CX Toolbox

Custom Kustomer builds for CX teams
Discuss your build

Privacy Policy

Last updated: April 28, 2026

This Privacy Policy explains how CX Toolbox ("CX Toolbox", "we", "us", or "our") collects, uses, discloses, and safeguards information when you visit our website, request services, or use our products and related features (collectively, the "Services").

1. Information We Collect

We may collect the following categories of information:

  • Account and contact information such as name, business email address, company name, and role.
  • Usage information such as pages visited, interactions with the Services, and device/browser metadata.
  • Customer communications and support details, including inquiry forms and messages sent to our team.
  • Billing and transactional information necessary to provide and manage paid Services.
  • Diagnostic and telemetry data, including error reports, stack traces, performance and request timings, browser and operating system metadata, and — for a sampled subset of sessions or sessions that encounter an error — anonymized Session Replay recordings used to reproduce and fix issues.

2. How We Use Information

  • Provide, operate, secure, and improve the Services.
  • Respond to requests, questions, and support inquiries.
  • Personalize communications and share product or service updates.
  • Process billing, enforce contracts, and comply with legal obligations.
  • Detect, prevent, and investigate fraud, abuse, or security incidents.

3. Legal Bases for Processing

Where applicable, we process personal information under one or more legal bases, including performance of a contract, legitimate interests, consent, and compliance with legal obligations.

4. How We Share Information

We do not sell personal information. We may share information:

  • With vendors and service providers who support our operations.
  • With professional advisors such as auditors, lawyers, and insurers.
  • As required by law, legal process, or governmental request.
  • In connection with a merger, acquisition, financing, or sale of assets.

5. Third-Party Service Providers (Subprocessors)

We rely on a small number of trusted third-party providers to operate the Services. These providers process information on our behalf under their own privacy and security commitments. The current subprocessors include:

  • WorkOS — authentication and identity management (including AuthKit, sign-in, and session handling). Account identifiers, email addresses, and authentication metadata are processed by WorkOS to verify and secure access to the Services. See WorkOS Privacy Policy.
  • Convex — application backend and database platform that stores account data, configuration, and content needed to run the Services, and executes our server-side functions. See Convex Privacy Policy.
  • Stripe — payment processing for paid Services. Billing details such as name, email, billing address, and payment-method information are submitted directly to Stripe; CX Toolbox does not store full card numbers on our systems. See Stripe Privacy Policy.
  • Sentry — error monitoring, performance tracing, structured application logs, and Session Replay used to detect, diagnose, and resolve issues with the Services. When an error occurs or diagnostic data is generated, Sentry receives information such as error messages and stack traces, the URL of the affected page or API route, browser and operating system metadata, performance timings, and a minimal user identifier (your account ID and email) so that errors can be correlated with the affected account. Session Replay captures anonymized recordings of how users interact with the Services; by default all text content is masked and all media (images, videos, canvas) is blocked at recording time so the replay does not capture form values, message content, or rendered media. Replays are sampled (a small fraction of all sessions, plus sessions that encounter an error) rather than recorded continuously. See Sentry Privacy Policy.

We may add or change subprocessors as the Services evolve. When we do, we will update this section and the "Last updated" date above. If you would like more detail about how a specific provider processes information, contact us using the details in section 12.

6. Data Retention

We retain personal information for as long as reasonably necessary to provide the Services, comply with legal obligations, resolve disputes, and enforce our agreements.

7. Security

We implement administrative, technical, and organizational safeguards designed to protect personal information. No method of transmission or storage is completely secure, and we cannot guarantee absolute security.

8. Your Rights and Choices

Depending on your location, you may have rights to access, correct, delete, or restrict processing of personal information, and to object to certain processing activities. You may also have the right to data portability and to withdraw consent where processing relies on consent.

9. International Data Transfers

Your information may be transferred to and processed in countries other than your own, including by the third-party providers listed in section 5. Where required, we use appropriate safeguards for such transfers.

10. Children's Privacy

The Services are not directed to children under 16, and we do not knowingly collect personal information from children.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will post the updated version and revise the "Last updated" date above.

12. Contact Us

For privacy questions or requests, contact us at privacy@cx-toolbox.com.