Privacy Policy

Privacy Policy

Last updated: 11/20/2026

This Privacy Policy describes how Creux Digital ("Company," "we," "us," or "our") collects, uses, discloses, and protects personal information obtained from users ("you" or "your") who access our software-as-a-service platform, website, applications, and related services (collectively, the "Services"). This Privacy Policy is intended to comply with applicable U.S. federal and state privacy laws, including the Texas Data Privacy and Security Act (TDPSA), the California Consumer Privacy Act as amended by the California Privacy Rights Act (CCPA/CPRA), and, where applicable, the EU General Data Protection Regulation (GDPR).

1. Scope and Applicability

This Privacy Policy applies to personal data collected from:

Visitors to our website(s)

Customers and authorized users of our SaaS platform

Prospective customers

Business partners and service providers

Individuals who communicate with us

This Policy does not apply to:

Information collected in an employment or job applicant context

Information already publicly available

Data governed by HIPAA, GLBA, FCRA, or other sector-specific laws where exempt

2. Personal Information We Collect

As a Software-as-a-Service (SaaS) provider, we collect personal information necessary to provide, operate, secure, and improve our platform.

A. Identifiers

Name

Email address

Phone number

IP address

Account credentials

B. Account and Usage Data

Subscription status

User roles and permissions

Log files and authentication data

Feature usage and platform interactions

C. Commercial Information

Products or services purchased

Billing history

Payment-related details (processed by third-party payment processors)

D. Internet or Network Activity

Browser type and device information

Operating system

Referring URLs

Pages viewed and actions taken within the Services

E. Location Data

Approximate geographic location derived from IP address

F. Communications

Messages sent through contact forms, email, support tickets, SMS, or chat

We do not knowingly collect personal data from children under 13 years of age.

3. How We Collect Personal Information

We collect personal information through:

Direct user submissions when creating accounts or using the Services

Automated technologies such as cookies, SDKs, logs, and analytics tools

Third-party service providers integrated into our platform

Authorized resellers or partners, where applicable

4. Purpose and Legal Bases for Processing

We process personal data for the following purposes:

Providing, operating, and maintaining the Services

Account creation, authentication, and user management

Processing subscriptions and transactions

Customer support and communications

Improving performance, features, and functionality

Marketing and promotional activities (subject to opt-out rights)

Security monitoring, fraud prevention, and abuse detection

Compliance with legal and regulatory obligations

Legal Bases (GDPR)

Where GDPR applies, processing is based on one or more of the following:

Performance of a contract

Legitimate business interests

Compliance with legal obligations

Consent, where required

5. Cookies and Tracking Technologies

We use cookies and similar technologies to:

Enable core platform functionality

Maintain user sessions and preferences

Analyze usage trends and performance

Support marketing and analytics efforts

You may control cookie settings through your browser or device. Disabling cookies may limit certain features of the Services.

6. Sharing and Disclosure of Personal Information

We may share personal information with:

Service providers and vendors supporting our operations (hosting, analytics, customer support, payment processing)

Professional advisors such as auditors, consultants, or legal counsel

Government or regulatory authorities when required by law

A successor entity in connection with a merger, acquisition, restructuring, or asset sale

We do not sell personal data. We do not share personal data for cross-context behavioral advertising except where permitted by law and subject to opt-out rights.

7. Your Privacy Rights

A. Texas (TDPSA)

Texas residents have the right to:

Confirm whether we process their personal data

Access, correct, or delete personal data

Obtain a portable copy of their personal data

Opt out of targeted advertising, sale of personal data, or certain profiling

B. California (CCPA/CPRA)

California residents have the right to:

Know the categories and specific pieces of personal information collected

Delete personal information

Correct inaccurate personal information

Limit the use and disclosure of sensitive personal information

Opt out of the sale or sharing of personal information

Not be discriminated against for exercising privacy rights

We do not sell personal information and do not knowingly share personal information for cross-context behavioral advertising.

C. European Economic Area, United Kingdom, and Switzerland (GDPR)

Individuals located in the EEA, UK, or Switzerland have the right to:

Access their personal data

Rectify inaccurate data

Request erasure (“right to be forgotten”)

Restrict or object to processing

Data portability

Withdraw consent at any time

Lodge a complaint with a supervisory authority

8. Exercising Your Rights

Privacy rights requests may be submitted by contacting us at:

Email: [email protected]

We will respond within legally required timeframes (45 days for U.S. state laws; up to 30 days under GDPR, subject to extension).

Appeals (TDPSA)

If your request is denied, you may appeal by contacting us at the same email address. If your appeal is denied, you may submit a complaint to the Texas Attorney General.

9. Sensitive Personal Data

We do not process sensitive personal data—such as precise geolocation, racial or ethnic origin, religious beliefs, biometric identifiers, or data of known children—without valid consent or where otherwise permitted by law.

10. International Data Transfers

If you access the Services from outside the United States, your information may be transferred to and processed in the United States or other jurisdictions. Where required by GDPR, we rely on appropriate safeguards such as standard contractual clauses.

11. Data Security

We maintain reasonable administrative, technical, and physical safeguards designed to protect personal information from unauthorized access, disclosure, alteration, or destruction. No security system is completely secure.

12. Data Retention

We retain personal information only for as long as reasonably necessary to fulfill the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law.

13. Third-Party Services and Integrations

Our Services may integrate with or link to third-party platforms or services. This Privacy Policy does not apply to those third parties, and we encourage you to review their privacy practices independently.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Any changes will be effective upon posting with an updated “Last updated” date.

15. Contact Information

If you have questions about this Privacy Policy or wish to exercise your privacy rights, contact:

Creux Digital
Email: [email protected]