Privacy Policy
Last updated: 2026-04-30 · Effective: [pending counsel sign-off]
The short version
Teraplex Inc. (a Delaware corporation in formation) is the publisher of teraplex.us. We sell and support modular data center and power infrastructure equipment in the United States. This site is a B2B marketing surface — there is no consumer product and there are no consumer accounts. We collect what you give us in a form (work email, company, role, project context) and a small amount of automatic data your browser sends every site (IP, user agent, referrer). We use what we collect to answer your inquiry, send sales follow-ups you can opt out of, improve the site, and protect against abuse. We do not sell or share personal information for cross-context behavioral advertising. We do not run Google Analytics. We try to use the smallest set of cookies that lets the site work, and we honor Global Privacy Control and Do Not Track signals as opt-out requests where state law treats them that way. If you live in California, Virginia, Colorado, Connecticut, Utah, Texas, Oregon, or Montana — or anywhere covered by the EU or UK GDPR — you have rights over your data, and you can exercise them through our subject-rights portal. If something here is unclear, write to privacy@teraplex.us.
1. Who we are
This site is operated by Teraplex Inc., a Delaware corporation in formation. Teraplex Inc. is the data controller for this site and the responsible party for any United States data subject request.
2. Information we collect
Information you give us through forms. When you fill out a quote form, request a sales-engineering call, download a gated specification, or subscribe to our lead-time tracker, we collect: full name, work email, company, role, US phone number (where required), US state of operation, project stage, and free-text fields you choose to complete. We treat work email and company as B2B contact information, not consumer personal information, although United States state laws may still apply.
Information collected automatically. When you visit the site, our hosting and security providers receive: IP address, user agent, referring URL, requested URL, timestamp, and approximate location at the country/region level (derived from IP). We may also collect aggregated, non-identifying interaction events (page views, clicks, scroll depth, calculator inputs at the page level) through our privacy-first analytics provider.
Cookies and similar technologies. See our Cookie Policy for the full list. Briefly: essential cookies cannot be disabled (they secure the session and prevent abuse), functional and marketing cookies require your consent in jurisdictions that require it.
Firmographic enrichment. When you submit a work email, we may pass that email to a B2B enrichment provider (Clearbit) to retrieve publicly available business attributes about your employer (company size, industry, headquarters country). We do not enrich consumer personal information.
What we do not collect. We do not knowingly collect government identifiers, payment-card data, biometrics, geolocation more precise than IP-derived city, health data, children's data, or "sensitive personal information" as that term is defined under California law unless you volunteer it in a free-text field. If you do, we will treat it under the most-restrictive applicable rule.
3. How we use information
- Respond to your inquiry. Quote requests, sales-engineering call bookings, and gated-content delivery.
- Sales follow-up. Where you have given us your work email in connection with a request, our business-development team may follow up by email or phone within the response windows we publish on the site.
- Marketing nurture. Where you have opted in (or, for B2B contacts in jurisdictions that allow it, where the contact is reasonably related to your professional role), we may send the lead-time tracker, technical content, and partner news. Every email contains a one-click unsubscribe.
- Site improvement. Aggregated, non-identifying analytics inform layout, copy, and feature decisions.
- Security. IP addresses, user agents, and request fingerprints are used to block scraping, automated form-fill, and credential-stuffing attempts.
- Legal and regulatory compliance. Including export-control screening on quote requests, retention required by tax and customs law, and responses to lawful process.
4. Lawful basis (GDPR Art. 6) and US posture
For visitors in the EU/UK: we rely on (a) legitimate interests for B2B prospecting and site security — specifically, our interest in operating a business marketing channel and protecting it from abuse, balanced against your rights and expectations as a business contact; (b) consent for non-essential cookies and electronic marketing communications to the extent required by ePrivacy and member-state implementations; (c) contract where you have asked us to deliver a quote, document, or service; and (d) legal obligation for retention required by export-control, tax, and customs law.
For visitors in the United States: we operate on an implied-consent posture for B2B professional contact submitted through our forms, consistent with industry norms and the eight United States state privacy laws currently in force. We honor opt-out and deletion rights as described in Appendix A regardless of which lawful basis we relied on at collection.
5. Sharing and sub-processors
We do not sell personal information for monetary consideration. We do not share personal information for cross-context behavioral advertising as those terms are defined by California law. We do not knowingly engage in "targeted advertising" as defined by the Virginia, Colorado, Connecticut, Texas, Oregon, or Montana statutes.
We share personal information with the service providers listed at /legal/sub-processors, each of which processes data on our written instructions under a data-processing agreement (DPA). We may also disclose information when compelled by lawful process, when necessary to protect our rights or the safety of others, or in connection with a corporate transaction (with notice and the same protections carrying forward).
We will give at least 30 days' notice before adding a new sub-processor that handles personal information, and will publish the updated list at /legal/sub-processors.
6. Data residency
Our customer-relationship-management system (HubSpot) is provisioned in the United States region, and customer data does not leave United States AWS regions in the ordinary course. Our hosting (Vercel), security (Cloudflare), email (Postmark, Mailgun), voice (Twilio), and analytics (Heap, Segment) sub-processors are likewise United States–domiciled. Plausible (privacy-first analytics) is European Union–domiciled and processes only aggregated, cookieless event data; see Section 11 (International data transfers) for the transfer mechanism we rely on.
7. Retention
| Category | Default retention |
|---|---|
| Inquiry-form submissions (no resulting deal) | 24 months from last contact |
| Inquiry-form submissions (resulting deal) | 7 years from deal close (tax/customs) |
| Marketing-newsletter subscribers | Until unsubscribe + 30-day grace |
| Server logs (IP, user agent) | 90 days |
| Aggregated analytics (Plausible, Heap) | 36 months (no identifier-level retention beyond session) |
| Subject-rights request records | 3 years (audit trail) |
We will delete or de-identify earlier on verified request, except where retention is required by law (tax, export-control, anti-fraud) or by an active dispute.
8. Security
We maintain administrative, technical, and physical safeguards reasonable to the scope of personal information we hold. The Year-1 baseline includes TLS-everywhere with HSTS preload, content-security-policy headers, sub-resource integrity on third-party scripts, single-sign-on with two-factor authentication for all employee CRM access, quarterly access reviews, 24-hour offboarding, and a published responsible-disclosure channel at /.well-known/security.txt. We are on a SOC 2 Type II path with audit kickoff at Month 12 of operation. No internet-facing system can be guaranteed perfectly secure; if a breach occurs, we will notify affected individuals and regulators in line with applicable law.
9. Your rights
You have the rights described in Appendix A below, depending on your state of residence (United States) or your status under the EU or UK GDPR. Whichever framework applies, you may exercise the rights through our subject-rights portal or by writing to privacy@teraplex.us.
We will respond within 45 days of a verifiable request (with one extension permitted by law where the request is complex). We may need to verify your identity before acting; the verification standard depends on the sensitivity of the request and your applicable framework. If we deny your request in whole or in part, you may appeal in writing, and we will respond to the appeal within 60 days where state law requires it. Where your applicable law allows, you may also lodge a complaint with your state attorney general or supervisory authority. We will not discriminate against you for exercising any right.
10. Do Not Track and Global Privacy Control
We honor the Global Privacy Control (GPC) signal as a valid opt-out of "sale" and "sharing" under California law and as an opt-out of "targeted advertising" and "sale" under the other state laws that recognize universal opt-out signals. We also treat a Do Not Track header as an opt-out where state law requires it. Because we do not currently sell or share personal information or run cross-context behavioral advertising, the practical effect of these signals is limited, but we record and respect them at the session level regardless.
11. Cookies
See the Cookie Policy. Three tiers — essential, functional, marketing — match the tier names presented in the consent banner. Essential cookies cannot be disabled. Functional and marketing cookies are off by default in jurisdictions that require opt-in and can be revoked at any time through the cookie-preferences link in the footer.
12. Children's privacy
This site is directed to business buyers and is not directed to children under 16. We do not knowingly collect personal information from children. If you believe a child has submitted information through the site, write to privacy@teraplex.us and we will delete it. We comply with the Children's Online Privacy Protection Act (COPPA) and the equivalent provisions of state law where applicable.
13. International data transfers
If you are located in the European Economic Area, the United Kingdom, or Switzerland and submit information through this site, that information is transferred to the United States, where it is processed primarily by Teraplex Inc. and our United States–domiciled sub-processors. We rely on the European Commission's Standard Contractual Clauses (SCCs) (and the UK International Data Transfer Addendum where applicable) as the transfer mechanism for personal information moving from the EEA/UK to the United States, supplemented by the technical and organizational measures described in Section 8. For the limited Plausible analytics processing that occurs in the EU, no transfer outside the EEA occurs.
14. Data processing agreement
A Data Processing Agreement (DPA), incorporating the Standard Contractual Clauses where applicable, is available on request to privacy@teraplex.us for any business counterparty whose engagement with Teraplex Inc. requires one.
15. EU representative
Where Article 27 of the GDPR requires a designated representative in the European Union, Teraplex Inc. will appoint one before EU-targeted marketing activity begins. Contact details for the EU representative will be published in this section once designated. EU/EEA data subjects may, in the meantime, contact us at privacy@teraplex.us.
16. Changes to this policy
We will revise this Privacy Policy when our practices change, when applicable law changes, or when we add a sub-processor that handles personal information. We will update the "Last updated" date at the top. For material changes that expand the categories of information we collect or the purposes for which we use it, we will give at least 30 days' advance notice on the site and, where you have given us a contact address, by email.
17. Contact
Privacy questions, complaints, and rights requests: privacy@teraplex.us.
Mailing address (placeholder pending entity formation):
Teraplex Inc.
Attn: Privacy
[Operational address — Texas or Virginia, TBD]
United States
Appendix A — State and regional rights
California (CCPA / CPRA)
Right to know what we collect and how we use it; right to delete; right to correct; right to opt out of "sale" and "sharing" (we do neither, but the opt-out is exercisable through GPC and through our subject-rights portal); right to limit use of "sensitive personal information"; right to non-discrimination. Notice at collection is the list in Section 2 above. We do not "sell" or "share" personal information as those terms are defined by California law.
Virginia (VCDPA)
Right to access, correct, delete, port; right to opt out of sale, targeted advertising, and profiling in furtherance of decisions producing legal or similarly significant effects. Sensitive data processed only with your consent (we do not knowingly process sensitive data through this site).
Colorado (CPA)
Right to access, correct, delete, port; right to opt out of sale, targeted advertising, and profiling. We honor the universal opt-out mechanism (GPC). Sensitive data processed only with your consent.
Connecticut (CTDPA)
Right to access, correct, delete, port; right to opt out of sale, targeted advertising, and profiling. Universal opt-out mechanism (GPC) honored. Sensitive data processed only with your consent.
Utah (UCPA)
Right to access, delete, port; right to opt out of sale and targeted advertising. (UCPA does not provide a correction right at the statute level.) Sensitive data processed only with notice and an opportunity to opt out.
Texas (TDPSA)
Right to access, correct, delete, port; right to opt out of sale, targeted advertising, and profiling. Sensitive data processed only with your consent. We treat the GPC signal as a reasonable opt-out method, subject to counsel guidance on Texas Attorney General enforcement positions.
Oregon (OCPA)
Right to access, correct, delete, port; right to obtain a list of specific third parties to which we have disclosed your personal data; right to opt out of sale, targeted advertising, and profiling.
Montana (MCDPA)
Right to access, correct, delete, port; right to opt out of sale, targeted advertising, and profiling.
EU and UK (GDPR / UK GDPR)
Right of access; rectification; erasure ("right to be forgotten"); restriction of processing; data portability; objection (including to direct marketing and to processing based on legitimate interests); right not to be subject to a decision based solely on automated processing producing legal or similarly significant effects (we do not engage in such processing for visitors of this site); right to withdraw consent at any time without affecting the lawfulness of pre-withdrawal processing; right to lodge a complaint with a supervisory authority.
Appendix B — State-specific addenda
California "Notice at Collection." Categories collected (CCPA categories): identifiers (name, work email, IP), commercial information (project context), internet/network activity (page interactions), professional/employment information (company, role), inferences (firmographic enrichment outputs). Collected from: you, your browser, our enrichment provider. Used for: the purposes in Section 3. Disclosed to: the sub-processors at /legal/sub-processors. Sold or shared: no. Retention: per Section 7.
Virginia and Colorado consent. If you submit sensitive data through a free-text field, we treat the submission as your consent under VCDPA §59.1-578 and CPA §6-1-1308 to process it for the purpose of responding to your inquiry, and we will delete it once the inquiry is resolved unless you ask us to retain it.