DEXtra
Features Pricing Docs
Sign In Get Started
Terms Privacy SLA DPA

Privacy Policy

Last Updated: [DATE]  |  Effective: [DATE]

1. Introduction

[LEGAL ENTITY NAME] ("DEXtra," "we," "us," or "our") operates the DEXtra RMM platform, an AI-powered Remote Monitoring and Management service designed for Managed Service Providers (MSPs) and IT teams. This Privacy Policy describes how we collect, use, disclose, and protect information when you use our platform, including the web dashboard, endpoint agents, AI assistant, remote desktop capabilities, and all related services.

By creating an account, installing the DEXtra agent, or otherwise using our services, you acknowledge that you have read and understood this Privacy Policy. If you are deploying DEXtra agents on endpoints managed on behalf of your clients, you are responsible for ensuring that appropriate notice and consent has been obtained from end users in accordance with applicable law.

2. Information We Collect

2.1 Account Information

When you register for a DEXtra account, we collect information necessary to create and manage your account, including:

  • Full name and job title
  • Email address
  • Company or organization name
  • Phone number
  • Billing address and payment information

2.2 Endpoint Data

The DEXtra agent installed on managed endpoints collects system-level data required to deliver monitoring, management, and security services. This data is transmitted to our orchestrator via encrypted WebSocket connections and includes:

  • Operating system type, version, build number, and architecture
  • Hardware specifications including CPU model, core count, total and available memory, disk drives, and network adapter configurations
  • Installed software inventory with names, versions, publishers, and install dates
  • Running Windows services and processes, including their status, startup type, and resource usage
  • Windows Event Log entries filtered by administrator-defined queries (application, system, and security logs)
  • Network configuration data including IP addresses, MAC addresses, gateway, and DNS settings
  • Microsoft Defender status, scan history, detected threats, and quarantine state
  • Windows Update and patch status including installed hotfixes, pending updates, and compliance state
  • File system metadata accessed through the remote file browser, including file names, sizes, permissions, and modification dates (file contents are only accessed when explicitly requested by an authorized administrator)
  • Windows Registry keys and values accessed through the remote registry editor (only when explicitly queried by an authorized administrator)
  • Screen content transmitted during active remote desktop sessions only, using end-to-end encrypted connections
  • Shell command output and script execution results initiated by authorized administrators through the remote shell or script library

2.3 AI Conversation Data

DEXtra includes an AI-powered helpdesk assistant. When users interact with the AI, we collect:

  • The text of conversations between users and the AI assistant
  • Support questions, troubleshooting descriptions, and context provided by users
  • AI-generated responses, diagnostic findings, and recommended actions
  • Action plans proposed by the AI and approval/rejection decisions made by users

2.4 Usage Data

We collect information about how you interact with the DEXtra platform to improve service quality, including:

  • Features accessed and frequency of use
  • Session duration and login frequency
  • API call volume and patterns
  • Error logs, crash reports, and performance metrics

2.5 Log Data

Our servers automatically record information when you access the platform, including:

  • IP address
  • Browser type and version
  • Pages visited and actions taken within the dashboard
  • Date and time stamps of all requests
  • Referring URL

2.6 Cookies

DEXtra uses cookies that are strictly essential for the operation of the platform. These include session cookies for authentication and authorization (JWT tokens). We do not use advertising cookies, third-party tracking cookies, or analytics cookies. No personal data is shared with advertising networks through cookies or any other mechanism.

3. How We Use Information

3.1 Provide and Operate the Service

We use the information we collect to deliver, maintain, and improve the DEXtra platform, including endpoint monitoring, alerting, patch management, remote access, ticketing, and all related management capabilities. Endpoint data is used to populate dashboards, generate reports, evaluate monitoring policies, and trigger alerts.

3.2 AI Processing

Conversation data is sent to Anthropic's Claude API to generate AI responses. Anthropic processes this data solely to provide the AI response and does not use it to train their models. For details on how Anthropic handles data, please refer to Anthropic's Privacy Policy. System queries used for RMM data collection (hardware inventory, patch scans, service status, etc.) do not consume AI tokens and are not sent to any third-party AI provider.

3.3 Improve the Service

We use aggregated and anonymized usage data to identify trends, diagnose technical issues, and improve platform performance and user experience. Individual endpoint data is never used for purposes unrelated to delivering the service to you.

3.4 Security

We use log data, authentication records, and behavioral patterns to detect and prevent fraud, abuse, unauthorized access, and other security threats. This includes rate limiting, IP blocking, audit trail analysis, and SIEM event correlation.

3.5 Communication

We may use your contact information to send service-related communications, including:

  • Service notifications and maintenance announcements
  • Trial expiration and subscription renewal warnings
  • Security alerts and vulnerability notifications
  • Product updates and feature announcements relevant to your subscription

We do not send unsolicited marketing communications. You may opt out of non-essential notifications at any time through your account settings.

3.6 Legal Compliance

We may process information as necessary to comply with applicable laws, regulations, legal processes, or enforceable governmental requests, and to establish, exercise, or defend legal claims.

4. How We Share Information

4.1 We Do Not Sell Your Data

We do not sell, rent, lease, or trade personal information or endpoint data to any third party, under any circumstances.

4.2 Limited Sharing

We may share information with the following categories of recipients, and only to the extent necessary:

  • Anthropic (AI Provider): Conversation data is sent to Anthropic's Claude API to generate AI assistant responses. Anthropic processes this data under their commercial API terms and does not use it for model training.
  • Infrastructure Providers: We use third-party hosting and infrastructure providers to operate the platform. These providers process data on our behalf under Data Processing Agreements (DPAs) that require them to protect your data and limit its use to providing their services to us.
  • Payment Processors: Billing information is shared with our payment processor solely for the purpose of processing subscription payments. We do not store full credit card numbers on our servers.
  • Law Enforcement: We may disclose information to law enforcement authorities or other government officials only when legally compelled to do so by a valid subpoena, court order, or other binding legal process. We will attempt to notify affected users unless prohibited by law.

4.3 Business Transfers

In the event of a merger, acquisition, bankruptcy, or sale of all or a portion of our assets, your information may be transferred as part of that transaction. Any acquiring entity will be bound by the terms of this Privacy Policy with respect to previously collected data, and we will notify you before your information becomes subject to a materially different privacy policy.

5. Data Security

5.1 Encryption

All data transmitted between the DEXtra agent, web dashboard, and our servers is encrypted using TLS 1.2 or higher. Sensitive data at rest, including stored credentials and security tokens, is protected with authenticated field-level encryption. Database fields containing secrets (such as RustDesk remote desktop passwords) use per-field Fernet encryption (AES-128-CBC with HMAC-SHA256).

5.2 Access Controls

The DEXtra platform implements role-based access control (RBAC) with four distinct permission levels. Access to endpoint data, administrative functions, and sensitive operations is restricted based on the authenticated user's assigned role. All administrative actions are logged in an immutable audit trail.

5.3 Agent Security

The DEXtra agent communicates with the orchestrator over encrypted WebSocket connections authenticated with HMAC-signed tokens. Credentials stored on managed endpoints, including API keys and remote desktop passwords, are protected using Windows DPAPI (Data Protection Application Programming Interface), which binds encryption to the machine identity and prevents extraction by unauthorized processes.

5.4 Remote Desktop Security

Remote desktop sessions use end-to-end encryption via NaCl (Networking and Cryptography library). Session credentials are generated per-agent and are not stored in plaintext on the server. Remote desktop connections require explicit authentication and are logged with full session metadata including initiator, target, start time, and duration.

5.5 Incident Response

In the event of a confirmed data breach that affects your personal information or endpoint data, we will notify affected users and, where applicable, relevant supervisory authorities within 72 hours of becoming aware of the breach. Notifications will include the nature of the breach, the categories of data affected, and the measures taken or proposed to address it.

6. Data Retention

6.1 Active Accounts

We retain your account information and associated endpoint data for the duration of your active subscription. Endpoint telemetry (monitoring snapshots, alert history, SIEM events) is retained according to your plan's data retention limits.

6.2 Terminated Accounts

Upon subscription termination or cancellation, your data is retained for 30 days to allow you to export any information you need. After this 30-day grace period, all account data, endpoint data, conversation history, and associated records are permanently deleted from our production systems.

6.3 Expired Trials

Data associated with expired trial accounts is retained for 60 days after the trial end date. If the trial is not converted to a paid subscription within this period, all data is permanently deleted.

6.4 Logs

Server access logs, authentication logs, and audit trail entries are retained for 90 days, after which they are automatically purged. Security incident logs may be retained longer if an active investigation requires it.

6.5 Backups

Encrypted backups may contain copies of your data for up to 30 days after the data has been deleted from production systems. Backups are subject to the same encryption and access control standards as production data and are automatically rotated and destroyed on schedule.

7. Your Rights

7.1 Access and Export

You may access, review, and export your data at any time through the DEXtra dashboard. Export functionality is available for agent inventories, monitoring data, ticket history, and AI conversation logs.

7.2 Correction

You may update or correct your account information at any time through the Settings section of the dashboard. If you identify inaccuracies in collected endpoint data, please contact our support team.

7.3 Deletion

You may request deletion of your account and all associated data by contacting us at [EMAIL]. Upon receiving a verified deletion request, we will delete your data from production systems within 30 days. Please note that deletion is irreversible and will result in the loss of all historical data, reports, and AI conversation history associated with your account.

7.4 Data Portability

You have the right to receive a copy of your data in a structured, commonly used, and machine-readable format. We support data export in CSV, JSON, and PDF formats. To request a full data export, contact [EMAIL].

7.5 Objection

You have the right to object to our processing of your personal data. If you object to data processing that is essential to the operation of the service, we may not be able to continue providing the service to you, which may require termination of your subscription. We will work with you to understand your concerns and find a resolution where possible.

8. International Data Transfers

DEXtra's servers and infrastructure are located in the United States. If you are accessing the platform from outside the United States, please be aware that your information will be transferred to, stored, and processed in the United States.

By using DEXtra, you consent to the transfer of your information to the United States and acknowledge that data protection laws in the United States may differ from those in your country of residence.

For users in the European Union and European Economic Area (EU/EEA), we rely on Standard Contractual Clauses (SCCs) approved by the European Commission as the legal mechanism for transferring personal data outside the EU/EEA. Copies of the applicable SCCs are available upon request by contacting [EMAIL].

9. Children's Privacy

DEXtra is a business-to-business platform designed for use by IT professionals and Managed Service Providers. Our services are not directed to individuals under the age of 18, and we do not knowingly collect personal information from minors.

If we become aware that we have inadvertently collected personal information from an individual under 18, we will take immediate steps to delete that information from our systems. If you believe that a minor has provided personal information to us, please contact us at [EMAIL].

10. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes to this policy, we will provide at least 30 days' advance notice through one or more of the following methods:

  • Email notification to the address associated with your account
  • A prominent notification within the DEXtra dashboard
  • Updating the "Last Updated" date at the top of this page

Your continued use of the platform after the effective date of the updated policy constitutes your acceptance of the changes. We encourage you to review this page periodically.

11. Contact

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

[LEGAL ENTITY NAME]
[EMAIL]
[ADDRESS]

For data protection inquiries, deletion requests, or to exercise any of your rights described in Section 7, please email [EMAIL] with the subject line "Privacy Request" and include your account email address for verification.

If you have questions about this Privacy Policy, please contact us at [EMAIL] or write to [LEGAL ENTITY NAME], [ADDRESS].

DEXtra

AI-powered RMM for modern MSPs. Monitor, manage, and resolve — autonomously.

Product
Features Pricing Security Changelog
Resources
Documentation API Reference Status Page Blog
Company
About Contact Privacy Terms
© 2026 dextra.bot — All rights reserved.
Privacy Policy Terms of Service SLA