Privacy Policy

1. Introduction

MCX Services, LLC ("MCX Services," "we," "us," or "our") is a Colorado limited liability company headquartered in Denver, Colorado. We operate mcxservices.com and qxproveit.com, and we provide QA consulting services and the QXProveIt software quality management platform.

This Privacy Policy describes how we collect, use, disclose, and protect information about you when you visit our websites, contact us, or use our services. By accessing our websites or engaging our services, you agree to the practices described in this policy.

2. Information We Collect

Information you provide directly:

• Contact information submitted through our contact forms, including name, email address, company name, and message content.
• Account information if you register for or use the QXProveIt platform, including email address, name, organization, and role.
• Payment information processed through our payment processor (Authorize.net via Chase Paymentech). We do not store payment card numbers — all payment data is handled directly by our PCI-compliant payment processor.
• Communications you send to us by email or through our support channels.

Information collected automatically:

• Website usage data collected through Google Analytics, including pages visited, time on site, referral source, and general geographic location (country/region level). Google Analytics uses cookies to collect this data.
• Log data, including IP address, browser type, operating system, and access timestamps, collected automatically by our web infrastructure.
• Cookies and similar tracking technologies as described in Section 5 below.

Information we do not collect:

• Source code or proprietary technical assets submitted through the QXProveIt platform are processed within your designated environment and are not retained by MCX Services on our systems. Our air-gapped deployment architecture is designed so that customer code never leaves the customer's environment.

3. How We Use Your Information

We use the information we collect for the following purposes:

• To respond to contact form submissions and sales inquiries.
• To provide, operate, and improve the QXProveIt platform and our consulting services.
• To process payments and manage billing for platform subscriptions.
• To send transactional communications, including account notifications, invoices, and support responses.
• To send marketing communications where you have opted in or where we have a legitimate interest, with opt-out available at any time.
• To analyze website usage and improve our content and user experience through aggregated analytics data.
• To comply with legal obligations and protect our legal rights.
• To detect, prevent, and address technical issues, fraud, and security incidents.

4. Legal Basis for Processing (GDPR)

For individuals in the European Economic Area, United Kingdom, or other jurisdictions where GDPR or equivalent laws apply, we process personal data on the following legal bases:

• Contract: Processing necessary to perform a contract with you, including providing platform services and processing payments.
• Legitimate interests: Processing for our legitimate business interests, including responding to inquiries, improving our services, and ensuring security, where those interests are not overridden by your rights.
• Consent: Processing based on your consent, such as marketing communications. Consent may be withdrawn at any time.
• Legal obligation: Processing required to comply with applicable law.

5. Cookies

Our websites use cookies and similar technologies. A cookie is a small data file stored on your device. We use the following categories of cookies:

• Strictly necessary cookies: Required for the operation of our websites, including session management for authenticated admin users. These cannot be disabled.
• Analytics cookies: Set by Google Analytics (Google LLC) to collect aggregated usage data. These cookies track your interactions with our website anonymously. You may opt out of Google Analytics tracking by installing the Google Analytics Opt-out Browser Add-on available at tools.google.com/dlpage/gaoptout.

Most web browsers allow you to control cookies through browser settings. Disabling cookies may affect the functionality of certain features of our websites.

6. Information Sharing and Disclosure

We do not sell, rent, or trade your personal information. We share information only in the following circumstances:

• Service providers: We share information with third-party vendors who assist us in operating our business, including Google (analytics), Authorize.net and Chase Paymentech (payment processing), SendGrid (transactional email delivery), and Odoo S.A. (CRM and business operations). These providers are contractually obligated to protect your information and may not use it for their own purposes.
• Legal requirements: We may disclose information when required by law, court order, or governmental authority, or when we believe disclosure is necessary to protect our rights, your safety, or the safety of others.
• Business transfers: In the event of a merger, acquisition, or sale of all or a portion of our assets, personal information may be transferred as part of that transaction. We will notify you by email or prominent notice on our website if such a transfer occurs and your information will become subject to a different privacy policy.
• With your consent: We may share information for any other purpose with your explicit consent.

7. Data Retention

We retain personal information for as long as necessary to fulfill the purposes for which it was collected, comply with legal obligations, resolve disputes, and enforce agreements.

• Contact form submissions and sales inquiry records are retained for up to three years from the date of last contact.
• Platform account data is retained for the duration of the account relationship and for up to two years following account termination, unless a longer retention period is required by law.
• Payment records are retained in accordance with applicable financial recordkeeping requirements, typically seven years.
• Analytics data is retained in Google Analytics in accordance with our configured retention settings (26 months).

8. Data Security

We implement appropriate technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. These measures include encryption of data in transit (TLS), access controls, and regular security assessments.

No method of transmission over the internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your information, we cannot guarantee absolute security. If you believe your information has been compromised, please contact us immediately at support@mcxservices.com.

9. Your Rights

Depending on your jurisdiction, you may have the following rights with respect to your personal information:

• Access: The right to request a copy of the personal information we hold about you.
• Correction: The right to request correction of inaccurate or incomplete personal information.
• Deletion: The right to request deletion of your personal information, subject to certain exceptions required by law or legitimate business necessity.
• Portability: The right to receive your personal information in a structured, machine-readable format.
• Objection: The right to object to processing based on legitimate interests.
• Restriction: The right to request restriction of processing in certain circumstances.
• Opt-out of marketing: The right to opt out of marketing communications at any time by contacting us or using the unsubscribe mechanism in any marketing email.

California residents have additional rights under the California Consumer Privacy Act (CCPA), including the right to know what personal information is collected, the right to opt out of the sale of personal information (we do not sell personal information), and the right to non-discrimination for exercising CCPA rights.

To exercise any of these rights, please contact us at support@mcxservices.com. We will respond within the timeframe required by applicable law (generally 30 days).

10. Third-Party Links

Our websites may contain links to third-party websites and services. This Privacy Policy applies only to our websites and services. We are not responsible for the privacy practices of third-party sites and encourage you to review their privacy policies before providing any personal information.

11. Children's Privacy

Our websites and services are not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If you believe we have inadvertently collected information from a child, please contact us immediately and we will take steps to delete that information.

12. International Data Transfers

MCX Services is based in the United States. If you are accessing our services from outside the United States, your information may be transferred to, stored, and processed in the United States where our servers are located and our central database is operated. By using our services, you consent to this transfer.

For transfers from the European Economic Area, we rely on appropriate safeguards including Standard Contractual Clauses where applicable.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page with a revised "Last updated" date. For significant changes, we will provide additional notice such as an email notification to registered platform users. Your continued use of our services after the effective date of any changes constitutes your acceptance of the updated policy.

14. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us: