Privacy Policy

Last updated: February 22, 2026

1. Introduction

Cxperia ("we," "our," or "us") is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform, whether as a Brand (creating and managing product experiences) or as an End-Consumer (accessing product experiences via QR codes).

This policy complies with the General Data Protection Regulation (GDPR) and other applicable data protection laws. By using our service, you consent to the data practices described in this policy.

Note: If you are an End-Consumer accessing product experiences, please also review our Consumer Terms of Service.

2. Information We Collect

2.1 Personal Information

For Brands:

  • Account Information: Email address, password, first name, last name
  • Business Information: Brand name, business address, contact information, business registration number
  • Profile Data: User preferences, settings, and profile information
  • Communication Data: Messages sent through our platform

For End-Consumers:

  • Email Address: Verified email address for loyalty program participation (email-only authentication, no password required)
  • Loyalty Data: Glowies balances, redemption history, check-in streaks, and loyalty program activity
  • Feedback Data: Product feedback, comments, and ratings you submit

2.2 Usage Data

  • Scan Analytics: QR code scan events, timestamps, device information
  • Technical Data: IP addresses (anonymized), browser type, operating system
  • Interaction Data: Pages visited, features used, time spent on platform
  • Cookies: Essential, analytics, and marketing cookies (with consent)

2.3 Content Data

  • Product Information: Product names, descriptions, images (submitted by Brands)
  • Ingredient Data: Ingredient lists, concentrations, allergen information (submitted by Brands)
  • Tutorial Content: Educational materials, videos, instructions (submitted by Brands)
  • User-Generated Content: Feedback, comments, ratings (submitted by End-Consumers)
  • Redemption Offers: Offer details, terms, and conditions (created by Brands)

3. How We Use Your Information

3.1 Service Provision

  • Create and manage your account
  • Provide ingredient management tools
  • Generate QR codes for your products
  • Deliver educational content and tutorials
  • Process payments and subscriptions

3.2 Analytics and Improvement

  • Analyze usage patterns to improve our service
  • Track scan events to provide insights
  • Monitor platform performance and security
  • Develop new features based on user needs

3.3 Communication

  • Send service-related notifications
  • Provide customer support
  • Share product updates and announcements (with consent)
  • Send marketing communications (with consent)

4. Legal Basis for Processing

We process your personal data based on the following legal grounds:

  • Consent: For analytics cookies, marketing communications, optional features, and email verification for End-Consumers
  • Contract Performance: To provide our services and fulfill our obligations under our Terms of Service
  • Legitimate Interest: For security, fraud prevention, and service improvement
  • Legal Obligation: To comply with applicable laws and regulations

Important: When you access a product experience as an End-Consumer, the Brand is the data controller for your personal data (email, Glowies balances, redemption history, feedback). Cxperia acts as a data processor on behalf of the Brand. For questions about how the Brand processes your data, please contact the Brand directly.

5. Data Sharing and Disclosure

5.1 Sharing with Brands

If you are an End-Consumer, your personal data (email address, Glowies balances, redemption history, and feedback) is shared with the Brand whose product experience you access. The Brand is the data controller for this information and is responsible for how it is used. Cxperia processes this data on behalf of the Brand as a data processor.

5.2 Embedded Content from Other Websites

Articles on this site may include embedded content (e.g., videos). Embedded content from other websites behaves in the same way as if the visitor had visited the other website.

These websites may collect data about you, use cookies, embed third-party tracking tools, and monitor your interaction with this embedded content if you have an account and are logged in to their website.

5.3 Legal Requirements

We may disclose your information if required by law or to:

  • Comply with legal processes or government requests
  • Protect our rights, property, or safety
  • Prevent fraud or security threats
  • Enforce our terms of service

6. Data Retention

We retain your personal data for the following periods:

  • Brand Account Data: Until you delete your account or request deletion
  • End-Consumer Email and Loyalty Data: Until you request deletion or the Brand terminates their program. After Brand termination, data is retained for 90 days for backup purposes, then permanently deleted.
  • Scan Analytics: 2 years from the last scan event
  • Communication Data: 3 years for customer support purposes
  • Marketing Data: Until you withdraw consent
  • Legal Records: As required by applicable law

7. Your Rights Under GDPR

You have the following rights regarding your personal data:

  • Right of Access: Request copies of your personal data
  • Right to Rectification: Correct inaccurate or incomplete data
  • Right to Erasure: Request deletion of your personal data
  • Right to Data Portability: Export your data in a structured format
  • Right to Restrict Processing: Limit how we use your data
  • Right to Object: Object to certain types of data processing
  • Right to Withdraw Consent: Withdraw consent for optional processing

To exercise these rights, please contact us at privacy@cxperia.fr

8. Data Security

We implement appropriate technical and organizational measures to protect your personal data:

  • Encryption of data in transit and at rest
  • Regular security assessments and updates
  • Access controls and authentication mechanisms
  • Employee training on data protection
  • Incident response procedures

9. International Data Transfers

Your data may be transferred to and processed in countries outside the European Economic Area (EEA). We ensure appropriate safeguards are in place for such transfers, including:

  • Standard Contractual Clauses (SCCs)
  • Adequacy decisions by the European Commission
  • Other appropriate safeguards as required by GDPR

10. Cookies and Tracking

We use cookies and similar technologies to enhance your experience. For detailed information about our cookie practices, please see our Cookie Policy.

11. Children's Privacy

Our service is not intended for children under 16 years of age. We do not knowingly collect personal information from children under 16. If you become aware that a child has provided us with personal information, please contact us immediately.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last updated" date. Your continued use of our service after such changes constitutes acceptance of the updated policy.

13. Contact Information

If you have any questions about this Privacy Policy or our data practices, please contact us:

Data Protection Officer:
Email: dpo@cxperia.fr

General Privacy Inquiries:
Email: privacy@cxperia.fr

Address:
Cxperia Privacy Team