Privacy & Legal
Compliance Center

Cexres.com ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website cexres.com, use our AI-powered brand intelligence services, or interact with our platform.

This policy applies to all users worldwide and complies with:
• General Data Protection Regulation (GDPR) - European Union
• Hong Kong Personal Data (Privacy) Ordinance (HKPDPO)
• California Consumer Privacy Act (CCPA)
• Other applicable data protection laws

We collect information to provide and improve our AI-powered services:

**Automatically Collected Data:**
• Device information (browser type, OS, device identifiers)
• Usage data (pages visited, features used, time spent)
• IP address and location data (country/region level)
• Cookies and tracking technologies

** Voluntarily Provided Data:**
• Account information (name, email, company details)
• Website URLs submitted for AI analysis
• Business information for service delivery
• Communication preferences

**AI Analysis Data:**
• Website content and structure (for analysis purposes only)
• Brand entity information
• Schema markup and metadata
• Publicly available business information

We never collect sensitive categories of data such as racial or ethnic origin, political opinions, religious beliefs, health data, or biometric data unless voluntarily provided for specific service purposes.

Your data is used exclusively for the following purposes:

**Service Delivery:**
• Performing AI-powered brand analysis and diagnostics
• Generating visibility scores and recommendations
• Delivering personalized insights and reports
• Improving our AI algorithms and services

**Communication:**
• Sending service-related notifications
• Providing customer support
• Delivering marketing communications (with consent)

**Legal Compliance:**
• Meeting regulatory obligations
• Preventing fraud and abuse
• Enforcing our Terms of Service

**Data Retention:**
• Account data: Duration of your subscription + 2 years
• Analysis data: 12 months from analysis date
• Usage logs: 6 months
• Legal holds may extend retention periods

You have extensive rights over your personal data:

**Under GDPR (EU Users):**
• Right to access - Request copies of your data
• Right to rectification - Correct inaccurate data
• Right to erasure - "Right to be forgotten"
• Right to restrict processing - Limit how we use data
• Right to data portability - Receive your data in structured format
• Right to object - Opt out of certain processing
• Right to withdraw consent - At any time

**Under CCPA (California Residents):**
• Right to know what personal information is collected
• Right to delete personal information
• Right to opt-out of sale of personal information
• Right to non-discrimination

**Under HKPDPO (Hong Kong Users):**
• Right to request access to personal data
• Right to request correction of personal data

**Exercise Your Rights:**
Contact us at privacy@cexres.com or through your account settings. We respond to requests within 30 days.

We use cookies and similar technologies to enhance your experience:

**Essential Cookies (Required):**
• Authentication and security
• Session management
• Load balancing
These cannot be disabled as they are necessary for service operation.

**Performance Cookies:**
• Analytics and usage tracking
• A/B testing
• Error monitoring
You can opt out via our Cookie Settings or browser controls.

**Marketing Cookies:**
• Personalized advertisements
• Retargeting
• Campaign measurement
Requires explicit consent.

**Cookie Management:**
You can manage cookies through:
• Our Cookie Preference Center (accessible in footer)
• Browser settings (disable cookies)
• Industry opt-out tools (https://optout.aboutads.info)

**Cookie Retention:**
• Session cookies: Deleted when browser closes
• Persistent cookies: 12 months maximum

We implement enterprise-grade security measures:

**Technical Safeguards:**
• AES-256 encryption at rest
• TLS 1.3 encryption in transit
• Multi-factor authentication
• Regular security audits and penetration testing

**Organizational Measures:**
• SOC 2 Type II compliance
• ISO 27001 certification in progress
• Employee security training
• Background checks for data access personnel

**Data Processing Agreements:**
• Standard Contractual Clauses (SCCs) for EU transfers
• Data Processing Addendum (DPA) available
• Third-party vendor security assessments

**Incident Response:**
• 24/7 security monitoring
• Incident response team
• Breach notification within 72 hours (as required by law)

**Data Localization:**
• Primary processing in Singapore
• EU data residency available for GDPR compliance
• US processing for North American operations

For business customers requiring formal data processing agreements:

**DPA Components:**
• Processor/Controller designation
• Processing scope and purposes
• Data subject rights handling
• Sub-processor list and approval
• Security measures and compliance
• Data breach procedures
• Audit rights
• Termination and data deletion

**Standard Contractual Clauses:**
We utilize EU-approved SCCs for international data transfers, ensuring adequate protection regardless of data location.

**Sub-processors:**
We engage carefully vetted sub-processors including:
• Cloud infrastructure providers (AWS, Google Cloud)
• AI/ML service providers
• Analytics platforms
• Customer support tools

Contact legal@cexres.com for our full DPA template.

Your data may be transferred internationally:

**Transfer Mechanisms:**
• Standard Contractual Clauses (SCCs) - EU Commission approved
• Binding Corporate Rules (for intra-group transfers)
• Adequacy decisions (where applicable)

**Regional Processing:**
• European Economic Area (EEA): Frankfurt, Germany
• Asia-Pacific: Singapore
• North America: US East/West

**Compliance:**
• GDPR Chapter V compliance for EU transfers
• Adequate safeguards for cross-border transfers
• Regular transfer impact assessments

**Your Rights:**
Regardless of where your data is processed, you retain all rights outlined in this policy. Contact us to exercise these rights or request information about specific data flows.