Privacy Policy.

This Policy applies to personal data that Truxl collects and processes as a controller — that is, data we decide the purposes and means for. This includes data about:

• Visitors to our marketing websites and documentation;
• Individuals who register for, evaluate, or administer a Truxl account;
• People who contact us, attend our events, or subscribe to our communications.

This Policy does not govern the event data, user profiles, session recordings, or other content that our customers send into the platform about their end users (“Customer Analytics Data”). For that data, Truxl acts as a processor on the customer’s behalf, and the customer’s own privacy policy applies.

This Policy also does not apply to third-party websites or services that link to or from the Services.

Truxl plays two different roles depending on the data in question. This distinction is central to understanding your rights.

As a Data Controller

For personal data about our own website visitors, prospects, account administrators, and contacts, Truxl is the controller. We decide why and how that data is processed, and this Policy describes those practices.

As a Data Processor

For analytics data ingested in the platform via the customer’s code, the events, identifiers, properties, and related data — the customer is the controller and Truxl is the processor. We process that data only on the customer’s documented instructions, under a Data Processing Agreement (“DPA”). If you are an end user of a product built by one of our customers and want to exercise privacy rights over your data, please contact that customer directly; we will assist them as their processor.

For Truxl Self-Hosted deployments, the customer is both controller and processor of the data, and that data resides in the customer’s own environment. Truxl does not have access to it.

• Account and contact data: name, work email, password, company name, job role, and billing details.
• Support and communications: the content of messages, survey responses, and feedback you send us.
• Payment data: processed by our payment provider; we receive limited transaction and billing information, not full card numbers.
• Usage and device data: pages viewed, features used, referring URLs, IP address, browser and operating system, and similar diagnostic data when you use our website or product dashboard.

We use our own product, Truxl, to analyze how our website and dashboard are used — in the same way our customers use it for their products.

• Authentication providers (e.g. single sign-on) when you log in through them;
• Business contact and enrichment providers, where permitted by law;
• Sub-processors and infrastructure providers that help us deliver the Services.

As a controller, we use personal data to:

• Provide, operate, secure, and improve the Services;
• Create and administer accounts and authenticate users;
• Process payments and manage billing;
• Respond to enquiries and provide customer support;
• Send service, security, and (where permitted) marketing communications;
• Power AI features — for example, translating plain-language questions into queries, charts, and explanations — limited to the data needed for that purpose;
• Detect, prevent, and investigate fraud, abuse, and security incidents.

We do not sell personal data. We share it only as described here:

• Service providers / sub-processors: cloud hosting, payment processing, communications, and support tools that process data on our behalf under contract.
• Within Truxl: our affiliates, for the purposes in this Policy.
• Legal and safety: to comply with law, respond to lawful requests, or protect rights, safety, and the integrity of the Services.
• Business transfers: in connection with a merger, acquisition, financing, or sale of assets, subject to this Policy.

We retain personal data for as long as needed to provide the Services and for the purposes described in this Policy, then delete or anonymize it. Account data is generally retained for the life of the account and for a period afterward to meet legal, tax, and security needs. Customer data is retained as per our contractual agreements with the respective customer.

We maintain administrative, technical, and organizational measures designed to protect personal data, including:

• Encryption of data in transit and at rest;
• Role-based access controls and least-privilege access;
• Network and application security monitoring;
• Sub-processor due diligence and contractual safeguards.

Self-Hosted customers are responsible for the security of their own deployment and environment.

Depending on where you live, you may have rights to:

• Access, correct, update, or delete your personal data;
• Port your data to another provider;
• Object to or restrict certain processing;
• Withdraw consent at any time (without affecting prior processing);
• Opt out of marketing communications;
• Lodge a complaint with a supervisory authority.

To exercise these rights for data where Truxl is the controller, contact us at admin@truxl.com. If you are an end user of a customer’s product, please contact that customer (the controller); Truxl will support them as their processor.

The Services are intended for businesses and are not directed to children. We do not knowingly collect personal data from anyone under 18 years of age. If you believe a child has provided us personal data, contact us and we will delete it.

If you have questions about this Policy or our privacy practices, contact:

Privacy / Data Protection: admin@truxl.com

We may update this Policy from time to time. When we make material changes, we will update the “Last updated” date and, where appropriate, provide additional notice. Your continued use of the Services after an update constitutes acceptance of the revised Policy.