Skip to content

Privacy Policy

Last updated: October 15, 2025

Effective date: October 15, 2025

1. Introduction

Welcome to Huxx, a product of AstraDiem ("Company", "we", "us", or "our"). We are committed to protecting your privacy and being transparent about how we collect, use, and protect your personal information.

This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Huxx platform (the "Service"). Please read this Privacy Policy carefully. By using the Service, you agree to the collection and use of information in accordance with this Privacy Policy.

This Privacy Policy applies to all users of the Service, including visitors, registered users, and administrators.

The Service is intended for organizations formed and operating in the United States and for individuals who reside in the United States. If you are located outside the United States, you should not use the Service or submit personal information to us. If we discover that we have inadvertently collected personal information from a non-U.S. individual, we will delete it as soon as reasonably practicable.

Key Definitions

For purposes of this Privacy Policy, "personal information" means information that identifies, relates to, describes, or could reasonably be linked with a particular consumer, household, or device. "Customer Data" has the meaning set forth in our Terms of Service and includes the business records, documents, and operational data you upload to the Service. AstraDiem acts as the "business" (also known as "controller") under U.S. privacy laws for personal information we collect about our customers and website visitors.

2. Service Availability in the United States

The Service is intended solely for organizations formed or operating in the United States and for individuals who reside in the United States. We do not market, offer, or provide the Service to residents of other countries and do not intentionally collect personal information from individuals located outside the United States. If you are located outside the United States, please do not use the Service. We reserve the right to geofence, block access, or disable accounts that appear to be operating from outside the United States in order to comply with applicable laws.

If you nevertheless access the Service from outside the United States, you are solely responsible for ensuring that your use of the Service complies with the laws of your jurisdiction and you acknowledge that your information will be collected, processed, and stored in the United States.

3. Information We Collect

We collect several types of information from and about users of our Service:

3.1 Account Information

  • Name and contact information (email address, phone number)
  • Company name and business information
  • Job title and role within your organization
  • Account credentials (username and encrypted password)
  • Billing and payment information (processed through our payment processor)

3.2 Business Operational Data

As a logistics and warehouse management platform, we collect and process the following business data that you input:

  • Inventory data (items, quantities, locations, tracking information)
  • Shipment information (inbound and outbound shipments, container tracking)
  • Invoice and billing information
  • Job and project data
  • Employee information (names, roles, time tracking)
  • Equipment and facility information
  • Customer and vendor information
  • Document uploads (invoices, bills of lading, shipping documents)

3.3 Usage Data

  • Log data (IP addresses, browser type, device information)
  • Pages viewed and features used
  • Time spent on the Service
  • Search queries and interactions
  • Error reports and performance data

3.4 Technical Data

  • Device identifiers and information
  • Browser type and version
  • Operating system
  • Internet Protocol (IP) address
  • Time zone and locale settings

3.5 Location Data

  • Location information when using our Google Maps integration
  • Facility and warehouse locations
  • Shipping origin and destination addresses

3.6 Communications

  • Customer support interactions
  • Email correspondence
  • Feedback and survey responses

4. How We Collect Information

4.1 Information You Provide Directly

We collect information that you provide directly to us when you:

  • Create an account or register for the Service
  • Enter information into the platform during normal use
  • Upload documents and files
  • Contact our customer support team
  • Respond to surveys or provide feedback
  • Participate in promotions or events

4.2 Information Collected Automatically

We automatically collect certain information when you use the Service through:

  • Cookies and similar tracking technologies
  • Log files and server logs
  • Analytics services (OpenPanel)
  • Error tracking and performance monitoring

4.3 Information from Third-Party Sources

We may receive information from third-party services you connect to the platform:

  • QuickBooks (accounting and financial data)
  • Slack (notifications and communications)
  • Plaid (banking and payment information)
  • Authentication providers (Clerk)
  • Other business integrations you authorize

5. How We Use Information

We use the information we collect for the following purposes:

5.1 To Provide and Maintain the Service

  • Create and manage your account
  • Process transactions and send related information
  • Provide customer support and respond to inquiries
  • Enable core platform features (inventory management, shipment tracking, invoicing)
  • Store and manage your business data

5.2 To Improve and Optimize the Service

  • Analyze usage patterns and trends
  • Monitor and analyze performance
  • Develop new features and functionality
  • Conduct research and testing
  • Identify and fix technical issues

5.3 To Communicate with You

  • Send service-related notifications and updates
  • Respond to your comments and questions
  • Send technical notices and security alerts
  • Provide customer support
  • Send marketing communications (with your consent)

5.4 For Security and Fraud Prevention

  • Detect, prevent, and address fraud and security incidents
  • Monitor for unauthorized access
  • Enforce our terms and policies
  • Comply with legal obligations

5.5 For Business Operations

  • Process payments and manage subscriptions
  • Maintain records and perform accounting
  • Conduct internal audits and reporting
  • Exercise or defend legal claims

6. Third-Party Service Providers

We work with third-party service providers to help us operate, deliver, and improve the Service. These service providers may have access to your information only to perform specific tasks on our behalf and are obligated not to disclose or use it for any other purpose.

6.1 Infrastructure and Hosting

  • Convex: Database and backend infrastructure services
  • Vercel: Web hosting and deployment services

6.2 Authentication and Payments

  • Clerk: User authentication and identity management (including Stripe for payment processing)
  • Plaid: Banking connections and payment verification

6.3 Communications and Notifications

  • Resend: Transactional email delivery
  • Novu: In-app notifications
  • Slack: Team notifications and integrations (when connected)

6.4 Business Integrations

  • QuickBooks/Intuit: Accounting and financial data synchronization
  • Google Maps API: Location services and mapping

6.5 Analytics and Performance

  • OpenPanel: Website analytics and usage tracking
  • OpenStatus: Service uptime monitoring

6.6 Customer Support and Engagement

  • Plain: Customer support platform
  • Cal.com: Scheduling and calendar management

6.7 AI and Automation

  • OpenAI: AI-powered features and automation
  • Trigger.dev: Background job processing and automation

6.8 Content and Infrastructure

  • Dub: Link management and tracking
  • Svix: Webhook infrastructure and delivery

Each of these service providers has their own privacy policies governing how they collect and use information. We encourage you to review their privacy policies to understand how they handle your data.

We engage these providers under written agreements that require them to implement appropriate confidentiality, security, and data protection safeguards. They may access personal information only to perform services on our behalf and must return or delete it when our relationship ends or when the information is no longer needed.

If we discover that a service provider is processing personal information in a manner inconsistent with our instructions or this Privacy Policy, we will take reasonable steps to stop or remedy the unauthorized processing.

7. Data Sharing and Disclosure

We may share your information in the following circumstances:

7.1 With Your Consent

We will share your information when you explicitly authorize us to do so, such as when you connect third-party integrations to your account.

7.2 Within Your Organization

If you are part of an organization account, your information may be accessible to administrators and other users within your organization based on their permissions and roles.

7.3 Service Providers

We share information with third-party service providers who perform services on our behalf, as described in Section 5 above.

7.4 Business Transfers

If we are involved in a merger, acquisition, sale of assets, or bankruptcy, your information may be transferred as part of that transaction. We will notify you of any such change and any choices you may have.

7.5 Legal Requirements

We may disclose your information if required to do so by law or in response to:

  • Valid legal processes (subpoenas, court orders)
  • Government or regulatory requests
  • Protection of our rights, property, or safety
  • Protection of the rights, property, or safety of others
  • Prevention of fraud or other illegal activity

7.6 Aggregated and Anonymized Data

We may share aggregated or anonymized information that cannot reasonably be used to identify you for research, marketing, analytics, or other purposes.

We do not sell your personal information to third parties. We do not rent or lease your personal information to third parties for their marketing purposes.

8. Your CPRA Rights (California Residents)

California residents have specific rights under the California Privacy Rights Act ("CPRA"). The following disclosures explain how we collect, use, disclose, and retain personal information subject to the CPRA and how you may exercise your rights.

Categories, purposes, and retention

We collect the categories of personal information described below and retain each category only for as long as necessary to fulfill the purposes outlined in this Privacy Policy, meet our contractual obligations, and comply with legal requirements. Unless otherwise noted, we retain data for the life of your account plus up to seven (7) years to support audits, tax, and compliance obligations.

  • Identifiers: Name, business contact details, device identifiers, IP address, account credentials. Used for account provisioning, security, and customer support. Retained for account life + 7 years.
  • Customer Records: Company profile, subscription tier, billing address, and documents uploaded to the platform. Used to deliver the Service and manage our contractual relationship. Retained for account life + 7 years, or longer if required by contract or law.
  • Commercial Information: Subscription history, invoices, payment records, transaction logs. Used for billing, fraud prevention, and analytics. Retained for account life + 7 years consistent with accounting requirements.
  • Internet or Network Activity: Usage metrics, feature engagement, session information, error reports. Used to secure and improve the Service. Retained for up to 36 months from collection, unless aggregated sooner.
  • Geolocation Data: Facility locations, shipment routes, or geolocation inferred from IP addresses where necessary to deliver logistics features. Retained for account life + 7 years or as required by customer contracts.
  • Professional Information: Job titles, team assignments, workflow roles. Used to manage authorized access and collaboration. Retained for account life + 7 years.
  • Sensitive Personal Information: Account credentials, precise geolocation (when provided for shipment tracking), and any bank-account tokens obtained via Plaid. We do not use sensitive personal information for purposes unrelated to providing the Service, nor do we infer characteristics about individuals from this data. Retained for the minimum period needed to provide the Service and comply with legal requirements, then securely deleted or tokenized.

We do not collect or use personal information from categories of protected classifications under California or federal law, biometric information, or audio/visual data in the ordinary course of business.

8.1 Right to Know

You may request details about the personal information we collect, the sources of that information, the purposes for collection, and the categories of third parties with whom we disclose it. You may also request a copy of the specific pieces of personal information we hold about you in a portable format.

8.2 Right to Delete

You may ask us to delete personal information we collected from you. We will honor deletion requests unless retaining the information is necessary for us or our service providers to complete a transaction, detect security incidents, protect against unlawful activity, debug or repair the Service, exercise free speech, comply with legal or contractual obligations, or otherwise use the information internally in a lawful manner compatible with the context in which you provided it.

8.3 Right to Correct

You may request that we correct inaccurate personal information that we maintain about you, subject to our ability to verify your identity and the nature of the data.

8.4 Right to Opt Out of Sale or Sharing

We do not sell personal information, but we may engage in "sharing"—as that term is defined by the CPRA—for cross-context behavioral advertising through limited analytics integrations. You may opt out of sharing at any time by adjusting your preferences in the Privacy Center within your account settings or by visiting the "Do Not Sell or Share My Personal Information" link in the website footer. We honor browser-based opt-out preference signals, including the Global Privacy Control (GPC).

8.5 Right to Limit Use of Sensitive Personal Information

You may direct us to limit the use and disclosure of your sensitive personal information to the services requested and purposes permitted by the CPRA. You can submit this request through the Privacy Center or by contacting us using the methods described below.

8.6 Right to Non-Discrimination

We will not discriminate against you for exercising any CPRA right. This includes denying goods or services, charging different prices or rates, providing a different level or quality of service, or suggesting you may receive such differential treatment because you exercised a right under the CPRA.

8.7 Submitting Requests and Authorized Agents

You may exercise your CPRA rights by:

  • Submitting a request through the Privacy Center in your account settings
  • Emailing us at: astra@astrasdiem.ai
  • Calling us at: +1 (843) 405-1152

We must verify your identity before fulfilling your request. Please provide sufficient information for us to reasonably confirm you are the person (or authorized agent) about whom we collected personal information. If you designate an authorized agent, we may require written permission and may also ask you to confirm your identity directly with us.

We aim to respond to verifiable consumer requests within 45 days. If we need additional time (up to 45 more days), we will inform you of the reason and extension period in writing. We will maintain records of CPRA requests and our responses for at least 24 months.

9. Data Security

We take the security of your information seriously and implement reasonable administrative, technical, and physical safeguards to protect your personal information from unauthorized access, use, disclosure, alteration, and destruction.

9.1 Security Measures

  • Encryption: Data is encrypted in transit using TLS/SSL and at rest using industry-standard encryption
  • Access Controls: Strict access controls and authentication requirements for our systems
  • Employee Training: Regular security training for our employees
  • Security Audits: Regular security assessments and audits
  • Monitoring: Continuous monitoring for security threats and vulnerabilities
  • Incident Response: Established procedures for responding to security incidents

9.2 Your Responsibility

While we implement strong security measures, you also play a role in keeping your information secure. You should:

  • Use a strong, unique password for your account
  • Enable multi-factor authentication if available
  • Keep your login credentials confidential
  • Log out of your account when using shared devices
  • Report any suspicious activity to us immediately

9.3 No Guarantee

Despite our security measures, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security of your information. If you have reason to believe that your interaction with us is no longer secure, please contact us immediately.

10. Data Retention

We retain your personal information for as long as necessary to fulfill the purposes for which we collected it, including for the purposes of satisfying any legal, accounting, or reporting requirements.

10.1 Active Accounts

While your account is active, we will retain your personal information and business data to provide you with the Service.

10.2 Account Closure

After you close your account, we will retain your information for 30 days to allow for account recovery. After 30 days, we will delete or anonymize your personal information, unless we are required to retain it longer for legal, regulatory, or legitimate business purposes.

10.3 Legal Retention

We may retain certain information when we have a legal obligation to do so or when retention is necessary to:

  • Comply with legal requirements (e.g., tax and accounting obligations)
  • Resolve disputes
  • Enforce our agreements
  • Protect against fraudulent or illegal activity

10.4 Backup Systems

Your information may persist in backup systems for a limited period after deletion. We will delete this information from our backup systems as part of our regular backup rotation schedule.

11. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to collect information about your browsing activities and to remember your preferences.

11.1 What Are Cookies?

Cookies are small text files that are placed on your device when you visit a website. They allow websites to recognize your device and remember information about your visit.

11.2 Types of Cookies We Use

Essential Cookies:

These cookies are necessary for the Service to function properly. They enable core functionality such as security, network management, and accessibility.

Functional Cookies:

These cookies enable enhanced functionality and personalization, such as remembering your preferences and settings.

Analytics Cookies:

These cookies help us understand how visitors interact with the Service by collecting and reporting information anonymously. We use OpenPanel for analytics.

Authentication Cookies:

These cookies are used by Clerk to maintain your login session and keep you authenticated.

11.3 How to Manage Cookies

Most web browsers allow you to control cookies through their settings. You can set your browser to refuse cookies or to alert you when cookies are being sent. However, if you disable or refuse cookies, some features of the Service may not function properly.

You can also manage your tracking preferences through our consent banner when you first visit the Service.

11.4 Do Not Track

Some browsers include a "Do Not Track" (DNT) feature that signals to websites that you do not want to be tracked. Because there is not yet a common understanding of how to interpret DNT signals, we do not currently respond to DNT signals.

12. International Users

Our Service is operated exclusively from the United States. We do not offer the Service to individuals or entities outside the United States, and we do not intentionally process personal information from non-U.S. residents. If you are located outside the United States, you should not use the Service. Any personal information provided from outside the United States will be transferred to, processed, and stored in the United States and will be subject to U.S. laws, which may differ from those of your jurisdiction.

We reserve the right to restrict access, terminate accounts, or take other appropriate actions if we determine that the Service is being used from outside the United States. If you are an existing customer relocating outside the United States, please contact us to discuss data export and account closure options.

13. Children's Privacy

Our Service is not intended for individuals under the age of 16. We do not knowingly collect personal information from children under 16. If you are under 16, do not use the Service or provide any information to us.

If we learn that we have collected personal information from a child under 16 without verification of parental consent, we will delete that information as quickly as possible. If you believe we might have information from or about a child under 16, please contact us at astra@astradiem.ai.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of any material changes by:

  • Posting the new Privacy Policy on this page
  • Updating the "Last updated" date at the top of this Privacy Policy
  • Sending an email notification to the address associated with your account
  • Displaying a prominent notice on the Service

Material changes will be effective 30 days after we provide notice. Your continued use of the Service after the effective date constitutes your acceptance of the updated Privacy Policy.

We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information.

15. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us:

Privacy Contact

AstraDiem

3601-F Meeting Street Road

North Charleston, SC 29405, USA

Email: astra@astradiem.ai

General Support: astra@astradiem.ai

Phone: +1 (843) 405-1152

For California Residents

If you are a California resident and wish to exercise your rights under the CPRA, please use the contact information above or submit a request through the Privacy Center in your account settings and reference "CPRA Request" in your communication.

For Data Protection Authorities

If you have concerns about our privacy practices that we have not addressed, you have the right to contact your local data protection authority or the Federal Trade Commission (FTC):

Federal Trade Commission
600 Pennsylvania Avenue NW
Washington, DC 20580
Website: www.ftc.gov

This Privacy Policy was last updated on October 15, 2025, and will become effective on October 15, 2025. By using the Service, you acknowledge that you have read and understood this Privacy Policy and agree to its terms.