Skip to content

Privacy Policy

Last updated: February 23, 2026

This privacy policy describes how CRX Team collects, uses, and protects the personal data of its users, in compliance with Regulation (EU) 2016/679 (General Data Protection Regulation — GDPR) and applicable data protection legislation.

1. Data Controller

The Data Controller is CRX Team, with operational headquarters in Italy. For any request regarding the processing of personal data, the Data Controller can be contacted at: privacy@crx.team.

2. Types of data collected

CRX Team may collect the following categories of personal data:

  • Browsing data: IP address, browser type, operating system, pages visited, access times, and session duration. This data is collected automatically by the information systems and communication protocols.
  • Voluntarily provided data: name, email address, company name, and any other information entered in contact forms, registration, or direct communication with CRX Team.
  • Platform usage data: conversations with AI agents, prompts entered, generated outputs, credits used, usage preferences, and account configurations.
  • Payment data: transactions are processed through PCI-DSS certified third-party payment processors. CRX Team does not directly store credit card data.

3. Legal basis for processing

The processing of personal data is based on the following legal grounds pursuant to Article 6 of the GDPR:

  • Consent (Art. 6.1.a): for sending promotional communications, newsletters, and for the use of non-strictly-necessary cookies.
  • Contractual performance (Art. 6.1.b): for the provision of requested services, management of user accounts, and the credit system.
  • Legal obligation (Art. 6.1.c): to comply with obligations established by applicable laws, including tax and accounting requirements.
  • Legitimate interest (Art. 6.1.f): for fraud prevention, platform security, aggregate usage analysis, and service improvement.

4. Purposes of processing

Personal data is processed for the following purposes:

  • Provision and management of the multi-agent AI platform services
  • Management of user accounts, the credit system, and transactions
  • Responding to contact requests and providing support
  • Improvement of services and user experience
  • Compliance with legal and regulatory obligations
  • Fraud prevention and platform security
  • Service communications regarding the account and platform
  • Sending promotional communications, subject to explicit consent

5. Processing methods and security

Personal data is processed using automated tools for the time strictly necessary to achieve the purposes for which it was collected. Specific technical and organizational security measures are adopted to prevent loss, unlawful or improper use, and unauthorized access to data, including:

  • Data encryption in transit (TLS 1.3) and at rest
  • Role-based access controls and secure authentication
  • Continuous infrastructure monitoring
  • Compliance with OWASP Top 10 application security standards
  • Regular backups and disaster recovery procedures

6. Data transfers

Data is processed through enterprise-grade AI services, hosted exclusively on data centers located within the European Union. No personal data is transferred to third countries outside the European Economic Area (EEA).

Should a transfer to third countries become necessary in the future, it will be carried out exclusively in compliance with the safeguards provided by Chapter V of the GDPR, including European Commission adequacy decisions or standard contractual clauses.

7. Rights of the data subject

As a data subject, under Articles 15-22 of the GDPR, you have the right to:

  • Access (Art. 15): obtain confirmation of whether your personal data is being processed and access your personal data.
  • Rectification (Art. 16): request correction of inaccurate data or completion of incomplete data.
  • Erasure (Art. 17): request the deletion of your personal data in cases provided by law (right to be forgotten).
  • Restriction (Art. 18): request restriction of processing in certain cases.
  • Portability (Art. 20): receive your data in a structured, commonly used, and machine-readable format.
  • Objection (Art. 21): object to the processing of your data on legitimate grounds.
  • Automated decisions (Art. 22): not be subject to decisions based solely on automated processing that produce significant legal effects.

To exercise your rights, you may send a request to privacy@crx.team. The Data Controller will respond within 30 days of receiving the request. You also have the right to lodge a complaint with the Italian Data Protection Authority — Garante per la protezione dei dati personali (www.garanteprivacy.it).

8. Cookies

This website uses technical cookies and, subject to consent, analytical cookies to improve the browsing experience. For detailed information about cookies used and how to manage them, please refer to our Cookie Policy.

9. Data retention

Personal data is retained for the time strictly necessary to achieve the purposes for which it was collected, and in any case:

  • Account data: for the entire duration of the contractual relationship and for 10 years thereafter, as required by Italian tax legislation.
  • Browsing data: for a maximum of 90 days.
  • Platform usage data: for the entire duration of the contractual relationship, with the possibility of deletion upon request.
  • Data for promotional purposes: until consent is withdrawn by the user.

10. Changes to this policy

The Data Controller reserves the right to modify this privacy policy at any time by publishing the updated version on this page with the date of last update. Substantial changes will be communicated to registered users via email or platform notification. We recommend checking this page periodically.

11. Contact

For any questions or requests regarding this privacy policy or the processing of personal data, please contact us at:

CRX Team — Privacy

Email: privacy@crx.team