Privacy Policy

Version 1.2.0 // Last Updated: May 2026

Data Collection Protocol

Caddex operates on a "local-first, cloud-sync" model. We collect data essential for cross-team CAD collaboration and version integrity.

  • REQ_01 Drawing Assets: Detail drawings and blocks uploaded to your company cloud library.
  • REQ_02 Metadata: Creation dates, editor handles, and approval status logs.
  • REQ_03 User Profiles: Managed by your organization for Role-Based Access Control (RBAC).

Analytics & Cookies

We use Google Analytics 4 on our public marketing pages (caddex.io) to understand how visitors discover and use the site. The Caddex portal and any signed-in customer surfaces do not load analytics — we do not track behavior inside the product.

  • ANL_01 What's collected: Page views, referring source (e.g., Google search), approximate location at country/region level, device type, browser, and a truncated IP address. We do not collect names, email addresses, or other personal identifiers via analytics.
  • ANL_02 Cookies set: Two first-party cookies (_ga and _ga_X6SBGZXRJ1) used to distinguish unique visitors and sessions. We do not use advertising or cross-site tracking cookies.
  • ANL_03 Data processor: Anonymous usage data is processed by Google LLC under their standard terms. Analytics data is not linked to individual customer accounts.
  • ANL_04 Opt-out: Use your browser's cookie controls, enable "Do Not Track," or install Google's official opt-out browser add-on (tools.google.com/dlpage/gaoptout).

Regional Compliance

We adhere to global privacy frameworks to ensure your engineering data is handled legally across jurisdictions.

GDPR (EU/UK)

Under the General Data Protection Regulation, we act as a Data Processor for your organization. Users may request data erasure (Right to be Forgotten) through their organization administrator, who can initiate anonymization of the user's personal data while preserving company detail records.

CCPA/CPRA (USA)

California residents have the right to know what personal data is collected and to opt-out of the "sale" of information. Note: Caddex does not sell user data to third parties.

Security Architecture

Your details are protected by the same standards used in modern financial applications.

  • SEC_01 Encryption in Transit: All data is transmitted over HTTPS using TLS 1.2/1.3.
  • SEC_02 Isolation: Multi-tenant architecture ensures your company data is logically isolated from other firms.
  • SEC_03 Auditing: Internal audit logs track detail creation, approval, deletion, and user management actions for operational integrity.

Data Retention

We retain your drawings and detail library as long as your subscription is active. Diagnostic logs are automatically purged after 2 days, sync logs after 90 days, and audit logs after 1 year. Anonymous analytics events are retained by Google for up to 14 months and then automatically deleted. Upon termination, your data may be deleted from our production servers. We recommend exporting your detail library before canceling your subscription.