Privacy Policy

This Privacy Policy explains how Optiarms, Inc. d/b/a SpaltX Industries collects, uses, discloses, and retains information in connection with our public websites, contact and intake forms, signup and login surfaces, recruiting workflows, customer workspaces, admin workspaces, projects, quotes, invoices, documents, notifications, APIs, integrations, and other current or future SpaltX-branded services unless a separate notice or agreement says otherwise.

If your employer, client organization, or contracting entity provides your account or workspace, that organization may also determine how certain records are used within the workspace and may give us instructions through the applicable contract or administrator-controlled settings. In those cases, written commercial terms or customer instructions may supplement or override portions of this Privacy Policy for the relevant deployment.

We collect information from several sources depending on the feature, workflow, and relationship involved.

• Directly from you when you fill out forms, create an account, submit documents, request a quote, apply for a role, pay an invoice, contact us, or otherwise interact with the Services.
• From organizations, workspace administrators, recruiters, teammates, or customer representatives who provision accounts, assign roles, upload records, or manage a workspace.
• Automatically through cookies, browser storage, session technologies, server logs, and security telemetry when you browse pages, authenticate, upload files, or use restricted routes.
• From service providers and integrations that help us host, authenticate, store, communicate, invoice, analyze, notify, or otherwise operate the Services.

The specific data we process varies by workflow, but the categories below describe the information most commonly handled through the Services.

• Contact and inquiry data, such as names, email addresses, phone numbers, organization details, and message contents.
• Account, identity, and membership data, such as login credentials, password-reset records, MFA status, role assignments, onboarding state, and account profile details.
• Workspace and operational data, such as organization records, project entries, milestones, documents, notifications, comments, settings, and activity history.
• Commercial and billing data, such as quote requests, proposals, invoice records, billing contacts, transaction status, and hosted payment or invoicing metadata.
• Recruiting and candidate data, such as name, email, phone, LinkedIn URL, portfolio URL, resume, cover letter, interview notes, and application status history.
• Support and communications data, such as emails, messages, bug reports, requests for help, and service-related notices.
• Restricted-area, device, and security data, such as IP address, browser and device metadata, session information, audit trails, timestamps, and permission or rate-limit events.

We use information to operate, secure, support, and improve the Services and to manage our business relationships and legal obligations.

• Provide websites, applications, dashboards, APIs, and workspace functionality.
• Authenticate users, assign permissions, enforce role-based access, and administer MFA and other security controls.
• Process contact requests, signup requests, recruiting workflows, projects, quotes, invoices, uploads, documents, and notifications.
• Operate customer and internal workspaces, maintain records, coordinate service delivery, and communicate about account or project activity.
• Prevent fraud, misuse, credential abuse, malicious uploads, unauthorized access, payment issues, and other security or legal risks.
• Analyze usage, troubleshoot errors, monitor performance, and improve reliability, accessibility, and product quality.
• Comply with law, contractual commitments, internal governance requirements, and defense of claims.

If your account or data is managed through a company or client workspace, that organization may be able to create, edit, review, export, or delete records associated with its workspace, subject to the controls and agreements that apply to the service relationship.

In those cases, we may process workspace data on behalf of the organization, respond to administrator instructions consistent with our contract, and direct certain privacy requests to the relevant administrator or contracting entity when appropriate.

We may disclose information when needed to operate the Services, support authorized workflows, or satisfy legal and contractual obligations.

• To vendors and service providers that help us host, secure, store, transmit, analyze, recruit, communicate, invoice, or support the Services.
• To authorized workspace members, administrators, or contracting organizations when the workflow requires shared visibility or collaboration.
• To advisors, auditors, insurers, financing partners, transaction counterparties, or affiliates involved in legitimate business operations.
• To law enforcement, regulators, courts, or other parties when required by law or reasonably necessary to protect rights, safety, property, systems, or users.
• In connection with an actual or proposed merger, financing, acquisition, restructuring, or sale of assets, subject to appropriate confidentiality and legal safeguards.
• To integrations or third-party tools you or your organization enable, subject to the permissions, settings, and terms that apply to those tools.

We use cookies, local storage, session tokens, and similar technologies to keep users signed in, secure accounts, maintain preferences, operate forms, and understand service reliability and usage patterns.

• Authentication and session technologies help preserve sign-in state, enforce security controls, and detect abnormal or unauthorized activity.
• Preference and browser-storage technologies help us maintain user selections and workflow continuity.
• Diagnostics and logging data help us troubleshoot failures, observe service quality, and protect the platform from misuse.

If you disable certain cookies or browser storage, portions of the Services may not work correctly, especially restricted areas that rely on session continuity or security controls.

We retain information for as long as reasonably necessary for the purposes described in this Privacy Policy, subject to applicable law, contractual obligations, internal governance requirements, backup practices, and dispute-resolution needs. Exact production schedules may vary by workflow, customer relationship, and system component.

Hosted payment pages, invoicing vendors, and other providers may maintain their own transaction or diagnostic records according to their own legal, security, and operational requirements.

Depending on applicable law and the context of the relationship, you may have rights to request access to, correction of, deletion of, restriction of, or export of personal information we hold about you. You may also be able to object to certain processing or opt out of some communications.

We use administrative, technical, and organizational measures designed to protect information, including role-based access controls, privileged-access safeguards, authentication controls, encryption in transit, logging, review workflows, and related governance practices.

No system is perfectly secure. If we identify a reportable security or privacy incident, we will respond in line with applicable law and any controlling customer or commercial agreement.

Different workflows within the Services may involve different reviewers, storage paths, and operational retention needs. Recruiting records may be reviewed by hiring personnel and recruiting service providers; commercial records may be reviewed by finance, delivery, or authorized customer contacts; and support records may be reviewed by operations personnel and service providers involved in resolving the issue.

We seek to limit access to the personnel, service providers, and workspace members who need the information for the authorized workflow, subject to logging, administrator instructions, and applicable contractual arrangements.

We may update this Privacy Policy from time to time. When we do, we will post the revised policy on this page and update the Last updated date. Material changes may also be communicated through the Services or by other reasonable notice.

Privacy questions and rights requests may be sent to privacy@spaltx.com. Legal notices may be sent to legal@spaltx.com, and abuse or misuse reports may be sent to abuse@spaltx.com.