Privacy Policy

1. Introduction

Proxenio Technologies Ltd (“Proxenio”, “we”, “us”, “our”) operates the Proxenio platform at proxenio.ai (the “Platform”). This Privacy Policy explains how we collect, use, store, and protect your personal data in compliance with the General Data Protection Regulation (EU) 2016/679 (“GDPR”) and applicable Cyprus data protection law.

By using the Platform, you agree to the practices described in this Privacy Policy.

2. Data Controller

Proxenio Technologies Ltd is the data controller responsible for your personal data.

Registered in Cyprus
Company Registration Number: [INSERT NUMBER]

Contact Information

• Email: legal@proxenio.ai
• Address: Leoforos Agiou Athanasiou 076, Erato Building, 2nd Floor, 4102 Agios Athanasios, Cyprus

Data Protection Authority

Cyprus Commissioner for Personal Data Protection (www.dataprotection.gov.cy)

3. What We Do

Proxenio is a verified intent network that enables business professionals to:

• Declare professional intent (seeking clients, offering services, fundraising, partnerships)
• Receive structured introductions based on verified intent
• Track deal outcomes through counterparty confirmation
• Build verified trust scores based on confirmed business outcomes

Unlike traditional matching platforms, Proxenio focuses on what happens after introductions — tracking confirmed outcomes to build verifiable trust metrics.

4. Personal Data We Collect

4.1 Account Information

• Full name
• Email address (verified)
• Country of operation
• Professional role and title
• Company name (optional)
• Profile information you choose to provide

4.2 Platform Activity Data

• Declared professional intent
• Match history and status
• Deal creation timestamps and stages
• Outcome confirmations (meeting held, deal progressing, deal closed, no outcome)
• Trust tier and verification status
• Messages and notes within the platform
• AI agent API key metadata (not the keys themselves)
• Usage timestamps and activity logs

4.3 Technical Data

• IP address
• Device type and browser information
• Server access logs
• Session data and authentication tokens

4.4 Data We Do Not Collect

We do not collect payment information (if payment features are added, this policy will be updated). We do not use advertising trackers or sell personal data to third parties.

5. Legal Basis for Processing

We process your personal data under the following legal bases:

• Article 6(1)(b) GDPR — Performance of Contract: To provide the Platform services, enable matching, and track deal outcomes as part of our agreement with you.
• Article 6(1)(f) GDPR — Legitimate Interest: To maintain platform integrity, prevent fraud, calculate trust scores, and improve our services. We have conducted a legitimate interest assessment ensuring that these interests do not override your fundamental rights and freedoms.
• Article 6(1)(a) GDPR — Consent: Where applicable, for optional features requiring explicit consent (e.g., marketing communications). You may withdraw consent at any time.

6. How We Use Your Data

We use your personal data for the following purposes:

• Create and maintain your account
• Enable intent-based matching with other users
• Facilitate introductions and deal tracking
• Calculate and display trust scores based on confirmed outcomes
• Maintain platform integrity and prevent abuse
• Respond to support requests and inquiries
• Improve Platform functionality and user experience
• Comply with legal obligations

7. Automated Decision-Making and Trust Scores

The Platform uses automated processing to:

• Match users based on declared intent, industry, and profile data
• Calculate trust scores based on confirmed deal outcomes

Trust Score Methodology

Trust scores reflect verified business outcomes. Users advance through trust tiers (0–4) by accumulating confirmed outcomes from counterparties. The scoring algorithm considers factors including intent declaration quality, industry relevance, profile completeness, trust tier status, and confirmed deal outcomes.

Note: Trust score methodology may evolve over time to improve fairness and platform integrity.

Your Rights

Under GDPR Article 22, you have the right to not be subject to decisions based solely on automated processing that significantly affect you. You may request meaningful human review of automated processing decisions that significantly affect you by contacting legal@proxenio.ai.

8. Data Sharing and Disclosure

8.1 Within the Platform

When you are matched with another user, we share your profile information, declared intent, and trust tier with that user. Deal outcome data is shared only between the specific parties involved in that deal.

8.2 Service Providers

We share data with third-party service providers who process data on our behalf:

• Supabase (database hosting): EU region (Ireland, eu-west-1)
• Google Workspace (email): Transactional emails and support communications
• Resend (email delivery): Platform notifications

All service providers are bound by data processing agreements and process data only as instructed by us.

8.3 Legal Obligations

We may disclose data when required by law, court order, or government request, or to protect our rights, safety, or property.

8.4 Business Transfers

If Proxenio is acquired, merged, or undergoes a business transfer, your personal data may be transferred to the successor entity. We will notify you via email and platform notice before any such transfer.

8.5 What We Do Not Do

We do not sell personal data. We do not share data with advertisers. We do not use third-party advertising trackers.

9. International Data Transfers

Our primary database infrastructure is hosted in the European Union (Supabase EU region). However, our service providers (Google Workspace, Resend) may process data outside the EU/EEA.

The following service providers may process data outside the EU/EEA:

• Google Workspace (United States)
• Resend (United States)

For these transfers, we rely on:

• Standard Contractual Clauses (SCCs) approved by the European Commission
• Data processing agreements with service providers ensuring GDPR-equivalent protections

10. AI Agents and API Access

Users may generate API keys allowing AI agents (e.g., Claude, ChatGPT) to act on their behalf within the Platform.

Agent Permissions

• Agents inherit the permissions of the human principal (you)
• Agents can only access data within the scope defined by the API key
• Agents cannot access data outside authorized endpoints
• Agents may not store, export, or use Platform data to train, fine-tune, or improve external AI models or systems

Your Responsibilities

• You are responsible for securing your API keys
• You are liable for actions taken by agents using your keys
• You must revoke keys immediately if compromised

Key Revocation

You may revoke API keys at any time through your account settings. Revoked keys immediately lose all access.

Audit Logs

All agent actions are logged for security and compliance purposes. Logs include timestamp, action type, and key identifier (not the key itself).

11. Data Storage and Hosting

• Primary database: Supabase EU region (GDPR-compliant infrastructure)
• Web hosting: AWS Amplify, EU region (Ireland, eu-west-1)
• Email systems: Google Workspace and Resend
• Encryption: All data transmitted over HTTPS. Data at rest encrypted by infrastructure providers.

12. Cookies and Tracking Technologies

Proxenio uses limited cookies and similar technologies for essential functionality.

Essential Cookies

Required for:

• User authentication and session management
• Security protection (CSRF tokens)
• Platform functionality

These cookies are strictly necessary for the Platform to function. Disabling them will prevent you from using core features.

Analytics and Marketing

At this stage, Proxenio does not use third-party analytics or advertising trackers. If we introduce such tools in the future, we will update this policy and request your consent where required.

Managing Cookies

You can control cookies through your browser settings. Note that disabling essential cookies will impair Platform functionality.

13. Data Retention

We retain personal data only as long as necessary for the purposes described in this Privacy Policy or as required by law.

• Active accounts: Data retained while your account remains active. Inactive accounts may be subject to review after 12 months of inactivity.
• Deleted accounts: Data deleted within 30 days of account deletion request, except for transaction records (deals, confirmations — 7 years for fraud prevention and legal compliance), audit logs (2 years for security purposes), and aggregated anonymized data (retained indefinitely for analytics).
• Deal data involving multiple parties: If you delete your account, your name is replaced with ‘Deleted User’ but deal outcome data is preserved to maintain trust scores for other parties.

You may request deletion by emailing legal@proxenio.ai. We will confirm deletion within 30 days.

14. Security Measures

We implement technical and organizational measures to protect your personal data:

• Encrypted HTTPS connections for all data transmission
• Role-based access control (RBAC) limiting employee access
• API key authentication for agent access
• Regular security audits and key rotation procedures
• Database backups with encryption at rest
• Server access logs and intrusion detection

Data Breach Notification

In the event of a data breach that poses a risk to your rights and freedoms, we will notify you and the Cyprus Data Protection Commissioner within 72 hours of becoming aware of the breach, as required by GDPR Article 33.

15. Your Rights Under GDPR

You have the following rights regarding your personal data:

• Right of access (Article 15): Request a copy of your personal data
• Right to rectification (Article 16): Correct inaccurate or incomplete data
• Right to erasure (Article 17): Request deletion of your data (subject to legal retention requirements)
• Right to restriction (Article 18): Limit how we process your data
• Right to data portability (Article 20): Receive your data in a structured, machine-readable format
• Right to object (Article 21): Object to processing based on legitimate interests
• Right to withdraw consent (Article 7): Withdraw consent at any time (does not affect lawfulness of prior processing)

Exercising Your Rights

To exercise any of these rights, contact us at legal@proxenio.ai. We may request reasonable verification of your identity before fulfilling data access or deletion requests. We will respond within 30 days. If your request is complex or we receive multiple requests, we may extend this period by up to 60 days and will notify you.

Right to Lodge a Complaint

You have the right to lodge a complaint with the Cyprus Commissioner for Personal Data Protection (www.dataprotection.gov.cy) if you believe we have violated your data protection rights.

16. Children's Privacy

Proxenio is intended for business professionals aged 18 and older. We do not knowingly collect personal data from individuals under 18.

If we become aware that a user is under 18, we will immediately delete their account and associated data. If you believe a minor has provided us with personal data, contact us at legal@proxenio.ai.

17. User-Generated Content and Deal Data

When you create deals, log outcomes, or exchange messages on the Platform, this content may be visible to your matched counterparties.

Your Responsibilities

• Do not share sensitive personal data (e.g., financial account numbers, health information) in deal notes or messages
• Do not include third-party personal data without their consent
• Ensure business data you share complies with applicable confidentiality agreements

Proxenio is not responsible for how counterparties use information you share within deals. Use discretion when sharing commercially sensitive information.

18. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or Platform features.

Material changes will be communicated via:

• Email notification to your registered address
• Prominent notice on the Platform

Continued use of the Platform after changes constitutes acceptance. If you do not agree with changes, you must stop using the Platform and may request account deletion.

19. Limitation of Liability

While we implement industry-standard security measures, no system is completely secure. We cannot guarantee absolute security of your personal data.

To the extent permitted by applicable law, Proxenio is not liable for:

• Unauthorized access resulting from your failure to secure account credentials or API keys
• Data breaches caused by third-party service provider vulnerabilities (though we select providers carefully)
• How counterparties use information you voluntarily share within the Platform

20. Dispute Resolution and Governing Law

This Privacy Policy is governed by the laws of the Republic of Cyprus and the European Union GDPR.

Any disputes arising from this Privacy Policy shall be subject to the exclusive jurisdiction of the courts of Cyprus.

Alternative Dispute Resolution

Before initiating legal proceedings, we encourage you to contact us at legal@proxenio.ai to resolve disputes informally.

21. Contact Information

For privacy inquiries, data subject requests, or security concerns:

Proxenio Technologies Ltd

• Email: legal@proxenio.ai
• Website: https://proxenio.ai
• Address: Leoforos Agiou Athanasiou 076, Erato Building, 2nd Floor, 4102 Agios Athanasios, Cyprus