Xzlenz Logo
Platform Overview Frameworks Testimonials Contact Us
Sign in to Xzlenz Sign in to Xzlenz v3

Privacy Policy

Last Updated: 01 July 2026

Applies To: Xzlenz website, SaaS platform, client portals, APIs, integrations, support channels, and related product modules.

Contact: info@xzlenz.com

1. Introduction

Xzlenz respects the privacy, confidentiality, and security of the organizations and users who access our website and platform. This Privacy Policy explains how Xzlenz, CyberCube, and their applicable affiliated or contracting entities collect, use, disclose, retain, and protect information in connection with the Xzlenz Platform.

Xzlenz is a governance, risk, compliance, audit, privacy, security, evidence, reporting, asset, vendor risk, and AI-assisted workflow platform. Because the platform is used for compliance and audit-grade activities, it may process business information, user information, compliance records, risk records, evidence files, audit logs, reports, and other confidential customer content.

This Privacy Policy should be read together with the Xzlenz Terms & Conditions, any applicable order form, statement of work, data processing agreement, and client-specific contract.

2. Scope of This Policy

This Policy applies when you:

  • Visit or interact with the Xzlenz website.
  • Request a demo, proposal, client scoping document, support, or onboarding assistance.
  • Access or use the Xzlenz Platform, including modules for frameworks, policies, continuous compliance, assessment objectives, risk assessment, asset inventory, cloud inventory, vendor risk management, regulatory reports, custom reports, process management, AI features, client users, notifications, audit logs, and related workflows.
  • Connect third-party systems, cloud accounts, identity providers, ticketing tools, repositories, communication tools, or other integrations to Xzlenz.

This Policy does not replace privacy notices that our customers may be required to provide to their own employees, vendors, auditors, consultants, or other data subjects.

3. Our Role: Controller, Processor, or Service Provider

Depending on the context, Xzlenz may act in different privacy roles:

  • As an independent controller for information we collect for website operations, sales, marketing, account administration, billing, security, product analytics, customer communications, and support.
  • As a processor or service provider when we process customer-controlled content inside the Xzlenz Platform on behalf of a subscribing organization.
  • As instructed by the customer where customer administrators configure users, permissions, modules, workflows, integrations, evidence uploads, reports, and retention practices.

Where Xzlenz processes customer content as a processor or service provider, the customer is responsible for ensuring that it has the necessary notices, consents, lawful bases, contractual rights, and authorizations to submit that information to the platform.

4. Information We Collect

4.1 Website, Sales, and Inquiry Information

We may collect your name, business email address, phone number, company name, designation, country, message content, demo requests, proposal requests, and related communications when you contact us or submit a form.

4.2 Account, User, and Administrative Information

When a customer account is created, we may process organization profile details, administrator details, user names, business email addresses, contact numbers, designations, roles, permissions, module access, tenant identifiers, authentication metadata, login status, and account activity.

4.3 Customer Content Entered Into the Platform

Customers and authorized users may upload, configure, or generate information such as compliance frameworks, mapped controls, policies and standards, privacy frameworks, AI frameworks, assessment objectives, evidence request lists, evidence files, audit findings, continuous compliance tasks, risk assessments, treatment plans, asset inventories, cloud asset metadata, vendor records, vendor questionnaires, process records, regulatory reports, custom reports, comments, approvals, rejections, signatures, timestamps, workflow remarks, and related records.

4.4 Integration and Cloud Metadata

Where a customer enables integrations, we may process configuration details, connection metadata, API responses, cloud-resource metadata, access tokens or keys where technically necessary, sync logs, error logs, and records received from the connected system. The information processed depends on the integration selected and the permissions granted by the customer.

4.5 Usage, Security, and Audit Information

We may collect IP addresses, browser type, device identifiers, operating system details, session identifiers, pages visited, feature usage, timestamps, login attempts, role changes, access logs, activity logs, error logs, system events, security alerts, and audit trails.

4.6 Support and Communication Information

We may process support tickets, email communications, attachments, troubleshooting data, product feedback, training requests, implementation notes, and similar information provided during support or onboarding.

5. Sensitive, Regulated, and Confidential Information

Xzlenz is designed for compliance, audit, risk, and governance workflows. Customers should carefully control what information is uploaded to the platform. Unless required for an authorized compliance or audit purpose, users should avoid uploading excessive personal data, highly sensitive personal data, payment card data, production secrets, private keys, passwords, health information, criminal record information, or regulated information that is not necessary for the selected workflow.

Customer administrators are responsible for configuring role-based access, user permissions, evidence visibility, data minimization, retention, and internal approval workflows appropriate to their organization.

6. How We Use Information

We use information for the following purposes:

  • To operate, maintain, secure, and improve the Xzlenz website and platform.
  • To create client profiles, administrator accounts, user accounts, roles, permissions, licenses, modules, dashboards, reports, workflows, notifications, and audit trails.
  • To support governance, compliance, audit, risk, privacy, evidence, asset, cloud, vendor, process, and reporting activities configured by the customer.
  • To provide AI-assisted summaries, mapping suggestions, control correlations, risk insights, report assistance, workflow support, and other product features, where enabled.
  • To authenticate users, prevent unauthorized access, detect misuse, investigate incidents, and maintain platform security.
  • To provide customer support, onboarding, training, troubleshooting, maintenance, and service communications.
  • To process commercial requests, invoices, subscription administration, renewals, and contractual obligations.
  • To comply with applicable laws, enforce agreements, protect rights, and respond to lawful requests.

7. AI-Assisted Features

Xzlenz may include AI-assisted features that help users analyze compliance data, summarize evidence, generate report narratives, map controls, identify workflow gaps, or review risk and audit information. AI outputs are generated for assistance only and should be reviewed by qualified personnel before being relied upon for legal, regulatory, audit, security, or business decisions.

Unless separately agreed with a customer, Xzlenz does not sell customer content and does not use customer content to train third-party public AI models. Customer-specific AI processing, prompts, outputs, and generated content remain subject to the applicable customer agreement and platform configuration.

8. Cookies and Similar Technologies

We may use cookies, pixels, local storage, and similar technologies to operate the website, remember preferences, support authentication, measure usage, improve performance, and protect against abuse. You may disable cookies through your browser settings, but some website or platform functionality may not work correctly.

9. How We Share Information

We may share information in the following circumstances:

  • With service providers and subprocessors that help us host, secure, monitor, support, analyze, communicate, or operate the platform.
  • With customer-authorized users according to the customer’s tenant configuration, roles, workflows, reports, and permissions.
  • With third-party integrations when the customer enables a connector or directs us to exchange information with another system.
  • With professional advisers such as auditors, legal advisers, security consultants, or insurers where reasonably necessary.
  • For legal, security, and compliance reasons where disclosure is required by law, court order, lawful request, contract enforcement, fraud prevention, security incident response, or protection of rights and safety.
  • In business transfers such as a merger, acquisition, financing, reorganization, or sale of assets, subject to appropriate confidentiality protections.

We do not sell customer content.

10. International Transfers

Xzlenz may process and store information in countries where we, our affiliates, service providers, or infrastructure providers operate. Where required by applicable law, we use appropriate contractual, technical, and organizational safeguards for international transfers of personal data.

11. Data Retention

We retain personal data and customer content for as long as necessary to provide the platform, comply with contractual and legal obligations, resolve disputes, enforce agreements, maintain audit trails, support security, and meet legitimate business purposes.

Customer content retention may depend on the customer’s subscription, configured workflows, legal hold requirements, backup cycles, report retention needs, and contract terms. After account termination, customer data may be deleted, returned, archived, or retained as described in the applicable agreement or as required by law.

12. Security Measures

We use administrative, technical, and organizational safeguards designed to protect information against unauthorized access, disclosure, alteration, and destruction. These safeguards may include access controls, role-based permissions, authentication controls, encryption where appropriate, monitoring, logging, backups, vulnerability management, restricted administrative access, and secure development practices.

No system can be guaranteed to be completely secure. Customers are responsible for protecting their credentials, configuring appropriate permissions, reviewing user access, and promptly notifying us of suspected unauthorized access.

13. Customer Administrator Controls

Customer administrators may control users, permissions, modules, framework access, evidence visibility, report access, approval workflows, integrations, and related account settings. Requests relating to customer-controlled content should generally be directed first to the customer organization that controls the relevant Xzlenz tenant.

14. Your Privacy Rights and Choices

Depending on your location and applicable law, you may have rights to access, correct, update, delete, restrict, object to, or receive a copy of personal data, and to withdraw consent where processing is based on consent. You may also have the right to complain to a supervisory authority.

To submit a privacy request, contact info@xzlenz.com. We may need to verify your identity and, where your information is controlled by a customer, we may refer the request to that customer or process it according to the customer’s instructions.

15. Marketing Communications

You may opt out of non-essential marketing communications by following the unsubscribe instructions in the message or by contacting us. We may still send transactional, security, legal, support, and service-related communications.

16. Children

Xzlenz is intended for business and organizational use. It is not directed to children, and we do not knowingly collect personal data from children through the website or platform.

17. Third-Party Links and Services

The website or platform may contain links to third-party websites or allow integrations with third-party services. Their privacy practices are governed by their own policies. Customers should review third-party permissions and privacy terms before enabling integrations.

18. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect product changes, legal requirements, operational practices, or security improvements. The updated version will be posted on this page with a revised “Last Updated” date. Where required, we may provide additional notice.

19. Contact Us

For privacy questions, data requests, or concerns regarding this Privacy Policy, contact us at info@xzlenz.com.

Xzlenz logo

A governance, risk, compliance, audit, privacy, and cybersecurity management platform by CyberCube.

Address

  • 30 N Gould St, STE 7001 Sheridan,
    WY 82801
  • info@xzlenz.com

Resources

  • Platform
  • Overview
  • Frameworks
  • Testimonials
  • Contact Us

© 2026 Xzlenz

Privacy Policy Terms & Conditions