Privacy Policy

Last Updated: January 26, 2026

This Privacy Policy describes how Appuix, Inc., doing business as Cachee ("Company," "we," "us," or "our"), collects, uses, discloses, and protects information in connection with the Cachee platform and related services (the "Service"). This Privacy Policy applies to information we collect from customers, their authorized users, website visitors, and other individuals who interact with us or the Service.

By accessing or using the Service, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with our practices, please do not use the Service. This Privacy Policy is incorporated into and forms part of our Terms of Service.

1. U.S.-Only Availability

The Service is currently available only within the United States. We do not knowingly collect or process information from individuals located outside the United States. If you are located outside the United States, please do not access or use the Service or provide any information to us. All data collected through the Service is stored and processed in the United States.

2. Scope and Roles

When our customers ("Customers") use the Service to process information about their own end users, the Customer acts as the data controller (or equivalent role under applicable law), and we act as a data processor (or service provider). In such cases, our processing of end-user data is governed by our agreement with the Customer, and end users should refer to the Customer's privacy policy for information about how their data is handled.

When we collect information directly from website visitors, prospective customers, or individuals who contact us, we act as the data controller. This Privacy Policy describes our practices in that capacity.

3. Information We Collect

A. Account and Registration Information

When you create an account or register for the Service, we collect information such as your name, email address, company name, job title, phone number, billing address, and payment information. We may also collect information about your organization's size, industry, and intended use of the Service.

B. Customer Data

Customers and their authorized users may upload, submit, or transmit data through the Service, including biometric templates, encrypted identity payloads, and related metadata ("Customer Data"). We process Customer Data solely to provide the Service in accordance with our agreement with the Customer and do not use Customer Data for our own purposes except as described in this Privacy Policy and our Terms of Service.

C. Usage and Log Data

We automatically collect information about how you access and use the Service, including:

• IP address, browser type and version, operating system, and device identifiers;
• Pages viewed, features used, actions taken, and time spent on the Service;
• API call logs, request and response metadata, error logs, and performance metrics;
• Referring URLs and search terms that led you to our website;
• Date and time of access, session duration, and frequency of use.

D. Cookies and Tracking Technologies

We use cookies, web beacons, pixels, and similar tracking technologies to collect information about your interactions with our website and Service. For more information, please see our Cookie Notice.

E. Communications

When you contact us via email, support tickets, or other channels, we collect the content of your communications, including any attachments, along with your name, email address, and any other information you choose to provide.

F. Information from Third Parties

We may receive information about you from third parties, including business partners, marketing partners, publicly available sources, and social media platforms. We may combine this information with other information we collect about you.

4. How We Use Information

We use the information we collect for the following purposes:

• Providing the Service: To operate, maintain, and deliver the features and functionality of the Service, including processing authentication requests, verifying identities, and generating encrypted biometric templates.
• Account Management: To create and manage your account, process payments, and communicate with you about your account and subscription.
• Improving the Service: To analyze usage patterns, diagnose technical issues, develop new features, and improve the performance, security, and reliability of the Service.
• Security and Fraud Prevention: To detect, investigate, and prevent security incidents, fraud, abuse, and violations of our Terms of Service and Acceptable Use Policy.
• Communications: To send you transactional communications (such as account confirmations, billing notifications, and security alerts), and, with your consent where required, promotional communications about our products and services.
• Compliance: To comply with applicable laws, regulations, legal processes, and governmental requests.
• Aggregated Analytics: To generate aggregated, de-identified data for benchmarking, reporting, and analytical purposes that do not identify any individual or Customer.

5. Automated and AI-Assisted Features

The Service uses automated processing, including machine learning and artificial intelligence, to perform identity verification, biometric matching, and authentication. These automated processes compare submitted biometric data against enrolled templates to produce match/no-match results. Automated processing is a core function of the Service and is necessary for the performance of our contract with the Customer.

We do not use automated processing to make decisions that produce legal or similarly significant effects on individuals without human involvement, unless required by the Customer's integration and use case. Customers are responsible for implementing appropriate human review and override mechanisms as required by applicable law.

6. How We Disclose Information

We do not sell your personal information. We may disclose information in the following circumstances:

A. Service Providers and Subprocessors

We share information with third-party service providers and subprocessors who assist us in operating the Service, including cloud hosting providers, payment processors, customer support tools, and analytics services. These providers are contractually required to use information only to perform services on our behalf and to maintain appropriate security measures.

B. Legal Requirements

We may disclose information if we believe in good faith that disclosure is necessary to: (a) comply with applicable law, regulation, legal process, or governmental request; (b) enforce our Terms of Service, Acceptable Use Policy, or other agreements; (c) protect the rights, property, or safety of Company, our customers, or the public; or (d) detect, prevent, or address fraud, security, or technical issues.

C. Business Transfers

If Company is involved in a merger, acquisition, reorganization, bankruptcy, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change in ownership or control of your information.

D. With Consent

We may disclose information with your consent or at your direction.

7. Cookies and Similar Technologies

We use cookies and similar tracking technologies on our website and in the Service. For detailed information about the types of cookies we use, their purposes, and your choices, please see our Cookie Notice.

8. Data Retention

We retain information for as long as reasonably necessary to fulfill the purposes for which it was collected, to comply with our legal obligations, to resolve disputes, and to enforce our agreements. The retention period for specific categories of information depends on the nature of the information and the purposes for which it is processed:

• Account Information: Retained for the duration of your account and for a reasonable period thereafter for legal and business purposes.
• Customer Data: Retained in accordance with our agreement with the Customer and deleted or returned upon termination as described in our Terms of Service.
• Usage and Log Data: Typically retained for up to 24 months, after which it is aggregated or deleted.
• Communications: Retained for as long as necessary to address the subject of the communication and for a reasonable period thereafter.

When information is no longer needed, we will securely delete or de-identify it in accordance with our data retention policies and applicable law.

9. Security

We implement and maintain administrative, technical, and physical security measures designed to protect your information against unauthorized access, alteration, disclosure, or destruction. These measures include:

• Fully homomorphic encryption (FHE) to enable processing of encrypted data without decryption;
• Post-quantum cryptographic (PQC) algorithms to protect against both current and future computational threats;
• Zero-knowledge proofs (ZKP) to enable verification without revealing underlying data;
• Encryption of data in transit and at rest;
• Access controls and authentication mechanisms;
• Regular security assessments and monitoring;
• Employee training on data protection and security practices.

While we strive to protect your information, no method of transmission over the internet or method of electronic storage is completely secure. We cannot guarantee the absolute security of your information.

10. Your Choices and Requests

Depending on your location and applicable law, you may have certain rights regarding your personal information, including:

• Access: The right to request access to the personal information we hold about you.
• Correction: The right to request correction of inaccurate or incomplete personal information.
• Deletion: The right to request deletion of your personal information, subject to certain exceptions.
• Portability: The right to request a copy of your personal information in a structured, commonly used, and machine-readable format.
• Opt-Out of Sale: We do not sell personal information. If this changes, we will provide an opt-out mechanism.
• Marketing Communications: You may opt out of promotional emails by clicking the "unsubscribe" link in any promotional email or by contacting us at the address below. You may not opt out of transactional or service-related communications.

To exercise any of these rights, please contact us at privacy@appuix.com or support@appuix.com. We will respond to your request within the timeframe required by applicable law. We may ask you to verify your identity before processing your request.

If we process your personal information on behalf of a Customer (as a data processor), please direct your request to the applicable Customer, as we may only be able to respond to requests received from or authorized by our Customer.

11. Children's Privacy

The Service is not directed to individuals under the age of 18, and we do not knowingly collect personal information from children under 18. If we become aware that we have collected personal information from a child under 18, we will take steps to delete such information promptly. If you believe that a child under 18 has provided us with personal information, please contact us at privacy@appuix.com.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will notify you by updating the "Last Updated" date at the top of this Privacy Policy and, where required by law, by providing additional notice (such as an email notification or an in-Service announcement). We encourage you to review this Privacy Policy periodically to stay informed about our practices.

13. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

• Email: privacy@appuix.com
• General support: support@appuix.com
• Legal inquiries: legal@appuix.com
• Mailing address: Appuix, Inc., Attn: Privacy Team