Privacy Policy

1. Who We Are

Proviora is an internet, mobile, and voice services platform operated as a doing-business-as ("DBA") of Fluxzi LLC, a Texas limited liability company. We provide internet service in Reasnor, Iowa (under the Reasnor Telephone Company brand), wholesale voice and SMS services, and a multi-tenant platform that other service providers use to run their own operations on subdomains of proviora.com.

In this Privacy Policy, "Proviora," "we," "us," and "our" refer to Fluxzi LLC dba Proviora. "You" refers to anyone who visits our websites, signs up for an account, becomes a customer, or interacts with us in any way described below.

If you have any question about this policy, you can reach us at privacy@proviora.com.

2. Scope

This policy explains what information we collect, how we use it, who we share it with, how long we keep it, and what choices and rights you have. It applies to:

• proviora.com (our marketing site)
• admin.proviora.com (our operations console)
• Per-tenant subdomains of proviora.com that we host for our business customers
• Any other Proviora-branded service we provide directly to you

When a service provider that uses our platform operates under their own brand on a subdomain, that provider may have additional privacy practices or notices that apply to their relationship with you. We act as their service provider for hosting that operation, and we apply the protections described in this policy to the data we process on their behalf.

3. Information We Collect

We collect the following kinds of information:

3.1 Account information

When you (or a representative of your business) create an account or are added to one, we collect:

• Name, email address, phone number, and postal address
• A password (stored only as a bcrypt hash; we never see your plaintext password)
• Multi-factor authentication settings
• The role assigned to your account
• A record of your acceptance of our terms of service

3.2 Service and billing information

If you become a customer, we collect:

• The services you have signed up for
• Your installation address and any service-location information you provide
• Your billing address and last-four-digit summary of your payment method
• Your invoice and payment history
• For voice services: call detail records ("CDRs") associated with your account, including originating and terminating numbers, call duration, and routing metadata; we do not record call content
• For internet services: usage and operational data necessary to deliver the service, troubleshoot, and detect abuse

3.3 Banking information through Plaid

We use Plaid Inc. ("Plaid") to securely link bank accounts when you choose to enable that feature. When you use Plaid Link:

• Plaid collects information about your bank account directly from your financial institution.
• Plaid provides us with a secure access token plus the transaction and balance data we need to deliver the linked feature (for Proviora's own banking, that means reconciling Stripe payouts to our Bluevine account; for our service-provider tenants, the use is described to you when you initiate the link).
• We do not receive or store your bank login credentials. We store only the Plaid access token, encrypted at rest using envelope encryption in our application.
• Plaid's own privacy policy describes their handling of the information they collect: https://plaid.com/legal/.

3.4 Payment processing through Stripe

We use Stripe Inc. ("Stripe") to process card and ACH payments. When you make a payment:

• Your full payment-card or bank-account number is sent directly to Stripe and is not stored on our systems.
• We receive a payment token, the last four digits of the instrument, and metadata about the transaction.
• Stripe's privacy policy applies to their handling of your payment information: https://stripe.com/privacy.

3.5 Maps and location

We use Mapbox to render maps in our applications (for example, service-area maps and field-operations tools). When a Mapbox-rendered map loads, your IP address is observed by Mapbox under their privacy policy: https://www.mapbox.com/legal/privacy.

3.6 Hosting and infrastructure

The Platform runs on Amazon Web Services ("AWS"). AWS observes infrastructure-level data (such as IP addresses making connections) in the course of operating the underlying compute, storage, and networking resources. AWS's privacy notice applies to that processing: https://aws.amazon.com/privacy/.

3.7 Support communications

When you contact our support team, we keep a record of your message, our response, and any attachments you provide, so we can resolve your issue and improve our service.

3.8 Site analytics and operational logs

We collect operational logs (server access logs, error logs, audit logs) needed to keep the Platform secure and reliable. These typically include IP address, user-agent string, timestamps, and request paths.

3.9 Cookies and similar technologies

We use cookies for authentication (session cookies, valid for up to 7 days), security (CSRF protection), and basic functionality. We do not currently set advertising or third-party tracking cookies on proviora.com. If that ever changes, we will update this policy and provide a cookie-management control.

4. How We Use Your Information

We use the information described in Section 3 to:

• Provide our services — set up your account, deliver internet, voice, mobile, and platform services, route calls, deliver invoices, and respond to support requests.
• Process payments — bill, collect, refund, and reconcile.
• Communicate with you — send service messages, billing notices, security alerts, and updates about the services you use.
• Operate and improve the Platform — maintain reliability, troubleshoot issues, prevent abuse, and develop new features.
• Protect our customers and the Platform — detect fraud, investigate security events, and enforce our terms.
• Comply with law — meet telecommunications, tax, financial, and consumer-protection obligations, and respond to lawful requests.

We do not sell your personal information.

5. Who We Share Information With

We share information only with the parties below, and only as needed:

• Service providers acting on our behalf: AWS (hosting), Stripe (payments), Plaid (banking links you enable), Mapbox (maps), our domain registrar, and our backup storage.
• Carriers and interconnect partners when delivering voice and SMS services (the call-routing and number-portability functions of telecommunications inherently involve other carriers).
• Service-provider tenants who use our platform to provide service to you under their own brand — when you are their customer, we share your account and service data with them as their service provider.
• Authorities when we are legally required to disclose information, such as in response to a valid subpoena, court order, regulatory request, or breach-notification statute.
• Successors in the event of a merger, acquisition, or asset sale, subject to this policy.

6. How We Protect Your Information

We maintain a written information-security program including:

• Role-based access controls and zero-trust enforcement at our application layer
• Multi-factor authentication for administrative access
• Encryption of data at rest (AWS-managed disk encryption; envelope encryption for sensitive secrets like Plaid access tokens) and in transit (TLS)
• A documented vulnerability-management program with a defined patch SLA
• Nightly off-host database backups with weekly restore verification
• Audit logging of administrative actions
• Periodic access reviews and a documented employee-and-contractor lifecycle process
• Annual security-awareness training for personnel with platform access

The internal policies that govern these controls are PROV-SEC-001 through PROV-SEC-006.

No method of transmission or storage is 100% secure, but we work continuously to protect your information.

7. How Long We Keep Your Information

We keep your information for as long as we need it to provide our services and to meet our legal and regulatory obligations. The general framework:

• Account information while your account is active and for 7 years after cancellation, for telecommunications recordkeeping and tax purposes.
• Call detail records for 7 years.
• Billing records for 7 years (and longer for accounting source-of-record).
• Bank-transaction records sourced from Plaid for 7 years.
• Plaid access tokens until you disconnect the linked institution, or 90 days after the last successful use, whichever is sooner.
• Authentication and access logs for 1 year.
• Database backups for a rolling 30-day window.

These retention periods are detailed in our internal Data Retention and Deletion Policy (PROV-SEC-006).

8. Your Rights and Choices

Depending on where you live, you may have the right to:

• Access the personal information we hold about you.
• Correct inaccurate information.
• Delete your information, subject to records we are required by law to keep.
• Opt out of marketing communications (transactional service messages will continue while you are a customer).
• Receive a portable copy of certain information you have provided.
• Appeal our handling of a privacy request.

To exercise any of these rights, email privacy@proviora.com. We may need to verify your identity through an out-of-band channel before acting on the request. We aim to respond within 30 days.

If you are a resident of Texas, California, Virginia, Colorado, Connecticut, Utah, Iowa, or another state with a comprehensive privacy law, the rights conferred by your state's law apply, even if not enumerated above.

9. Children

The Platform is not directed to children under 13, and we do not knowingly collect personal information from children under 13. If you believe a child has provided us information, please contact privacy@proviora.com and we will delete it.

10. International Users

The Platform is operated from the United States and our service providers are primarily United States–based. If you are accessing the Platform from outside the United States, you understand that your information will be processed in the United States.

11. Third-Party Sites

The Platform may link to websites we do not operate. We are not responsible for the privacy practices of those sites; please consult their own privacy notices.

12. Changes to This Policy

We will update this policy when our practices change. The "Effective Date" at the top of this policy reflects the most recent revision. Material changes will be communicated to active customers by email or through the Platform.

13. Governing Law

This policy is governed by the laws of the State of Texas (Fluxzi LLC's state of formation), without regard to conflict-of-law rules. Where a stronger consumer-privacy right applies under the law of your state of residence, that stronger right applies to you.

14. How to Contact Us

Email: privacy@proviora.com

Mail: Fluxzi LLC dba Proviora Attn: Privacy [Mailing address on file with the Texas Secretary of State]

Approval

This Privacy Policy is approved for publication on proviora.com as of the Effective Date above.

Approved by: ___________________________________

Todd Wallace, Owner — Fluxzi LLC dba Proviora

Date: ___________________________________