Privacy Policy

Effective Date: 4/07/2024

CXfirst AI Private Limited (“CXFirst”, “we”, “us”, or “our”) respects the privacy of individuals and is committed to protecting the personal data we collect and process in the course of providing our software-as-a-service (SaaS) products and related services (“Services”). This Privacy Policy (“Policy”) describes the types of information we collect, how we use it, with whom we share it, and your rights and choices with respect to such information.

This Policy applies to information collected through our websites (including www.cxfirst.ai) and all associated subdomains, applications, services, and communications, whether accessed online or through any other platform or device.

1. Scope and Applicability

This Policy applies globally to all individuals whose personal data we process, including users, customers, website visitors, and representatives of our clients and partners. This Policy has been drafted to comply with applicable data protection laws, including but not limited to the General Data Protection Regulation (EU) 2016/679 (“GDPR”), the UK GDPR, the California Consumer Privacy Act of 2018 (as amended by the California Privacy Rights Act, collectively the “CCPA”), and any other applicable state, national, or international privacy laws.

2. Information We Collect

We collect the following categories of personal information:

a. Personal Identifiers

  • Full name, email address, telephone number, job title, company name
  • Account login credentials and authentication data
  • Billing and payment information (including payment method details, if applicable)

b. Internet or Other Network Activity

  • IP address, device information, browser type and version, operating system
  • Date and time of access, pages visited, links clicked, referring/exit URLs
  • Session duration, mouse movements, and interaction data

c. Commercial Information

  • Records of products or services purchased, obtained, or considered
  • Transaction history and communications with our team

d. Geolocation Data

  • Approximate geographic location derived from IP address

e. User-Generated Content and Communications

  • Feedback, inquiries, survey responses, support requests, and emails

f. Professional or Employment-Related Information

  • Company affiliation, industry, and business contact information

3. Legal Bases for Processing (GDPR Compliance)

Under the GDPR, we process your personal data based on one or more of the following legal bases:

  • Performance of Contract: To fulfill our contractual obligations to you or your organization.
  • Consent:Where required, we obtain your consent for specific processing activities.
  • Legitimate Interests: To operate our business, improve our Services, prevent fraud, and maintain security.
  • Legal Obligation: To comply with applicable legal and regulatory requirements.

4. Use of Information

We use the information collected for the following purposes:

  • To provide, maintain, and improve the Services
  • To authenticate users and manage account access
  • To personalize and enhance user experience
  • To process transactions and deliver invoices
  • To provide technical and customer support
  • To send transactional communications, administrative updates, and security notices
  • To send promotional and marketing communications, subject to your preferences
  • To detect, prevent, and investigate fraud, abuse, or security incidents
  • To comply with legal obligations and enforce our Terms of Service

5. Disclosure of Personal Data

We may disclose your personal data to the following categories of recipients:

  • Service Providers and Subprocessors: Including but not limited to hosting providers, analytics providers, payment processors, email delivery services, CRM systems, and customer support platforms, bound by contractual confidentiality and data protection obligations.
  • Affiliates and Corporate Group Entities: For internal business operations and consistent service delivery.
  • Business Transfers: In connection with a merger, acquisition, financing, or sale of all or a portion of our assets.
  • Legal Authorities: Where required by law or to protect our legal rights, users, and the public.

We do not sell or rent personal data. We do not share personal data with third parties for their direct marketing purposes without your explicit consent.

6. International Data Transfers

We are headquartered in India and may process your personal data in jurisdictions outside your country of residence. When transferring personal data internationally, we implement appropriate safeguards such as:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Adequacy Decisions where applicable
  • Binding Corporate Rules (BCRs), where required

You may request a copy of the relevant transfer mechanisms by contacting us (see Section 11).

7. Data Retention

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, including:

  • For the duration of your contractual relationship with us
  • As required by law or regulatory obligations
  • To resolve disputes and enforce agreements

After the applicable retention period, we securely delete or anonymize the data.

8. Your Rights

Under GDPR (if you are located in the EEA, UK, or Switzerland), you have the right to:

  • Access, rectify, or erase your personal data
  • Restrict or object to the processing of your personal data
  • Withdraw consent at any time (without affecting the lawfulness of prior processing)
  • Receive a copy of your data in a structured, machine-readable format (data portability)
  • Lodge a complaint with a supervisory authority

Under CCPA/CPRA (if you are a California resident), you have the right to:

  • Know what personal data we collect, use, disclose, or “sell” (we do not sell personal data)
  • Request deletion of your personal data
  • Correct inaccurate personal information
  • Opt-out of the sale or sharing of personal data (not applicable to CXFirst)
  • Not be discriminated against for exercising your rights

9. Data Security

We implement reasonable and appropriate administrative, technical, and organizational safeguards designed to protect your personal data from accidental loss, misuse, unauthorized access, disclosure, alteration, and destruction. These include:

  • Encryption of data at rest and in transit
  • Secure access controls and authentication
  • Regular security assessments and audits
  • Data minimization and access restriction principles

However, no security system is impenetrable. We cannot guarantee absolute security of your information.

10. Cookies and Tracking Technologies

We use cookies, pixels, and similar technologies to enhance user experience, perform analytics, and deliver relevant content. You can configure your browser settings to manage or disable cookies. For detailed information, please refer to our Cookie Policy.

11. Contact Information

For questions or concerns regarding this Privacy Policy, or to exercise your rights under applicable data protection laws, please contact us at:

CXFirst AI LLP
Website: https://www.cxfirst.ai

12. Updates to This Policy

We reserve the right to modify this Privacy Policy at any time. When we make material changes, we will notify you via our website or direct communication, and update the “Last Updated” date, as when applicable. We encourage you to review this Policy periodically.

13. Additional Disclosures for California Residents (CCPA/CPRA)

Category of InformationSourcePurposeDisclosed To
IdentifiersUser-providedService delivery, account managementService Providers
Commercial InfoUser activityBilling, analyticsService Providers