Privacy Policy

Last Updated: April 22, 2026

1. Introduction

ESX-Ray ("we," "us," or "our") is committed to protecting the privacy and security of your personal information and estimate data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our forensic Xactimate PDF auditing service ("Service").

By using the Service, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree with the terms of this Privacy Policy, please do not access or use the Service.

2. Information We Collect

2.1 Identity and Account Information

When you create an account, we collect:

  • Email address (required for account creation, authentication, and service notifications)
  • Name (optional, for account personalization)
  • Phone number (optional, for account recovery and support)
  • Password (stored as a secure hash, never in plain text)

2.2 Estimate Data from Xactimate PDFs

When you upload Xactimate PDF documents for analysis, we process and extract:

  • Line item data (material descriptions, quantities, unit costs, and extended costs)
  • Project metadata (estimate number, claim number, project dates)
  • Scope parameters (affected areas, room dimensions, loss category classifications)
  • Project addresses (property location information included in estimates)
  • Contractor information (company name, contact details if present in the PDF)
  • Insurance carrier information (carrier name, adjuster details if present in the PDF)

2.3 Payment and Transaction Data

When you purchase credits, we collect:

  • Stripe transaction history (payment amounts, dates, and transaction IDs)
  • Billing information (processed and stored by Stripe, not on our servers)

Note: We do not store credit card numbers or full payment details. All payment processing is handled securely by Stripe, Inc., a PCI DSS Level 1 certified payment processor.

2.4 Automatic Technical Information

We automatically collect:

  • IP address and device information
  • Browser type and version
  • Usage data and analytics (via Google Analytics)
  • Login timestamps and session duration

3. Data Processing and Analysis

3.1 PDF Data Ingestion: When you upload a Xactimate PDF, our Service extracts line item data, metadata, and scope parameters to perform forensic analysis. This extraction is necessary to identify potential IICRC S500 non-compliance and missing line items.

3.2 Automated Analysis: Uploaded estimate data is processed through our proprietary algorithms to compare submitted scopes against IICRC S500 standards and industry best practices.

3.3 Report Generation: Analysis results are compiled into Revenue Validation Reports containing identified omissions, compliance gaps, and estimated missed revenue calculations.

3.4 No Manual Review: Estimate data is processed exclusively through automated systems. ESX-Ray staff do not manually review or access individual project details except when required for technical troubleshooting or support requests initiated by you.

4. Data Storage and Security

Forensic-Grade Data Handling: All estimate data is processed with forensic-grade security protocols and stored using industry-standard encryption (AES-256 at rest, TLS 1.3 in transit).

4.1 Encrypted Storage: All uploaded PDFs and extracted estimate data are encrypted at rest using AES-256 encryption and stored in secure, access-controlled databases.

4.2 Secure Transmission: All data transmitted between your browser and our servers is encrypted using TLS 1.3 (Transport Layer Security) protocols.

4.3 Access Controls: Database access is restricted to authorized personnel only and protected by multi-factor authentication, IP whitelisting, and role-based access controls.

4.4 Infrastructure Security: Our Service is hosted on enterprise-grade cloud infrastructure with 24/7 monitoring, automated threat detection, and regular security audits.

4.5 Data Isolation: Each customer's estimate data is logically isolated and accessible only to the associated account owner.

5. How We Use Your Data

We use collected information for the following purposes:

  • Service Delivery: To process Xactimate PDFs and generate Revenue Validation Reports
  • Account Management: To create, maintain, and secure your user account
  • Payment Processing: To process credit purchases and maintain transaction history via Stripe
  • Communication: To send service notifications, credit balance alerts, and respond to support inquiries
  • Service Improvement: To analyze aggregate usage patterns and improve our analysis algorithms (using anonymized data only)
  • Security and Fraud Prevention: To detect and prevent unauthorized access, abuse, and fraudulent activity
  • Legal Compliance: To comply with applicable laws, regulations, and legal processes

6. Data Sharing and Third-Party Disclosure

We Do NOT Sell Your Data: ESX-Ray does not sell, rent, or trade estimate data, project addresses, contractor lists, or any personally identifiable information to insurance carriers, lead generators, or any third parties for marketing purposes.

6.1 No Data Selling: We explicitly do not engage in the sale of:

  • Estimate data or project details
  • Property addresses or location data
  • Contractor company names or contact information
  • Customer lists or contact databases
  • Insurance carrier relationships or claim information

6.2 Limited Third-Party Service Providers: We share information only with trusted service providers who assist in operating our Service:

  • Stripe: Payment processing and transaction management (covered by Stripe's privacy policy)
  • Google Analytics: Anonymized usage analytics (IP addresses are anonymized)
  • Cloud Infrastructure Providers: Secure data storage and hosting services

All third-party service providers are contractually obligated to maintain the confidentiality and security of your data and are prohibited from using it for any purpose other than providing services to us.

6.3 Legal Requirements: We may disclose information if required by law, court order, or governmental request, or to protect the rights, property, or safety of ESX-Ray, our users, or the public.

6.4 Business Transfers: In the event of a merger, acquisition, or sale of assets, user data may be transferred to the acquiring entity, subject to the same privacy protections outlined in this Policy.

7. Data Retention

7.1 Account Data: We retain your account information (email, name, phone) for as long as your account is active or as needed to provide services. Upon account deletion, personal information is permanently removed within 30 days.

7.2 Estimate Data: Uploaded PDFs and generated Revenue Validation Reports are retained for the lifetime of your account to allow ongoing access to historical audits. You may delete individual audits at any time from your dashboard.

7.3 Transaction Records: Payment and transaction data is retained for seven (7) years to comply with financial recordkeeping requirements and tax regulations.

7.4 Analytics Data: Anonymized usage analytics are retained indefinitely for service improvement purposes.

8. Your Privacy Rights

8.1 Access: You may access, review, and download your estimate data and Revenue Validation Reports at any time through your account dashboard.

8.2 Correction: You may update your account information (email, name, phone) through account settings.

8.3 Deletion: You may request deletion of specific audits or complete account closure. Contact [email protected] to initiate account deletion.

8.4 Data Portability: You may export your estimate data and reports in PDF format at any time.

8.5 Opt-Out of Communications: You may opt out of promotional emails by clicking the unsubscribe link. Transactional emails (service notifications, credit alerts) cannot be disabled while your account is active.

8.6 California Residents (CCPA): California users have additional rights under the California Consumer Privacy Act, including the right to know what personal information is collected, the right to delete personal information, and the right to opt-out of any sale of personal information (though we do not sell personal information).

9. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to maintain sessions, remember preferences, and analyze service usage.

9.1 Essential Cookies: Required for authentication, session management, and core Service functionality. These cannot be disabled.

9.2 Analytics Cookies: Google Analytics cookies collect anonymized usage data to help us improve the Service. You may opt out using browser settings or Google's opt-out tools.

9.3 Managing Cookies: Most browsers allow you to control cookies through settings. Disabling essential cookies may impact Service functionality.

10. Children's Privacy

The Service is not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us immediately, and we will delete such information.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of material changes by posting the updated Policy with a new "Last Updated" date and, when appropriate, by sending an email notification.

Your continued use of the Service after the effective date of the revised Privacy Policy constitutes acceptance of the changes.

12. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

ESX-Ray Privacy Team

Email: [email protected]

This Privacy Policy is effective as of the "Last Updated" date stated at the top. We encourage you to review this Policy periodically to stay informed about how we protect your information.