TexoraPass

Legal

TexoraPass Privacy Policy

How TexoraPass collects, uses, protects, and processes data for AI-powered textile compliance, Digital Product Passport workflows, and traceability operations.

Last Updated: May 7, 2026

This policy is written for international B2B SaaS operations and should be reviewed with qualified legal counsel for jurisdiction-specific requirements.

1. Scope and Role of This Policy

This policy explains how TexoraPass handles personal and business data.

  • This Privacy Policy applies to TexoraPass websites, applications, and related SaaS services.
  • TexoraPass primarily provides B2B SaaS services for textile compliance and Digital Product Passport workflows.
  • Depending on context, TexoraPass may act as a data controller (for account and website data) and/or processor (for Customer Data processed on behalf of business customers).

2. Information We Collect

We collect information needed to operate, secure, and improve the platform.

  • Account and contact data: name, business email, role, company details, and account credentials.
  • Commercial data: subscription details, billing references, and service interactions.
  • Usage and technical data: device, browser, log records, event telemetry, and performance diagnostics.
  • Support and communication data: tickets, meeting notes, and customer success correspondence.

3. Uploaded Compliance Documents and Customer Data

Customers control the business records they upload.

  • Customer organizations may upload certificates, lab reports, invoices, supplier records, traceability files, sustainability evidence, and related compliance content.
  • As between TexoraPass and customer organizations, Customer Data remains owned by the customer.
  • TexoraPass processes Customer Data under customer instructions, applicable agreements, and this policy.

4. AI Processing and Document Extraction

AI supports extraction and analysis but does not replace professional validation.

  • TexoraPass uses AI and automation to classify files, extract data fields, identify potential gaps, and assist compliance workflows.
  • AI outputs may include predictions, structured suggestions, confidence indicators, and workflow flags.
  • AI-generated insights may require human review and should not be treated as legal advice, certification, or regulatory approval.

5. Digital Product Passport and Traceability Data Handling

TexoraPass supports configurable transparency across supply-chain stakeholders.

  • Digital Product Passport records may include product identity, material, supplier, origin, compliance, and evidence references.
  • Customers configure visibility controls (for example public, buyer-restricted, and internal views) based on their governance needs.
  • TexoraPass processes traceability and sustainability evidence to enable auditable, role-appropriate sharing experiences.

6. How We Use Data

Data is used to deliver the service, secure operations, and improve outcomes.

  • Provide and maintain platform functionality, including compliance workflows and QR-based experiences.
  • Authenticate users, enforce access controls, and detect fraud, abuse, or security risks.
  • Support customer onboarding, support delivery, usage reporting, and product improvement.
  • Comply with legal obligations and enforce contractual rights.

7. Cookies, Tracking, and Analytics

We use limited tracking for functionality, analytics, and performance.

  • TexoraPass may use cookies and similar technologies for session management, preferences, security, and analytics.
  • Where required by law, we request consent for non-essential cookies.
  • You can manage cookie preferences in browser settings or consent tools where available.

8. Legal Bases and GDPR-Style Transparency

We process data under recognized legal bases.

  • Where applicable, legal bases may include contract performance, legitimate interests, consent, and legal obligations.
  • For processing on behalf of business customers, customers are responsible for defining lawful bases in their own notices.
  • TexoraPass supports transparency and accountability obligations through contractual and technical safeguards.

9. Data Sharing and Third-Party Services

We share data only as needed for service delivery and lawful operations.

  • TexoraPass may use vetted subprocessors and service providers, such as hosting, infrastructure, analytics, identity, and support tooling.
  • Third parties process data under contract and are expected to apply appropriate confidentiality and security safeguards.
  • We may disclose data where required by law, regulation, court order, or to protect rights and security.

10. International Data Transfers

Cross-border transfers are handled with safeguards.

  • TexoraPass may process data in multiple jurisdictions based on infrastructure and customer operations.
  • Where required, TexoraPass uses transfer mechanisms and contractual safeguards consistent with applicable data protection laws.
  • Customers should evaluate transfer requirements relevant to their own jurisdictions and counterparties.

11. Data Retention

Data is retained only as long as needed for business and legal purposes.

  • TexoraPass retains data for service delivery, security, legal compliance, and contractual obligations.
  • Retention periods vary by data type, customer agreements, and legal requirements.
  • On termination, customer data handling follows the applicable agreement, including available export and deletion workflows.

12. Security Practices

We implement technical and organizational controls to protect data.

  • TexoraPass applies access controls, encryption in transit, logging, monitoring, and secure development practices.
  • No system can guarantee absolute security; customers should also apply strong access governance and operational controls.
  • If a material security incident occurs, TexoraPass will follow contractual and legal notification requirements.

13. User Rights and Choices

Individuals may have rights under applicable privacy laws.

  • Depending on jurisdiction, rights may include access, correction, deletion, objection, restriction, portability, and withdrawal of consent.
  • For data controlled by customer organizations, requests should generally be directed to the relevant customer controller first.
  • TexoraPass supports customer requests consistent with applicable law and contractual obligations.

14. Business Customer Data Handling

TexoraPass is designed for enterprise and B2B data governance.

  • Customer administrators control workspace configuration, user access, and document-level permissions.
  • Customers remain responsible for the accuracy and lawfulness of submitted business records and compliance claims.
  • TexoraPass does not independently certify customer legal compliance status.

15. Children's Privacy

TexoraPass is not intended for use by children.

  • The Services are designed for professional business users and not for children under applicable age thresholds.
  • TexoraPass does not knowingly collect personal data from children in connection with its B2B services.

16. Changes to This Privacy Policy

We may update this policy to reflect legal, technical, or business changes.

  • TexoraPass may revise this Privacy Policy and will update the Last Updated date.
  • Material changes may be notified through product notices, website updates, or direct communications.
  • Continued use after the effective date indicates acceptance where permitted by law.

17. Contact Information

Privacy requests and data protection inquiries: privacy@texorapass.com. General legal matters: legal@texorapass.com.