1. Who We Are
Reflexio provides a connected enterprise workspace for access management, marketing, presales, feature requests, analytics, read-only integrations, CRM, and Aiden-assisted product intelligence.
For this notice, Reflexio LTD is the controller for account, website, billing, security, and communication data that we collect directly. When a customer uses Reflexio to manage its own users, accounts, requests, feedback, files, CRM records, connector configuration, or workspace content, Reflexio LTD usually acts as a processor or service provider on behalf of that customer.
2. Personal Data We Collect
We may collect account identifiers such as name, work email, company, role, workspace, authentication state, SSO/MFA status, and administrator settings.
We may process workspace content that users submit to Reflexio apps, including product requests, comments, files, votes, notes, customer or account context, CRM activity, presales inputs, analytics events, read-only connected system metadata, and related operational records.
We also collect technical and security information such as IP address, device and browser metadata, session events, audit logs, error logs, cookie identifiers, and usage telemetry needed to operate and protect the service.
3. How We Use Personal Data
We use personal data to provide and secure the Reflexio Suite, authenticate users, maintain tenant controls, route users to their workspace, support Aiden features, process product workflows, provide customer support, improve reliability, and meet legal or contractual obligations.
We may use aggregated or de-identified information to understand product performance, improve the service, and develop new capabilities. We do not use customer workspace content to advertise third-party products.
4. Legal Bases
Where EU or UK data protection law applies, our legal bases may include performance of a contract, legitimate interests in operating and securing an enterprise SaaS platform, compliance with legal obligations, and consent where required, such as for optional cookies or certain communications.
Customers are responsible for determining the legal basis for personal data they place into their Reflexio workspaces.
5. Sharing and Subprocessors
We share personal data only where needed to operate Reflexio, comply with law, protect the service, or support a customer request. This may include hosting providers, authentication services, email delivery providers, analytics or monitoring services, payment or billing providers, and professional advisers.
Customer workspace data is not sold. Access is limited to authorized personnel, service providers, or subprocessors with appropriate confidentiality and security obligations.
6. International Transfers
Reflexio may process information in countries where we or our providers operate. When required, we use appropriate safeguards for cross-border transfers, such as contractual protections, data processing agreements, or equivalent transfer mechanisms.
7. Retention
We retain personal data for as long as needed to provide Reflexio, maintain security and audit records, meet contractual or legal obligations, resolve disputes, and enforce agreements.
Customer workspace content is retained according to the customer configuration, contract, deletion request, or applicable legal requirement. Backup and audit data may persist for a limited period before deletion from active systems.
8. Security
Reflexio LTD uses administrative, technical, and organizational measures designed to protect personal data, including tenant separation, role-aware access, authentication controls, audit logging, encryption in transit, and restricted operational access.
No system is completely secure. Customers should configure appropriate roles, SSO, MFA, and access policies for their organization.
9. Your Privacy Rights
Depending on your location, you may have rights to access, correct, delete, restrict, object to, or receive a copy of personal data. You may also have the right to withdraw consent or complain to a data protection authority.
If your data is controlled by a Reflexio customer, we may direct your request to that customer or assist them in responding.
10. Cookies and Similar Technologies
We use necessary cookies and similar technologies for authentication, security, session continuity, fraud prevention, and service operation. We may use optional analytics or preference technologies where configured and permitted.
Browser controls may allow you to block or delete cookies, but some Reflexio features may not work without necessary cookies.
11. Children
Reflexio LTD is an enterprise service and is not directed to children. We do not knowingly collect personal data from children through the Reflexio Suite.
12. Changes to This Notice
We may update this Privacy Policy to reflect product, legal, security, or operational changes. If changes are material, we will provide notice through the website, service, or other appropriate channel.
Contact Reflexio
For privacy questions, data requests, security concerns related to personal data, or customer data processing inquiries, contact privacy@reflexio.io.