1. Data Controller

CX React (“we,” “our,” or “us”) is the data controller responsible for personal data processed through this platform. You may contact us regarding privacy matters at:

CX React Privacy Team
Email: privacy@leadgen-os.com
Website: https://leadgen-os.com

2. Data We Collect

We collect the following categories of personal data:

2.1 Data You Provide Directly

Contact information: Name, email address, phone number, and postal address submitted through lead capture forms.
Account credentials: Email address used for operator magic-link authentication.
Business information: Company name, industry, service interests, and budget ranges entered during lead qualification flows.
Communications: Messages submitted through contact forms or support channels.

2.2 Data Collected Automatically

Usage data: Pages visited, time spent, click patterns, funnel stage progression, and milestone events.
Device and browser data: IP address, browser type and version, operating system, screen resolution, and user agent string.
Referral data: Referring URLs and UTM parameters used to attribute traffic sources.
Session data: Visit count, returning-visitor status, and engagement signals used for lead scoring.

2.3 Data from Third Parties

Partner programs: Referral identifiers from affiliate and partner networks such as Partnero.
CRM integrations: Lead enrichment data provided by connected CRM or marketing automation providers configured by operators.

3. Legal Basis for Processing (GDPR)

If you are located in the European Economic Area (EEA) or United Kingdom, we process your personal data under the following legal bases:

Consent (Art. 6(1)(a)): Where you have given explicit consent, such as submitting a lead capture form or opting into communications.
Contractual necessity (Art. 6(1)(b)): Where processing is required to provide services you have requested, including operator account management.
Legitimate interests (Art. 6(1)(f)): For analytics, fraud prevention, platform security, and improving our services, where our interests do not override your fundamental rights.
Legal obligation (Art. 6(1)(c)): Where processing is required to comply with applicable laws.

4. How We Use Your Data

Capture and qualify leads on behalf of platform operators.
Score leads based on engagement signals, behavior, and qualification responses.
Route leads to appropriate operator workflows, CRMs, and follow-up sequences.
Send automated follow-up communications with operator consent.
Authenticate operator accounts via magic link.
Generate analytics reports and funnel performance metrics.
Detect fraud, abuse, and unauthorized access.
Comply with legal obligations and respond to lawful requests.
Improve platform performance, reliability, and features.

We do not sell your personal data. We share data only in the following circumstances:

Platform operators: Lead data is shared with the operator (business) whose form or funnel captured the lead, as this is the core function of the service.
Service providers: We use trusted third-party processors including email delivery services, cloud infrastructure providers, and analytics tools, each bound by data processing agreements.
Partner programs: Referral attribution data may be shared with affiliate partners (e.g., Partnero) to track program performance.
Legal requirements: We may disclose data when required by law, court order, or governmental authority, or to protect the rights, property, or safety of CX React, its users, or the public.
Business transfers: In the event of a merger, acquisition, or sale of assets, personal data may be transferred as part of the transaction with appropriate notice to affected users.

6. Cookies and Tracking Technologies

We use the following categories of cookies and similar technologies:

Strictly necessary: Session management, authentication tokens, and security cookies required for the platform to function.
Analytics: First-party analytics cookies to measure traffic, funnel performance, and lead conversion rates.
Attribution: Cookies to track referral sources and UTM parameters for marketing attribution.
Partner tracking: Cookies set by affiliate partner programs (such as Partnero) to track referral conversions.

You may control cookie preferences through your browser settings. Note that disabling strictly necessary cookies may impair platform functionality.

7. Data Retention

We retain personal data for the following periods:

Lead records: Retained for the duration of the operator account plus 90 days following account termination, or as required by applicable law.
Operator account data: Retained for the duration of the active subscription plus 12 months, to support billing disputes and compliance obligations.
Analytics and event logs: Aggregated analytics retained for up to 24 months. Raw event logs retained for 12 months.
Authentication logs: Retained for 90 days for security monitoring.

You may request earlier deletion by exercising your rights as described in Section 9.

8. International Data Transfers

CX React operates infrastructure in the United States. If you are located in the EEA, UK, or Switzerland, your personal data may be transferred to and processed in the United States. We implement appropriate safeguards for these transfers, including:

Standard Contractual Clauses (SCCs) approved by the European Commission.
Data Processing Agreements with all processors that handle EEA personal data.
Adherence to the EU-U.S. Data Privacy Framework where applicable.

9.1 GDPR Rights (EEA and UK Residents)

If you are located in the EEA or UK, you have the following rights:

Right of access (Art. 15): Request a copy of the personal data we hold about you. Exercise this right at /api/gdpr/export.
Right to erasure (Art. 17): Request deletion of your personal data. Exercise this right at /api/gdpr/delete.
Right to data portability (Art. 20): Receive your data in a structured, machine-readable format. Use the export endpoint at /api/gdpr/export.
Right to rectification (Art. 16): Request correction of inaccurate personal data. Contact us at privacy@leadgen-os.com.
Right to restriction (Art. 18): Request that we restrict processing of your personal data in certain circumstances.
Right to object (Art. 21): Object to processing based on legitimate interests, including profiling.
Right to withdraw consent: Where processing is based on consent, withdraw it at any time without affecting lawfulness of prior processing.

9.2 CCPA Rights (California Residents)

Under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA), California residents have the following rights:

Right to know: Request disclosure of the categories and specific pieces of personal information collected about you.
Right to delete: Request deletion of personal information collected from you, subject to certain exceptions.
Right to opt out: Opt out of the sale or sharing of personal information. We do not sell personal information.
Right to correct: Request correction of inaccurate personal information.
Right to limit use: Limit the use and disclosure of sensitive personal information.
Non-discrimination: We will not discriminate against you for exercising your privacy rights.

To exercise your CCPA rights, contact us at privacy@leadgen-os.com or use our data endpoints: export your data or request deletion.

10. Security Measures

We implement industry-standard technical and organizational security measures to protect your personal data, including:

Encryption of data in transit using TLS 1.2 or higher.
Encryption of sensitive data at rest.
Passwordless authentication (magic link) for operator accounts.
Access controls limiting data access to authorized personnel only.
Regular security assessments and dependency audits.
Incident response procedures with notification timelines per GDPR Art. 33.

No method of transmission over the internet is 100% secure. We cannot guarantee absolute security but are committed to using commercially reasonable measures.

11. Children's Privacy

CX React is not directed to individuals under the age of 16. We do not knowingly collect personal data from children. If you believe a child has provided personal data to us, contact us at privacy@leadgen-os.com and we will delete it promptly.

12. Third-Party Services

Our platform integrates with third-party services at the operator's direction. These may include:

Email marketing and CRM platforms (e.g., ActiveCampaign, HubSpot, GoHighLevel).
Scheduling tools (e.g., Calendly, Cal.com).
Payment processors (governed by their own privacy policies).
Affiliate and referral tracking (e.g., Partnero).

Each third-party service has its own privacy policy. We encourage you to review the privacy practices of any third-party services you interact with through our platform.

13. Changes to This Policy

We may update this Privacy Policy periodically. Material changes will be communicated by updating the “Last updated” date at the top of this page and, where required by law, by direct notification to affected users. Your continued use of the platform after changes take effect constitutes acceptance of the revised policy.

14. Contact Us

To exercise your rights, make a complaint, or ask questions about this policy:

CX React Privacy Team
Email: privacy@leadgen-os.com

If you are located in the EEA and believe your rights have been violated, you have the right to lodge a complaint with your local data protection authority.

1. Data Controller

CX React (“we,” “our,” or “us”) is the data controller responsible for personal data processed through this platform. You may contact us regarding privacy matters at:

CX React Privacy Team
Email: privacy@leadgen-os.com
Website: https://leadgen-os.com

2. Data We Collect

We collect the following categories of personal data:

2.1 Data You Provide Directly

Contact information: Name, email address, phone number, and postal address submitted through lead capture forms.
Account credentials: Email address used for operator magic-link authentication.
Business information: Company name, industry, service interests, and budget ranges entered during lead qualification flows.
Communications: Messages submitted through contact forms or support channels.

2.2 Data Collected Automatically

Usage data: Pages visited, time spent, click patterns, funnel stage progression, and milestone events.
Device and browser data: IP address, browser type and version, operating system, screen resolution, and user agent string.
Referral data: Referring URLs and UTM parameters used to attribute traffic sources.
Session data: Visit count, returning-visitor status, and engagement signals used for lead scoring.

2.3 Data from Third Parties

Partner programs: Referral identifiers from affiliate and partner networks such as Partnero.
CRM integrations: Lead enrichment data provided by connected CRM or marketing automation providers configured by operators.

3. Legal Basis for Processing (GDPR)

If you are located in the European Economic Area (EEA) or United Kingdom, we process your personal data under the following legal bases:

Consent (Art. 6(1)(a)): Where you have given explicit consent, such as submitting a lead capture form or opting into communications.
Contractual necessity (Art. 6(1)(b)): Where processing is required to provide services you have requested, including operator account management.
Legitimate interests (Art. 6(1)(f)): For analytics, fraud prevention, platform security, and improving our services, where our interests do not override your fundamental rights.
Legal obligation (Art. 6(1)(c)): Where processing is required to comply with applicable laws.

4. How We Use Your Data

Capture and qualify leads on behalf of platform operators.
Score leads based on engagement signals, behavior, and qualification responses.
Route leads to appropriate operator workflows, CRMs, and follow-up sequences.
Send automated follow-up communications with operator consent.
Authenticate operator accounts via magic link.
Generate analytics reports and funnel performance metrics.
Detect fraud, abuse, and unauthorized access.
Comply with legal obligations and respond to lawful requests.
Improve platform performance, reliability, and features.

We do not sell your personal data. We share data only in the following circumstances:

Platform operators: Lead data is shared with the operator (business) whose form or funnel captured the lead, as this is the core function of the service.
Service providers: We use trusted third-party processors including email delivery services, cloud infrastructure providers, and analytics tools, each bound by data processing agreements.
Partner programs: Referral attribution data may be shared with affiliate partners (e.g., Partnero) to track program performance.
Legal requirements: We may disclose data when required by law, court order, or governmental authority, or to protect the rights, property, or safety of CX React, its users, or the public.
Business transfers: In the event of a merger, acquisition, or sale of assets, personal data may be transferred as part of the transaction with appropriate notice to affected users.

6. Cookies and Tracking Technologies

We use the following categories of cookies and similar technologies:

Strictly necessary: Session management, authentication tokens, and security cookies required for the platform to function.
Analytics: First-party analytics cookies to measure traffic, funnel performance, and lead conversion rates.
Attribution: Cookies to track referral sources and UTM parameters for marketing attribution.
Partner tracking: Cookies set by affiliate partner programs (such as Partnero) to track referral conversions.

You may control cookie preferences through your browser settings. Note that disabling strictly necessary cookies may impair platform functionality.

7. Data Retention

We retain personal data for the following periods:

Lead records: Retained for the duration of the operator account plus 90 days following account termination, or as required by applicable law.
Operator account data: Retained for the duration of the active subscription plus 12 months, to support billing disputes and compliance obligations.
Analytics and event logs: Aggregated analytics retained for up to 24 months. Raw event logs retained for 12 months.
Authentication logs: Retained for 90 days for security monitoring.

You may request earlier deletion by exercising your rights as described in Section 9.

8. International Data Transfers

Standard Contractual Clauses (SCCs) approved by the European Commission.
Data Processing Agreements with all processors that handle EEA personal data.
Adherence to the EU-U.S. Data Privacy Framework where applicable.

9.1 GDPR Rights (EEA and UK Residents)

If you are located in the EEA or UK, you have the following rights:

Right of access (Art. 15): Request a copy of the personal data we hold about you. Exercise this right at /api/gdpr/export.
Right to erasure (Art. 17): Request deletion of your personal data. Exercise this right at /api/gdpr/delete.
Right to data portability (Art. 20): Receive your data in a structured, machine-readable format. Use the export endpoint at /api/gdpr/export.
Right to rectification (Art. 16): Request correction of inaccurate personal data. Contact us at privacy@leadgen-os.com.
Right to restriction (Art. 18): Request that we restrict processing of your personal data in certain circumstances.
Right to object (Art. 21): Object to processing based on legitimate interests, including profiling.
Right to withdraw consent: Where processing is based on consent, withdraw it at any time without affecting lawfulness of prior processing.

9.2 CCPA Rights (California Residents)

Under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA), California residents have the following rights:

Right to know: Request disclosure of the categories and specific pieces of personal information collected about you.
Right to delete: Request deletion of personal information collected from you, subject to certain exceptions.
Right to opt out: Opt out of the sale or sharing of personal information. We do not sell personal information.
Right to correct: Request correction of inaccurate personal information.
Right to limit use: Limit the use and disclosure of sensitive personal information.
Non-discrimination: We will not discriminate against you for exercising your privacy rights.

To exercise your CCPA rights, contact us at privacy@leadgen-os.com or use our data endpoints: export your data or request deletion.

10. Security Measures

We implement industry-standard technical and organizational security measures to protect your personal data, including:

Encryption of data in transit using TLS 1.2 or higher.
Encryption of sensitive data at rest.
Passwordless authentication (magic link) for operator accounts.
Access controls limiting data access to authorized personnel only.
Regular security assessments and dependency audits.
Incident response procedures with notification timelines per GDPR Art. 33.

No method of transmission over the internet is 100% secure. We cannot guarantee absolute security but are committed to using commercially reasonable measures.

11. Children's Privacy

12. Third-Party Services

Our platform integrates with third-party services at the operator's direction. These may include:

Email marketing and CRM platforms (e.g., ActiveCampaign, HubSpot, GoHighLevel).
Scheduling tools (e.g., Calendly, Cal.com).
Payment processors (governed by their own privacy policies).
Affiliate and referral tracking (e.g., Partnero).

Each third-party service has its own privacy policy. We encourage you to review the privacy practices of any third-party services you interact with through our platform.

13. Changes to This Policy

14. Contact Us

To exercise your rights, make a complaint, or ask questions about this policy:

CX React Privacy Team
Email: privacy@leadgen-os.com

If you are located in the EEA and believe your rights have been violated, you have the right to lodge a complaint with your local data protection authority.

Privacy Policy

1. Data Controller

2. Data We Collect

2.1 Data You Provide Directly

2.2 Data Collected Automatically

2.3 Data from Third Parties

3. Legal Basis for Processing (GDPR)

4. How We Use Your Data

5. Data Sharing and Disclosure

6. Cookies and Tracking Technologies

7. Data Retention

8. International Data Transfers

9. Your Rights

9.1 GDPR Rights (EEA and UK Residents)

9.2 CCPA Rights (California Residents)

10. Security Measures

11. Children's Privacy

12. Third-Party Services

13. Changes to This Policy

14. Contact Us

Privacy Policy

1. Data Controller

2. Data We Collect

2.1 Data You Provide Directly

2.2 Data Collected Automatically

2.3 Data from Third Parties

3. Legal Basis for Processing (GDPR)

4. How We Use Your Data

5. Data Sharing and Disclosure

6. Cookies and Tracking Technologies

7. Data Retention

8. International Data Transfers

9. Your Rights

9.1 GDPR Rights (EEA and UK Residents)

9.2 CCPA Rights (California Residents)

10. Security Measures

11. Children's Privacy

12. Third-Party Services

13. Changes to This Policy

14. Contact Us