COREXPERT OPERATIONS CORPORATION

(DBA CXO / CXO CORPORATION)

PRIVACY POLICY

Last Updated: May 12, 2026

This Privacy Policy (the “Policy”) describes the manner in which COREXPERT OPERATIONS CORPORATION, an Ontario corporation carrying on business as CXO or CXO Corporation (“CXO”, “we”, “us” or “our”), collects, uses, discloses, processes, stores, and safeguards personal information in connection with:

(i) https://cxocorporation.com and all associated domains, subdomains, landing pages, and digital properties (the “Website”);
(ii) CXO’s artificial intelligence systems, including AI agents marketed as “AI Employees”; and
(iii) all related services, platforms, integrations, and communications (collectively, the “Services”).

By accessing or using the Services, you acknowledge that you have read and understood this Policy and, where required by applicable law, you consent to the collection, use, and disclosure of your personal information in accordance with this Policy.

If you do not agree to this Policy, you must not access or use the Services.

1. INTERPRETATION AND SCOPE

1.1 This Policy applies to all individuals whose personal information is processed by CXO in connection with the Services, including website visitors, prospective clients, customers, end users of AI Employees, and individuals whose data is processed through client integrations.

1.2 This Policy does not apply to third-party websites, platforms, or services that are not owned or controlled by CXO, notwithstanding any links or integrations thereto.

2. CATEGORIES OF INFORMATION COLLECTED

CXO collects and processes the following categories of information, either directly or indirectly:

2.1 Information Provided by Users

• Name, email address, telephone number

• Employer, title, and business affiliation

• Billing and payment information

• Information submitted through forms, chat interfaces, or communications

• Business data and operational inputs provided for AI Employees or consulting services

2.2 Automatically Collected Information

• Internet Protocol (IP) address

• Device identifiers, browser type, and operating system

• Usage data, session logs, and interaction metrics

• Referral sources and navigation patterns

• Cookie and tracking data

2.3 AI and Automated Processing Inputs

Where users interact with CXO’s AI systems, including AI Employees, CXO may process:

• prompts, queries, and instructions

• uploaded documents or datasets

• CRM and third-party system data

• conversational logs and workflow triggers

• structured and unstructured business inputs

2.4 Third-Party Data Sources

CXO may receive information from third-party service providers, including:

• customer relationship management systems (including GoHighLevel)

• cloud infrastructure providers

• analytics and marketing platforms

• AI model providers, including OpenAI, Anthropic, Google, and similar entities

3. PURPOSES OF COLLECTION AND USE

CXO collects and uses personal information for the following purposes:

(a) provision, operation, and maintenance of the Services;
(b) deployment, configuration, and operation of AI Employees;
(c) performance of contractual obligations;
(d) billing, account administration, and payment processing;
(e) service improvement, analytics, and system optimization;
(f) security monitoring, fraud prevention, and risk mitigation;
(g) customer support and communications;
(h) compliance with legal and regulatory obligations; and
(i) where permitted, marketing and promotional communications.

4. LEGAL BASIS FOR PROCESSING (GDPR)

Where the General Data Protection Regulation (EU) 2016/679 applies, CXO processes personal data on the following legal bases:

• performance of a contract;

• legitimate interests, including business operations, service improvement, and fraud prevention;

• consent, where required (including marketing and cookies); and

• compliance with legal obligations.

5. AI EMPLOYEES AND AUTOMATED DECISION-MAKING

5.1 CXO provides AI-based systems, including autonomous and semi-autonomous agents marketed as “AI Employees”.

5.2 You acknowledge and agree that:
(a) AI Employees operate using probabilistic machine learning models;
(b) outputs may be inaccurate, incomplete, outdated, or otherwise unreliable;
(c) automated processing may occur without human intervention; and
(d) AI outputs do not constitute professional advice of any kind.

5.3 CXO does not guarantee the accuracy, reliability, or suitability of any AI-generated output, and expressly disclaims any liability arising from reliance thereon.

6. DISCLOSURE AND SHARING OF INFORMATION

CXO may disclose personal information to the following categories of recipients:

6.1 Service Providers and Subprocessors

Including, without limitation:

• AI model providers (OpenAI, Anthropic, Google)

• cloud infrastructure providers (AWS, Google Cloud, Microsoft Azure)

• CRM and automation platforms (including GoHighLevel)

• analytics and communication providers

• payment processors and financial service providers

6.2 Business and Operational Purposes

Where necessary for:

• service delivery and support

• system maintenance and security

• business operations and analytics

6.3 Legal and Regulatory Disclosure

Where required to:

• comply with applicable law or regulatory process

• respond to lawful requests from authorities

• enforce contractual rights

• protect the rights, safety, or security of CXO or third parties

7. INTERNATIONAL DATA TRANSFERS

CXO operates on a cross-border basis. Personal information may be transferred to jurisdictions outside the user’s country of residence, including Canada, the United States, and other jurisdictions where service providers operate.

Where required by applicable law, CXO implements appropriate safeguards, which may include Standard Contractual Clauses (SCCs) or equivalent transfer mechanisms.

8. DATA RETENTION

CXO retains personal information only for as long as necessary to fulfill the purposes for which it was collected, including:

• the provision of Services;

• legal and regulatory compliance;

• dispute resolution; and

• legitimate business purposes.

Retention periods vary depending on the nature of the information and applicable legal requirements.

9. SECURITY SAFEGUARDS

CXO implements commercially reasonable administrative, technical, and physical safeguards designed to protect personal information against unauthorized access, disclosure, alteration, or destruction.

Notwithstanding the foregoing, no method of transmission or storage is completely secure, and CXO cannot guarantee absolute security.

10. USER RIGHTS

Subject to applicable law, individuals may have rights including:

10.1 Under GDPR

• right of access

• right to rectification

• right to erasure

• right to restriction of processing

• right to data portability

• right to object

10.2 Under CCPA/CPRA

• right to know

• right to delete

• right to correct

• right to opt out of sale or sharing (where applicable)

• right to non-discrimination

10.3 Under PIPEDA

• right of access and correction

• right to withdraw consent, subject to legal or contractual restrictions

Requests may be submitted to:
[email protected]

CXO reserves the right to verify identity prior to responding to any request.

11. COOKIES AND TRACKING TECHNOLOGIES

CXO uses cookies and similar technologies for:

• authentication and security

• analytics and performance measurement

• user experience optimization

• marketing and attribution

Where required by applicable law, consent mechanisms are implemented.

Users may disable cookies through browser settings; however, certain functionalities may be impaired.

12. MARKETING COMMUNICATIONS (CASL / CAN-SPAM)

CXO complies with applicable anti-spam legislation, including the Canadian Anti-Spam Legislation (CASL) and the U.S. CAN-SPAM Act.

CXO may send commercial electronic messages where:

• express or implied consent has been obtained; or

• otherwise permitted by applicable law.

Recipients may withdraw consent at any time through unsubscribe mechanisms provided in communications.

13. THIRD-PARTY LINKS AND SERVICES

The Services may contain links to third-party websites or integrate with third-party services.

CXO assumes no responsibility for:

• privacy practices of third parties;

• content or accuracy of third-party services; or

• data handling practices outside CXO’s control.

Use of third-party services is at the user’s sole risk.

14. LIMITATION OF LIABILITY

To the maximum extent permitted by applicable law, CXO shall not be liable for any indirect, incidental, consequential, special, or punitive damages, or for any loss of profits, revenue, data, or business opportunities arising from the use of or inability to use the Services.

15. CHILDREN’S PRIVACY

The Services are not directed to individuals under the age of majority in their jurisdiction. CXO does not knowingly collect personal information from minors.

16. AMENDMENTS

CXO reserves the right to amend this Policy at its sole discretion. Any updates will be effective upon posting to the Website, unless otherwise required by applicable law.

Continued use of the Services constitutes acceptance of the revised Policy.

17. CONTACT INFORMATION

COREXPERT OPERATIONS CORPORATION (CXO)
Ontario, Canada
Email: [email protected]