CXWizard LLC ("CXWizard", "we", "our", "us") respects your privacy. This Privacy Policy explains how we collect, use, disclose, and protect information when you use our website and AI-powered customer communication and automation platform, including integrations with WhatsApp, Instagram Messenger, Calendly, Shopify, website widgets, and other supported services.
1. Our Role: Controller and Processor
CXWizard serves both business customers and, in limited cases, website visitors and account holders directly.
- Business customers as controllers: When you use CXWizard to communicate with your end users, you generally act as the data controller (or equivalent under applicable law) for customer communications, contact data, and other end-user information you submit to the platform.
- CXWizard as processor or service provider: We generally process end-user data on your behalf to provide the Services, such as storing conversations, delivering messages, generating AI responses, and displaying inbox data in your dashboard.
- CXWizard as controller: We act as a controller for information relating to your CXWizard account, billing, website usage, support communications, and our own marketing analytics.
You are responsible for ensuring you have lawful authority to submit and process data through the platform, including obtaining required notices and consents from end users.
2. Information We Collect
a. Account and Business Information
- Business name, email address, account credentials, and profile information
- Integration and connection details for messaging platforms, scheduling tools, e-commerce platforms, and other connected services
- AI agent configuration, automation settings, support communications, and billing information processed through payment providers
b. End-User Data Processed on Your Behalf
When you connect messaging or integration accounts, CXWizard may process:
- Message content exchanged between your business and end users across connected channels
- Contact details and metadata such as phone numbers, usernames, timestamps, delivery status, and channel identifiers
- Appointment, scheduling, and commerce-related data made available through supported integrations
This data is processed to enable inbox management, automation, AI responses, analytics, and related platform functionality.
c. Automatically Collected Information
Device and browser information, IP address, access times, log data, and usage metrics collected through analytics and security tools, including Google Analytics and the Meta Pixel. These tools may use cookies and similar technologies to measure website interactions and support advertising and analytics as described in the relevant provider policies.
3. How We Use Information and Legal Bases
We use information to:
- Provide, operate, maintain, and secure the Services
- Deliver AI agent, messaging, scheduling, and automation functionality
- Process payments and manage subscriptions
- Provide customer support and service communications
- Improve platform functionality, onboarding, and user experience
- Detect fraud, abuse, and security incidents
- Comply with legal obligations and enforce our terms
Where the GDPR, UK GDPR, or similar laws apply, we rely on the following legal bases, as applicable:
- Contract performance: To provide the Services you request and administer your account
- Legitimate interests: To secure, improve, and operate the platform, prevent misuse, and support our business, balanced against your rights
- Consent: Where required for certain cookies, marketing, or other processing for which consent is the appropriate basis
- Legal obligations: To comply with applicable laws, lawful requests, and regulatory requirements
4. AI and Third-Party Processors
We use service providers to help deliver the Services. Depending on your configuration and use of the platform, categories of providers may include:
- AI providers (such as OpenAI): Message content and related context needed to generate AI responses
- Messaging providers (Meta, WhatsApp, Instagram): Message delivery, account connectivity, and channel metadata
- Scheduling providers (such as Calendly): Appointment and availability data
- Commerce providers (such as Shopify): Store, product, and order-related data you choose to connect
- Hosting and infrastructure providers: Account, message, and operational data stored and processed primarily in the United States
- Payment processors (such as Stripe): Billing, subscription, and payment information
- Analytics and advertising providers: Website usage, device, and interaction data
a. OpenAI
We use OpenAI's API to generate AI agent responses. Message data may be transmitted to OpenAI for processing and is subject to OpenAI's data use policies. We configure our use of OpenAI for service delivery and do not use OpenAI to permanently store your message history as our primary recordkeeping system.
b. Meta (WhatsApp and Instagram Messenger)
We access your WhatsApp Business and Instagram Messenger accounts via Meta's APIs to send and receive messages. You authorize this access when connecting your accounts. CXWizard accesses data relevant to chatbot operations, inbox management, and connected automations.
c. Calendly and Shopify
If you connect Calendly or Shopify, we access data made available through those integrations to support scheduling, commerce-related automations, and related dashboard functionality. You authorize this access when enabling the integration.
d. Analytics Tools
We use tools such as Google Analytics and the Meta Pixel to understand website usage, measure marketing effectiveness, and support advertising. These tools generally collect website and device signals and do not include your CXWizard inbox message content or end-user contact lists unless separately configured by you outside standard platform analytics. Meta's processing is subject to Meta's Privacy Policy.
We require service providers to process personal data only as needed to perform services for us and in accordance with applicable law and contractual protections.
5. International Data Transfers
CXWizard is based in the United States, and we primarily store and process data in the United States through cloud infrastructure and service providers.
If you or your end users are located outside the United States, your information may be transferred to, stored in, and processed in the United States and other countries where we or our service providers operate. Those countries may have data protection laws that differ from those in your jurisdiction. Where required, we implement appropriate safeguards for international transfers, such as standard contractual clauses or equivalent mechanisms recognized under applicable law.
6. Your Responsibilities as a Customer
- Consent and notices: You are responsible for ensuring that end users are properly informed and have provided any required consent before their data is processed through CXWizard.
- Lawful processing: You must have a lawful basis to collect, use, and share end-user data through the platform.
- Prohibited data: You must not use CXWizard to collect or transmit sensitive personal information, such as health data, financial account credentials, government IDs, or passwords, except where expressly permitted and lawful.
- Platform policies: You are responsible for complying with WhatsApp, Meta, and other connected platform policies.
7. Data Retention
We retain information based on the type of data and how it is used:
- Active account data: Message, contact, and account data are generally retained while your account remains active and as needed to provide the Services
- Deleted accounts: When you request account deletion, we deactivate your account promptly. Permanent deletion of associated data from our primary systems occurs thirty (30) days after deactivation, subject to limited retention for security, fraud prevention, backup recovery, and legal compliance
- Backups and logs: Residual copies may persist in backups or logs for a limited period before being overwritten or deleted according to our retention schedules
- Legal and compliance retention: We may retain information longer where required by law, to resolve disputes, enforce agreements, or protect our legal rights
- Aggregated or de-identified data: We may retain aggregated or de-identified information for analytics, security, and business purposes
8. Data Security
We implement commercially reasonable technical and organizational safeguards designed to protect personal data, including:
- Encryption in transit for data transmitted over public networks
- Access controls and role-based permissions
- Authentication protections for account access
- Monitoring, logging, and incident response processes
- Backup and recovery procedures
- Vendor security review and contractual safeguards where appropriate
No method of transmission or storage is completely secure. We cannot guarantee absolute security, and you use the Services at your own risk.
9. Your Privacy Rights
Depending on your location and role, you may have rights relating to personal data, including:
- Access to personal data we hold about you
- Correction of inaccurate or incomplete data
- Deletion of personal data, subject to legal exceptions
- Data portability, where applicable
- Restriction of certain processing activities
- Objection to certain processing based on legitimate interests
- Withdrawal of consent where processing is based on consent
To exercise your rights, contact us at support@cxwizard.app. We may need to verify your identity before responding. If you are an end user of one of our business customers, we may direct your request to that customer where they act as the controller of your data.
We will respond within the timeframes required by applicable law. You may also have the right to lodge a complaint with your local data protection authority.
10. Region-Specific Disclosures
a. European Economic Area and United Kingdom
If you are located in the EEA or UK, the legal bases described in Section 3 apply to our processing. Where we transfer personal data outside the EEA or UK, we use appropriate safeguards as required by applicable law. You may contact us to request more information about those safeguards where available.
b. California and Other U.S. State Privacy Laws
If you are a California resident or covered by similar state privacy laws, you may have additional rights, including:
- The right to know what personal information we collect, use, and disclose
- The right to request deletion of personal information, subject to exceptions
- The right to correct inaccurate personal information
- The right to opt out of certain processing activities where applicable law provides that right
- The right not to receive discriminatory treatment for exercising privacy rights
We do not sell personal information for money. We may use cookies and analytics tools that could be considered "sharing" for cross-context behavioral advertising under some state laws. Where required, we provide applicable opt-out mechanisms on our website. To submit a request, email support@cxwizard.app.
11. Children's Privacy
CXWizard is intended for businesses and individuals who are at least 18 years old. The Services are not directed to children, and we do not knowingly collect personal information from anyone under 18. If you believe we have collected information from a child, please contact us and we will take appropriate steps to delete it.
12. Changes to This Policy
We may update this Privacy Policy from time to time. The updated policy will be posted on our website with a revised "Last Updated" date. Material changes may also be communicated through the Services or by email where appropriate.
13. Contact Us
For privacy questions, data subject requests, privacy complaints, or regulatory inquiries, contact:
- CXWizard LLC
- Email: support@cxwizard.app
- Website: cxwizard.app