds set out in Art. 17
  • Right to restriction of processing (Art. 18): restrict processing in certain circumstances
  • Right to data portability (Art. 20): receive your data in a structured, commonly used, machine-readable format
  • Right to object (Art. 21): object to processing based on legitimate interests or for direct marketing
  • Rights related to automated decision-making (Art. 22): not be subject to a decision based solely on automated processing that produces legal or similarly significant effects

To exercise these rights, contact [email protected]. If you are not satisfied with our response, you have the right to lodge a complaint with your local supervisory authority (in the EU, the competent data protection authority for your member state; in the UK, the Information Commissioner's Office).

CCPA / CPRA (California)

California residents have the following rights under the CCPA/CPRA:

  • Right to know — the categories and specific pieces of personal information we have collected, disclosed, or sold about you
  • Right to delete — request that we delete personal information we have collected from you, subject to certain exceptions
  • Right to correct — request correction of inaccurate personal information
  • Right to opt out of sale or sharing — PrimeX does not sell or share personal information for cross-context behavioral advertising. There is nothing to opt out of.
  • Right to limit use of sensitive personal information — request that we use your sensitive personal information only to perform the services you requested
  • Right to non-discrimination — we will not deny, charge different prices, or provide a different level of service because you exercised any of these rights

To exercise these rights, submit a request at primex.it.com/privacy-request or email [email protected]. We will respond within 45 days.

Other US states

Residents of Colorado, Connecticut, Virginia, Utah, Texas, Oregon, Montana, Delaware, New Hampshire, New Jersey, Minnesota, Maryland, Iowa, Tennessee, and Indiana have similar rights under their respective state privacy laws. We honor these rights on the same terms as described above. Contact [email protected] to exercise them.

8. Data retention

Data categoryRetention period
Active account dataDuration of active subscription
Deleted account — live systemsErased within 30 days of verified deletion request
Encrypted backupsUp to 90 days, then overwritten on rotation
Audit logs2 years (security investigation purposes)
Financial records7 years (US tax and accounting law requirement), anonymized
Marketing suppression listIndefinite (ensures opted-out users remain opted out after re-registration)
Data export files7 days from generation, then automatically deleted from our servers

9. Security measures

  • All data in transit uses TLS 1.2 or higher
  • At-rest encryption for database, file storage, and secrets
  • Row-level security in our Postgres database enforces strict tenant isolation — we have tooling (see supabase/tools/verify-rls.sql in our engineering repository) that we run before every production deployment to verify coverage
  • JWT-based authentication with hardware-backed secure storage (iOS Secure Enclave, Android Keystore)
  • Audit logging of sensitive operations
  • Error monitoring through a contracted observability provider with PII masking
  • Dependency and vulnerability scanning through automated tooling

We cannot guarantee absolute security of any online service. If you believe your account has been compromised, contact [email protected] immediately.

10. International transfers

PrimeX is currently operated from the United States. If you access the service from another country, your data is transferred to the US. We do not currently market to EU residents or offer the service to businesses located in the EU, UK, Switzerland, or EEA. If we do so in the future, this section will be updated to reflect the transfer mechanism (Standard Contractual Clauses, etc.) we rely on.

11. Children

PrimeX is a B2B tool and is not directed to children under 16. We do not knowingly collect personal information from anyone under 16. If you believe we have collected such information, contact [email protected] and we will delete it.

12. Changes to this policy

We will notify you of material changes via in-app notice, email, or both, at least 30 days before the change takes effect. The "Last updated" date at the top of this document will always reflect the most recent revision.

13. Contact

[email protected] · PrimeX LLC, 2559 Brescia St, Myrtle Beach, SC 29579

For urgent security issues: [email protected]

Related

Keep reading