Privacy Policy
PONTIX AI, Inc. and its affiliates ("PONTIX") are committed to protecting the privacy of individuals who interact with our Services. This Privacy Policy explains how we collect, use, share, and protect information when you use our platform, website, and related services. PONTIX primarily operates as a B2B data infrastructure company. Most data we process relates to physical facilities and operational systems — not to consumer personal data.
Please read this policy carefully and often as it is subject to change.
Contents
1. Who This Policy Applies To
This policy applies to:
Business clients and their authorized users who access the AXIOM platform or engage PONTIX professional services.
Visitors to the PONTIX website (pontix.ai) and related web properties.
Individuals whose personal data is incidentally processed as part of facility scanning or operational data services.
This policy does not apply to the practices of companies that PONTIX does not own or control, or to individuals that PONTIX does not employ or manage.
2. Information We Collect
Account and Contact Information. When you register for our Services or contact us, we collect your name, job title, company name, work email address, phone number, and billing or payment information (processed by our PCI-compliant payment providers).
Facility and Operational Data. In the course of providing Services, we process Facility Data on your behalf, which may include 3D spatial scan data, LiDAR point clouds and photogrammetry outputs, equipment asset records, maintenance histories and IoT sensor readings, and operational workflows, layout configurations, and production data. This data is processed solely to provide the Services. PONTIX does not own this data — see Section 4 of our Terms of Service.
Usage and Technical Data. When you access AXIOM or our website, we automatically collect log data (IP address, browser type, pages visited, timestamps), device and connection information, and feature usage and interaction patterns within AXIOM, used for platform improvement and support.
Communications. We retain records of communications you send us, including support requests, demo requests, and email correspondence.
3. How We Use Your Information
We use the information we collect to provide, maintain, and improve the Services; process transactions and send related information; respond to inquiries and provide customer support; send operational communications such as service updates and security notices; comply with legal obligations; and detect and prevent fraud, abuse, and security incidents.
We do not use your Facility Data or DIPR reservoir to train general AI models, or for any purpose beyond delivering your contracted Services. We do not sell personal data or operational data to any third party.
4. Legal Bases for Processing (GDPR)
For individuals in the European Economic Area, UK, or other jurisdictions with similar requirements, we process personal data on the following legal bases:
Contract performance — to fulfill our contractual obligations to you.
Legitimate interests — to operate our business, improve our Services, and prevent fraud, provided such interests are not overridden by your rights.
Legal obligation — to comply with applicable laws and regulations.
Consent — where you have provided explicit consent, such as for marketing communications. You may withdraw consent at any time without affecting the lawfulness of prior processing.
5. Data Sharing
Service Providers. We share data with trusted third-party service providers who assist in delivering the Services, including cloud infrastructure providers, payment processors, and security tools. All such providers are bound by confidentiality and data processing agreements consistent with this policy.
Business Transfers. In the event of a merger, acquisition, reorganization, or sale of assets, your data may be transferred as part of that transaction. We will notify affected clients and provide choices where required by applicable law.
Legal Requirements. We may disclose data if required by law, regulation, legal process, or governmental request, or where necessary to protect the rights, property, or safety of PONTIX, its clients, or the public.
No Sale of Data. PONTIX does not sell personal data or Facility Data to third parties. This commitment is unconditional and applies regardless of changes to ownership or corporate structure.
6. International Data Transfers
PONTIX operates globally with offices in Seattle (USA), São Paulo (Brazil), and Milan (Italy). Data may be processed in any of these locations. For transfers from the EEA or UK to the USA or Brazil, we rely on Standard Contractual Clauses (SCCs) or equivalent mechanisms as approved by relevant data protection authorities.
Clients requiring data to remain within a specific geographic region should contact us to discuss regional deployment options. We support data residency requirements for EU, US, and Brazilian clients.
7. Data Retention
We retain personal data for as long as necessary to fulfill the purposes described in this policy, comply with legal obligations, or as directed by clients in the applicable Order Form:
Account data — retained for the duration of the relationship plus 3 years.
Facility Data and DIPR — retained as agreed in the applicable Order Form; upon termination, a full export is provided within 30 days of request, followed by secure deletion within 90 days, with written confirmation.
Usage logs — retained for 12 months, then aggregated or permanently deleted.
Communications — retained for 3 years from the date of last interaction.
8. Your Rights
Depending on your location, you may have the following rights regarding your personal data. You may exercise these rights at any time by contacting us at privacy@pontix.ai. We will respond within 30 days, or sooner as required by applicable law.
Access — request a copy of the personal data we hold about you.
Rectification — request correction of inaccurate or incomplete data.
Erasure — request deletion of your personal data, subject to legal retention obligations.
Restriction — request that we limit our processing in certain circumstances.
Data portability — receive your personal data in a structured, commonly used, machine-readable format.
Objection — object to processing based on legitimate interests.
Withdraw consent — where processing is based on consent, withdraw it at any time without affecting the lawfulness of prior processing.
For complaints regarding our data practices, you may contact your local data protection authority — for example, the Garante in Italy, the CNIL in France, or the ICO in the UK.
9. Security
PONTIX employs industry-standard technical and organizational measures to protect your data, including AES-256 encryption at rest, TLS 1.2+ for all data in transit, role-based access controls, multi-factor authentication, and continuous security monitoring. For a full description of our security architecture, controls, and incident response procedures, see our Security Policy.
No method of transmission over the internet or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your personal data, we cannot guarantee its absolute security.
10. Cookies and Tracking
Our website uses cookies and similar tracking technologies for essential functionality, analytics, and marketing purposes. You can manage your cookie preferences through your browser settings or our cookie consent tool, which is presented on your first visit to the website.
We do not use cross-site tracking technologies on the AXIOM platform itself. Session data within AXIOM is used solely for operational purposes and audit logging.
This Privacy Policy was last amended on March 18, 2026
© 2026 PONTIX AI, Inc. All rights reserved. PONTIX, AXIOM, NaroMapping, DRIP (Data-Rich Insight Pool), and related marks are trademarks of PONTIX.