COREXPERT OPERATIONS CORPORATION

(DBA CXO / CXO CORPORATION)

PRIVACY POLICY

Last Updated: May 12, 2026

This Privacy Policy (the “Policy”) describes the manner in which COREXPERT OPERATIONS CORPORATION, an Ontario corporation carrying on business as CXO or CXO Corporation (“CXO”, “we”, “us” or “our”), collects, uses, discloses, processes, stores, and safeguards personal information in connection with:

(i) https://cxocorporation.com and all associated domains, subdomains, landing pages, and digital properties (the “Website”);
(ii) CXO's agentic AI systems, including AI-powered workflow automation agents; and
(iii) all related services, platforms, integrations, and communications (collectively, the “Services”).

By accessing or using the Services, you acknowledge that you have read and understood this Policy and, where required by applicable law, you consent to the collection, use, and disclosure of your personal information in accordance with this Policy.

If you do not agree to this Policy, you must not access or use the Services.

1. INTERPRETATION AND SCOPE

1.1 This Policy applies to all individuals whose personal information is processed by CXO in connection with the Services, including website visitors, prospective clients, customers, end users of CXO agentic AI systems, and individuals whose data is processed through client integrations.

1.2 This Policy does not apply to third-party websites, platforms, or services that are not owned or controlled by CXO, notwithstanding any links or integrations thereto.

2. CATEGORIES OF INFORMATION COLLECTED

CXO collects and processes the following categories of information, either directly or indirectly:

2.1 Information Provided by Users

• Name, email address, telephone number

• Employer, title, and business affiliation

• Billing and payment information

• Information submitted through forms, chat interfaces, or communications

• Business data and operational inputs provided for AI Employees or consulting services

2.2 Automatically Collected Information

• Internet Protocol (IP) address

• Device identifiers, browser type, and operating system

• Usage data, session logs, and interaction metrics

• Referral sources and navigation patterns

• Cookie and tracking data

2.3 AI AND AUTOMATED PROCESSING INPUTS

Where users interact with CXO's agentic AI systems, CXO may process:

• prompts, queries, and instructions

• uploaded documents or datasets

• CRM and third-party system data

• conversational logs and workflow triggers

• structured and unstructured business inputs

CXO expressly disclaims responsibility for decisions, actions, or omissions taken by users or clients in reliance on outputs generated by CXO agentic AI systems. Such systems do not constitute autonomous decision-making systems capable of binding CXO or any third party.

2.4 THIRD-PARTY DATA SOURCES

CXO may receive information from third-party service providers, including:

• customer relationship management systems (including GoHighLevel)

• cloud infrastructure providers

• analytics and marketing platforms

• AI model providers, including OpenAI, Anthropic, Google, and similar entities

These providers may process data independently of CXO’s control.

3. PURPOSES OF COLLECTION AND USE

CXO collects and uses personal information for the following purposes:

(a) provision, operation, and maintenance of the Services;
(b) deployment, configuration, and operation of agentic AI systems and automated workflows;
(c) performance of contractual obligations;
(d) billing, account administration, and payment processing;
(e) service improvement, analytics, and system optimization;
(f) security monitoring, fraud prevention, and risk mitigation;
(g) customer support and communications;
(h) compliance with legal and regulatory obligations; and
(i) where permitted, marketing and promotional communications.

4. LEGAL BASIS FOR PROCESSING (GDPR)

Where the General Data Protection Regulation (EU) 2016/679 applies, CXO processes personal data on the following legal bases:

• performance of a contract;

• legitimate interests, including business operations, service improvement, and fraud prevention;

• consent, where required (including marketing and cookies);

• compliance with legal obligations.

Where automated processing or AI-assisted systems are used, such processing is conducted in furtherance of contractual and operational purposes and does not constitute sole automated decision-making intended to produce legal or similarly significant effects without human review.

5. AGENTIC AI SYSTEMS AND AUTOMATED DECISION-MAKING

5.1 CXO provides agentic AI systems, including autonomous and semi-autonomous workflow automation agents.

5.2 You acknowledge and agree that:
(a) AI Employees operate using probabilistic machine learning models;
(b) outputs may be inaccurate, incomplete, outdated, or otherwise unreliable;
(c) automated processing may occur without human intervention;
(d) AI outputs do not constitute professional advice of any kind;
(e) AI outputs may contain hallucinations or incorrect information;

5.3 CXO does not guarantee the accuracy, reliability, or suitability of any AI-generated output, and expressly disclaims any liability arising from reliance thereon.

5.4 MODEL BEHAVIOR AND OUTPUT LIMITATIONS
CXO agentic AI systems rely on third-party large language models, including OpenAI, Anthropic, Google, and similar providers. CXO does not control model training, weighting, inference logic, or output generation behavior of such providers. Outputs may be influenced by systems outside CXO’s control.

6. DISCLOSURE AND SHARING OF INFORMATION

CXO may disclose personal information to the following categories of recipients:

6.1 SERVICE PROVIDERS AND SUBPROCESSORS

Including:

• AI model providers (OpenAI, Anthropic, Google)

• cloud infrastructure providers (AWS, Google Cloud, Microsoft Azure)

• CRM and automation platforms

• analytics and communication providers

• payment processors and financial service providers

These providers may act as independent processors or controllers under applicable law.

6.2 BUSINESS AND OPERATIONAL PURPOSES

Where necessary for:

• service delivery and support

• system maintenance and security

• business operations and analytics

6.3 LEGAL AND REGULATORY DISCLOSURE

Where required to:

• comply with applicable law or regulatory process

• respond to lawful requests from authorities

• enforce contractual rights

• protect rights, safety, or security of CXO or third parties

 7. INTERNATIONAL DATA TRANSFERS

CXO operates on a cross-border basis. Personal information may be transferred to jurisdictions outside the user’s country of residence, including Canada, the United States, and other jurisdictions where service providers operate.

Where required by applicable law, CXO implements appropriate safeguards, which may include Standard Contractual Clauses (SCCs) or equivalent transfer mechanisms.

8. DATA RETENTION

CXO retains personal information only for as long as necessary to fulfill the purposes for which it was collected, including:

• provision of Services

• legal and regulatory compliance

• dispute resolution

• legitimate business purposes

Retention periods vary depending on the nature of the information and applicable legal requirements.

9. SECURITY SAFEGUARDS

CXO implements commercially reasonable administrative, technical, and physical safeguards designed to protect personal information against unauthorized access, disclosure, alteration, or destruction.

No system is completely secure, and CXO cannot guarantee absolute security.

10. USER RIGHTS

Subject to applicable law, individuals may have rights including:

10.1 GDPR

• right of access

• right to rectification

• right to erasure

• right to restriction of processing

• right to data portability

• right to object

10.2 CCPA/CPRA

• right to know

• right to delete

• right to correct

• right to opt out of sale or sharing (where applicable)

• right to non-discrimination

10.3 PIPEDA

• right of access and correction

• right to withdraw consent subject to legal restrictions

Requests may be submitted to: [email protected]

CXO reserves the right to verify identity prior to responding.

11. COOKIES AND TRACKING TECHNOLOGIES

CXO uses cookies and similar technologies for:

• authentication and security

• analytics and performance measurement

• user experience optimization

• marketing and attribution

Where required by applicable law, consent mechanisms are implemented.

Users may disable cookies through browser settings; however, certain functionalities may be impaired.

12. MARKETING COMMUNICATIONS (CASL / CAN-SPAM)

CXO complies with applicable anti-spam legislation. Marketing communications are sent only where consent or lawful basis exists. Users may withdraw consent at any time.

13. THIRD-PARTY LINKS AND SERVICES

CXO is not responsible for privacy practices of third-party services, content, or data handling practices outside CXO’s control. Use is at user’s risk.

14. LIMITATION OF LIABILITY

To the maximum extent permitted by applicable law, CXO shall not be liable for:

• third-party data practices

• AI-generated outputs

• reliance on Services or outputs

• system interruptions or failures

• unauthorized access outside CXO systems

 15. CHILDREN’S PRIVACY

Services are not directed to individuals under the age of majority. CXO does not knowingly collect personal information from minors.

16. AMENDMENTS

CXO reserves the right to amend this Policy at any time. Continued use constitutes acceptance of updated versions.

17. CONTACT INFORMATION

COREXPERT OPERATIONS CORPORATION (CXO)
Ontario, Canada
[email protected]