Privacy Policy

Effective Date: 09 December 2025

1. Introduction Foundcoo Limited (“Company”, “we”, “us”, or “our”), a company incorporated under the laws of Hong Kong, operating as Claryx.io, is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your Personal Data when you visit our website or use our SaaS applications (collectively, the “Service”).

By accessing or using the Service, you consent to the data practices described in this Policy. If you do not agree with the terms of this Policy, please do not use the Service.

2. Information We Collect We collect Personal Data that is reasonably necessary to provide our SaaS services. This includes information you provide directly, payment-related details, and data collected automatically.

2.1 Information You Provide Directly When you register for an account or interact with the Service, we collect details such as your name, business email address, phone number, job title, and company name. We also collect any data, text, or files you upload or input into the Service (“Customer Content”). Additionally, we gather the content of any messages you send to our support team, such as emails or chat inquiries.

2.2 Payment Information We do not store your full credit card details. All payment transactions are handled by third-party processors (e.g., Stripe, PayPal). We retain only limited information needed for billing and verification, such as the payment method type and the last four digits of your card.

2.3 Automated Information Collection We automatically gather usage data about your interactions with the Service, including your IP address, browser type, operating system, referral URLs, device details, and pages visited. This information helps with analytics, security monitoring, and improving Service performance.

3. How We Use Your Information We use your Personal Data in accordance with the Personal Data (Privacy) Ordinance (Cap. 486) (“PDPO”) for the following purposes: to operate, maintain, and deliver the Service; to manage your account, process payments, and send administrative communications (e.g., invoices, technical notices, or security alerts); to provide customer support and respond to your inquiries; to analyze usage trends and enhance our algorithms and Service functionality; to send promotional materials about our services (you may opt out at any time by clicking the “unsubscribe” link in marketing emails or contacting us at info@claryx.io); and to comply with legal obligations, resolve disputes, and enforce our agreements.

4. AI Model Training We may use aggregated and de-identified Customer Content to train and improve our AI models, which enhances the accuracy and functionality of the Service for all users. If you have an enterprise agreement that includes a data training opt-out, your Customer Content will not be used for this purpose. To request opt-out options for your account, please contact us at info@claryx.io.

5. Disclosure of Your Information We do not sell your Personal Data. We may share it with trusted third parties under strict confidentiality obligations, including service providers for cloud hosting (e.g., AWS, Google Cloud), AI models (e.g., OpenAI, Anthropic), payment processing, email delivery, and analytics. We may also disclose data if required by law, in response to valid requests from public authorities (e.g., courts or government agencies), or in connection with business transfers such as mergers, asset sales, financing, or acquisitions.

6. Cookies and Tracking Technologies We use cookies and similar technologies to collect usage data and enhance your experience. Essential cookies are necessary for core Service functions like session management and security. Analytics cookies help us understand user interactions (e.g., via Google Analytics). Preference cookies store your settings. You can manage cookies through your browser settings, though disabling them may limit Service functionality.

7. Cross-Border Data Transfers Our cloud infrastructure (e.g., Amazon Web Services or Azure) may involve transferring, storing, or processing your Personal Data outside Hong Kong, including in the United States. Although Section 33 of the PDPO (which regulates such transfers) is not yet in force, we follow best practices by using data processing agreements with providers to ensure your Personal Data receives protection comparable to that under the PDPO.

8. Security of Data We implement industry-standard measures to protect your Personal Data from unauthorized access, disclosure, alteration, or destruction, including SSL/TLS encryption for data in transit, access controls, and secure cloud environments. However, no Internet transmission or electronic storage method is entirely secure, so we cannot guarantee absolute protection. We commit to using commercially reasonable efforts to safeguard your data.

9. Data Breach Notification While not statutorily required under the PDPO, in the event of a data breach involving your Personal Data that poses a real risk of harm, we will notify you and the Office of the Privacy Commissioner for Personal Data (“PCPD”) as soon as practicable, in line with PCPD guidance.

10. Retention of Data We retain your Personal Data only as long as necessary for the purposes outlined in this Policy. Account data is kept while your account is active and for a reasonable period afterward to support reactivation or Service improvements. Customer Content is retained during your active use and for 30 days after account termination to allow export, after which it is deleted. Financial records are kept for at least seven years to comply with Hong Kong tax and accounting requirements. Once no longer needed for legitimate business purposes, we securely delete or anonymize the data.

11. Your Rights Under the PDPO (Hong Kong) If you are located in Hong Kong, the PDPO grants you rights to access and correct your Personal Data. You may request a copy of the Personal Data we hold about you or ask us to correct any inaccuracies. Withdrawing consent for processing may impact our ability to provide the Service. To exercise these rights, contact our Data Protection Officer (details below). We aim to respond within a reasonable timeframe, typically 40 days.

12. GDPR Rights (EEA Users) If you are in the European Economic Area (EEA), you have additional rights under the General Data Protection Regulation (GDPR), including the right to erasure (subject to exceptions like legal retention needs), data portability in a structured format, restriction of processing in certain cases, objection to processing for marketing, and lodging complaints with a supervisory authority. We process your data based on contract performance, our legitimate interests in Service operation and improvement, your consent (where required), and legal compliance.

13. California Privacy Rights (CCPA/CPRA) California residents have rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA) to know the categories and specific pieces of Personal Data we collect, request deletion (with exceptions), correct inaccuracies, opt out of sales or sharing (we do not engage in these), and avoid discrimination for exercising rights. Contact us at info@claryx.io to exercise these; we will verify your identity before responding.

14. Children's Privacy The Service is not directed to individuals under 18. We do not knowingly collect Personal Data from children. If we learn of such collection without parental consent, we will delete it promptly. If you believe we have collected a child’s data, please contact us at info@claryx.io.

15. Third-Party Links The Service may link to third-party sites or services we do not control. We are not responsible for their content, privacy practices, or policies. Please review the privacy policies of any third-party sites you visit.

16. Changes to This Privacy Policy We may update this Policy periodically. Changes will be posted here with an updated “Last Updated” date. For material changes affecting your rights, we will provide at least 30 days’ notice via email or in-Service notification. We encourage you to review this Policy regularly.

17. Contact Us & Data Protection Officer For questions about this Policy or to exercise your rights, contact our Office:

Company: Foundcoo Limited

Address: 99 Hennessy Road, 2301 Bayfield Building,
Wan Chai, Hong Kong

Email: info@claryx.io

Phone: +852 3001 6617