Privacy Statement – CX Guru
Last Updated:
Foreword
CXP Auto Inc. (“ CXP ”, “ We ”, “ Our ”, or “ Us ”) is committed to protecting the privacy and security of Our users. This privacy statement is applicable to CX Guru (www.cxguru.ai), which is a cloud-based platform owned and operated by CXP (the “ Services ”).
Please read this privacy policy (the “ Policy ”) carefully before you (a user of the Services) access, or otherwise use the Services (you, the user of the Services, referred herein as “ You ” or “ Your ”). If You do not agree with this Policy, please do not use the Services. If You do access or otherwise use the Services, or continue to use the Services after the Policy has been changed (see below), You (i) agree to the terms and conditions of this Policy and (ii) this Policy shall have the same effect as a binding written agreement executed by You and Us.
The Services may be subject to additional terms and conditions. Please review such terms and conditions before accessing or otherwise using the Services.
This Policy may have changed since the last time You reviewed it. The date of the last update to this Policy is indicated above. If this Policy materially changes, We will use commercially reasonable efforts to notify You that the Policy has changed. This may be done by direct communication to You or indication via the Services.
I. Information We Collect
When You use the Services, We collect information (including personal information) from You. The information We collect may be provided by You, collected by Us or by a third party, or received from a third party. By using the Services, You consent to the collection, use and disclosure of Your information. You may refuse or withdraw Your consent any time. Please refer to VI. Access, Accuracy and Choice.
Consent
As permitted by law, consent to the collection of Your personal information may be implied. In certain circumstances, express consent may be required, and We will do so if it is determined that We must obtain express consent from You. Otherwise, Your acceptance of this Policy indicates Your consent to the collection, use and disclosure of Your information.
Subject to legal and contractual restrictions, You may refuse or withdraw Your consent at any time by notifying Us in accordance with this Policy. We note that some of the Services require
Your personal information to function properly or the Services may only be offered if You provide Us with Your personal information. In such cases, if You refuse or withdraw Your consent, the Services may not be available to You. To refuse or withdraw Your consent, please refer to VI. Access, Accuracy and Choice.
Cross-border Transfers and Outsourcing
CXP is headquartered in Canada; however, some of Our development occurs outside of Canada and We may use hosting services located outside of Canada.
As detailed in the disclosure section below where We describe how We share information with third parties, We work with third parties who may be located outside of Canada and Your information may be processed and/or stored in a country outside of Canada. As a result, foreign federal and state governments, Canadian federal or provincial courts or law enforcement or regulatory agencies may be able to obtain disclosure of Your information through laws applicable in the foreign countries and Canada. Your use of the Services or Your submission of any information to Us will constitute Your consent to the transfer of Your information outside of Your country of residence, which may provide for different data protection and privacy rules than in Your country.
Information You Provide Us
We collect Your personal information when You give it to us. Collection may be facilitated through various means such as:
-
Communications : If You use the Services to communicate with Us or other parties, the content of Your message and information about You, including about the device You used to communicate, will be collected.
-
Content : If You upload, attach, input or otherwise share any URL, images, documents, text or other content with the Services, such content will be collected.
-
Sign-up : When You register an account with the Services, We may collect personal information that is made available to us. For example, We may collect Your name, address, email, phone number and place of work to open up Your account. The same applies if You invite additional users to sign up to the Services.
-
Credit Card : As part of Your subscription, You may be required to provide a credit card. However, We do not receive any information about Your credit card. All payment processing services are provided by Our payment processor partner Stripe. Please ensure that You review their privacy policy.
-
Contact Us : When You contact us through the “Contact Us” form on the Services, We collect personal information that You provide us through the form. Such information may include Your name, e-mail, telephone number, and other information requested on the form. We may provide support to You via chatbots, forms, and other interactive
platforms and We may collect information from You, including Your name, e-mail, and the text You input into such platforms.
-
Feedback : If You provide Us with feedback through the form made available on the Services, We will collect Your feedback information, along with the user name associated with such feedback information.
-
Job Applications : When You submit a job application to Us, We may collect Your personal information such as Your name, e-mail, mailing address, telephone number, education information, employment information, and any other information that You provide Us in Your resume, cover letter or otherwise.
Information We Collect
Public Sources : We may collect information about You and Your dealership from publicly available sources without You providing it directly to Us.
Hotjar : We use Hotjar (https://www.hotjar.com/) to understand how Our users use Our Services for the purposes of improving user experience. While We do not collect this information directly, We use Hotjar to record user interactions with Our Services. Please review their privacy policy here (https://www.hotjar.com/privacy/).
Information Automatically Collected
We may collect Your information automatically when You use the Services. This collection may be done directly by Us, or via a third-party service provider. For third-party service providers, please also refer to the disclosure section below where We describe how We share information with third parties. We may automatically collect Your information, including personal information, such as Your IP address, telephone number, device information, geo-location, identifiers (such as advertiser identifier), browser information, operating system information, and interaction with the Services.
Information from Other Sources
Google Business Profile : If You connect your Google Business Profile (GBP) to the Services, We will retrieve reviews and responses connected to such GBP to be used in connection with the Services. After connection, depending on Your setting, We may collect email communications between Your users for the purpose generating an AI-assisted review response. You may disable this feature at any time. Additionally, We may retrieve information related to the business connected to such GBP.
II. Purposes of Collection, Use and Disclosure
We use the information collected for the purposes for which it was collected, which are listed below in the Purposes section. If a purpose is not listed, We will disclose the purpose before or at the time of collecting the information.
Purposes
Your information may be collected, used and disclosed for the following purposes:
-
To communicate with You in accordance with applicable laws
-
To provide Services to You
-
To verify Your identity
-
To connect with Your other accounts such as Google Business Profile
-
To provide recommendation and offers on products and services
-
To develop new and improve existing products and services
-
To respond to Your inquiries and comments
-
To prevent fraud and abuse of the Services and to otherwise protect Our business
-
To protect other users of the Services against security breaches
-
To understand Our user base and effectiveness of the Services
-
To administer, operate and improve the Services and for internal business purposes
-
To compile aggregated data, perform statistical analyses and otherwise analyse Our business for internal and external business purposes
-
To create, train and improve Our artificial intelligence models (more on this below)
-
To comply with legal and governmental requirements
-
To process job applications
The purposes for which Your information is collected may be applicable for Us to process Your information or for a third-party service provider to process Your information in relation to the Services.
Artificial Intelligence
We use artificial intelligence as part of Our core offerings. Certain functionalities of the Services use artificial intelligence as an integral part without which, such functionalities would be impossible. We may also use information collected and/or generated from the Services to train artificial intelligence models for the purpose of creating or improving Our Services, which may involve working with third party service providers. If We work with third party service providers to either train or provide You with functionalities enabled by artificial intelligence, We will ensure (via contractual means) that such third-party service providers do not use Your information for training purposes.
III. How We Share Information
We may disclose Your information to various parties as disclosed in this section. These parties include Our business partners, third-party service providers, government authorities or other parties as described in this section.
Third-Party Service Providers
We may use third-party service providers to perform functions in connection with the Services. Some of the third-party service providers may be provided or given access to Your personal information and they may be located outside of Canada.
Below is a description of how We share information with Our third-party service providers and business partners. We will use best efforts to disclose the identity of every third party that We work with so that You can review their privacy policies and security practices to make an informed decision.
-
Consultation : We may work with partners to continue to improve the Services We provide to You and the viability of Our business. Consulting partners may be provided broad access to Our information for them to have a holistic understanding of Our business. This may include Your information and the level of access may depend on the service provided by Our consulting partners. For example, a consulting partner working with Us on privacy or security improvements may have greater access to Our data. Currently, We do not work with any consultation partner but We may in the future work with partners such as Vanta, OneTrust to improve Our security and privacy practices. We will update this Policy when/if We work with such partners.
-
Notification : We may use the services of companies that provide notification services for Us to reach Our user base. We currently work with Resend.
-
Reviews : Reviews are an integral part of the Services and We obtain these reviews from third parties. Currently, the only reviews retrieved and processed on the Services is from Google.
-
Artificial Intelligence : We work with artificial intelligence service providers to provide and improve the Services. Currently, We work with OpenAI, Anthropic and Google Gemini.
-
Other Technology Providers : We may work with various other technology partners not mentioned above to provide You the Services. They are an integral part of Our Services. They include: Amazon AWS, Vercel, Supabase, Hotjar, n8n, Trigger.dev and Stripe.
Cookies
We use cookies, which are small pieces of data sent from a website and stored on Your device. We use both session and persistent cookies; the former is deleted when You close Your browser
whereas the latter is deleted when You clear Your cookies. Cookies are both created by Us and Our partners. Cookies may store information such as Your login information (except passwords), session information, device information, network information and usage statistics. To disable cookies, please adjust Your browser settings. However, some features on the Service may not function properly if cookies are disabled.
Business Changes
If We become involved in a merger, acquisition, sale of assets, joint venture, securities offering, bankruptcy, reorganization, liquidation, dissolution, or other transaction or if the ownership of all or substantially all of Our business otherwise changes, We may transfer Your information to a third party or parties in connection therewith. Specifically, We may disclose information about You to third parties without Your consent where We believe that such disclosure is necessary to determine whether to proceed with a prospective business transaction or to complete a transaction in progress, or where the information is necessary to carry on the activity that was the object of the transaction. A “business transaction” includes:
-
the purchase, sale or other acquisition or disposition of an organization or a part of an organization, or any of its assets;
-
the merger or amalgamation of two or more organizations;
-
the making of a loan or provision of other financing to an organization or a part of an organization;
-
the creating of a charge on, or the taking of a security interest in or a security on, any assets or securities of an organization;
-
the lease or licensing of any of an organization’s assets; and
-
any other prescribed arrangement between two or more organizations to conduct a business activity.
Investigations and Law
We may disclose information about You to third parties without Your consent if We believe that such disclosure is necessary to:
-
Investigate fraud and abuse on the Service;
-
Take action regarding suspected illegal activities;
-
Enforce or apply this Policy or other agreements with Us;
-
Comply with the law or guidance and cooperate with government authorities, regulatory bodies, law enforcement officials or private parties;
-
Protect Our rights, reputation, safety, and property, or that of users or others;
-
Respond to claims and legal process (for example, subpoenas); and/or
-
Protect against legal liability.
Where obliged or permitted to disclose information without consent, We will not disclose more information than is required.
Aggregated or De-Identified Information
Aggregated or de-identified information that We compile or create may be shared with third parties. The aggregated or de-identified information will not contain Your personal information.
IV. Risk of Harm
We take security seriously and have taken steps to safeguard Your personal information by implementing physical, procedural, contractual and technical security measures. However, no measures are perfect and Your personal information may be compromised despite all of Our efforts. Please review this section carefully to understand the risk associated with providing Us Your information.
Security Measures
We protect Your personal information as follows:
-
Procedural : We have put in place various organizational and operational processes to ensure that access to and use of Your personal information is limited.
-
Contractual : We have put in contractual obligations with third parties with whom We share Your personal information to ensure that Your personal information is secure and protected.
-
Technical : The Service includes technical securities such as encryption to ensure that Your personal information is secure. Further, We ensure end-point security of Our devices through strong password protection.
Retention
We retain Your personal information for as long as You use the Service and for a reasonable time thereafter. The exact retention period for information varies on the type of information and the purpose for which such information was collected. Some information is necessary to maintain, safeguard and operate the Service and as a result, such information may be kept indefinitely. When Your personal information is no longer required, We will destroy, erase or convert it to a de-identified form.
Residual Risk
Despite all Our efforts in safeguarding Your information, We cannot guarantee the safety of Your information. There are numerous sophisticated adversaries who may employ tactics to defeat Our security measures or the security measures of Our service providers and partners. If
You determine that the residual risk remaining from providing Us Your information after taking into consideration the mitigation measures (both security and retention) described above, and the potential for such measures to be defeated, is greater than the benefit obtained from Your use of the Service or is beyond Your risk tolerance, then please do not use the Service. As explained in this Policy, You may refuse or withdraw Your consent at any time. By using the Service, You acknowledge that You understand and assume the risk associated with using the Service.
WE ASSUME NO LIABILITY FOR DISCLOSURE OF YOUR INFORMATION DUE TO TRANSMISSION ERRORS, THIRD-PARTY ACCESS OR CAUSES BEYOND OUR CONTROL.
V. Other Websites and Other Parties
You acknowledge that this Policy applies only to the Service that We own or operate. We do not have access to or control over the practices, content or information of other parties and thus, WE DO NOT GUARANTEE, REPRESENT OR WARRANT THAT SUCH PRACTICES, CONTENT OR INFORMATION IS ACCURATE, LEGAL, NON-INFRINGING OR INOFFENSIVE, OR THAT THIRD-PARTY ADVERTISING OR LINKS TO OTHER WEBSITES ARE FREE FROM VIRUSES OR OTHER MALICIOUS CODE. YOU AGREE THAT WE ARE NOT RESPONSIBLE FOR OR LIABLE, DIRECTLY OR INDIRECTLY, FOR ANY DAMAGES OR LOSSES CAUSED OR ALLEGED TO BE CAUSED BY SUCH THIRD PARTIES ADVERTISING, LINKS, CONTENT, PRACTICES OR INFORMATION.
Please contact them directly for more information about their privacy practices.
VI. Access, Accuracy and Choice
We permit the reasonable right of access and review of Your personal information held by Us and will endeavour to provide the information to You within a reasonable time. We may refuse access or Your right of access may be limited in accordance with applicable law. To guard against fraudulent requests for access, We may require sufficient information to allow Us to confirm that the person making the request is authorized to do so before granting access or making corrections.
We do not routinely update Your personal information but will correct Your personal information when You have indicated to Us that it is inaccurate or incomplete.
You can withdraw Your consent to Our use of Your personal information at any time. Withdrawal of consent does not operate retroactively and may affect Your ability to use the Service.
To communicate with Us regarding this section or about this Policy in general, please contact Us at privacy@cxguru.ai. For some of Your personal information, You may withdraw consent or refuse collection through Your device. For example, You may disable location services or cookies.
VII. Children
We do not knowingly collect personal information from an individual under the age of 16. If You are under the age of 16, please do not submit any personal information through the Service. If You have reason to believe that We may have accidentally received personal information from an individual under the age of 16, please contact Us immediately at privacy@cxguru.ai.