Privacy Policy

This Privacy Policy describes how KubixDesiney ("KubixDesiney", "we", "us", or "our") collects, uses, discloses, and safeguards personal information when you visit our websites, create an account, request a demonstration or quote, open a support request, or otherwise use our software products and related services (collectively, the "Services"). It also explains the rights and choices available to you. We act as the controller of the personal information processed through the Services, except where we process information on behalf of a business customer, in which case we act as a processor under that customer's instructions.

We have written this policy to be clear and complete. If anything is unclear, contact us at contact@kubixdesiney.com and we will gladly help.

1. Scope and definitions

This policy applies to personal information we process in connection with the Services. "Personal information" (or "personal data") means information that identifies, relates to, or could reasonably be linked with an identified or identifiable individual. "Processing" means any operation performed on personal information, such as collection, use, storage, disclosure, or deletion. This policy does not apply to third-party websites, products, or services that we do not control.

2. Information we collect

We collect the following categories of personal information:

• Identity and contact data. Name, email address, company or organization name, job title, and the contents of messages you send when you request a demo or quote, contact us, or correspond with our team.
• Account data. The credentials and profile information you provide when registering, including name, email address, and a securely hashed password. We never store passwords in plain text.
• Support data. The subject, description, attachments, status, and conversation history of any support ticket you open, including the email address used to verify guest requests.
• Transactional and commercial data. Records of demos, quotes, subscriptions, orders, and the products you express interest in or use.
• Usage and device data. Information collected automatically when you use the Services, such as IP address, browser and device type, operating system, referring and exit pages, pages and features accessed, and the dates and times of access, collected through cookies, log files, and similar technologies.
• Cookie and similar identifiers. Authentication and session identifiers required to keep you signed in, and, where applicable, analytics identifiers used to understand and improve the Services.
• Information from third parties. Authentication, security, and infrastructure information from the providers that operate the Services, and any information you direct another service to share with us.

You are not legally required to provide personal information, but some information is necessary to create an account, open a ticket, or otherwise use certain features. Where information is required to provide a feature, we will indicate this at the point of collection.

3. How and why we use information

We use personal information for the following purposes, relying on the legal bases indicated where the GDPR or UK GDPR applies:

• To provide and operate the Services — including authentication, account management, and processing demos, quotes, and support requests (legal basis: performance of a contract, or steps taken at your request prior to a contract).
• To secure the Services — to detect, investigate, and prevent fraud, abuse, unauthorized access, and other security incidents (legal basis: legitimate interests and legal obligation).
• To communicate with you — including service messages such as email verification, ticket updates, and important notices (legal basis: performance of a contract and legitimate interests).
• To improve and develop the Services — including analytics, troubleshooting, and product research, typically using aggregated or de-identified information where practicable (legal basis: legitimate interests).
• To market our Services — to send updates and offers where you have not opted out and where permitted by law (legal basis: consent or legitimate interests). You can unsubscribe at any time.
• To comply with law — to meet our legal and regulatory obligations and to establish, exercise, or defend legal claims (legal basis: legal obligation and legitimate interests).

4. Cookies and similar technologies

We use cookies and similar technologies to operate, secure, and improve the Services. Strictly necessary cookies are required to authenticate you and maintain your session; they cannot be switched off through our systems without disabling core functionality. Functional and analytics cookies, where used, help us remember your preferences and understand how the Services are used. You can manage cookies through your browser settings and, where required, through any consent controls we provide. Disabling strictly necessary cookies may prevent you from signing in.

5. How we disclose information

We do not sell your personal information, and we do not share it for cross-context behavioral advertising. We disclose personal information only as follows:

• Service providers and sub-processors. Vendors that host and operate the Services on our behalf — for example, cloud hosting, database, authentication, and email-delivery providers — under written agreements that require appropriate confidentiality and data-protection safeguards and that limit their use to providing services to us.
• Professional advisors. Lawyers, auditors, accountants, and insurers, where reasonably necessary and subject to confidentiality.
• Legal, safety, and compliance. Authorities or other parties where we believe disclosure is required by law or legal process, or necessary to protect the rights, property, or safety of KubixDesiney, our users, or the public.
• Corporate transactions. A successor or acquiring entity in connection with a merger, acquisition, financing, reorganization, or sale of assets, subject to this policy or a successor policy.
• With your direction or consent. Where you ask us to share information or otherwise consent.
• Aggregated or de-identified information. Information that cannot reasonably be used to identify you, which we may use and disclose for any lawful purpose.

6. International data transfers

We and our service providers may process personal information in countries other than the one in which you reside, including the United States. Where we transfer personal information from the European Economic Area, the United Kingdom, or Switzerland to a country that has not been recognized as providing an adequate level of protection, we rely on appropriate safeguards, such as the European Commission's Standard Contractual Clauses and the UK International Data Transfer Addendum, together with supplementary measures where needed. You may request a copy of the relevant safeguards by contacting us.

7. Data retention

We retain personal information for as long as necessary to fulfill the purposes described in this policy, unless a longer retention period is required or permitted by law. To determine the appropriate period, we consider the amount, nature, and sensitivity of the information, the potential risk of harm from unauthorized use or disclosure, the purposes for which we process it, and applicable legal requirements. Account and support information is generally retained for the life of your account and for a reasonable period afterward, after which it is deleted or de-identified.

8. How we protect information

We maintain technical and organizational measures designed to protect personal information against unauthorized access, alteration, disclosure, or destruction. These include encryption of data in transit and at rest, role- based access controls and least-privilege practices, network and application security controls, logging and monitoring, and regular review of our safeguards. No system is perfectly secure; while we work hard to protect your information, we cannot guarantee absolute security and you also play a role by protecting your account credentials.

9. Your privacy rights

9.1 EEA, UK, and Switzerland

If you are located in the European Economic Area, the United Kingdom, or Switzerland, you have the right to access your personal information; to rectify inaccurate information; to erase information; to restrict or object to processing; to data portability; and, where processing is based on consent, to withdraw consent at any time without affecting prior processing. You also have the right to lodge a complaint with your local supervisory authority.

9.2 California

If you are a California resident, the California Consumer Privacy Act, as amended by the California Privacy Rights Act, gives you the right to know the categories and specific pieces of personal information we have collected, the sources, the business or commercial purposes, and the categories of recipients; the right to delete personal information; the right to correct inaccurate information; and the right to opt out of the "sale" or "sharing" of personal information and to limit the use of sensitive personal information. We do not sell or share personal information as those terms are defined under California law, and we do not use sensitive personal information for purposes that would trigger the right to limit. We will not discriminate against you for exercising any of your rights.

9.3 Other regions

Residents of other jurisdictions may have similar rights under applicable law. We honor valid requests to the extent required by the laws that apply to you.

9.4 How to exercise your rights

To exercise any of these rights, contact us at contact@kubixdesiney.com. We will verify your request, typically by confirming control of the email address associated with your information, and respond within the time required by applicable law. You may use an authorized agent where permitted, subject to verification. If we process information on behalf of a business customer as a processor, we will refer your request to that customer and assist them in responding.

10. Automated decision-making

We do not make decisions that produce legal or similarly significant effects about you based solely on automated processing without human involvement. If this changes, we will update this policy and provide any disclosures required by law.

11. Marketing choices

You can opt out of marketing emails at any time by following the unsubscribe link in the message or by contacting us. Even if you opt out of marketing, we may still send you non-promotional service messages, such as those about your account, security, or support requests.

12. Children's privacy

The Services are intended for businesses and are not directed to children under 16, and we do not knowingly collect personal information from children. If you believe a child has provided us personal information, please contact us and we will take appropriate steps to delete it.

13. Third-party links and services

The Services may link to or integrate with third-party websites and services that we do not control. This policy does not apply to those third parties, and we encourage you to review their privacy policies before providing them personal information.

14. Changes to this policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will revise the "Last updated" date above and provide additional notice where appropriate, such as by email or through the Services. Your continued use of the Services after the changes take effect constitutes acceptance of the updated policy to the extent permitted by law.

15. Contact us

If you have questions, concerns, or requests regarding this policy or your personal information, or if you wish to reach our privacy team or, where applicable, our data protection officer or EU/UK representative, contact us at contact@kubixdesiney.com. If you are in the EEA or UK and believe we have not addressed your concern, you have the right to complain to your local data protection supervisory authority.