Legal

Privacy Policy

Last updated: January 1, 2025

1. Overview

Rodex RMM ("we", "us", "our") operates a self-hosted Remote Monitoring & Management (RMM) platform. This Privacy Policy explains what personal information we collect through our SaaS licensing platform (rodex.cc), how we use it, and the choices available to you.

Because Rodex RMM is a self-hosted product, the RMM software you deploy — and all endpoint data flowing through it — runs entirely on servers you own and control. We have zero visibility into your managed devices, your clients, or the data they generate. This policy applies only to our licensing and account platform.

2. Information We Collect

2.1 Account Information

When you register for an account, we collect:

  • Email address (used for login and service communications)
  • Password (stored as a cryptographic hash — we never see the plaintext)
  • Payment method details (processed by third-party payment processors; we do not store card data)

2.2 VPS Provisioning Credentials

When you choose auto-provisioning, you provide SSH credentials for your VPS. These credentials are used once, transmitted over an encrypted connection to perform the initial server setup, and are not stored after provisioning completes. You should rotate your SSH password or key after provisioning.

2.3 Usage & Technical Data

We automatically collect limited technical data when you interact with our platform:

  • IP address and approximate geographic region
  • Browser type and version
  • Pages visited and timestamps
  • License status and subscription activity
  • Error reports and crash diagnostics (aggregated, not linked to endpoint data)

2.4 What We Do NOT Collect

Because the RMM instance runs on your infrastructure, the following data never leaves your servers and never reaches us:

  • Names, hardware details, or health metrics of your managed endpoints
  • Files transferred via the file browser or remote sessions
  • Terminal commands or screen capture data from remote sessions
  • Your clients' personally identifiable information (PII)
  • Scripts, automation rules, or alerts you create

3. How We Use Your Information

  • Provide the service: Authenticate your account, activate and manage your license, and provision your VPS instances.
  • Billing: Process payments, issue invoices, and handle subscription renewals or cancellations.
  • Support: Respond to your support requests. We only access information you explicitly share.
  • Security: Detect and prevent fraud, abuse, or unauthorised access to our licensing platform.
  • Communications: Send transactional emails (account creation, payment receipts, critical service notices). We do not send marketing emails without explicit opt-in.
  • Platform improvements: Aggregated, anonymised usage metrics help us improve the product.

4. Data Sharing & Third Parties

We do not sell your personal information. We share data only in the following limited circumstances:

  • Payment processors: Your payment details are handled by PCI-DSS-compliant processors. We receive only a transaction confirmation and subscription identifier.
  • Infrastructure providers: Our licensing platform is hosted on cloud infrastructure (VPS providers). These providers have access to their own servers and are bound by their own privacy policies.
  • Legal compliance: We may disclose information if required by law, court order, or to protect the rights and safety of our platform and users.
  • Business transfers: In the event of a merger, acquisition, or sale of assets, user data may be transferred as part of that transaction, subject to the same privacy protections.

5. Data Retention

We retain account data for as long as your account is active. If you close your account, we will delete your personal information within 30 days, except where retention is required by law (e.g., financial records, which are kept for 7 years). Log data is purged after 90 days. Anonymised aggregate data may be retained indefinitely.

6. Security

We apply industry-standard security measures to our licensing platform:

  • All traffic between your browser and our platform is encrypted via TLS 1.2+
  • Passwords are hashed using bcrypt with per-user salts
  • SSH credentials provided for provisioning are transmitted via encrypted channels and are not persisted
  • Access to production systems is limited to authorised personnel only
  • Regular security reviews and dependency updates

No method of transmission or storage is 100% secure. If you discover a security vulnerability, please report it responsibly to security@rodex.cc.

7. Your Rights (GDPR & CCPA)

Depending on your jurisdiction, you may have the following rights regarding your personal data:

  • Access — request a copy of the personal data we hold about you
  • Rectification — request correction of inaccurate data
  • Erasure — request deletion of your account and associated data
  • Restriction — request that we limit how we process your data
  • Portability — receive your data in a machine-readable format
  • Objection — object to processing based on legitimate interests

To exercise any of these rights, contact us at privacy@rodex.cc. We will respond within 30 days.

8. Cookies

Our licensing platform uses only essential cookies required for authentication (session tokens) and security (CSRF protection). We do not use advertising or tracking cookies. You can disable cookies in your browser, though this will prevent you from logging in to your account.

9. Children's Privacy

Our services are not directed to individuals under 18. We do not knowingly collect personal information from minors. If you believe a minor has provided us with personal data, contact us immediately at privacy@rodex.cc.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify registered users of material changes via email at least 14 days before changes take effect. Continued use of the platform after that date constitutes acceptance of the updated policy. The "last updated" date at the top of this document reflects the most recent revision.

11. Contact

For privacy-related questions or requests, contact us at:

Rodex RMM

Email: privacy@rodex.cc

Support: rodex.cc/support