Privacy Policy

Effective Date: February 4, 2026

1. WHO WE ARE

Econblox is a division of Toteflix Inc., providing AI-powered business advisory services through our platform at https://www.econblox.com.

Contact Information:

This Privacy Policy explains how we collect, use, share, and protect your personal information when you use our AI Business Advisor platform.

2. INFORMATION WE COLLECT

2.1 Account and Subscription Information

When you create an account or subscribe to our service, we collect:

  • Name and email address
  • Company name (optional)
  • Billing information (processed securely through ThriveCart)
  • Subscription tier and payment history
  • Login credentials (encrypted)

2.2 Business Consultation Data

When you use the AI Business Advisor, we collect and process:

  • Questions you ask the AI Business Advisor
  • Business information you share during consultations
  • Strategic planning details and project information
  • Action items and ROI tracking data
  • Session history and conversation transcripts
  • Files or documents you upload for analysis
  • Your interactions with video content and educational materials

Use of Consultation Data: We may use anonymized, aggregated consultation data to improve our service, develop new features, enhance our knowledge base, and conduct business analytics. Individual consultation details are never shared with third parties except as required to provide the service.

2.3 Automatically Collected Information

When you visit our website or use our platform, we automatically collect:

  • IP address and approximate geographic location
  • Browser type and version
  • Device information and operating system
  • Pages visited, features used, and time spent on site
  • Referring websites and search terms
  • Cookie data (see Section 4 below)
  • Usage patterns and feature interactions

2.4 Communications

We collect information when you communicate with us:

  • Email correspondence with our support team
  • Feedback, survey responses, and feature requests
  • Customer support inquiries and help desk tickets

3. HOW WE USE YOUR INFORMATION

3.1 To Provide the AI Advisory Service

  • Process your business questions through our AI platform powered by Anthropic's Claude
  • Generate strategic recommendations based on economics principles
  • Maintain conversation history for context and continuity across sessions
  • Track action items and calculate ROI metrics
  • Organize your work into projects
  • Send service-related notifications and updates

3.2 To Improve the Service

  • Analyze usage patterns to enhance AI recommendations and platform features
  • Identify common business challenges to expand our knowledge base
  • Test and develop new features and capabilities
  • Conduct quality assurance, troubleshooting, and performance optimization
  • Generate anonymized insights about platform usage and business trends

3.3 For Business Operations

  • Process payments and manage subscriptions
  • Send billing invoices, receipts, and renewal reminders
  • Provide customer support and respond to inquiries
  • Prevent fraud, abuse, and unauthorized access
  • Comply with legal obligations and protect our rights

3.4 For Communications

  • Send subscription renewal reminders and service-related notifications
  • Provide service updates and new feature announcements
  • Send educational content and platform tips (with your consent)
  • Respond to your questions and requests

Current Practices: We do not currently sell your personal information to third parties or share your business consultation data with competitors. We may use anonymized, aggregated data for service improvement and business analytics. Any material changes to these practices will be communicated in accordance with Section 14.

4. COOKIES AND TRACKING TECHNOLOGIES

4.1 Essential Cookies

These cookies are necessary for the platform to function:

  • Authentication cookies: Keep you logged in to your account
  • Security cookies: Prevent fraud and protect your account
  • Preference cookies: Remember your interface settings and preferences

4.2 Analytics Cookies

We use analytics to understand how our platform is used:

  • Usage statistics and performance monitoring
  • Feature usage tracking
  • Error logging and troubleshooting

4.3 Third-Party Cookies

Our platform integrates with third-party services that may set cookies:

  • ThriveCart: Payment processing
  • WordPress: Authentication and user management
  • Thrive Apprentice: Course platform integration

4.4 Cookie Duration

  • Session cookies: Deleted when you close your browser
  • Authentication cookies: Up to 2 weeks (if "Remember Me" selected)
  • Preference cookies: 1 year
  • Analytics cookies: Varies by provider

4.5 Managing Cookies

You can control cookies through your browser settings. However, disabling essential cookies may limit platform functionality.

5. THIRD-PARTY SERVICES AND DATA SHARING

We share your information with carefully selected third-party services necessary to operate our platform.

5.1 AI Processing (Anthropic Claude API)

Service Provider: Anthropic PBC (U.S. company, headquartered in San Francisco, California)

What We Share: Your business questions, consultation data, uploaded documents, and conversation history are processed through Anthropic's Claude AI to generate strategic recommendations.

Why: To provide AI-powered business advisory services - this is the core functionality of our platform.

Data Processing Locations:

  • Data may be processed in the United States, Europe, Asia, and Australia via Amazon Web Services (AWS) infrastructure
  • Data is stored in the United States

Privacy Policy: https://www.anthropic.com/privacy

Important Protections:

  • Anthropic does not use your data to train their AI models
  • Your business information is processed solely to respond to your queries
  • Anthropic operates under strict data processing agreements
  • Your consultation data is not shared with other Anthropic customers

5.2 Payment Processing (ThriveCart)

What We Share: Billing information, subscription details, contact information, and transaction history.

Why: To process subscription payments, manage billing, and handle refunds.

Security: ThriveCart is PCI-DSS compliant and uses industry-standard encryption for all payment data. We do not store your complete credit card information on our servers.

5.3 Email Service Provider

What We Share: Email address, name, subscription status, and account activity.

Why: To send transactional emails (receipts, password resets, important service updates), subscription renewal reminders, and optional educational content.

5.4 Course Platform (WordPress with Thrive Apprentice)

What We Share: Account information, login credentials, course progress, and video viewing history.

Why: To provide integrated access to educational video content and track your learning progress.

Hosting: Our platform is hosted on NameHero servers with secure authentication integration.

5.5 When We May Disclose Data to Others

We may disclose your information in limited circumstances:

  • Legal compliance: To comply with court orders, legal obligations, or government requests
  • Safety and rights protection: To protect our rights, property, safety, or the safety of others
  • Business transfers: In connection with a merger, acquisition, or sale of assets (see Section 13)
  • With your consent: When you explicitly authorize us to share your information

6. DATA SECURITY

6.1 Security Measures We Implement

We implement multiple layers of protection:

Technical Safeguards:

  • SSL/TLS encryption for all data transmission
  • Encrypted storage of sensitive information
  • Secure password hashing
  • Regular security audits and vulnerability assessments
  • Automated backup systems with encrypted backups
  • Secure API authentication for third-party integrations

Access Controls:

  • Restricted employee access to personal data
  • Multi-factor authentication for administrative access
  • Detailed access logs and monitoring
  • Regular review of access permissions

6.2 Your Security Responsibilities

You play a critical role in keeping your account secure:

  • Use a strong, unique password for your Econblox account
  • Never share your login credentials with others
  • Log out after each session on shared or public devices
  • Keep your email account secure
  • Report suspicious activity immediately to support@econblox.com

6.3 Data Breach Notification

In the event of a data breach affecting your personal information, we will notify affected users without undue delay and in accordance with applicable law.

7. DATA RETENTION

7.1 During Active Subscription

Account Data: Retained while your subscription is active for purposes of providing the service.

Consultation History: Retained throughout your subscription period so you can reference past conversations and maintain continuity in your strategic planning.

Business Projects: All project data and action items remain available during your active subscription.

Billing Records: Maintained for the duration of your subscription plus the retention period required by law.

7.2 After Subscription Cancellation

Account Data: Retained as long as necessary for business purposes and legal compliance.

Consultation Transcripts: Retained in accordance with our data retention schedule.

Billing and Transaction Records: Retained for 7 years to comply with tax regulations and legal requirements.

Anonymized Usage Data: May be retained indefinitely for service improvement (this data cannot be linked back to you).

7.3 User-Requested Deletion

You may request deletion of your data by emailing support@econblox.com. We will process deletion requests in accordance with applicable law, except for data we're legally required to retain (such as billing records for tax compliance).

8. YOUR RIGHTS AND CHOICES

8.1 Access and Portability

You have the right to:

  • View all personal data we hold about you
  • Download your consultation history, project data, and account information
  • Request a copy in machine-readable format (JSON or CSV)

How to exercise: Email support@econblox.com with "Data Access Request" in the subject line.

8.2 Correction and Updates

You can:

  • Update account information directly through your dashboard
  • Correct inaccurate data at any time
  • Request we update information on your behalf if you cannot access your account

8.3 Deletion Rights

You can request:

  • Complete account deletion and removal of associated data
  • Deletion of specific consultation sessions or projects
  • Removal of uploaded documents

Exceptions: We must retain certain data for legal compliance (such as billing records for tax purposes) and may retain anonymized usage data that cannot identify you.

How to exercise: Email support@econblox.com with "Deletion Request" in the subject line.

8.4 Restriction and Objection

You can:

  • Object to processing your data for marketing purposes (opt-out anytime)
  • Request we restrict processing while we verify disputed data accuracy
  • Opt-out of non-essential communications

How to exercise: Use the "unsubscribe" link in emails or email support@econblox.com.

8.5 Response Timeline

We will respond to privacy rights requests within the timeframes required by applicable law (typically 30-45 days).

9. CALIFORNIA PRIVACY RIGHTS 

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

9.1 Right to Know

You can request information about:

  • What categories of personal information we collect
  • The sources from which we collect it
  • How we use it and who we share it with
  • Specific pieces of personal information we've collected about you in the past 12 months

9.2 Right to Delete

You can request deletion of your personal information, subject to certain legal exceptions.

9.3 Right to Opt-Out of Sale

We do not sell your personal information. This right does not apply because we never sell data to third parties.

9.4 Right to Non-Discrimination

We will not discriminate against you for exercising any of your CCPA rights.

9.5 How to Exercise Your CCPA Rights

Email: support@econblox.com
Subject Line: "CCPA Request"
Include: Your name, email address, and specific request

We will verify your identity before processing requests and respond within 45 days.

10. GDPR COMPLIANCE (EUROPEAN USERS)

If you are located in the European Union (EU) or European Economic Area (EEA), you have additional rights under the General Data Protection Regulation (GDPR):

10.1 Legal Basis for Processing

We process your personal data under the following legal bases:

Contract Performance (GDPR Article 6(1)(b)):
To provide the AI advisory service you subscribed to, including processing your consultation questions, maintaining your account, and managing your subscription.

Legitimate Interest (GDPR Article 6(1)(f)):
To improve our service, prevent fraud, ensure platform security, and analyze usage patterns.

Consent (GDPR Article 6(1)(a)):
For marketing communications and optional features (you can withdraw consent anytime).

Legal Obligation (GDPR Article 6(1)(c)):
To comply with tax regulations, financial reporting requirements, and other legal duties.

10.2 International Data Transfers

Your data may be transferred to and processed in countries outside the European Union, including:

United States:

  • Primary data storage location
  • Platform hosting and payment processing

Global Processing Locations:

  • Data may be processed in the EU, Asia-Pacific, and Australia via Amazon Web Services (AWS) infrastructure for performance optimization

Safeguards:

  • Standard Contractual Clauses (SCCs) with all data processors
  • Data Processing Agreements with service providers
  • AWS security certifications and compliance frameworks
  • Encryption during transfer and at rest

By using our service, you consent to these international data transfers with the safeguards described above.

10.3 EU Representative

For GDPR-related inquiries, EU residents may contact us at:
Email: support@econblox.com
Subject Line: "GDPR Inquiry - EU Resident"

We will respond to EU privacy requests within 30 days and work with EU supervisory authorities as needed.

10.4 Your GDPR Rights

In addition to the rights listed in Section 8, EU residents have:

  • Right to data portability
  • Right to object to processing based on legitimate interests
  • Right to restrict processing in certain circumstances
  • Rights related to automated decision-making

10.5 Supervisory Authority

EU residents have the right to lodge a complaint with your local data protection authority if you believe your rights have been violated.

Find your local authority: https://edpb.europa.eu/about-edpb/board/members_en

11. CHILDREN'S PRIVACY

Our Service is intended for business professionals and is not directed to children under 18 years of age.

We do not knowingly collect personal information from anyone under 18. If we discover we have collected information from a child under 18, we will delete it immediately. If you believe we may have information from a child under 18, please contact us at support@econblox.com.

12. NOT INVESTMENT ADVICE - SECURITIES DISCLAIMER

12.1 Business Strategy, Not Investment Advice

Econblox provides economics-based business strategy advice. We are NOT a registered investment adviser with the SEC or any state securities authority. Our service does not constitute investment advice as defined by the Investment Advisers Act of 1940.

12.2 No Securities Recommendations

We do not provide:

  • Recommendations to buy, sell, or hold specific securities (stocks, bonds, ETFs, mutual funds)
  • Personalized investment portfolio advice or asset allocation recommendations
  • Portfolio management or ongoing investment supervision
  • Market timing advice or specific investment product recommendations

12.3 Business Use Only

This service is designed for business owners and executives making strategic business decisions. While our economic analysis may inform your thinking about markets and capital allocation within your business operations, it is not a substitute for personalized investment advice from a registered investment adviser.

12.4 Consult Qualified Professionals

For personalized investment advice regarding securities portfolios, you must consult:

  • A registered investment adviser (RIA)
  • A certified financial planner (CFP)
  • A licensed securities broker
  • Other qualified investment professional who is properly licensed and registered

12.5 No Fiduciary Duty

We do not have a fiduciary duty to you with respect to investment decisions. We are not responsible for any investment losses you may incur based on information provided through this service.

13. BUSINESS TRANSFERS

Your information may be transferred if we are involved in a merger, acquisition, or sale of assets. Any such transfer will comply with applicable privacy laws.

14. CHANGES TO THIS PRIVACY POLICY

We may update this Privacy Policy from time to time. Material changes will be communicated via email or prominent website notice. Continued use of the Service after changes constitutes acceptance of the updated Privacy Policy.

Version History: We maintain previous versions of this policy. Email support@econblox.com to request older versions.

15. DO NOT TRACK SIGNALS

Our Service does not currently respond to Do Not Track (DNT) browser signals, as there is no industry-wide consensus on how to interpret and implement DNT.

16. EMBEDDED CONTENT AND EXTERNAL LINKS

16.1 Educational Video Content

Our platform includes educational videos hosted on our servers. These videos may collect viewing statistics and progress tracking to improve your learning experience.

16.2 External Links

We may link to external resources or third-party tools. We are not responsible for the privacy practices of third-party websites. Review their privacy policies before providing information.

17. CONTACT US

For questions, concerns, or requests regarding this Privacy Policy or your personal data:

Email: support@econblox.com
Business Name: Econblox (division of Toteflix Inc.)
Response Time: We respond to privacy inquiries in accordance with applicable law

For specific requests, please use these subject lines:

  • "Data Access Request" - to request your data
  • "Deletion Request" - to delete your data
  • "CCPA Request" - for California residents
  • "GDPR Inquiry - EU Resident" - for EU residents
  • "Privacy Question" - for general questions