Privacy Policy

1. General Provisions

This Privacy Policy is designed in accordance with the General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), and applicable data protection laws. It describes how Alexey Bezrukov (Individual Entrepreneur) (the "Data Controller" or "we") collects, uses, processes, and protects your personal data when you visit or use our website https://cruxly.tech.

1.1. We are committed to protecting your privacy and ensuring transparency in how we handle your personal data. This policy explains your rights regarding your personal data and how we comply with applicable privacy laws.

1.2. This Privacy Policy applies to all information that we may collect about visitors to the website https://cruxly.tech and users of our services.

2. Definitions

2.1. Automated Processing: Processing of personal data by means of computer technology without human intervention.

2.2. Blocking: Temporary cessation of personal data processing (except when processing is necessary for data verification or correction).

2.3. Website: The collection of graphical and informational materials, software, and databases accessible on the Internet at https://cruxly.tech.

2.4. Information System: A set of personal data contained in databases and the information technologies and technical means ensuring their processing.

2.5. Anonymization: Actions that make it impossible to identify a Data Subject without using additional information.

2.6. Processing: Any operation performed on personal data, including collection, recording, organization, structuring, storage, adaptation, retrieval, consultation, use, disclosure, transmission, dissemination, alignment, combination, restriction, erasure, or destruction.

2.7. Data Controller: The natural or legal person who determines the purposes and means of processing personal data.

2.8. Personal Data: Any information relating to an identified or identifiable natural person (Data Subject) who uses the website https://cruxly.tech.

2.9. Publicly Available Personal Data: Personal data that has been made accessible to an unlimited number of persons by the Data Subject with their consent for distribution.

2.10. Data Subject/User: Any visitor to the website https://cruxly.tech or user of our services.

2.11. Provision: Actions aimed at disclosing personal data to a specific person or group of persons.

2.12. Distribution: Any actions aimed at disclosing personal data to an indefinite number of persons or making personal data accessible to an unlimited number of persons.

2.13. Cross-border Transfer: Transfer of personal data to the territory of a foreign state or to foreign legal or natural persons.

2.14. Destruction: Any actions resulting in the irreversible destruction of personal data with the impossibility of further restoration.

2.15. Cookies: Small data files sent by a web server and stored on the user's device to identify the user during subsequent visits to the website.

3. Data Controller Rights and Obligations

3.1. The Data Controller has the right to:

  • Request accurate information and/or documents containing personal data from Data Subjects;
  • Continue processing personal data without consent when there are legal grounds specified in applicable data protection laws, even after consent withdrawal;
  • Independently determine the composition and list of measures necessary to ensure compliance with applicable data protection laws and regulations.

3.2. The Data Controller is obligated to:

  • Provide Data Subjects with information concerning the processing of their personal data upon request;
  • Organize personal data processing in accordance with applicable data protection legislation;
  • Respond to inquiries and requests from Data Subjects and their legal representatives within the timeframes required by law;
  • Report to supervisory authorities upon their request within prescribed timeframes;
  • Publish and ensure unrestricted access to this Privacy Policy;
  • Implement appropriate technical, physical, and organizational measures to protect personal data against unauthorized access, alteration, disclosure, or destruction;
  • Cease transfer, processing, and destroy personal data in cases provided for by applicable laws;
  • Fulfill other obligations provided for by applicable data protection laws.

4. Data Subject Rights and Obligations

4.1. Data Subjects have the following rights:

  • Right of Access: Obtain information about the processing of your personal data, including the purposes, categories of data, recipients, and retention periods;
  • Right to Rectification: Request correction of inaccurate, incomplete, or outdated personal data;
  • Right to Erasure ('Right to be Forgotten'): Request deletion of personal data when it is no longer necessary for the original purposes or when you withdraw consent;
  • Right to Restrict Processing: Request limitation of processing under certain circumstances;
  • Right to Data Portability: Receive your personal data in a structured, commonly used format and transmit it to another controller;
  • Right to Object: Object to processing based on legitimate interests, direct marketing, or profiling;
  • Right to Withdraw Consent: Withdraw consent at any time when processing is based on consent;
  • Right to Lodge a Complaint: File a complaint with supervisory authorities or seek judicial remedy for unlawful processing.

4.2. Data Subjects are obligated to:

  • Provide accurate data about themselves to the Data Controller;
  • Notify the Data Controller about updates or changes to their personal data.

4.3. Persons who provide false information about themselves or about another Data Subject without their consent bear responsibility in accordance with applicable law.

5. Data Processing Principles

5.1. Lawfulness, Fairness, and Transparency: Personal data is processed lawfully, fairly, and in a transparent manner.

5.2. Purpose Limitation: Processing is limited to specified, explicit, and legitimate purposes and not further processed in a manner incompatible with those purposes.

5.3. Data Minimization: Personal data collected is adequate, relevant, and limited to what is necessary for the purposes for which it is processed.

5.4. Accuracy: Personal data is accurate and, where necessary, kept up to date. Inaccurate data is erased or rectified without delay.

5.5. Storage Limitation: Personal data is kept in a form that permits identification of Data Subjects for no longer than necessary for the specified purposes.

5.6. Integrity and Confidentiality: Personal data is processed in a manner that ensures appropriate security, including protection against unauthorized access, alteration, disclosure, or destruction.

5.7. Accountability: The Data Controller is responsible for and able to demonstrate compliance with these principles and applicable data protection laws.

6. Purposes and Legal Basis for Processing

We process your personal data for the following purposes:

  • Providing access to website services (Legal basis: Legitimate interest, Contract performance)
  • User identification and authentication (Legal basis: Contract performance)
  • Improving service quality and user experience (Legal basis: Legitimate interest)
  • Website analytics and performance monitoring (Legal basis: Legitimate interest, Consent)
  • Communicating updates, news, and service-related information (Legal basis: Consent, Legitimate interest)

Categories of Personal Data we collect:

  • Contact information (name, email address)
  • Technical data (IP address, browser type, device information)
  • Usage data (pages visited, time spent, click patterns)
  • Cookies and similar tracking technologies
  • Communication data (when you contact us)

7. Legal Basis for Processing

We process your personal data based on the following legal grounds:

  • Consent: When you have given clear consent for specific processing purposes
  • Contract Performance: When processing is necessary for performing a contract with you
  • Legitimate Interest: When we have legitimate business interests that don't override your rights
  • Legal Obligation: When processing is required by applicable laws

8. Data Retention Periods

We retain your personal data for the following periods:

  • Account/Registration data: Until consent withdrawal or account deletion, or 3 years after last activity
  • Cookies: According to browser settings, maximum 2 years (analytics cookies require consent)
  • Web server logs: 1 year for security and technical purposes
  • Analytics data: 2 years in anonymized form
  • Communication records: 3 years after last contact

Data will be deleted or anonymized when no longer needed for the original purpose, unless retention is required by law.

9. Cookies and Tracking Technologies

9.1. Use of Cookies

Our website uses cookies for the following purposes:

  • Essential website functionality
  • Remembering your preferences and settings
  • Analytics and service improvement (with your consent)
  • Content personalization (with your consent)

9.2. Types of Cookies We Use

Strictly Necessary Cookies

Essential for basic website functionality. These cannot be disabled as they are required for the service to work properly.

Analytics Cookies (Requires Consent)

Help us understand how visitors interact with our website by collecting anonymous information about usage patterns.

Functional Cookies (Requires Consent)

Remember your preferences and personalize your experience. You can disable these without affecting core functionality.

9.3. Cookie Management

You can manage cookie preferences through our cookie banner or your browser settings. Disabling certain cookies may limit website functionality. You have the right to withdraw consent for non-essential cookies at any time.

10. Data Processing, Storage, and Security

10.1. Security Measures

We implement appropriate technical and organizational measures to protect your personal data:

  • Encryption in transit (SSL/TLS) and at rest
  • Access controls and authentication systems
  • Regular security audits and vulnerability assessments
  • Staff training on data protection and security
  • Incident response and breach notification procedures
  • Regular data backups with secure storage
  • Network security monitoring and intrusion detection

10.2. Data Sharing and Third Parties

We do not sell your personal data. We may share your data only in the following circumstances:

  • Legal compliance: When required by law, regulation, or valid legal process
  • Your explicit consent: When you have specifically agreed to data sharing
  • Service providers: With trusted third-party processors who assist us (under strict data processing agreements)
  • Business transfers: In case of merger, acquisition, or asset sale (with notice to you)
  • Anonymized data: For analytics and research purposes (cannot identify you)

10.3. To update your personal data, contact us at support@cruxly.tech with the subject line 'Personal Data Update'.

11. International Data Transfers

11.1. When we transfer personal data outside your country, we ensure adequate protection through:

  • Transfers to countries with adequacy decisions
  • Standard Contractual Clauses (SCCs) approved by supervisory authorities
  • Binding Corporate Rules or certification schemes
  • Your explicit consent for specific transfers

11.2. We will inform you about any international transfers and the safeguards we use to protect your data.

12. Your Privacy Rights

You have the following rights regarding your personal data:

  • Access: Request information about data processing
  • Rectification: Correct inaccurate or incomplete data
  • Erasure: Request deletion of your data ('Right to be Forgotten')
  • Restrict Processing: Limit how we process your data
  • Data Portability: Receive your data in portable format
  • Object: Object to processing based on legitimate interest
  • Withdraw Consent: Revoke consent for consent-based processing
  • Lodge Complaints: File complaints with supervisory authorities

To exercise your rights, contact us at: support@cruxly.tech

We will respond to your requests within 30 days (may be extended by 60 days for complex requests).

Exercising your rights is generally free of charge, unless requests are manifestly unfounded or excessive.

13. California Consumer Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act:

  • Right to Know: Request information about personal data collection, use, and sharing
  • Right to Delete: Request deletion of personal data we collected from you
  • Right to Opt-Out: Opt-out of the sale of personal data (we do not sell personal data)
  • Right to Non-Discrimination: Equal service and pricing regardless of privacy choices

California residents can exercise these rights by contacting us at support@cruxly.tech with 'CCPA Request' in the subject line.

We may need to verify your identity before processing your request.

14. Data Breach Notification

In case of a data breach that poses risks to your rights and freedoms:

  • We will notify supervisory authorities within 72 hours when feasible
  • We will inform affected individuals without undue delay if high risk is involved
  • We will document the breach and our response measures
  • We will take steps to mitigate the breach and prevent future incidents

15. Final Provisions

15.1. We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on our website and, where required, seeking your consent.

15.2. For all privacy-related questions, contact us at: support@cruxly.tech

15.3. The current version of this Privacy Policy is available at: https://cruxly.tech/privacy

15.4. You have the right to lodge a complaint with your local data protection supervisory authority.

Last Updated: August 17, 2025
Version: 1.0
This Privacy Policy is effective as of the date listed above.