Privacy Policy
Last updated: July 8, 2026
1. Introduction
Loxtep, Inc. ("Loxtep," "we," "us," or "our") operates the Loxtep data platform and related services. This Privacy Policy describes how we collect, use, disclose, retain, and protect personal information when you use our services, visit loxtep.io, or interact with us as a customer, user, or institutional contact.
This policy is aligned with our internal privacy management program (LOX-PRIVACY-001). Institutional customers may also be subject to additional terms in their master services agreement, data processing addendum, or order form.
2. Scope
This policy applies to:
- The Loxtep SaaS platform and managed instances (including app.loxtep.io)
- Account, contact, operational log, and support data we process as service provider
- Institutional or customer-loaded operational data processed in segregated data planes at your direction
It does not cover customer-owned systems outside Loxtep-managed instances, your campus identity provider, or unrelated third-party services you connect independently. Basic analytics on this public marketing site are separate from application processing described below.
3. Personal Data We Process
We maintain the following categories of personal data for the service:
- Account and identity: name, email address, and platform user identifiers — used for authentication, billing, and support; stored in the control plane and customer data regions (for example, us-east-1).
- Contact and billing: email, organization name, and contract point-of-contact details — used for service delivery and invoicing.
- Operational logs: IP address, user-agent, and API audit events — used for security monitoring, troubleshooting, and audit.
- Institutional data: patron, operational, or other records you or your organization load into Loxtep data products — processed at your direction in your segregated managed instance.
- Support artifacts: support tickets and time-bounded administrative access records — used to resolve requests and maintain an audit trail of privileged access.
Categories and retention for institution-loaded data are primarily controlled by the customer at source. Loxtep provides export and deletion tooling as described in your agreement.
4. How We Use Personal Data
We use personal data to:
- Provide, operate, and improve the Loxtep platform
- Authenticate users and enforce role-based access controls
- Deliver customer support and communicate about the service
- Process billing and fulfill contractual obligations
- Monitor security, detect abuse, and maintain audit logs
- Respond to legal requests, data-subject requests, and privacy complaints
- Comply with applicable law and institutional policy requirements under contract
We do not sell personal information. We do not send customer data records to large language models for inference; where AI features are used, processing is limited to metadata with zero-data-retention routing where configured.
5. Privacy by Design and Security
Privacy and security controls are embedded in how we build and operate the platform, including:
- Per-customer data-plane segregation in managed instances
- Encryption in transit (TLS) and at rest (KMS)
- Role-based access control and time-bounded administrative access with audit logging
- Data minimization and schema-level PII tagging in governed data products
- Privacy and security review as part of our software development lifecycle
No method of transmission or storage is completely secure. We implement appropriate technical and organizational measures and continually improve them.
6. How We Share Information
We share personal information only as needed to operate the service, including:
- Infrastructure and subprocessors that host or support the platform (for example, cloud hosting and approved AI inference providers under contractual safeguards)
- Professional advisors or counsel when required for legal, security, or compliance purposes
- Regulators or law enforcement when we receive a valid legal request (see Section 12)
- A successor entity in connection with a merger, acquisition, or asset sale, subject to equivalent protections
- With your direction or consent
A current list of subprocessors that receive personal data is available to customers on request and as described in applicable agreements.
7. Automated Processing and AI
Loxtep does not make solely automated decisions with legal or similarly significant effects without human involvement. High-impact or destructive actions in AI-assisted workflows require explicit human approval where configured.
Automated jobs, quality checks, and AI-assisted suggestions are subject to engineering review, monitoring, and customer administrative controls. Data-subject rights described in Section 10 apply to personal data processed by these workflows.
8. Data Retention
Default retention periods include:
- Account and identity data: life of the account plus 90 days after termination
- Contact and billing records: life of the contract plus 7 years where financial record retention applies
- Operational logs: 90 days for general logs; 1 year for security audit events
- Institutional data: per your agreement and institutional policy
- Support artifacts: 1 year for administrative access audit records; support tickets per support policy
We may retain certain information longer when required by law, to resolve disputes, or to enforce agreements.
9. Cookies and Marketing Site
Our marketing website may use cookies or similar technologies for basic functionality and analytics. You can control cookies through your browser settings. Application authentication and session cookies for logged-in platform use are governed by this policy and your account settings.
10. Your Rights and Requests
Depending on your location and relationship with us, you may have rights to access, correct, delete, restrict, object to, or port personal data we process about you.
To exercise these rights, contact privacy@loxtep.io. We aim to acknowledge requests within 5 business days and complete verified requests within 30 calendar days, or as required by applicable law or contract.
For institution-loaded patron or operational data, your organization's administrator may be the appropriate first contact. Loxtep will coordinate with authorized institutional representatives under your agreement.
11. Breach Notification
If we confirm a security incident that affects your personal data, we will assess the impact, take containment and remediation steps, and notify affected customers and contract contacts without undue delay in accordance with applicable law and our contractual commitments.
12. Law Enforcement Requests
We do not disclose institutional or customer data to law enforcement without a valid warrant, subpoena, or other legally binding order. Requests are reviewed for validity and scope, and we disclose only the minimum data necessary. We notify affected customers when legally permitted.
13. Privacy Complaints
You may report privacy concerns to privacy@loxtep.io. We aim to acknowledge complaints within 5 business days, investigate within 15 business days, and respond with an outcome within 30 calendar days. Unresolved institutional disputes may be escalated per your master services agreement.
14. Children's Privacy
The Loxtep platform is a business service and is not directed to children under 13. We do not knowingly collect personal information from children under 13. If you believe we have done so, contact us and we will take steps to delete it.
15. International Users
Loxtep primarily processes data in the United States. If you access the service from outside the U.S., your information may be transferred to, stored in, and processed in the U.S. or other locations where we or our subprocessors operate, subject to appropriate safeguards in our agreements.
16. Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be posted on this page with an updated "Last updated" date. Continued use of the service after changes become effective constitutes acceptance where permitted by law.
17. Contact Us
Privacy and data-subject requests: privacy@loxtep.io
Legal or contractual privacy matters: legal@loxtep.io