RFix Privacy Policy
Effective date: May 23, 2026
This Privacy Policy explains how RFix Ltd. ("RFix," "we," "us," or "our") collects, uses, discloses, and protects information when you use RFix, including the desktop application, web demo, standalone API, SDKs, MCP servers and integrations, hosted launch flows, documentation, update services, support services, cloud services, AI-assisted features, and related software or materials (collectively, the "Services").
1. Information We Collect
The information we collect depends on how you use the Services.
- Account and authentication data. We may collect identifiers such as name, email address, user ID, authentication provider, account status, token balances, download counts, subscription or license state, and sign-in metadata.
- License and entitlement data. We may process license IDs, customer names, enabled features, expiration dates, runtime entitlement checks, desktop update access, API authentication status, and related audit data.
- Usage and analytics data. We may collect product events such as page views, node additions, project load events, generation timing, generation errors, downloads, exports, onboarding events, settings changes, and feature usage. These events are intended to avoid raw project graphs, node parameters, prompts, file paths, authentication secrets, and IQ sample data.
- Diagnostics and telemetry. RFix may keep a local diagnostics ring buffer and may send sanitized error, warning, product, performance, runtime target, app version, browser, operating-system, and device-class metadata when telemetry is configured.
- Support and feedback data. If you submit support tickets, feedback, replies, or contact forms, we collect the information you provide, such as message content, category, ratings, role, use cases, company, phone, email, display name, runtime target, and app version.
- Support bundles. If you choose to upload a support bundle, it may include your current project graph, node parameters, edges, global settings, relevant local project state, structured diagnostics, app configuration metadata, runtime metadata, and desktop diagnostic files.
- AI feature data. If you use AI-assisted features, we may process your prompt, selected graph state, nodes, edges, global settings, validation errors, generated responses, repair attempts, token usage, and request metadata to provide the requested feature.
- Hosted launch and MCP data. Hosted launch and remote MCP flows may process project uploads, launch grants, project IDs, signed project URLs, session tokens, source identifiers, artifact metadata, and related request metadata.
- Local files and generated data. The desktop application and local API may read, write, import, export, or generate local project files, IQ artifacts, signal outputs, runtime packs, SDR captures, and related files as directed by you. Local-only data is not sent to RFix unless a feature you use transmits it, such as support upload, AI features, hosted launch, feedback, or cloud services.
- Technical request data. We and our providers may process IP address, user agent, referrer, headers, timestamps, request IDs, error codes, security logs, and similar metadata for operation, security, abuse prevention, and compliance.
RFix does not request precise geolocation through the current application. Some RF models and UI fields may let you enter coordinates, terrain paths, climatology parameters, or scenario locations; those values are treated as user-provided project data.
2. How We Use Information
We use information to:
- provide, operate, secure, maintain, debug, and improve the Services;
- authenticate users, issue or verify licenses, enforce quotas, provide downloads and updates, and manage entitlements;
- generate, validate, export, launch, or process projects and signal artifacts as requested by you;
- provide AI-assisted graph editing, validation, routing, repair, and response generation;
- provide support, process feedback, respond to tickets, and diagnose issues;
- detect, investigate, prevent, and respond to API abuse, scraping, automated abuse, credential misuse, reverse engineering attempts, security incidents, fraud, and violations of our Terms;
- measure usage, reliability, performance, and feature adoption;
- send service, security, account, support, onboarding, and administrative communications; and
- comply with legal obligations and enforce agreements.
3. AI and No Training Without Opt-In
RFix does not use customer prompts, project graphs, node parameters, IQ data, generated outputs, support bundles, or uploaded files to train AI models unless you explicitly opt in or separately agree in writing.
We may process AI feature data to provide the requested AI functionality, validate and repair responses, enforce quotas, detect abuse, secure the Services, troubleshoot issues, and comply with law. AI providers may process data on our behalf according to their service terms and data-processing commitments.
4. Information Sharing
We may share information with:
- Service providers. Providers that host, secure, authenticate, analyze, email, log, store, process support requests, provide AI infrastructure, or otherwise operate the Services for us.
- Your organization. If you use the Services through an organization, we may share account, license, usage, entitlement, and support information with authorized administrators or representatives.
- Legal, safety, and enforcement recipients. We may disclose information when we believe it is required by law or necessary to protect RFix, users, third parties, rights, safety, security, or the integrity of the Services.
- Business transfers. Information may be transferred in connection with a merger, acquisition, financing, reorganization, sale of assets, or similar transaction.
- With your direction or consent. For example, when you upload a project through hosted launch, send a support bundle, submit feedback, or connect an integration.
We do not sell your personal information. We do not share customer project graphs, prompts, support bundles, IQ data, or uploaded files for third-party advertising.
5. Third-Party Providers
The Services may use third-party providers and platforms, including Firebase and Google Analytics for authentication, analytics, Firestore, Remote Config, and account data; Google Cloud, Cloud Run, Cloud Storage, Vertex AI, and Gemini for cloud services and AI-assisted features; Cloudflare Workers and R2 for update, auth proxy, MCP, hosted launch, and project upload flows; Loggly for sanitized client logging; and email or SMTP providers for support and onboarding messages.
Third-party providers may process information under their own terms, privacy notices, and data-processing commitments. Links to relevant provider privacy information include:
6. Retention
We retain information for as long as needed to provide the Services, maintain accounts and licenses, comply with law, resolve disputes, enforce agreements, prevent abuse, and support legitimate business needs. Retention periods vary by data type.
Support bundles are intended for time-limited diagnostics and may be configured for approximately 30 days of retention. Account, license, billing, support, security, and audit records may be retained longer where needed for legal, operational, support, security, or compliance reasons. Local files and local diagnostics remain on your device unless you delete them or choose to transmit them.
7. Security
We use administrative, technical, and organizational safeguards designed to protect information. No security measure is perfect. You are responsible for protecting your account credentials, license files, API tokens, authentication tokens, local API ports, MCP configurations, generated artifacts, and local files.
8. International Processing
We and our providers may process information in Israel, the United States, the European Economic Area, and other countries where we or our providers operate. These countries may have privacy laws that differ from those in your jurisdiction.
9. Your Choices and Rights
Depending on your location and relationship with RFix, you may have rights to request access, correction, deletion, portability, restriction, objection, withdrawal of consent, or information about how your personal information is processed. You may also have the right to lodge a complaint with a privacy authority.
To make a privacy request, contact [email protected]. We may need to verify your identity and may retain certain information where permitted or required by law, including for security, fraud prevention, legal compliance, dispute resolution, and enforcement.
You can stop local collection by uninstalling the application and deleting local files. You can reduce cloud processing by avoiding optional online features such as AI assistance, hosted launch, remote MCP, feedback submission, and support bundle upload. Some authentication, licensing, update, and security processing may be required for online or licensed features.
10. GDPR, UK GDPR, and EEA/UK Legal Bases
Where the GDPR, UK GDPR, Israeli privacy law, or similar data-protection law applies, we process personal information under one or more legal bases depending on the context:
- Performance of a contract. We use this basis to create and manage accounts, authenticate users, issue and verify licenses, provide downloads and updates, operate paid or free entitlements, provide requested Services, process project workflows you initiate, and respond to support requests.
- Legitimate interests. We use this basis for security logging, abuse prevention, fraud detection, service reliability, debugging, technical analytics, quota enforcement, product improvement, communications about service operation, and protection of RFix, users, third parties, and the Services, balanced against your privacy interests and applicable rights.
- Consent. We use this basis where required for optional telemetry, optional marketing communications, optional AI-model training or product research uses, certain cookies or analytics, or other processing where we ask for permission. You may withdraw consent where applicable.
- Legal obligation. We use this basis to comply with tax, accounting, sanctions, export-control, law-enforcement, court, regulatory, and other legal requirements.
- Vital interests and public interest. We may rely on these bases where necessary to address urgent safety, security, or legal risks, although they are not expected to be routine bases for the Services.
For business customers, RFix may act as an independent controller for account, license, billing, security, support, and product-operation data, and may act as a processor or service provider for customer project data when a written data-processing agreement or enterprise agreement says so.
11. California Privacy Disclosures
Where the California Consumer Privacy Act, as amended by the California Privacy Rights Act (CCPA/CPRA), applies, this section describes the categories of personal information we may collect, use, and disclose. We collect these categories from you, your organization, your device, your use of the Services, and the service providers or integrations you choose to use.
- Identifiers. Examples include name, email address, account ID, user ID, authentication provider identifiers, IP address, request IDs, license IDs, and similar identifiers.
- Customer records information. Examples include account, contact, company, support, subscription, billing, license, and entitlement information.
- Commercial information. Examples include plan, subscription, license, entitlement, download, usage-quota, transaction, and support-history information.
- Internet or other electronic network activity information. Examples include product events, technical request data, device and browser metadata, app version, runtime target, diagnostics, telemetry, logs, and interactions with cloud, update, hosted launch, AI, or MCP services.
- Professional or employment-related information. Examples include company name, role, team context, and enterprise account or administrator relationships that you or your organization provide.
- Geolocation information. We do not request precise device geolocation through the current application. RF scenario coordinates, terrain paths, climatology parameters, or locations you enter are treated as user-provided project data.
- Audio, electronic, visual, or similar information. Examples may include files, screenshots, logs, project artifacts, support attachments, SDR captures, or other materials you choose to upload or transmit through support, AI, hosted launch, MCP, or cloud features.
- Inferences. Examples may include feature adoption, reliability, abuse-risk, quota, entitlement, or support-priority signals derived from the information described above.
- Sensitive personal information. We do not seek sensitive personal information for ordinary use of the Services. Authentication secrets, account credentials, tokens, precise RF scenario data, or support materials may be sensitive depending on context; we use such information to provide, secure, troubleshoot, and enforce the Services, and not to infer characteristics about you.
We may disclose these categories to service providers, contractors, your organization, legal or safety recipients, business-transfer recipients, or others at your direction as described in this Policy. We do not sell personal information, and we do not share personal information for cross-context behavioral advertising. We also do not knowingly sell or share personal information of consumers under 16.
California residents may have rights to know, access, correct, delete, obtain a portable copy of, limit certain uses of sensitive personal information, opt out of sale or sharing where applicable, and avoid discrimination for exercising privacy rights. To exercise rights, contact [email protected]. We may verify your request and may honor authorized-agent requests where legally required.
12. Communications
We may send transactional, account, support, security, license, update, onboarding, and administrative messages. Where marketing communications are used, you may opt out as required by applicable law. Transactional and security messages may still be sent when necessary for the Services.
13. Children
The Services are not directed to children under 13, and we do not knowingly collect personal information from children under 13. If you believe a child has provided personal information to RFix, contact us at [email protected].
14. Changes to This Policy
We may update this Privacy Policy from time to time. The updated version will be posted on this page with a new effective date. Continued use of the Services after an update means the updated policy applies to your use of the Services.
15. Contact
Questions or privacy requests may be sent to [email protected].