Privacy Policy

Effective Date: June 15, 2025

This Privacy Policy describes the types of Personal Data GxPaaS, Inc. (“GxPaaS,” “we,” “us,” or “our”) may collect from our customers, website visitors, and users (collectively, “Users”) of GxPaaS Products, our website, and related services (collectively, the “Services”). It also describes our policies and procedures on the collection, use, maintenance, protection, and disclosure of your Personal Data (defined below) and tells you about your privacy rights and the choices you may have with respect to your Personal Data.

The use of the Services is governed by the GxPaaS Enterprise Services Agreement. Capitalized terms not otherwise defined in this Privacy Policy are defined in our GxPaaS Enterprise Services Agreement. Should a conflict arise between this Privacy Policy and the GxPaaS Enterprise Services Agreement, this Privacy Policy controls as to the use and disclosure of Personal Data, and the GxPaaS Enterprise Services Agreement controls in all other respects.

The term “Personal Data” means any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.

Please read this Privacy Policy carefully before accessing, using, and creating a User Account on the Services to understand our policies and procedures regarding your Personal Data.

Updates

We reserve the right to modify this Privacy Policy at any time by posting an updated Privacy Policy on our website. If we make changes, we will notify you by revising the date at the top of the policy. If we make any material changes, we may provide you with notice on the Services, and we may also, at our sole discretion, provide active registered Users with an email notice of those changes. You are responsible for regularly reviewing this Privacy Policy, and your continued use of the Services after we make changes is deemed your acceptance of the updated Privacy Policy. If any modification is unacceptable, you shall cease using the Services or notify us of your decision to opt-out as provided in this Privacy Policy. If you have questions about this Privacy Policy or wish to exercise any of your rights under this Privacy Policy, you may contact us at privacy@gxpaas.io.

1. Personal Data We Collect About You

The Services collect Personal Data from the following categories of sources: (a) directly from you; (b) indirectly/automatically from you; (c) from other Users; and (d) from third parties.

Personal Data We Collect Directly From You

While you are accessing or using the Services, we may ask you to provide us with certain Personal Data about you that is necessary to provide you with the Services, and you may also choose to provide us with additional Personal Data.

You may also provide us with information about you at the time of submitting a contact form, providing feedback, purchasing a subscription to the Services, or requesting customer support, which may include the following:

  • Contact information: First and last name, email address, and telephone number.
  • Company Information: Company name.
  • Payment information: Our third-party Payment Processor may also collect your credit card information and provide us with your name, the services purchased, and the date and time of the transaction.
  • Mobile Device Information: If you access the Services from a mobile device, we may access and receive information that you provide us access to.
  • Communication information: Any content of any communications you send and/or receive through the Services or through other communication, such as email, to or from us.
  • Customer Testimonials: Any customer testimonials and comments on our website that you provide us with consent.
  • Feedback and Support: Information you provide through our customer service helpdesk, including subjects, descriptions, request type, and attachments.

No Sensitive Information

We will not ask or require you to provide sensitive information such as information related to your finances, health, marital status, or any other information not required to provide the Services. We will not ask for, and you should not provide us with, information regarding protected classifications, including: race, color, religion, national origin, age, sex/gender, gender identity, sexual orientation, marital status, medical condition, and disability information, as described under the appropriate state or federal law.

Information We Automatically Collect From You

While you are accessing and using the Services, we may automatically collect certain information from you. This information may include:

  • Browser Information: Information about your device's internet protocol address (e.g., IP address), browser type, and version.
  • Browsing History: Information about the pages and functions of the Services that you visit, the date and time you access them, the time spent on those pages, and other actions while using the Services.
  • Geolocation Data: Information such as the approximate location determined from your IP address.
  • Device Information: Information about the device you use to access the Services, including the hardware model, type of device, operating system and version, and other unique device identifiers.
  • Session Recordings: We may record user interactions with our Services, including mouse movements, clicks, scrolls, and page navigation patterns to help us understand user behavior, improve our Services, and troubleshoot technical issues. These recordings do not capture keystrokes, form inputs, or any sensitive information.

The information we automatically collect from you is only statistical data and does not include Personal Data, but we may maintain it or associate it with Personal Data we collect in other ways to help us improve the Services and deliver a better and more personalized service. We use these technologies for a number of purposes, including enabling you to use the Services, facilitating the functioning of and your access to the Services, better understanding how you navigate through our Site, and detecting and preventing fraud.

The technologies we may use for this automatic data collection may include:

Cookies (or browser cookies). Cookies are small files placed on your computer’s hard drive when you access certain websites that record your preferences. We use cookies to track the use of and improve the Services.

Web Browser Storage. Some websites use the browser's "sessionStorage" and "localStorage" to store data; "sessionStorage" is stored temporarily, but the “localStorage” is persistent. You may erase them by deleting your browser's history.

Web Beacons

Certain sections of the Services and our emails may contain small electronic files known as web beacons (also referred to as clear gifs, pixel tags, or single-pixel gifs) that permit us to determine whether you performed a specific action, for example, if you used the Services or opened an email.

Third-Party Use of Cookies

Some content or applications on the Services are served by third parties, including payment processors. These third parties may use cookies, web beacons, or other tracking technologies to collect information about you when you access or use the Services for the purpose of providing their services to us. The information they collect may be associated with your Personal Data as necessary to process payments and provide the core functionality of our Services. We do not control these third-party tracking technologies or how they may be used.

Website Analytics

We use website analytics that track and report website traffic (“Website Analytics”). We use Website Analytics as a third-party tracking service, but we do not use it to track you individually or collect your Personal Data. We use Website Analytics to collect information about how the Services performs and how our users navigate through and use the Services. This information helps us evaluate the use of the Services and improve its performance.

Website Analytics may gather certain non-personally identifying information over time, such as your IP address, browser type, internet service provider, referring and exit pages, timestamp, and similar data about your use of the Services. We do not link this information to your Personal Data, such as your email address or username.

Personal Data We Collect from Other Users

When Customers add you as an Authorized User through the Services, they may provide us with Personal Data such as your first and last name, email address, phone number, job role, or other information. We use this information to send you invitations to create a User Account and to associate your User Account with your profile and permissions associated with the Services. We cannot control all types of Personal Data that Users provide us, but we will treat such Personal Data according to this Privacy Policy.

2. How We Use Your Personal Data

We use the Personal Data you provide, or we collect, if applicable:

  • To provide you with invitations to the Services;
  • To keep you updated regarding the Services;
  • To present the Services to you;
  • To provide and maintain the functionality of the Services;
  • To notify you about changes to the Services;
  • To allow you to participate in interactive features of the Services when you choose to do so;
  • To provide customer support;
  • To create and manage your User Account, if applicable;
  • To allow you to log into the Services;
  • To process payments for the Services, if applicable;
  • To provide you with news, special offers, and general information about other products and services that we offer that are similar to those you have already purchased or enquired about unless you have opted not to receive such information;
  • For our internal business purposes, such as data analysis and audits;
  • To fulfill our obligations and enforce our rights arising from any contracts you entered with us;
  • To monitor the usage of the Services;
  • To detect security incidents and protect against deceptive, illegal, or unauthorized activities;
  • To comply with applicable law;
  • To evaluate and/or conduct a divestiture, restructuring, dissolution, merger, or other transfer or sale of our assets;
  • In any other way we may describe when you provide the Personal Data; and
  • For any other purpose with your consent.

3. How We Share and Disclose Your Personal Data

Where permissible under applicable law, we may share your Personal Data in the following situations:

  • With Other Users: When you accept an invitation to access the Services through a Customer of the Services, we will share your Personal Data with the applicable Customer inviting you to the Services.
  • With Service Providers: We may share your Personal Data with service providers, contractors, and other third parties we use to support our business and who are bound by contractual obligations to keep Personal Data confidential and use it only for the purposes for which we disclose it to them.
  • With Business Partners: We may share your Personal Data with our business partners to offer you certain products, services, or promotions, and who are bound by contractual obligations to keep Personal Data confidential and use it only for the purposes for which we disclose it to them.
  • For Business Transfers: We may share or transfer your Personal Data in connection with, or during negotiations of, a merger, sale, financing, or acquisition of all or a portion of our business to another company.
  • As Aggregated Information: We may disclose aggregated information about our Users and information that does not identify any individual to our advertisers, business partners, or any other third party.
  • To Enforce Our Agreements: We may disclose your Personal Data to enforce and administer our legal agreements.
  • To Protect Our Rights: We may disclose your Personal Data to protect the rights, property, or personal safety of our company, its employees, and members of the public.
  • For Legal Compliance: We may disclose your Personal Data to comply with applicable laws, a court order, or legal processes, including to respond to: (i) notices of intellectual property infringement; (ii) claims that information violates the rights of third parties; and/or (iii) government or regulatory requests.
  • With Your Consent: We may disclose your Personal Data for any other purpose with your consent.

4. How We Secure Your Personal Data

We use commercially reasonable technological safeguards to secure the Personal Data we collect about you. The secure server software ("SSL") encrypts all information you input before sending it to us on the Services. The security of your Personal Data is important to us, but remember that no method of transmission over the Internet or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your Personal Data, we cannot guarantee its absolute security. For more information about how we safeguard Personal Data while using the Services, see GxPaaS Enterprise Services Agreement, as applicable. If you have any questions about the security of the Services, you can contact us at privacy@gxpaas.io.

5. Responsible Disclosure of Security Vulnerabilities

If you have discovered or believe that you have discovered a security vulnerability on the Services, or if you encounter any Personal Data of any other User that you do not believe was intended for you, we request that you notify us immediately at security@gxpaas.io. If you are conducting any security test of the Services and encounter any sensitive data (including financial information, proprietary information, or trade secrets of any party), you must stop your test, notify us immediately, and not disclose this data to anyone else. We will use commercially reasonable efforts to identify, investigate, and remedy any potential security vulnerabilities with the Services within a reasonable timeframe upon notification. If we believe that a security vulnerability does or could exist, we reserve the right to limit access to the Services and to require you to update your password or account emails or take any additional security measures before the Services may be accessed.

6. How You Can Manage Your Personal Data

You may correct, amend, or delete the information we hold and control about you by contacting us at privacy@gxpaas.io. After receiving proof of your identity, you may request that we delete or change any or all of your Personal Data (subject to certain exceptions), and we will do our best to respond to your request within thirty (30) days of receipt. You are responsible for keeping your Personal Data up to date.

IF YOU REQUEST US TO DELETE PERSONAL DATA ASSOCIATED WITH YOUR USER ACCOUNT, WE MAY NOT BE ABLE TO MAINTAIN YOUR USER ACCOUNT OR PROVIDE ACCESS TO THE SERVICES THROUGH YOUR USER ACCOUNT.

7. Retention of Your Personal Data

We may retain your Personal Data for as long as your User Account is active or as needed to provide you with the Services. We will also retain and use your Personal Data as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.

We may also retain de-identified statistical Usage Data for internal analysis purposes. Usage Data is generally retained for a shorter period of time, except when this data is used to strengthen the security or to improve the functionality of the Services, or we are legally obligated to retain this data for longer periods.

8. Consent to Processing of Your Personal Data in the United States

Unless otherwise expressly provided in an Order or the terms applicable to the Customer who invited you to the Services, your Personal Data may be processed by us (and third parties on our behalf as further described in this Privacy Policy) outside of your home country, including in the United States, where data protection and privacy regulations may not offer the same level of protection as privacy laws in your country. If you provide us with Personal Data, you agree to this Privacy Policy, and you consent to the transfer of your Personal Data to the United States, if applicable. We will take all the steps reasonably necessary to ensure that your Personal Data is treated securely and in accordance with this Privacy Policy, and no transfer of your Personal Data will take place to an organization or a country unless there are adequate controls in place to secure your Personal Data.

Opting Out of Personalized Ads

You may choose to opt out of receiving personalized advertisements from us by deleting, disabling, or managing browser cookies and web browser storage.

Marketing Emails Opt-Out

If you no longer want to receive marketing emails from us, you may click the “Unsubscribe” link in an email, follow the instructions provided in any email we send, or contact us at privacy@gxpaas.io.

Tracking Opt-Out

You can opt out of accepting cookies (or browser cookies) by activating the appropriate settings on your browser or setting your browser to alert you when cookies are being sent. However, if you disable or refuse all cookies, you may not be able to access and use some parts of the Service, or some portions of the Services may not act as expected.

9. Third-Party Websites

We may provide links to third-party websites through the Services, and this Privacy Policy does not apply when you access such third-party websites. We have no control or responsibility over their data collection, use, or disclosure practices. When you click on links that take you to external websites, you will be subject to their privacy policies. If you access and transmit information to third parties’ websites, you do so at your own risk. You should carefully review the privacy policy of any third-party website you visit before using it or disclosing your Personal Data to its provider.

10. Collection of Payment Information

We may use third-party service providers for payment processing, where applicable. We will not store or collect your payment card details. The information will be provided directly to our third-party Payment Processor, whose use of your Personal Data is governed by their privacy policy. Our Payment Processors adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, MasterCard, American Express, and Discover. PCI-DSS requirements help ensure the secure handling of payment information.

11. Personal Data of Minors

The Services are intended for individuals 18 or older. If you are under 18, you may not use the Services. We do not knowingly collect information from or direct any of our content specifically to children under 18. If you believe we might have any information from or about a child under the age of 18, please contact us at privacy@gxpaas.io.

12. Supplemental Notice to California Residents

Californian users of the Services may have additional rights afforded them under California privacy laws.

Additional Definitions Applicable to California Privacy Laws

CCPA” or “California Consumer Privacy Protection Act” means California Civil Code § 1798.100 et seq. as amended by the California Privacy Rights Act of 2020 (“CPRA”).

"Consumer," "Business," "Sell," and "Service Provider" will have the meanings given to them in the CCPA.

Personal Data” is information that identifies, relates to, or could reasonably be linked with you or your household. For example, it could include your name, social security number, email address, records of products purchased, internet browsing history, geolocation data, fingerprints, and inferences from other personal information that could create a profile about your preferences and characteristics.

California Consumer Privacy Act

Your Rights

If the processing of your Personal Data is subject to the CCPA, you have the right to:

  • Request us to disclose the categories and specific Personal Data we collect, use, disclose, and sell;
  • Know the categories of Personal Data that we collect and the purposes for which we collected or used such Personal Data and whether that information is sold or shared;
  • Know the categories of sources from which the Personal Data was collected;
  • Know the categories of third parties with whom we shared or to whom we sell your Personal Data;
  • Know whether we collected or sold your Personal Data for business or commercial purposes;
  • Request deletion of Personal Data we collected from you, subject to certain exceptions;
  • Opt-out of the sale of your Personal Data; and
  • Not receive discriminatory treatment by us for exercising your rights set out in the CCPA.

Categories of Personal Data Collected by Us

For information about what categories of Personal Data we may collect from Users in the twelve (12) months preceding the date this Privacy Policy was last modified, the sources of such information, the purposes for collecting and using that information, and what types of third-party service provider we may share that information with please see the following sections in this Privacy Policy entitled: ‘Personal Data We Collect About You;’ ‘How We Use Your Personal Data;’ and ‘How We Share and Disclose Your Personal Data.’ For more information about how to review and change your Personal Data collected through the Services, please see the section titled ‘How You Can Manage Your Personal Data.’

Categories of Personal Data Disclosed for a Business Purpose

The following is a summary of the categories of Personal Data we may have disclosed for a business or commercial purpose in the 12 months preceding the date this Privacy Policy was last modified.

Categories of Personal Data we collect include:Parties with whom each category of Personal Data may be shared include:
Identifiers: Name, alias, Internet Protocol address, email address, or other similar identifiers.Service Providers, Payment Processors, our affiliates, our business partners, third-party vendors to whom you or your agents authorize us to disclose your Personal Data in connection with the Services, and other Users when you display your Personal Data publicly.
Categories of Personal Data described in California Civil Code §1798.80(e): Name, billing address, and telephone number.Service Providers, Payment Processors, our affiliates, our business partners, third-party vendors to whom you or your agents authorize us to disclose your Personal Data in connection with the Services, and other Users when you display your Personal Data publicly.
Employment Information: employer name, title, and role.Service Providers, Payment Processors, our affiliates, our business partners, third-party vendors to whom you or your agents authorize us to disclose your Personal Data in connection with the Services, and other Users when you display your Personal Data publicly.
Financial Information: billing address, bank account number, credit card number, debit card number, or any other financial information.Payment Processors.
Commercial Information: Records and history of services purchased, obtained, or considered, or other purchasing histories or tendencies.Service Providers, Payment Processors, our affiliates, our business partners, and third-party vendors to whom you or your agents authorize us to disclose your Personal Data in connection with the Services.
Internet and other similar network activityService Providers, Payment Processors, our affiliates, our business partners, and third-party vendors to whom you or your agents authorize us to disclose your Personal Data in connection with the Services.

Such categories of Personal Data may be collected, used, or disclosed for business and commercial purposes, which may include the following examples:

  • To operate and improve the Services;
  • To provide you with the Services, respond to your inquiries, and give you the necessary support;
  • To respond to law enforcement requests, court orders, or governmental regulations;
  • As described to you when collecting your Personal Data or as otherwise set forth in the CCPA;
  • For internal administrative and auditing purposes; and
  • To detect security incidents and protect against malicious, deceptive, fraudulent, or illegal activity, including, when necessary, to prosecute those responsible for such activities.

Do Not Sell My Personal Data

As a California consumer, you have the right to opt out of the sale of your Personal Data. To make such a request, please contact us by email at privacy@gxpaas.io.

In the past 12 months, we have not sold your Personal Data other than to utilize Website Analytics in order to gain insights regarding how users interact with and to better provide the Services. See the heading titled ‘Website Analytics’ for more information about our use of Website Analytics and the categories of Personal Data collected by Website Analytics.

Minors

The Services are intended for individuals 18 years or older. If you are under 18 and have provided Personal Data to us through the Services, you have the right to request and obtain the removal of content or information you have publicly posted under the California Business and Professions Code Section 22581. Be aware that your request does not guarantee the complete removal of content posted online, as the law may not permit or require removal in certain circumstances.

Do Not Track Features

California law requires us to let you know how we respond to web browser Do Not Track (DNT) signals. Do Not Track is a preference you can set in your web browser to inform websites that you do not want to be tracked. You can enable or disable Do Not Track by visiting the Preferences or Settings page of your web browser. However, at this stage, there is no uniform technology standard for recognizing and implementing DNT signals. As such, we do not currently respond to or support DNT browser signals or any other mechanism that automatically communicates your choice not to be tracked online.

California’s Shine the Light Law

Under California's Shine the Light Law, California Consumers may request the type of Personal Data we disclose to third parties for their direct marketing purposes and a list of those third parties (if any). We have not disclosed Personal Data to third parties for direct marketing purposes.

To make any requests regarding your California Privacy Rights, please contact us by email at privacy@gxpaas.io.

13. Supplemental Notice To Individuals that Reside In the European Economic Area

Users of the Services that are residents of the European Economic Area (EEA) may have additional rights afforded to them under the EU General Data Protection Regulation (GDPR) and European Union Member States, including the United Kingdom and Switzerland.

Making a request in relation to your Personal Data

The GDPR gives EEA consumers various rights with respect to the Personal Data we collect, including the right to (subject to certain limitations):

  • Request copies of your Personal Data;
  • Access, update, or delete the Personal Data we have on you;
  • Request that we correct any information you believe is inaccurate, or request us to complete information you believe is incomplete;
  • Request erasure of your Personal Data that we have collected, under certain conditions;
  • Request that we restrict the processing of your Personal Data, under certain conditions;
  • Object to processing of your Personal Data, under certain conditions;
  • Request that we transfer the data we have collected to another organization, or directly to you, under certain conditions; and
  • Withdraw consent at any time where we are relying on consent to process your Personal Data.

Please note that we may ask you to verify your identity before responding to such requests. You will not have to pay a fee to access your Personal Data or to exercise any of the other rights. However, we may charge a reasonable fee if your request is clearly unfounded, repetitive, or excessive.

Should you wish to report a complaint or if you feel that we have not addressed your concern in a satisfactory manner, you may contact your local Data Protection Authority about our collection and use of your Personal Data.

Legal Basis for Processing

We need a lawful basis to collect, use, and disclose your Personal Data as a controller. Our lawful basis will depend on the information concerned and the context in which it is processed. Generally, we rely on the following lawful basis for processing Personal Data:

  • We need to perform a contract with you;
  • You have given us permission to do so;
  • The processing is in our legitimate interest, and it is not overridden by your rights;
  • For payment processing purposes; and
  • To comply with the law.

Transfers of Personal Data

If you live in the EEA, we will only transfer your Personal Data from the EEA to countries outside the EEA on the basis of appropriate safeguards, such as the European Commission’s Standard Contractual Clauses or their equivalent under applicable law.

14. Contact Information

If you have any questions or complaints about this Privacy Policy or our handling of your Personal Data, please contact us at privacy@gxpaas.io.