Legal

Privacy Policy

Last updated: July 9, 2026. We are finalizing our legal documents; this version may be updated.

The CX Signature ("The CX Signature," "we," "us," or "our") operates the website at www.thecxsignature.com and related services (the "Services") — a curated vendor directory and activation-planning tool for the people who run buildings and offices. The Services are provided by MainstreetXR LLC (doing business as "The CX Signature"), 5955 Alpha Road, Suite #5206, Dallas, Texas 75240. Questions about this policy or your data: hello@thecxsignature.com.

1. Scope

This policy explains what information we collect through the Services, how we use and share it, and the choices and rights you have. It applies to members (property and office managers and their teams who use the directory and planner), vendors (businesses listed in the directory, whether or not they have claimed a listing), and visitors to our public pages. It does not apply to third-party sites or services we link to.

2. Information we collect

Information you give us

  • Account information — when a management company or building creates an account: company/building name, the account user's name and work email, role, and the buildings a user is assigned to. Accounts belong to the management company/employer and may include multiple users.
  • Vendor-provided information — when a vendor claims and manages a listing: business name, contact details, description, images, service areas, and similar content the vendor chooses to publish.
  • Communications — messages you send us (for example, support, contact, or team-inquiry forms).
  • Payment information — if you purchase a paid plan, our payment processor (Stripe) collects and processes your payment details. We do not store full card numbers; we receive limited billing confirmation (such as plan, status, and last four digits) from the processor.

Information we collect automatically

  • Usage and device data — we use a privacy-focused analytics provider (Plausible) that measures aggregate usage without cross-site tracking or advertising cookies and without building profiles of individuals.
  • Essential cookies and local storage — used to keep you signed in and to remember basic preferences. We do not use third-party advertising or cross-site tracking cookies.

Information about vendors from public sources (directory listings)

For vendors who have not claimed a listing, we create directory entries from publicly available information and from the vendor's own website. Certain live details on an unclaimed listing — such as ratings, photos, hours, and address — are displayed live from Google at the time the page loads, with attribution, and are not stored by us. The only identifier we store from Google is a Google Place ID. A vendor may claim, correct, or request removal of a listing at any time (see "Vendor listings and your choices").

3. How we use information

We use information to provide and operate the Services (accounts, the directory, the planner); process payments and manage subscriptions; send service and account communications (such as sign-in, receipts, and — for members — notifications like when new monthly content is available); provide support; maintain security, prevent abuse, and enforce our Terms; understand aggregate usage to improve the Services; and comply with legal obligations.

Where required (for example, under GDPR), we rely on performance of a contract, our legitimate interests, consent, and legal obligation as our bases for processing.

4. How we share information

We do not sell your personal information, and we do not share it for cross-context behavioral advertising.

We share information with:

  • Service providers who process data on our behalf under contract, limited to what they need — for example: Supabase (hosting and database), Stripe (payments), Resend (transactional email), Plausible (privacy-focused analytics), and Google (live display of certain directory data at render time).
  • Legal and safety — when required by law, to respond to lawful requests, or to protect the rights, safety, and property of users, the public, or us.
  • Business transfers — in connection with a merger, acquisition, or sale of assets, subject to this policy.

5. Vendor listings and your choices (vendors)

If you are a vendor, a directory listing does not mean you endorse, sponsor, or are affiliated with The CX Signature, and it does not mean we endorse you. You can claim your listing to control its content, correct inaccuracies, or request removal by contacting hello@thecxsignature.com. Live details shown on an unclaimed listing come from Google at page-load time and are governed by Google's terms; we store only your Google Place ID plus any editorial fields we author or you provide.

6. Your rights and choices

Depending on where you live, you may have rights to access, correct, delete, or export your personal information, to opt out of certain processing, and to not be discriminated against for exercising these rights. Members can also export their own entered data (such as events, dates, spend, and notes) at any time, including on a lapsed plan. To make a request, contact hello@thecxsignature.com; we will verify and respond as required by applicable law. We do not sell or share your personal information as those terms are defined under California law.

7. Cookies and tracking

We use only essential cookies and local storage (to keep you signed in and remember basic preferences) and privacy-focused analytics that do not use advertising or cross-site tracking cookies. Because we do not use non-essential tracking, you can use the Services without accepting advertising cookies. You can control cookies through your browser settings.

8. Data retention

We keep personal information for as long as your account is active or as needed to provide the Services, then for a reasonable period to comply with legal obligations, resolve disputes, and enforce our agreements. Aggregate, de-identified analytics may be kept longer. We store only a Google Place ID (not live Google content) for directory listings.

9. Security

We use reasonable technical and organizational measures to protect information, such as encryption in transit, access controls, and reputable infrastructure providers. No method of transmission or storage is completely secure, so we cannot guarantee absolute security.

10. Children

The Services are for business use by adults and are not directed to children under 18. We do not knowingly collect personal information from children. If you believe a child has provided us information, contact hello@thecxsignature.com and we will delete it.

11. International users

We operate in the United States. If you access the Services from outside the United States, you understand your information may be processed in the United States, where privacy laws may differ from those in your location. Where required, we implement appropriate safeguards for international transfers.

12. Changes to this policy

We may update this policy from time to time. We will post the updated version with a new effective date and, where required, provide additional notice. Your continued use of the Services after an update means you accept the revised policy.

13. Contact us

Questions, requests, or complaints: hello@thecxsignature.com — MainstreetXR LLC dba The CX Signature, 5955 Alpha Road, Suite #5206, Dallas, Texas 75240.