PRIVACY POLICY

GHL Nexus
Last Updated: September 2025

This Privacy Policy explains how Crown Agency Group LLC collects, uses, and protects personal data.

1. ROLE UNDER DATA PROTECTION LAW

Depending on context, we act as:

  • Data Controller (for account, billing, support data);

  • Data Processor (for customer data processed through Execution Mode).

We will provide a Data Processing Addendum (DPA) upon request for enterprise customers.

2. INFORMATION WE COLLECT

2.1 Account Information

  • Name

  • Email

  • Billing details

  • Organization details

2.2 Technical Data

  • IP address

  • Device data

  • Log files

  • Usage analytics

2.3 Credentials

  • API tokens (encrypted)

  • Configuration settings

2.4 Execution Logs

  • Action history

  • Timestamps

  • Target resources

3. LAWFUL BASIS (GDPR)

We process data based on:

  • Contractual necessity

  • Legitimate interests

  • Legal obligations

  • Consent (where required)

4. PURPOSES OF PROCESSING

  • Provide Platform functionality

  • Execute authorized MCP actions

  • Improve system performance

  • Ensure security

  • Comply with legal obligations

5. DATA MINIMIZATION & RETENTION

5.1 We collect only data necessary for functionality.

5.2 Retention:

  • Active account data: duration of subscription

  • Post-termination: up to 90 days

  • Logs: as needed for security/legal compliance

6. INTERNATIONAL TRANSFERS

6.1 Data is hosted in the United States.

6.2 For EU/UK users, transfers rely on Standard Contractual Clauses where required.

7. USER RIGHTS

Depending on jurisdiction, you may have rights to:

  • Access

  • Correction

  • Deletion

  • Portability

  • Restriction

  • Objection

Requests: [email protected]

California residents may request disclosure under CCPA/CPRA.

We do not sell personal data.

8. SECURITY MEASURES

We implement:

  • Encryption in transit (TLS)

  • Encryption at rest

  • Access controls

  • Audit logging (Execution Mode)

No system is guaranteed 100% secure.

9. SUBPROCESSORS

9.1 We use third-party service providers ("Subprocessors") to support hosting, AI processing, logging, analytics, payment processing, and transactional communications.

9.2 A current list of Subprocessors and their processing purposes is maintained in our Subprocessor Schedule, which forms part of this Privacy Policy.

9.3 Subprocessors are contractually obligated to implement appropriate technical and organizational safeguards and to process personal data only on documented instructions.

10. INCIDENT RESPONSE

In the event of a breach affecting personal data, we will notify impacted users as required by applicable law.

11. CHILDREN

The Platform is not directed to children under 18.

12. CHANGES

We may update this Privacy Policy. Continued use constitutes acceptance.

13. CONTACT

Crown Agency Group LLC
5570 FM 423 Ste 250 #4169
Frisco, TX 75036
Email: [email protected]