Legal
PRIVACY
POLICY
Last updated: May 20, 2026
RGX Systems ("we", "us", "our") is committed to protecting your privacy. This policy explains what data we collect about our VAR operators, how we use it, and your rights. By using our infrastructure, you agree to this policy.
1. Who We Are
RGX Systems is a wholesale B2B utility infrastructure provider. We provide API access — ingest, processing, and usage tracking endpoints — to approved Value-Added Resellers (VARs). VARs build their own products and services on top of our infrastructure and are solely responsible for their relationships with their own clients.
This policy covers data RGX Systems collects about its VAR operators. It does not govern the data VARs process on behalf of their own clients — VARs are independently responsible for their data practices and compliance obligations toward their end users.
2. Data We Collect
VAR Account Information
- Company name, contact name, and business email address provided at application
- Billing information processed securely by Stripe (we never store card details)
- VAR node configuration: plan tier, base fee, seat fee, and notes
- API key metadata: key prefix, creation date, last-used timestamp, and status (active/revoked) — we never store the plaintext key
API Usage Data
Every API request authenticated against your VAR node is logged for billing and operational purposes:
- Endpoint called and HTTP method
- Timestamp and response status code
- Payload size in bytes and message count
- Processing units consumed and estimated processing cost (when pipeline processing is enabled)
- Processing time in milliseconds
- Source IP address of the API caller
- Metadata fields you pass in the request body (channel, reference IDs, etc.)
We do not log the content of your payloads — message text, contact names, and other payload data are processed in memory and not persisted to our database unless you explicitly pass them as metadata fields.
Application Data
- Information submitted in your VAR access application (business description, client base, pricing plan, etc.)
- Communications with our team relating to your account
3. How We Use Your Data
- To provision and manage your VAR node and API key
- To calculate monthly billing: base fee plus $30 per active client seat
- To generate usage summaries and billing reports accessible via the
/usage endpoint
- To authenticate API requests by verifying your key hash
- To detect misuse, abuse, or security incidents on your node
- To send transactional emails: provisioning confirmations, key rotation notices, and invoices
- To diagnose technical issues and maintain infrastructure reliability
We do not sell your data. We do not use payload data for model training or third-party profiling. Your business data is yours.
4. Pipeline Processing
When you call the /process endpoint with processing enabled, input data is forwarded to our third-party processing pipeline provider under a data processing agreement that prohibits use of submitted data for model training. If you use passthrough: true, data is not forwarded — it is logged and stored only.
5. Data Storage and Security
- All data is stored on secured cloud infrastructure (Render, PostgreSQL)
- API keys are SHA-256 hashed before storage — we cannot retrieve your plaintext key
- Sensitive configuration data is encrypted at rest using AES-256-GCM
- All data is transmitted over HTTPS/TLS 1.2+
- Access to production systems is restricted to authorised RGX Systems personnel only
- Usage event logs are retained for billing and audit purposes for 12 months, then purged
6. Data Sharing
We share data only with the following trusted third parties necessary to operate our infrastructure:
- Processing Pipeline Provider — Automated text processing when
process_with_ai: true
- Stripe — Payment processing for monthly invoicing
- Render — Cloud infrastructure and hosting
- Neon / PostgreSQL — Database storage
We do not share your data with any other third parties, advertisers, or data brokers.
7. Data Retention
- VAR account data is retained for the duration of your active node access
- API usage event logs are retained for 12 months for billing and audit purposes
- Monthly billing aggregates are retained for 7 years as required by applicable financial regulations
- Upon termination or node revocation, account data is deleted within 30 days upon written request
8. Your Rights
As a VAR operator, you have the right to:
- Access the data we hold about your VAR node and usage history via the
/usage endpoint or by contacting us
- Request correction of inaccurate account information
- Request deletion of your account data (subject to billing retention requirements)
- Request a copy of your data in a portable format
- Withdraw consent and terminate your VAR access at any time
To exercise any of these rights, contact us at privacy@rgxsystems.com.
9. Cookies
Our public website uses minimal cookies necessary for session management. The VAR API does not use cookies — all authentication is via the X-Api-Key header. We do not use tracking cookies or third-party advertising cookies.
10. Business-to-Business Service
RGX Systems is a strictly business-to-business infrastructure service. We do not knowingly collect or process data from individuals under 18, and we do not provide consumer-facing products or services.
11. Changes to This Policy
We may update this policy from time to time. We will notify VAR operators of material changes via email. Continued use of the infrastructure after changes constitutes acceptance of the updated policy.
12. Contact
For privacy-related questions or requests, contact us at:
Email: privacy@rgxsystems.com
Website: rgxsystems.com