Skip to main content

LegalLast updated: May 8, 2026

Privacy Policy

How Parix collects, uses, discloses, retains, and safeguards information.

Introduction

This Privacy Policy explains how Parix collects, uses, shares, retains, and protects information when you use Parix websites, dashboards, APIs, command-line authentication flows, documentation, hosted TigerBeetle infrastructure, billing workflows, support channels, and related services (the "Services").

Parix provides managed TigerBeetle infrastructure for products that need durable ledger storage, gateway access, cluster operations, logs, metrics, backups, CDC configuration, billing, and organization management. This policy is intended to describe the current product and control-plane behavior. If a separate written agreement, data processing addendum, or enterprise order applies to your use of Parix, that agreement may add privacy and security terms.

Questions about this policy can be sent to admin@parix.io.

Summary

This summary is not a substitute for the full policy.

  • We collect account, authentication, organization, billing, support, security, usage, and operational information needed to provide Parix.
  • We process Customer Data that you submit to, generate through, import into, or store in Parix, including TigerBeetle ledger data, database names, configurations, logs, metrics, CDC destinations, backups, and import artifacts.
  • We use third-party providers such as Cloudflare, Stripe, Google, AWS, and GCP to operate the Services.
  • We do not sell personal information, and we do not currently use third-party advertising cookies in the Services.
  • You may request access, correction, deletion, export, restriction, or opt-out rights where applicable by contacting admin@parix.io.
  • Product-visible logs and event feeds have shorter operational retention windows in many cases, while account, billing, backup, and legal records may be retained longer.

Our Role

For account, billing, website, security, support, sales, and platform administration data, Parix generally acts as a controller or business that decides why and how the information is processed.

For Customer Data that you submit to Parix as part of your own application or hosted database use, Parix generally acts as a service provider or processor. You are responsible for deciding what Customer Data you send to Parix, obtaining any required permissions, and making sure your use of Parix is lawful for your workload.

Information We Collect

Account and Profile Information

We collect information you provide when you create or manage an account, including:

  • Name, email address, profile image, and email verification status
  • Password credentials, if you use email and password sign-in
  • Google account identifiers and tokens, if you use Google sign-in
  • Passkey public keys, credential identifiers, device type, counters, and related passkey metadata
  • Two-factor authentication status, authenticator secrets, backup codes, and trusted-device choices
  • Account settings, notification preferences, timezone, and last login method
  • Admin status, ban status, ban reason, or impersonation state when platform administration features are used

Authentication, Security, and Session Information

When you use Parix, we collect information needed to authenticate you, protect accounts, and investigate security events, including:

  • Session identifiers, session tokens, active organization identifiers, expiration times, IP address, country, user agent, request path, and timestamps
  • Email verification, password reset, organization invitation, welcome, and notification email metadata
  • Rate-limit counters, authentication attempts, OAuth grants, API key metadata, bearer-token use, and CLI authorization activity
  • Security audit events such as sign-in, sign-out, session creation, session revocation, impersonation, and impersonation stop events
  • Cloudflare Turnstile challenge signals used to detect abuse on sign-in, sign-up, and password reset flows

Organization and Team Information

If you create, join, or administer an organization, we collect organization information, including:

  • Organization name, slug, logo, billing email, timezone, data-location setting, and metadata
  • Member identifiers, roles, invitation emails, invitation status, inviter information, and membership timestamps
  • Organization notifications, notification receipts, user notification state, muted notification kinds, and email notification preferences
  • Organization audit-log events, including actor name, actor user ID, action, event type, entity identifiers, IP address, location text, and metadata

Billing and Payment Information

Parix uses Stripe for billing setup, payment method collection, invoice handling, and billing webhooks. We may collect or receive:

  • Stripe customer IDs, checkout session IDs, subscription IDs, invoice IDs, payment method IDs, billing status, billing email, grace-period status, invoice status, amounts, currency, and billing errors
  • Usage and billing line items, including CPU, memory, disk, network, CDC runtime, database profile, period, estimated usage markers, and totals
  • Information needed to send invoice, payment failure, billing setup, or billing status emails

Parix does not intentionally store complete payment card numbers in the Services. Payment details are handled by Stripe or another payment provider.

Database, Ledger, and Customer Data

When you create, import, query, operate, or delete a Parix database, we process Customer Data and related operational data, including:

  • Database names, database identifiers, organization identifiers, provider, region, topology, storage tier, storage size, cluster size, memory, vCPU, node count, TigerBeetle version, gateway URLs, deployment network mode, and provider metadata
  • TigerBeetle account, transfer, ledger, code, flag, timestamp, and identifier values submitted through the dashboard, API, SDK, gateway, CLI, import, or operational workflow surfaces
  • API keys, OAuth clients, OAuth access tokens, OAuth refresh tokens, OAuth consent records, scopes, reference IDs, and credential metadata
  • Provisioning, upgrade, migration, import, backup, restore, decommission, CDC, and cluster-change workflow metadata
  • Import artifacts, imported TigerBeetle file names, object keys, file sizes, checksums, cluster IDs, replica indexes, replica counts, and imported or target TigerBeetle versions
  • Backup job metadata, backup snapshot metadata, backup object keys, bucket names, checksums, size, source volume or snapshot identifiers, source disk or instance names, region, zone, replica index, node count, storage size, cache grid size, and development-mode flags
  • Logs, metrics, throughput, latency, error, health, cluster status, observability, CDC delivery, webhook delivery, and gateway request metadata
  • CDC configuration, destination names, URLs, AMQP host, port, username, vhost, exchange, routing key, TLS settings, publish confirmation settings, webhook authentication mode, and encrypted CDC or destination secrets

Customer Data may include personal information, financial information, or regulated information if you or your end users submit it to Parix. You are responsible for determining whether Parix is appropriate for that Customer Data and for complying with laws, contracts, and notices that apply to your users.

Website, Sales, Support, and Communications

If you contact Parix, request a sales call, respond to emails, or communicate with us, we collect information such as:

  • Name, company, work email, workload stage, use case, message content, and contact preferences
  • Support requests, procurement questions, security review materials, and related correspondence
  • Email delivery and message metadata needed to send and troubleshoot communications

The current contact form opens your email client with a prefilled email to sales@parix.io. Information you send that way is handled by your email provider and our email systems.

Automatic Website and Device Information

We automatically collect limited technical information when you access the Services, including:

  • IP address, approximate location derived from the request, browser, device, operating system, user agent, request path, timestamps, and referrer information
  • Feature usage, page views, route activity, errors, logs, metrics, WebSocket connection metadata, and abuse-prevention signals
  • Cookies, local storage, or similar browser storage used for session management, security, preferences, theme, sidebar state, remembered login method, and two-factor trusted-device state

Sensitive Data and Children

Parix is not designed for children under 16 and is not intended to collect children's personal information. Parix also is not designed for health, biometric, education, or other sensitive regulated data unless a separate written agreement expressly covers that use. Do not submit sensitive or regulated information to Parix unless you have confirmed that your use is lawful and appropriate.

How We Collect Information

We collect information:

  • Directly from you, such as when you sign up, create an organization, configure billing, create a database, upload an import file, configure CDC, generate an API key, invite a member, contact sales, or request support
  • Automatically, such as through cookies, session storage, Cloudflare request metadata, logs, metrics, rate limits, operational telemetry, and security events
  • From third parties, such as Google sign-in, Stripe billing events, cloud providers, authentication and security providers, email providers, and infrastructure systems used to provide the Services
  • From your systems and users, when your application sends Customer Data, API requests, gateway traffic, metrics, logs, CDC events, or webhook destinations to Parix

How We Use Your Information

We use information for the following purposes:

  • Provide, operate, maintain, secure, monitor, and troubleshoot the Services
  • Authenticate users, manage sessions, verify emails, reset passwords, support passkeys and two-factor authentication, and prevent abuse
  • Create and manage organizations, memberships, invitations, roles, notifications, audit logs, account settings, and API access
  • Provision, import, upgrade, migrate, monitor, back up, restore where available, decommission, and support hosted TigerBeetle databases
  • Route gateway traffic, translate requests, enforce authorization, measure usage, process logs and metrics, and operate CDC and webhook delivery
  • Calculate pricing, usage, invoices, credits, billing status, payment failures, taxes, and other billing operations
  • Send transactional, security, billing, product, support, invitation, password reset, verification, welcome, and notification emails
  • Respond to support, sales, security, legal, procurement, and operational requests
  • Analyze service health, reliability, performance, feature usage, abuse patterns, and customer-impacting incidents
  • Improve the Services, documentation, pricing, support workflows, and operational tooling
  • Enforce our Terms of Service, protect Parix, protect users, protect third parties, and investigate suspected misuse
  • Comply with legal obligations

We do not use Customer Data to train general-purpose public AI models.

Where GDPR, UK GDPR, or similar law applies, our legal bases may include:

  • Contract, when processing is needed to provide the Services, authenticate users, process billing, operate databases, support organizations, or respond to requests
  • Legitimate interests, when processing is needed for security, fraud prevention, service improvement, logging, analytics, abuse prevention, support, compliance evidence, or business operations
  • Consent, when required for optional communications, non-essential cookies, or other processing that legally requires consent
  • Legal obligation, when processing is needed to comply with tax, accounting, sanctions, export, court, regulatory, or law-enforcement obligations
  • Legal claims, when processing is needed to establish, exercise, or defend legal rights

Data Sharing and Disclosure

We share information only as needed for the Services and the purposes described in this policy:

  • Cloud and infrastructure providers: Cloudflare, AWS, GCP, network providers, DNS providers, storage providers, queue providers, Durable Object and database providers, and related infrastructure systems.
  • Billing providers: Stripe or another payment provider for checkout, payment methods, invoices, webhooks, subscription or usage billing, receipts, and payment failure handling.
  • Authentication and security providers: Google sign-in, Cloudflare Turnstile, email verification systems, authentication libraries, and abuse-prevention tooling.
  • Email and communication providers: Providers used to send transactional, billing, security, support, sales, and organization invitation emails.
  • Customer-selected destinations: CDC destinations, webhook endpoints, AMQP destinations, APIs, integrations, or other endpoints you configure.
  • Organization members and administrators: Information visible within your organization, such as member names, roles, invitations, database names, billing summaries, audit events, notifications, logs, metrics, API key metadata, and operational history.
  • Professional advisers and business operations: Lawyers, accountants, auditors, insurers, banks, and advisers when needed for business operations.
  • Legal, safety, and compliance recipients: Courts, regulators, law enforcement, government authorities, cloud providers, affected parties, or others when we believe disclosure is required by law or needed to protect rights, safety, security, or service integrity.
  • Business transfers: Parties involved in a merger, acquisition, financing, reorganization, bankruptcy, sale of assets, or similar transaction.

We do not sell personal information. We also do not share personal information for cross-context behavioral advertising as those terms are commonly used in U.S. state privacy laws.

Third-Party Services

The Services may link to third-party websites, documentation, repositories, identity providers, payment pages, customer webhook endpoints, or cloud services. Those third parties have their own privacy practices. You should review their privacy notices before providing information to them.

Customer Data, Ledger Data, and Subprocessors

Parix stores and processes Customer Data only as needed to provide, secure, operate, troubleshoot, bill for, and improve the Services, unless another agreement states otherwise.

Depending on your configuration, Customer Data may be processed in:

  • Cloudflare Workers, D1, KV, R2, Queues, Durable Objects, Analytics Engine, Turnstile, Email, Workflows, and networking services
  • AWS regions, networking resources, compute, volumes, snapshots, backup exporters, gateways, and provider APIs
  • GCP regions, networking resources, compute, disks, snapshots, service accounts, CDC runtimes, gateways, and provider APIs
  • Stripe billing systems
  • Google authentication systems
  • Customer-configured CDC, webhook, AMQP, API, or integration destinations

If you need a data processing agreement, subprocessor list, regional processing commitments, or enterprise-specific controls, contact admin@parix.io.

International Data Transfers

Parix is operated from the United States and uses providers that may process information in the United States and other countries. Customer-selected database regions may affect where hosted TigerBeetle data-plane resources run, but some control-plane, support, security, billing, backup, and operational data may still be processed in other locations.

Where required by law, we use appropriate safeguards for international transfers, such as contractual protections, Standard Contractual Clauses, provider data processing terms, or other lawful transfer mechanisms.

Cookies and Tracking Technologies

Parix uses cookies and similar technologies for:

  • Authentication, sessions, sign-in state, API authorization, OAuth flows, CSRF protection, and secure account access
  • Remembering login method, theme, sidebar state, organization context, settings, and other product preferences
  • Two-factor trusted-device behavior, where a user chooses to trust a browser for a limited time
  • Cloudflare Turnstile abuse prevention
  • Product diagnostics, security, rate limiting, operational logs, and service reliability

We do not currently use third-party advertising cookies in the Services. If we add non-essential analytics, advertising, or marketing cookies, we will update this policy and provide any consent or opt-out controls required by law.

You can control cookies through your browser settings. Blocking cookies may prevent sign-in, account security, billing, organization management, database operations, or other Services from working correctly.

Data Retention

We keep information for as long as needed for the purposes described in this policy, unless a longer retention period is required or permitted by law, contract, security needs, tax rules, accounting obligations, backup requirements, dispute resolution, or operational reliability.

Current product behavior includes the following examples:

  • Account records are generally retained while your account is active. If you delete your account, Parix deletes your account and organizations where you are the only member, subject to backups, billing records, legal obligations, and operational records that may be retained.
  • Session records are generally short-lived. Current session configuration uses a seven-day session window, with periodic refresh while you continue to use the Services.
  • Two-factor trusted-device choices may allow a browser to skip 2FA prompts for up to 30 days.
  • Auth audit logs visible in account security settings are generally retained for about 15 days, subject to row limits.
  • Product-visible organization audit logs, organization notifications, database cluster change logs, and CDC webhook history are generally retained for about 14 days or until row caps are reached, unless configuration or an agreement says otherwise.
  • Runtime collector logs are generally retained for about 7 days, unless configuration or an agreement says otherwise.
  • Import upload sessions are short-lived. Current staged import artifacts are cleaned up after about 1 day once eligible, although import metadata may remain for operational history.
  • Backup snapshots and backup metadata may be retained after database deletion so that artifacts remain discoverable and auditable.
  • Billing, invoice, tax, payment, usage, accounting, and dispute records may be retained as long as needed for legal, accounting, billing, collection, audit, and compliance purposes.
  • Abuse-prevention nonces, rate-limit counters, dedupe keys, and email idempotency records are retained for short operational windows appropriate to their purpose.

When you delete a database, Parix disables or removes the live provider deployment through the product workflow. Some related control-plane history, backup artifacts, logs, metrics, usage records, billing records, audit records, and security records may remain for retention, recovery, troubleshooting, billing, compliance, or legal reasons.

Security

We use administrative, technical, and organizational safeguards designed to protect information, including:

  • Encryption of data in transit and at rest
  • Access controls, authentication, passkeys, two-factor authentication, OAuth scopes, API key controls, and role-based organization access
  • Cloudflare Turnstile, rate limiting, audit logs, session controls, and abuse-prevention mechanisms
  • Encrypted storage of selected secrets, such as CDC and destination secrets
  • Provider isolation, gateway controls, service authentication, queue-backed workflows, and operational logging
  • Limited internal access based on business need
  • Monitoring, incident response, and operational review processes

However, no method of transmission over the Internet or electronic storage is 100% secure, and we cannot guarantee absolute security.

You are responsible for securing your own systems, accounts, passwords, passkeys, API keys, OAuth grants, organization roles, Customer Data, integrations, CDC destinations, webhook endpoints, and applications that connect to Parix.

Your Choices and Privacy Rights

Depending on your location, you may have rights to:

  • Access personal information we hold about you
  • Correct inaccurate personal information
  • Delete personal information
  • Receive a portable copy of certain personal information
  • Restrict or object to certain processing
  • Withdraw consent where processing is based on consent
  • Opt out of marketing emails or certain data sharing
  • Appeal a denied privacy request where applicable
  • Lodge a complaint with a data protection authority

You can update some account, organization, notification, security, session, API key, passkey, and two-factor settings in the dashboard. You may also contact admin@parix.io to exercise privacy rights.

We may need to verify your identity and your authority to act for an organization before completing a request. Some requests may be limited by security, billing, legal, accounting, backup, fraud-prevention, dispute, or contractual obligations.

If your request concerns Customer Data controlled by a Parix customer, we may direct you to that customer because they decide how the Customer Data is processed.

California and U.S. State Privacy Rights

California and other U.S. state privacy laws may give residents rights to know, access, correct, delete, port, or opt out of certain uses of personal information. Parix does not sell personal information and does not share personal information for cross-context behavioral advertising.

You may exercise applicable rights by contacting admin@parix.io. We will not discriminate against you for exercising rights that apply to you.

European and UK Privacy Rights

If you are in the European Economic Area, United Kingdom, or Switzerland, you may have additional rights under GDPR, UK GDPR, or similar laws. These may include rights to access, correct, erase, restrict, object, port data, withdraw consent, and complain to a supervisory authority.

To exercise these rights, contact admin@parix.io. If Parix processes Customer Data for your organization, your organization may be the controller responsible for handling requests from its users.

Automated Decision-Making

Parix may use automated systems for security, abuse prevention, rate limiting, billing calculations, provisioning checks, usage aggregation, workflow orchestration, and operational alerts. We do not currently use automated decision-making that is intended to produce legal or similarly significant effects about individuals without human review.

Marketing Communications

We may send product, sales, or marketing communications if you request them or if applicable law permits. You can opt out of marketing emails by using the unsubscribe mechanism in the email or by contacting admin@parix.io. We may still send transactional, security, billing, legal, or service messages.

Children's Privacy

The Services are not intended for individuals under 16. We do not knowingly collect personal information from children under 16. If you believe a child has provided personal information to Parix, contact admin@parix.io and we will take appropriate steps to delete it.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will post the updated policy on this page and update the "Last updated" date. If changes are material, we will use reasonable efforts to provide additional notice, such as through the dashboard, email, or product notice.

Your continued use of the Services after an updated policy becomes effective means the updated policy applies to your use of the Services.

Contact Us

If you have questions, concerns, or privacy requests, contact us at:

Parix

Email: admin@parix.io

Website: https://parix.io

For sales inquiries, contact sales@parix.io.

Privacy laws vary by jurisdiction and can change. This policy should be reviewed by qualified privacy counsel before publication and whenever Parix changes its data practices, subprocessors, regions, retention periods, billing model, analytics, cookies, or support workflows.

Terms of Service

Terms that govern access to and use of Parix services.

On this page

IntroductionSummaryOur RoleInformation We CollectAccount and Profile InformationAuthentication, Security, and Session InformationOrganization and Team InformationBilling and Payment InformationDatabase, Ledger, and Customer DataWebsite, Sales, Support, and CommunicationsAutomatic Website and Device InformationSensitive Data and ChildrenHow We Collect InformationHow We Use Your InformationLegal Bases for ProcessingData Sharing and DisclosureThird-Party ServicesCustomer Data, Ledger Data, and SubprocessorsInternational Data TransfersCookies and Tracking TechnologiesData RetentionSecurityYour Choices and Privacy RightsCalifornia and U.S. State Privacy RightsEuropean and UK Privacy RightsAutomated Decision-MakingMarketing CommunicationsChildren's PrivacyChanges to This Privacy PolicyContact UsLegal Review