PX Privacy Policy

1. Scope and Roles

1.1 Controller and Processor Roles

• For personal data we collect about you as a Customer or prospective customer (for example your account profile and marketing data), PX acts as a "controller" under applicable data protection laws.
• For personal data we process on behalf of Customers about their guests, owners, or staff, including booking and accounting data, PX generally acts as a "processor" or "service provider". In these cases, our processing is governed by our agreement with the Customer, including any Data Processing Addendum ("DPA").

1.2 Applicability

This Privacy Policy applies to personal data we process in connection with the Services and our business operations. It does not apply to websites, services, or products that we do not own or control.

2. Personal Data We Collect

We collect the following categories of personal data, depending on how you interact with the Services.

2.1 Account and Business Profile Data

• Name and contact details such as email, phone, and mailing address
• Business name, role, and number of listings or properties
• Account credentials and authentication data

2.2 Owner, Property, and Portfolio Data

• Owner names and contact details
• Property addresses and identifiers
• Property configuration, rules, and financial targets

2.3 Booking, Revenue, and Accounting Data

• Reservation details, channel information, stay dates, and pricing
• Payouts, refunds, fees, and commissions
• Expense data and categorization, including vendor names and invoice references
• Owner statement data, reserves, and payout schedules
• Reconciliation data between PMS, channel payouts, and bank transactions

2.4 Financial and Integration Data

• Connections to PMS, accounting platforms, payment processors, and channel managers
• Tokenized bank or card connection information provided by third party aggregators
• Bank transaction data relevant to STR operations such as deposits, fees, and vendor payments

We do not store your full bank login credentials. Those are handled by our integration partners.

2.5 Guest and Occupancy Tax Data

• Data necessary to calculate and track guest or lodging taxes, such as stay details, tax jurisdictions, tax categories, and amounts collected or remitted
• Information used in returns and compliance reports that may include tax identifiers where provided by you

2.6 Communications and Support Data

• Messages and communications with us, including email, in app messages, and support chats
• Call logs, meeting invitations, and notes from onboarding or strategy sessions
• With your consent where required, recordings and transcripts of sessions used for training and service improvement

2.7 Usage and Device Data

• IP address, device identifiers, browser type, and operating system
• Log data such as pages viewed, features used, error logs, and diagnostic data
• Cookie and similar identifiers used for authentication, analytics, and marketing (where allowed)

2.8 Vendor and Contractor Data

• Contact and scheduling information for vendors such as cleaners, maintenance providers, or other third parties that you choose to coordinate through PX

2.9 Sensitive or Special Categories Data (limited)

• In limited cases and only where provided by you, government identifiers, exact property access codes, or sensitive notes needed for operations and tax reporting

We seek to minimize collection of sensitive data and apply additional safeguards where required.

3. Sources of Personal Data

We collect personal data from:

• You directly, for example when you create an account, configure properties, or contact support
• Systems you connect to PX, such as PMS, OTAs, bank data providers, and accounting systems
• Cookies, SDKs, and similar technologies when you use the Services
• Service providers, partners, and other third parties that support our operations
• Public sources, for example to verify business details and reduce fraud

4. How We Use Personal Data

We use personal data for the following purposes:

4.1 Providing the Services

• Creating and administering accounts and workspaces
• Importing and syncing data from PMS, bank feeds, and other integrations
• Generating diagnostics, owner statements, reconciliations, and tax reports
• Operating workflows and automations that you configure

4.2 Improving and Developing the Services

• Monitoring performance, usage, and reliability
• Debugging, support, and troubleshooting
• Training and tuning models and rules for better classification and issue detection
• Creating aggregated and deidentified analytics for service and business improvement

4.3 Communications

• Sending administrative messages such as notices about changes, security, or service issues
• Responding to support requests and questions
• Sending product updates, events, and marketing communications where permitted by law and your preferences

4.4 Security and Fraud Prevention

• Detecting, investigating, and preventing security incidents
• Protecting against fraudulent or abusive activity
• Enforcing our Terms and other agreements

4.5 Legal and Compliance

• Complying with legal obligations, including tax, audit, and regulatory requirements that apply to us
• Responding to lawful requests from authorities and resolving disputes

4.6 Legal Bases in the EEA and UK

Where data protection laws apply and require a lawful basis, we rely on:

• Performance of a contract, for example to provide the Services you request
• Legitimate interests, such as providing and improving the Services, securing our systems, and supporting customers, where those interests are not overridden by your rights
• Compliance with legal obligations
• Consent, where required for certain processing such as some kinds of marketing or cookies

5. How We Share Personal Data

We share personal data in the following circumstances:

5.1 Service Providers and Subprocessors

We share personal data with trusted third parties who perform services on our behalf, such as:

• Hosting and infrastructure providers
• Analytics and logging providers
• Email, messaging, and notification services
• Payment processors and bank data integrators
• Identity verification and security services
• Support and ticketing systems
• Recording and transcription providers for meetings, where used

These providers process personal data under contracts that limit use to providing services to us and that include appropriate safeguards.

5.2 Integrated Platforms and Tools

When you choose to connect external platforms to PX, we share personal data as necessary to enable those integrations, such as:

• PMS and channel managers, to sync listings, reservations, and payouts
• Accounting systems, to sync accounting entries
• Communication tools, to send notifications or emails

Sharing and subsequent processing by those platforms is governed by their own terms and privacy policies.

5.3 Tax Providers and Advisors

If you purchase or use tax preparation or filing services through or with PX, we will share relevant data with Tax Providers, including:

• Booking, revenue, and tax data necessary to prepare returns
• Account and business information that you authorize us to share

Tax Providers handle personal data under their own privacy and engagement terms. PX is not responsible for their independent handling of data beyond our role as a facilitator and processor where applicable.

5.4 Vendors and Operational Partners

If you choose to coordinate vendors such as cleaners or maintenance providers through PX, we may share schedules, property information, and contact details with those vendors at your direction.

5.5 Affiliates

We may share personal data with our corporate affiliates for purposes consistent with this Privacy Policy, such as internal administration and shared services.

5.6 Business Transfers

We may share or transfer personal data in connection with mergers, acquisitions, financing, or sale of all or part of our business. We will require any successor or acquirer to respect this Privacy Policy or a substantially similar policy.

5.7 Legal, Safety, and Enforcement

We may disclose personal data if we believe in good faith that it is reasonably necessary to:

• Comply with a law, regulation, legal process, or governmental request
• Protect the rights, property, or safety of PX, our users, or the public
• Enforce our Terms or agreements or collect amounts owed

5.8 No "Sale" of Personal Data

We do not "sell" personal data as that term is defined in some privacy laws. We may engage in certain types of targeted advertising or analytics that could be considered "sharing" under California law. You can opt out of such "sharing" where required by law, as described in Section 10.

6. Cookies and Similar Technologies

We use cookies, pixel tags, and similar technologies to:

• Authenticate users and maintain sessions
• Remember preferences and settings
• Perform analytics about usage and performance of the Services
• Support marketing, where allowed by law and your preferences

You can manage cookie preferences using your browser settings and, where provided, in product cookie settings. Blocking certain cookies may affect the functioning of the Services.

Where required by law, we will obtain your consent before using non essential cookies.

7. Data Retention

We retain personal data for as long as reasonably necessary to:

• Provide the Services and support your use
• Maintain business and tax records
• Comply with legal obligations
• Resolve disputes and enforce agreements

When personal data is no longer needed for these purposes, we will delete or deidentify it, subject to technical limitations and backup retention practices.

Where we process personal data as a processor on behalf of a Customer, we retain and delete data in accordance with our agreement with that Customer, including any DPA.

8. Security

We implement technical and organizational measures intended to protect personal data, including:

• Access controls and authentication
• Encryption in transit and at rest where appropriate
• Network and application level security controls
• Monitoring, logging, and auditing
• Vendor due diligence and contractual security commitments

No system or transmission is completely secure. You are responsible for protecting your account credentials, choosing strong passwords, limiting access to authorized personnel, and using appropriate security practices in your own environment.

If we become aware of a security incident involving personal data, we will take steps to investigate, mitigate, and notify affected parties and regulators where required by law or agreement.

9. International Transfers

PX is based in the United States and personal data may be stored and processed there and in other countries where we or our service providers operate.

Where required by law for transfers of personal data from the European Economic Area, United Kingdom, or Switzerland, we use appropriate safeguards, such as:

• Standard Contractual Clauses approved by the European Commission or UK authorities
• Other lawful transfer mechanisms as they become available

You may contact us for more information about applicable transfer safeguards.

10. Your Privacy Rights

Depending on your location and applicable law, you may have some or all of the following rights regarding your personal data:

• Access to the personal data we hold about you
• Correction of inaccurate or incomplete personal data
• Deletion of personal data, in certain circumstances
• Restriction of or objection to certain processing
• Portability of certain personal data in a structured, commonly used, machine readable format
• Withdrawal of consent, where processing is based on consent

Customers are primarily responsible for responding to requests from their guests, owners, or staff where we process data as a processor on their behalf. We will assist Customers in handling such requests as required by our agreements and applicable law.

For personal data we control directly (for example your account and marketing data), you can submit requests by contacting us at admin@pxit.today. We may need to verify your identity before fulfilling a request.

If you are in California or another US state with consumer privacy laws, you may have additional rights such as:

• Right to know categories of personal data, sources, purposes, and disclosures
• Right to opt out of certain cross context behavioral advertising or "sharing"
• Right not to be discriminated against for exercising your rights

If you are in the EEA or UK, you also have the right to lodge a complaint with your local data protection authority.

We may deny requests in certain cases, for example where we cannot verify your identity, where the request would infringe on the rights of others, or where we are required or allowed by law to retain data.

11. Children

The Services are not directed to children under 16 and we do not knowingly collect personal data from children under that age. If we learn that we have collected personal data from a child under 16 without appropriate consent, we will take steps to delete it. If you believe such data has been provided to us, please contact us.

12. Communications and Marketing

12.1 Service Communications

We may send you transactional or service related communications, such as account, security, and billing notices. You generally cannot opt out of these communications while continuing to use the Services.

12.2 Marketing Communications

Where permitted by law, we may send you promotional emails or other marketing messages about PX. You can opt out at any time:

• By following the unsubscribe instructions included in those messages, or
• By contacting us at admin@pxit.today

12.3 SMS and Phone

If you provide a mobile number and consent to receive SMS or calls, we may send messages related to your use of the Services. Message and data rates may apply. You can reply "STOP" to a SMS message to unsubscribe.

13. Processing as Processor for Customers

Where PX processes personal data on behalf of a Customer as a processor or service provider, we will:

• Process personal data only on the Customer's documented instructions, including as set forth in our agreements and any DPA
• Ensure personnel handling personal data are subject to confidentiality obligations
• Implement appropriate technical and organizational measures to protect personal data
• Use subprocessors subject to written commitments and maintain a list of such subprocessors
• Notify Customers of certain personal data breaches as required by agreement and law
• Assist Customers in meeting their obligations regarding data subject rights and regulatory inquiries, to the extent reasonably possible
• Delete or return personal data at the end of the engagement, subject to legal retention requirements and as specified in our agreements

If you are a guest, owner, or staff member of a Customer, you should direct privacy questions or requests to that Customer.

14. Changes to this Privacy Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you, for example by email or through the Services, and indicate the effective date. Your continued use of the Services after an update becomes effective means you accept the updated Privacy Policy. If you do not agree, you should stop using the Services.

15. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, or wish to exercise your rights, please contact us: