Home/Legal/Privacy Policy

Privacy Policy

Effective: February 6, 2026Last Updated: March 6, 2026

Quick Summary

  • We collect information you provide and data about how you use our services
  • Your data is used to provide and improve our AI automation services
  • We never sell your personal information to third parties
  • You have rights to access, correct, and delete your data
  • Google user data is used only for CRM features you authorize, per Google's Limited Use requirements
  • Questions? Email us at info@cxtrack.com

1. Introduction

CxTrack ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website cxtrack.com, use our AI automation services, voice agents, CRM integrations, or interact with us in any way. By accessing or using our services, you agree to this Privacy Policy. If you do not agree with the terms of this policy, please do not access our services.

2. Information We Collect

2.1 Personal Information You Provide

  • Contact information (name, email address, phone number, company name)
  • Account credentials (username, password)
  • Business information (industry, team size, revenue range)
  • Payment and billing information (processed through secure third-party providers)
  • Communications you send us (emails, support requests, demo requests)
  • Survey responses and feedback

2.2 Information Collected Automatically

  • Device information (IP address, browser type, operating system)
  • Usage data (pages visited, time spent, click patterns)
  • Cookies and similar tracking technologies
  • Log files and analytics data
  • Geolocation data (country, region, city)

2.3 Information from Third Parties

  • Social media profiles (when you connect accounts)
  • CRM and business tool integrations you authorize
  • Payment processor transaction confirmations
  • Marketing partners and lead generation services

3. How We Use Your Information

  • Provide, operate, and maintain our AI automation services
  • Process transactions and send related information
  • Send administrative communications (service updates, security alerts)
  • Respond to inquiries, support requests, and demo requests
  • Personalize and improve your experience
  • Analyze usage patterns to enhance our services
  • Develop new products, features, and functionality
  • Send marketing communications (with your consent)
  • Detect, prevent, and address technical issues and fraud
  • Comply with legal obligations and enforce our terms

4. Voice Agent & AI Data Processing

Our AI voice agents and automation tools may process: • Call recordings and transcriptions (stored securely and encrypted) • Customer interaction data from your CRM • Business workflow data to optimize automations • Performance metrics and analytics All AI-processed data is handled in accordance with industry best practices. We do not use your customer data to train our AI models without explicit consent. Call recordings are retained for the duration specified in your service agreement and can be deleted upon request.

5. Google User Data

CxTrack integrates with Google services to provide email and calendar functionality within the CRM. This section describes how we handle data received through Google APIs, in compliance with the Google API Services User Data Policy.

5.1 Data Accessed

  • Profile information: Your name, email address, and profile picture via Google Sign-In (scopes: email, profile, openid)
  • Gmail: Permission to send emails on your behalf and modify message status such as marking messages as read or moving them to trash (scopes: gmail.send, gmail.modify)
  • Google Calendar: Permission to read your calendar events and create or modify events for scheduling purposes (scopes: calendar.readonly, calendar.events)
  • OAuth tokens: Short-lived access tokens (approximately 1 hour) and long-lived refresh tokens used to maintain your connection without requiring repeated sign-in

5.2 How Google Data Is Used

  • Profile data is used solely to identify your account and display your name and avatar within the CRM
  • Gmail access is used exclusively to send emails you compose within CxTrack and to update message status (read/trash) when you perform those actions in the CRM interface
  • Calendar access is used to display your upcoming events on the CRM dashboard and to create or update calendar events related to your CRM activities (meetings, follow-ups, appointments)
  • We do not use Google user data for advertising, market research, or any purpose unrelated to the CRM features you have authorized
  • We do not read, scan, or analyze the content of your emails for any purpose other than delivering the email functionality you initiate

5.3 Google Data Sharing

  • We do not sell, rent, or trade Google user data to any third party
  • We do not share Google user data with third parties except as necessary to provide the CRM service (for example, our infrastructure provider Supabase processes encrypted tokens to facilitate API calls)
  • We do not provide Google user data to advertising platforms, data brokers, or information resellers
  • Google user data may be disclosed if required by law, regulation, or valid legal process, or to protect the rights, safety, or property of CxTrack and its users

5.4 Google Data Storage and Protection

  • OAuth access tokens and refresh tokens are encrypted using AES-256 and stored in Supabase Vault, a dedicated secrets management layer separate from application data
  • Google user profile information (name, email) is stored in our application database with encryption at rest
  • Calendar event data is fetched transiently for display and is not bulk-stored or cached persistently in our systems
  • All data in transit is protected with TLS 1.2 or higher encryption
  • Our infrastructure is hosted in Supabase's ca-central-1 (Canada) region with SOC 2 Type II certified data centers
  • Access to stored tokens is restricted to authenticated, authorized server-side processes only and is never exposed to client-side code

5.5 Google Data Retention and Deletion

  • OAuth tokens are retained only for as long as your Google account remains connected to CxTrack
  • When you disconnect your Google account from CxTrack settings, all stored tokens (access and refresh) are permanently deleted from Supabase Vault immediately
  • If your CxTrack account is deleted, all associated Google OAuth tokens and cached profile data are permanently removed within 30 days
  • You may revoke CxTrack's access at any time through your Google Account permissions page (myaccount.google.com/permissions) or through the CxTrack settings panel
  • Transient calendar data is not persisted beyond the user session

5.6 Google API Services Limited Use Disclosure

  • CxTrack's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements
  • CxTrack only uses Google user data to provide and improve the user-facing CRM features described in this policy
  • CxTrack does not use Google user data for serving advertisements or for any purpose other than providing the CRM functionality you authorized
  • CxTrack does not allow humans to read your Google user data unless: (a) you provide affirmative consent for a specific message, (b) it is necessary for security purposes such as investigating abuse, (c) it is necessary to comply with applicable law, or (d) our use is limited to internal operations and the data has been aggregated and anonymized

6. Data Sharing & Disclosure

We may share your information with:

  • Service providers who assist in operating our business (hosting, analytics, payment processing)
  • Business partners with your consent for integrated services
  • Legal authorities when required by law or to protect our rights
  • Successors in the event of a merger, acquisition, or asset sale

We do NOT:

  • Sell your personal information to third parties
  • Share your data for third-party advertising without consent
  • Provide access to your business data to competitors

7. Cookies & Tracking Technologies

We use cookies and similar technologies for: • Essential cookies: Required for site functionality • Analytics cookies: Help us understand how you use our site • Marketing cookies: Track campaign effectiveness (with consent) You can manage cookie preferences through your browser settings. Disabling certain cookies may affect site functionality.

8. Data Security

We implement industry-standard security measures including: • SSL/TLS encryption for data in transit • AES-256 encryption for data at rest • Regular security audits and penetration testing • Access controls and authentication requirements • Employee security training and confidentiality agreements While we strive to protect your information, no method of transmission over the Internet is 100% secure. We cannot guarantee absolute security but will notify you of any breach as required by law.

9. Data Retention

We retain your personal information for as long as necessary to: • Provide our services to you • Comply with legal obligations • Resolve disputes and enforce agreements When data is no longer needed, we securely delete or anonymize it. You may request deletion of your data at any time, subject to legal retention requirements.

10. Your Privacy Rights

Depending on your location, you may have the right to:

  • Access the personal information we hold about you
  • Correct inaccurate or incomplete information
  • Delete your personal information
  • Restrict or object to certain processing
  • Data portability (receive your data in a structured format)
  • Withdraw consent for marketing communications
  • Lodge a complaint with a supervisory authority

To exercise these rights, contact us at info@cxtrack.com. We will respond within 30 days.

11. International Data Transfers

CxTrack operates from Manitoba, Canada. If you are accessing our services from outside Canada, your information may be transferred to and processed in Canada or other jurisdictions where our service providers operate. We ensure appropriate safeguards are in place for international transfers, including standard contractual clauses and compliance with applicable data protection laws.

12. Children's Privacy

Our services are not intended for individuals under 18 years of age. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately.

13. Third-Party Links

Our website may contain links to third-party sites. We are not responsible for the privacy practices of these external sites. We encourage you to review their privacy policies before providing any personal information.

14. Changes to This Policy

We may update this Privacy Policy periodically. Material changes will be communicated via email or prominent notice on our website. Continued use of our services after changes constitutes acceptance of the updated policy.

15. Contact Us

If you have questions about this Privacy Policy or wish to exercise your privacy rights, contact us:

Email:info@cxtrack.com
Location:Manitoba, Canada
Response Time:Within 30 days for privacy requests

Stop Guessing. Start Automating.

Book a 30-minute audit. We'll map your biggest leaks and show you the exact automation roadmap. No pitch. No pressure.

No credit card required
Roadmap in 4 weeks
Cancel anytime
CxTrack
Privacy Policy·Terms of Service·Contact·info@cxtrack.com
© 2026 CxTrack. All rights reserved.Headquartered in Winnipeg, MB. Serving businesses across Canada.