1. Information We Process
As a B2B platform, Coactix processes information to facilitate shared resolution and SLA compliance. This includes:
- Workspace & User Accounts: Names, company emails, passwords, and user roles (Workspace Admins, Operators, Suppliers, Observers).
- Incident Data: Ticket titles, summaries, blocker indicators, severity levels, and lifecycle status changes.
- Frontline Intake (SMS/Email): Raw SMS text, caller telephone numbers, email headers, media links, and access-code validation hashes.
- Evidence Files: Documents, photos, or logs uploaded to support ticket resolution (with access restricted to owners and authorized release parties).
- Billing Profiles: Corporate billing address, company name, tax/VAT IDs, and Stripe subscription status. Payment card processing is handled directly by Stripe.
2. Selective Transparency & Comments
Coactix is engineered to protect private discussions while enabling collaboration. Comment visibility is strictly categorized and enforced:
- Internal Comments: Only visible to operators and administrators of the owning organization.
- Shared Comments: Visible to all invited suppliers and participants on the ticket.
- Customer-Safe Updates: Drafted, reviewed, and approved by operators before publication, protecting internal operations from external review.
3. Data Sharing & Database Security
We do not sell operational data to data brokers or advertising networks. Coactix enforces tenant isolation at the database layer using PostgreSQL Row-Level Security (RLS) policies. Suppliers can only read shared case data and evidence records if they have been explicitly invited via a valid federation link.
4. Frontline SMS & AI Safety
For workspaces using the Frontline add-on:
- Access Code Protection: Reporters must use a valid workspace-configured access code. Only hashed access codes are stored in the database.
- AI Data Minimization: AI draft extraction (Anthropic API) uses redacted prompting. Raw telephone numbers and PII are stripped from AI logs, and prompts are summarized before storage.
- Abuse Guardrails: Rate limits are database-enforced, and compliance keywords (STOP, HELP, START) block the sender and log abuse events to protect the intake number.
5. Retention & Deletion
Operational data is retained for as long as your workspace remains active. Authorized administrators can delete evidence files, which immediately removes them from our secure Supabase storage buckets. Timeline audits and timeline logs are preserved for compliance purposes.
6. Contact & Inquiries
If you have questions about Coactix's data boundaries, security architecture, or GDPR user data exports, contact us at: