Privacy Policy

EpoxIQ provides an AI-powered floor, fence, and deck visualizer that lets contractors offer their customers a photorealistic preview of a finish before installation. This Privacy Policy explains what information we collect, why we collect it, and how we share it. It covers:

• The EpoxIQ marketing website at epoxiq.com
• The contractor admin portal where companies manage their finishes, leads, and notifications
• Per-contractor visualizer subdomains (for example, acme.epoxiq.com) used by their end customers

Throughout this policy, “Contractor” means a flooring, fence, or deck business that has onboarded with EpoxIQ. “Customer” means a homeowner or business owner who uses a Contractor’s visualizer to preview a finish on a photo of their own space.

From Contractors

When a Contractor onboards with EpoxIQ, we collect:

• Company name and chosen subdomain
• Company logo (uploaded image file)
• Optional brand and design notes used to generate the visualizer’s color palette
• Finish catalog selections and any custom finish names and swatch images uploaded by the Contractor
• A hashed admin password (we never store the plaintext)
• Notification preferences, including the email address and/or phone number where the Contractor wants to be alerted about new leads

From Customers using a Contractor’s visualizer

When a Customer uses a Contractor’s visualizer, we collect:

• The photo the Customer uploads of their space (floor, fence, deck, or surrounding scene)
• AI-derived metadata about that photo, including an image embedding, lighting classification, and a scene-validity signal used to confirm the upload is a real scene the visualizer can render
• The finishes the Customer previews and the generated preview images
• Approximate location data derived from IP address, the IP itself, browser user-agent string, and a locally-generated visitor identifier, used for rate-limiting, abuse prevention, and aggregate page-view analytics
• If the Customer chooses to submit a lead through the “How much will this cost?” contact form: their name, and an email address and/or phone number, together with the finish they were previewing and copies of the original and AI-generated images preserved with the lead

From visitors to epoxiq.com

The EpoxIQ marketing site uses standard server logs and may use cookies or similar technologies for security and basic site analytics. We do not require an account to browse the marketing site.

We use the information described above to:

• Operate the visualizer — generate AI previews, recommend relevant finishes, and refuse to render obviously invalid uploads
• Provision and maintain Contractor accounts, including authenticating admins and serving their branded subdomain
• Deliver lead submissions and related notification emails or text messages to the Contractor that the Customer is engaging with
• Provide aggregate analytics to Contractors (page views, lead counts) about their own visualizer
• Detect and prevent abuse, including rate-limiting image generation by IP address and filtering bot traffic from analytics
• Improve EpoxIQ’s services, debug issues, and maintain the integrity of our systems
• Communicate with Contractors about their account, including onboarding details and admin credentials

When a Customer submits a lead through a Contractor’s visualizer, the Contractor — not EpoxIQ — is the party responsible for following up, providing quotes, and otherwise communicating with that Customer. EpoxIQ acts as a service provider and processor on the Contractor’s behalf with respect to lead data: we store, route, and surface that information so the Contractor can manage their own customer relationships. The Contractor is responsible for how they use lead data after receiving it, including compliance with applicable marketing, telephone, and privacy laws.

Customers who want their lead data removed should contact the Contractor they engaged with directly. EpoxIQ will assist where required by law — see “Your Rights” below.

We share information only as described here.

• With the Contractor. Customer uploads, generated preview images, and any submitted lead details are accessible to the Contractor whose visualizer the Customer used, through the Contractor’s admin portal.
• With service providers. We use third-party infrastructure to operate EpoxIQ. These providers receive only the information necessary to perform their function:
  • Supabase— database, file storage (logos, swatches, customer uploads, generated previews, preserved lead images), and authentication
  • Google (Gemini) and OpenAI— image generation, image embeddings, lighting and scene classification used to produce previews
  • Resend— transactional and notification email delivery to Contractors
  • Twilio— SMS notification delivery to Contractors who have opted in
  • Vercel— hosting, edge compute, and content delivery
• For legal reasons. We may disclose information when we believe in good faith that disclosure is required by law, court order, or other legal process, or to protect the rights, property, or safety of EpoxIQ, our Contractors, our users, or the public.
• In a business transfer. If EpoxIQ is involved in a merger, acquisition, financing, or sale of assets, information may be transferred as part of that transaction, subject to the protections of this policy.

We do not sell personal information, and we do not share personal information with third parties for their own independent advertising purposes.

When a Customer uploads a photo to a visualizer, the image is sent to our AI providers (Google Gemini and/or OpenAI) for the specific purpose of generating a preview and computing the embeddings, lighting, and scene classifications described above. We do not authorize these providers to use Customer uploads to train their general-purpose models, except as permitted by their respective API terms in effect at the time of processing. The AI-generated preview image is a derivative work created from the Customer’s upload and the Contractor’s finish reference.

• Contractor account data is retained for as long as the Contractor maintains an active account with EpoxIQ.
• Customer uploads and generated previews in temporary session storage are retained for a limited period to support the visualizer experience and may be purged on a rolling basis.
• Submitted lead data — including the original and generated images preserved at submission — is retained for as long as the Contractor’s account is active so the Contractor can follow up with the Customer, unless deletion is requested.
• Aggregate analytics records (page views, lead counts) are retained to support the Contractor’s reporting and reset when the Contractor resets analytics.

Depending on where you live, you may have rights to access, correct, delete, or restrict our processing of your personal information, and to receive a copy of your information in a portable format. Customers who submitted a lead should generally contact the Contractor they engaged with first; if you cannot reach them, or for any other request, contact us at jake@epoxiq.com.

Notification opt-out. Contractors can disable lead email and SMS notifications at any time from their admin portal. Customers receive transactional messages directly from the Contractor they engaged with and should manage those preferences with the Contractor.

We use industry-standard measures to protect information, including encrypted transport (HTTPS), hashed admin passwords, token-based admin sessions with expirations, row-level security on our database, and scoped service credentials. No system is perfectly secure; if you believe your account or information has been compromised, contact us immediately at jake@epoxiq.com.

EpoxIQ is intended for use by businesses and adults considering flooring, fence, or deck work. The service is not directed to children under 13, and we do not knowingly collect personal information from children. If you believe a child has provided us with personal information, contact us and we will take appropriate steps to delete it.

EpoxIQ is operated from the United States. If you access the service from outside the U.S., your information may be transferred to, stored in, and processed in the U.S. and in the regions where our service providers operate.

We may update this Privacy Policy from time to time. When we do, we will revise the “Effective” date at the top of this page. Material changes will be highlighted on the EpoxIQ marketing site or communicated to Contractors at the email address on file.

Questions about this Privacy Policy, requests to exercise your rights, or other privacy concerns can be sent to jake@epoxiq.com.