Xzlenz respects the privacy, confidentiality, and security of the organizations and users who access our website and platform. This Privacy Policy explains how Xzlenz, CyberCube, and their applicable affiliated or contracting entities collect, use, disclose, retain, and protect information in connection with the Xzlenz Platform.
Xzlenz is a governance, risk, compliance, audit, privacy, security, evidence, reporting, asset, vendor risk, and AI-assisted workflow platform. Because the platform is used for compliance and audit-grade activities, it may process business information, user information, compliance records, risk records, evidence files, audit logs, reports, and other confidential customer content.
This Policy applies when you:
This Policy does not replace privacy notices that our customers may be required to provide to their own employees, vendors, auditors, consultants, or other data subjects.
Depending on the context, Xzlenz may act in different privacy roles:
Where Xzlenz processes customer content as a processor or service provider, the customer is responsible for ensuring that it has the necessary notices, consents, lawful bases, contractual rights, and authorizations to submit that information to the platform.
We may collect your name, business email address, phone number, company name, designation, country, message content, demo requests, proposal requests, and related communications when you contact us or submit a form.
When a customer account is created, we may process organization profile details, administrator details, user names, business email addresses, contact numbers, designations, roles, permissions, module access, tenant identifiers, authentication metadata, login status, and account activity.
Customers and authorized users may upload, configure, or generate information such as compliance frameworks, mapped controls, policies and standards, privacy frameworks, AI frameworks, assessment objectives, evidence request lists, evidence files, audit findings, continuous compliance tasks, risk assessments, treatment plans, asset inventories, cloud asset metadata, vendor records, vendor questionnaires, process records, regulatory reports, custom reports, comments, approvals, rejections, signatures, timestamps, workflow remarks, and related records.
Where a customer enables integrations, we may process configuration details, connection metadata, API responses, cloud-resource metadata, access tokens or keys where technically necessary, sync logs, error logs, and records received from the connected system. The information processed depends on the integration selected and the permissions granted by the customer.
We may collect IP addresses, browser type, device identifiers, operating system details, session identifiers, pages visited, feature usage, timestamps, login attempts, role changes, access logs, activity logs, error logs, system events, security alerts, and audit trails.
We may process support tickets, email communications, attachments, troubleshooting data, product feedback, training requests, implementation notes, and similar information provided during support or onboarding.
Xzlenz is designed for compliance, audit, risk, and governance workflows. Customers should carefully control what information is uploaded to the platform. Unless required for an authorized compliance or audit purpose, users should avoid uploading excessive personal data, highly sensitive personal data, payment card data, production secrets, private keys, passwords, health information, criminal record information, or regulated information that is not necessary for the selected workflow.
Customer administrators are responsible for configuring role-based access, user permissions, evidence visibility, data minimization, retention, and internal approval workflows appropriate to their organization.
We use information for the following purposes:
Xzlenz may include AI-assisted features that help users analyze compliance data, summarize evidence, generate report narratives, map controls, identify workflow gaps, or review risk and audit information. AI outputs are generated for assistance only and should be reviewed by qualified personnel before being relied upon for legal, regulatory, audit, security, or business decisions.
Unless separately agreed with a customer, Xzlenz does not sell customer content and does not use customer content to train third-party public AI models. Customer-specific AI processing, prompts, outputs, and generated content remain subject to the applicable customer agreement and platform configuration.
We may use cookies, pixels, local storage, and similar technologies to operate the website, remember preferences, support authentication, measure usage, improve performance, and protect against abuse. You may disable cookies through your browser settings, but some website or platform functionality may not work correctly.
We may share information in the following circumstances:
We do not sell customer content.
Xzlenz may process and store information in countries where we, our affiliates, service providers, or infrastructure providers operate. Where required by applicable law, we use appropriate contractual, technical, and organizational safeguards for international transfers of personal data.
We retain personal data and customer content for as long as necessary to provide the platform, comply with contractual and legal obligations, resolve disputes, enforce agreements, maintain audit trails, support security, and meet legitimate business purposes.
Customer content retention may depend on the customer’s subscription, configured workflows, legal hold requirements, backup cycles, report retention needs, and contract terms. After account termination, customer data may be deleted, returned, archived, or retained as described in the applicable agreement or as required by law.
We use administrative, technical, and organizational safeguards designed to protect information against unauthorized access, disclosure, alteration, and destruction. These safeguards may include access controls, role-based permissions, authentication controls, encryption where appropriate, monitoring, logging, backups, vulnerability management, restricted administrative access, and secure development practices.
No system can be guaranteed to be completely secure. Customers are responsible for protecting their credentials, configuring appropriate permissions, reviewing user access, and promptly notifying us of suspected unauthorized access.
Customer administrators may control users, permissions, modules, framework access, evidence visibility, report access, approval workflows, integrations, and related account settings. Requests relating to customer-controlled content should generally be directed first to the customer organization that controls the relevant Xzlenz tenant.
Depending on your location and applicable law, you may have rights to access, correct, update, delete, restrict, object to, or receive a copy of personal data, and to withdraw consent where processing is based on consent. You may also have the right to complain to a supervisory authority.
To submit a privacy request, contact info@xzlenz.com. We may need to verify your identity and, where your information is controlled by a customer, we may refer the request to that customer or process it according to the customer’s instructions.
You may opt out of non-essential marketing communications by following the unsubscribe instructions in the message or by contacting us. We may still send transactional, security, legal, support, and service-related communications.
Xzlenz is intended for business and organizational use. It is not directed to children, and we do not knowingly collect personal data from children through the website or platform.
The website or platform may contain links to third-party websites or allow integrations with third-party services. Their privacy practices are governed by their own policies. Customers should review third-party permissions and privacy terms before enabling integrations.
We may update this Privacy Policy from time to time to reflect product changes, legal requirements, operational practices, or security improvements. The updated version will be posted on this page with a revised “Last Updated” date. Where required, we may provide additional notice.
For privacy questions, data requests, or concerns regarding this Privacy Policy, contact us at info@xzlenz.com.