Privacy
Infrastructure.
01. Preamble & Authoritative Scope
This Privacy Infrastructure Omnibus ("Document") is the authoritative instrument governing all data processing activities within the Tradalytix Marketing ecosystem. Tradalytix Marketing, its subsidiaries, and its global affiliates (collectively, "Tradalytix") are committed to a philosophy of Privacy by Design and by Default.
This Document establishes the comprehensive protocols for the acquisition, classification, encryption, dissemination, and ultimate destruction of all information captured via the Tradalytix primary domain (tradalytixmarketing.com), the Tradalytix SaaS Platform (app.tradalytixmarketing.com), all client-specific tenant sites hosted under the Tradalytix wildcard infrastructure, the Tradalytix mobile application suite, and our direct-integration APIs.
By engaging with any node of the Tradalytix infrastructure, you acknowledge that you have been provided with this Document and that you consent to the processing activities described herein. This Document is intended to satisfy the most rigorous transparency requirements of the GDPR, CCPA, CPRA, VCDPA, CPA, and CTDPA.
02. Definitional Manifest
To ensure absolute clarity in this technical document, the following terms are defined as follows:
The legal entity which determines the purposes and means of the processing of Personal Data. In direct marketing contexts, Tradalytix is the Controller.
The entity which processes Personal Data on behalf of the Controller. In the context of our SaaS platform, Tradalytix acts as the Processor for our Clients.
Any identified or identifiable natural person whose personal data is processed. This includes our Clients and our Clients' customers.
Any operation performed on personal data, whether or not by automated means, such as collection, recording, storage, adaptation, or erasure.
03. Exhaustive Data Taxonomy
Tradalytix maintains a granular inventory of all data types processed. Data is classified into five "Superset" categories to ensure appropriate security controls.
Superset A: Direct Identifiers
| Element | Legal Mapping | Encryption Level | Retention |
|---|---|---|---|
| Legal Name | Identifiers | AES-256 | Active + 24m |
| Email Address | Identifiers | AES-256 | Active + 24m |
| Phone Number | Customer Records | AES-256 | Active + 24m |
| SSN / Tax ID | Sensitive Info | Hardware Vault | Statutory |
| IP Address | Network Activity | Hashed | 12m |
Superset B: Financial Metadata
We adhere to the highest PCI-DSS standards. Financial data is never stored in "clear text" on our primary application servers.
- Tokenized Payment Data: We store unique payment tokens provided by Stripe/Fintech partners, never raw credit card numbers.
- Transaction History: Complete ledger of all subscription payments, credits, and refunds for audit compliance.
Superset C: Geolocation & Sensor Data
Our mobile applications utilize device sensors to optimize home service operations. Access is managed via per-session OS permissions.
Precise Geolocation
Tracked for dispatching efficiency. Data is anonymized when the technician marks themselves "Off-Duty".
Visual Media
Metadata (EXIF) from job photos including timestamps and spatial coordinates for verification.
Audio Recordings
Only utilized for VOIP call recording where explicitly enabled and legally disclosed to both parties.
04. Information Source Protocol
Tradalytix acquires information from three primary "Origin Vectors":
Vector 01: Direct Submission
Data provided by you during account creation, lead form submission, or direct communication with our support teams. This includes data uploaded by you into the Client Portal regarding your own customers.
Vector 02: Automated Observation
Telemetry captured via cookies, pixels, and server logs. This includes browsing patterns, device fingerprints, and interaction heatmaps across the Tradalytix ecosystem.
Vector 03: Third-Party Enrichment
Data acquired from reputable business-to-business (B2B) data providers, social media platforms (where you interact with our ads), and publicly available records to enhance the accuracy of our marketing diagnostics.
05. Comprehensive Business Logic
Tradalytix processes your information for specific, delineated business and commercial purposes. We strictly adhere to the principle of "Purpose Limitation."
Service Orchestration
Maintenance of account integrity, execution of financial transactions, and provision of customer support. Without this data, the platform cannot function.
Diagnostic AI Optimization
Using anonymized data sets to refine our predictive algorithms for lead scoring and revenue forecasting.
Defensive Operations
Detecting and preventing DDoS attacks, SQL injection attempts, account takeovers, and fraudulent lead generation activity.
Marketing Personalization
Tailoring our professional service recommendations to your specific industry (e.g., specific plumbing marketing strategies).
06. AI, Machine Learning & Algorithmic Protocols
The Tradalytix platform utilizes high-fidelity machine learning models. You agree to the following technical disclosures regarding automated processing:
Predictive Lead Scoring
We analyze historical lead outcomes to predict the probability of a job booking. This is an automated diagnostic recommendation; final business decisions remain with the Client.
Revenue Vectoring
Our AI analyzes territory revenue density to suggest ad-spend reallocations. This processing uses aggregated, non-identifiable commercial data.
Semantic Customer Intent
We process anonymized search queries and form text using Large Language Models (LLMs) to categorize customer intent (e.g., Emergency vs. Maintenance).
07. Defensive Layer & Sovereignty
Tradalytix employs a "Zero-Trust" security architecture. We treat every data node as a potential attack vector and implement proactive defenses accordingly.
- AES-256-GCM encryption for all At-Rest databases.
- TLS 1.3 enforced with HSTS (Strict Transport Security).
- Hardware Security Modules (HSM) for root key management.
- Argon2id hashing for all password/credential storage.
- Mandatory Multi-Factor Authentication (MFA) via TOTP or FIDO2.
- Role-Based Access Control (RBAC) with Least Privilege principle.
- Automated session revocation for suspicious activity.
- Internal administrative actions are audited and immutable.
08. California Privacy Rights (CCPA/CPRA)
If you are a resident of California, you possess specific and powerful rights regarding your personal information. Tradalytix is fully compliant with the 2026 standards of the CCPA/CPRA.
8.1 Notice at Collection
We collect the categories of information listed in Section 03 for the purposes delineated in Section 05. We do not sell your personal information for monetary compensation.
8.2 The Right to Opt-Out
You have the right to opt-out of the "Sharing" of your personal information for cross-contextual behavioral advertising. You can exercise this right through our "Privacy Center" or by enabling Global Privacy Control (GPC) in your browser.
8.3 The Right to Limit Sensitive Data
You have the right to limit the use of your sensitive personal information (such as precise geolocation) to only those actions necessary to perform our services.
09. European Union & UK Governance (GDPR)
For individuals in the EEA, UK, and Switzerland, Tradalytix serves as both a Controller and Processor. We process your data under the following legal bases:
- Art. 6(1)(b) Contractual Necessity: Processing is necessary for the performance of our service agreement with you.
- Art. 6(1)(f) Legitimate Interests: Processing for infrastructure security, fraud prevention, and platform optimization.
- Art. 6(1)(c) Legal Obligation: Compliance with tax, auditing, and corporate regulatory mandates.
- Art. 6(1)(a) Explicit Consent: For optional marketing communications and non-essential cookie tracking.
International Transfers: Tradalytix utilizes the 2021 European Commission Standard Contractual Clauses (SCCs) and the UK International Data Transfer Addendum to protect data flowing into our US-based infrastructure.
10. Subject Rights & Manifest
Regardless of your jurisdiction, Tradalytix provides the following rights to all data subjects:
Right of Access
Request a machine-readable copy of all data we hold.
Right of Rectification
Correct inaccurate or incomplete information.
Right of Erasure
The 'Right to be Forgotten' from our active systems.
Right of Portability
Export your data in a structured, common format.
Right to Object
Oppose processing based on legitimate interests.
Right to Withdraw
Revoke consent for any optional processing.
11. Protection of Minors (COPPA)
Tradalytix is a professional business tool. We do not knowingly collect information from individuals under the age of 18. If we discover that a minor has provided us with personal information, we will initiate a priority-one deletion protocol for all associated data nodes.
12. Legal Operational Manifest
Sevierville, TN, USA