Privacy Policy
Last updated: April 7, 2026
Poly9 Technologies Inc. (“Poly9,” “we,” “us,” or “our”) operates the Poly9.ai platform, a B2B SaaS solution designed to help furniture and home goods exporters streamline their operations. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website at poly9.ai or use our platform (collectively, the “Services”). Please read this policy carefully. If you disagree with its terms, please discontinue use of the Services.
1. Information We Collect
Account and Registration Information
When you create an account or register for the Services, we collect information such as your name, business email address, company name, job title, phone number, billing address, and payment information. We use third-party payment processors to handle payment card data; we do not store full credit card numbers on our servers.
Usage Data
We automatically collect certain information about how you interact with the Services, including the features you access, actions you take, pages visited, session duration, search queries within the platform, files or content you upload, and error logs. This information helps us understand how the platform is used and where we can improve.
Device and Technical Information
We collect technical information from your device when you access the Services, including your IP address, browser type and version, operating system, device identifiers, screen resolution, time zone, referring URLs, and general geographic location (country or city level) derived from your IP address.
Cookies and Similar Technologies
We use cookies, pixel tags, and similar tracking technologies to collect information about your browsing behavior and preferences. Please see Section 7 (Cookies and Tracking) for more detail on the types of cookies we use and how to manage them.
Communications
If you contact our support team, respond to surveys, or participate in any interactive features of the Services, we may collect the content of those communications and any information you choose to provide.
2. How We Use Your Information
We use the information we collect for the following purposes:
- Provide and operate the Services. To create and manage your account, process transactions, deliver platform functionality, and fulfill our contractual obligations to you.
- Improve and develop the platform. To analyze usage patterns, diagnose technical problems, conduct research, and develop new features and enhancements that better serve furniture and home goods exporters.
- Communicate with you. To send transactional emails (e.g., account confirmations, invoices, password resets), product announcements, security alerts, and — where you have opted in — marketing communications about Poly9 products and services.
- Personalize your experience. To tailor content, recommendations, and settings based on your account preferences and usage history.
- Security and fraud prevention. To detect, investigate, and prevent fraudulent transactions, unauthorized access, and other illegal activities, and to enforce our Terms of Service.
- Legal and regulatory compliance. To comply with applicable laws, respond to lawful requests from public authorities, and enforce our legal rights.
- Aggregated analytics. To produce anonymized or aggregated statistics about platform usage that do not identify any individual user.
3. Information Sharing and Disclosure
We do not sell your personal information to third parties. We may share your information in the following limited circumstances:
- Service Providers. We engage trusted third-party vendors who perform services on our behalf. These vendors access your information only as necessary to perform their functions and are contractually obligated to protect it.
- Your Organization. If you access the Services through an enterprise account, your account administrators within that organization may have access to your account information and activity logs consistent with their administrative role.
- Legal Requirements. We may disclose your information if required to do so by law or in response to valid legal process (such as a court order, subpoena, or government request), or when we believe disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to a government request.
- Business Transfers. In the event of a merger, acquisition, reorganization, bankruptcy, or sale of all or a portion of our assets, your information may be transferred as part of that transaction. We will notify you via email or a prominent notice on our website of any such change in ownership and any choices you may have regarding your information.
- With Your Consent. We may share your information for any other purpose with your explicit consent.
Our Third-Party Sub-Processors
The following is a list of key third-party service providers (“sub-processors”) we use to operate the Services, along with their role and the categories of data they process on our behalf:
| Provider | Purpose | Data Processed |
|---|---|---|
| Supabase | Authentication & database hosting | Account credentials, all platform data |
| Vercel | Web hosting & serverless compute | Request logs, IP addresses, usage data |
| Amazon Web Services (AWS) | File storage (S3/R2), AI inference (Bedrock), email (SES) | Uploaded product images, AI inputs/outputs, email addresses |
| Cloudflare R2 | Primary media storage & CDN delivery | Product images, design assets, PDF exports |
| Stripe | Payment processing & subscription management | Payment card data, billing address, transaction history |
| SendGrid / Resend | Transactional & marketing email delivery | Email addresses, email content |
| Sentry | Error monitoring & performance tracing | Error stack traces, user IDs, session context |
| Google Analytics | Website analytics & visitor measurement | Anonymized browsing behavior, device info (no PII) |
| Tawk.to | Live chat & customer support | Chat messages, email address (if provided), IP address |
We maintain Data Processing Agreements (DPAs) with each sub-processor where required by applicable law. This list may be updated as our technology stack evolves; material changes will be reflected in this policy.
4. Data Security
We implement industry-standard technical and organizational measures to protect your information against unauthorized access, alteration, disclosure, or destruction. These measures include:
- Encryption of data in transit using TLS (Transport Layer Security)
- Encryption of sensitive data at rest
- Role-based access controls limiting employee access to personal data on a need-to-know basis
- Regular security assessments and vulnerability scanning
- Multi-factor authentication options for platform accounts
- Incident response procedures to detect and respond to security events
While we take reasonable steps to secure your information, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security. If you believe your account has been compromised, please contact us immediately at privacy@poly9.ai.
5. Your Privacy Rights
Depending on your location, you may have certain rights regarding your personal information under applicable data protection laws (including GDPR, CCPA, and similar regulations). These rights may include:
- Access. You have the right to request a copy of the personal information we hold about you.
- Correction. You have the right to request that we correct inaccurate or incomplete personal information. You may update many account details directly within your account settings.
- Deletion. You may request that we delete your personal information. We will honor such requests subject to certain exceptions, such as where retention is required by law or necessary to complete a transaction.
- Data Portability. You may request a copy of your personal information in a structured, commonly used, machine-readable format so that it can be transferred to another service provider.
- Opt-Out of Marketing. You may opt out of receiving promotional communications from us at any time by clicking the “unsubscribe” link in any marketing email or by contacting us at privacy@poly9.ai. Note that you will continue to receive transactional and account-related communications.
- Restriction and Objection. In certain circumstances, you may have the right to restrict or object to our processing of your personal information.
- Withdraw Consent. Where our processing is based on your consent, you may withdraw that consent at any time without affecting the lawfulness of processing prior to withdrawal.
To exercise any of these rights, please contact us at privacy@poly9.ai. We will respond to your request within 30 days. We may need to verify your identity before processing your request.
5A. Additional Rights for California Residents (CCPA/CPRA)
If you are a California resident, the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA) provides you with additional rights regarding your personal information. As a B2B SaaS platform, most of our data processing falls under the business-to-business exemption; however, we honor the following rights to the extent applicable:
- Right to Know. You have the right to request that we disclose the categories and specific pieces of personal information we have collected about you in the past 12 months, the sources from which we collected it, the business purpose for collecting it, and the categories of third parties with whom we shared it.
- Right to Delete. You have the right to request deletion of personal information we have collected about you, subject to certain exceptions (e.g., completing transactions, detecting security incidents, complying with legal obligations).
- Right to Correct. You have the right to request correction of inaccurate personal information we maintain about you.
- Right to Opt-Out of Sale or Sharing. We do not sell personal information for monetary consideration. We also do not share personal information for cross-context behavioral advertising. Therefore, there is nothing to opt out of under this right.
- Right to Limit Use of Sensitive Personal Information. We do not use or disclose sensitive personal information for purposes other than those permitted by the CPRA.
- Right to Non-Discrimination. We will not discriminate against you for exercising your CCPA/CPRA rights. We will not deny you goods or services, charge different prices, or provide a different level of service as a result of you exercising these rights.
Categories of personal information collected in the past 12 months: Identifiers (name, email, IP address); commercial information (transaction history, subscription data); internet activity (usage logs, pages visited); professional information (company name, job title); inferences (platform usage patterns). We do not collect biometric data, precise geolocation, or sensitive personal information as defined under CPRA.
To submit a verifiable consumer request, email privacy@poly9.ai with the subject line “CCPA Request.” We will respond within 45 days. If we need more time (up to 90 days total), we will notify you in writing.
6. Data Retention
We retain your personal information for as long as your account is active or as needed to provide the Services and fulfill the purposes outlined in this policy. When you close your account, we will delete or anonymize your personal information within 90 days, unless we are required to retain it longer to comply with legal obligations, resolve disputes, or enforce our agreements. Aggregated, anonymized data may be retained indefinitely for analytical purposes.
7. Cookies and Tracking Technologies
We use the following types of cookies and tracking technologies:
- Strictly Necessary Cookies. Required for the Services to function, including session management and authentication. These cannot be disabled.
- Functional Cookies. Remember your preferences and settings (e.g., language, layout) to provide a personalized experience.
- Analytics Cookies. Help us understand how users interact with the Services so we can measure performance and make improvements. We use tools such as Google Analytics, which may set their own cookies.
- Marketing Cookies. Used to track visitors across websites to display relevant advertisements. These are only set with your consent where required by law.
You can control cookies through your browser settings, which allow you to refuse or delete cookies. Note that disabling certain cookies may affect the functionality of the Services. Where required by applicable law, we will obtain your consent before placing non-essential cookies.
8. International Data Transfers
Poly9 Technologies Inc. is headquartered in the United States. If you are located outside the United States, your information will be transferred to, stored, and processed in the United States, where data protection laws may differ from those in your jurisdiction. By using the Services, you acknowledge and consent to this transfer. Where required by applicable law (for example, for transfers from the European Economic Area), we implement appropriate safeguards such as Standard Contractual Clauses approved by the European Commission to ensure an adequate level of data protection.
9. Children's Privacy
The Services are designed for business professionals and are not directed to individuals under the age of 18. We do not knowingly collect personal information from children under 18. If you believe that we have inadvertently collected information from a minor, please contact us at privacy@poly9.ai and we will take prompt steps to delete such information.
10. Third-Party Links and Services
The Services may contain links to third-party websites, integrations, or services that are not owned or controlled by Poly9. This Privacy Policy does not apply to those third-party services. We encourage you to review the privacy policies of any third-party services you access through the platform, as we have no control over and assume no responsibility for their content, privacy practices, or policies.
11. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will notify you by updating the “Last updated” date at the top of this page and, where appropriate, by sending you an email notification or displaying a prominent notice within the Services. We encourage you to review this policy periodically. Your continued use of the Services after the effective date of any changes constitutes your acceptance of the revised policy.
12. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact our privacy team:
Poly9 Technologies Inc.
Attn: Privacy Team
Email: privacy@poly9.ai
Website: poly9.ai
If you are located in the European Economic Area and believe we have not adequately addressed your privacy concerns, you have the right to lodge a complaint with your local data protection supervisory authority.