Privacy policy
This Privacy Policy explains how IXL Consultants Limited (“IXL CORE”, “we”, “us”, “our”) collects, uses, shares, and protects personal data when you visit our website, register an account, start a trial, subscribe, or use the IXL CORE platform and related services (collectively, the “Service”). We are committed to handling personal data responsibly and in line with applicable data protection laws, including Kenya’s Data Protection Act, 2019 where relevant. If you have questions about this Policy or how we handle data, contact support@ixlcore.com . Billing-related queries may be sent to billing@ixlcore.com .
Who We Are
The Service is provided by IXL Consultants Limited, incorporated in Kenya. In most cases, when you create an account for your business and upload customer or staff information into IXL CORE, your business acts as the “data controller” for that information and IXL CORE acts as a “data processor” that processes the data only to provide the Service to you. Where we collect data directly for our own purposes, such as responding to enquiries or managing subscriptions, we act as a data controller for that information.
What Personal Data We Collect
We collect personal data in several ways depending on how you use the Service. When you visit our website or contact us, we may collect contact details such as your name, email address, phone number, company name, country, and the content of your message. When you register for an account or subscribe, we may collect account details such as your name, email address, login credentials, business profile information, user roles, and subscription information. When you use the platform, we may process the personal data you choose to upload or create in the system, including customer contacts, supplier contacts, staff profiles, invoices, messages, notes, documents, and other business records (together “Customer Data”). We may also collect technical data such as your IP address, browser type, device information, pages visited, and general usage activity for security, analytics, and service improvement. Where payments are involved, we may receive payment status information and transaction references from payment processors, but we do not typically store full card details on our servers.
How We Use Personal Data
We use personal data to provide, operate, maintain, and improve the Service, including creating accounts, enabling login and access control, providing support, and ensuring system performance. We use personal data to communicate with you about your account, trial, subscription, service updates, security notices, and support tickets. We use data to manage billing and administration, including invoices, renewals, and payment follow-up. We use personal data to prevent fraud, detect misuse, secure the Service, and protect users. We also use aggregated or de-identified usage patterns to understand what features are used and to improve product quality. If you submit a demo request or enquiry, we use your information to respond and to follow up regarding onboarding and product information. Where allowed by law, we may also send product updates and service-related messages, and you can opt out of non-essential marketing communications at any time.
Legal Basis for Processing
Where applicable, we process personal data on one or more of the following grounds: we process data to perform a contract with you (such as providing the Service under your subscription), to take steps at your request prior to entering into a contract (such as responding to demo requests), to comply with legal obligations (such as accounting and tax requirements), to protect legitimate interests (such as ensuring security, preventing fraud, improving the Service, and maintaining reliable operations), and where required, based on your consent (for example, where consent is needed for certain marketing communications). If you upload Customer Data into IXL CORE, you confirm that you have the lawful authority and appropriate legal basis to collect, use, and store that data and to instruct us to process it on your behalf.
How We Share Personal Data
We do not sell personal data. We share personal data only as necessary to provide the Service, comply with the law, or protect rights and safety. We may share data with trusted service providers that help us operate the Service, such as hosting providers, analytics tools, email delivery services, and payment processors. These providers may process data only under our instructions and for the purposes of providing services to us. We may share data where required by law, regulation, court order, or lawful request, or where disclosure is necessary to protect the Service, our customers, users, and the public. If we are involved in a merger, acquisition, restructuring, or sale of assets, personal data may be transferred as part of that transaction, subject to appropriate safeguards.
International Data Transfers
Your data may be processed in countries other than where you live, depending on where our servers or service providers operate. Where cross-border transfers occur, we take reasonable steps to ensure appropriate safeguards are applied to protect personal data, including contractual protections with service providers and security controls.
Data Retention
We retain personal data only for as long as necessary to provide the Service and for legitimate business and legal purposes. Account and billing records may be retained for required legal and accounting periods. Customer Data stored in your account is retained during your subscription. After your subscription ends or your account is terminated, we may retain Customer Data for up to 90 days to allow you to export your data or reactivate your account, unless a longer retention period is required by law. After the retention period, Customer Data may be permanently deleted. You remain responsible for exporting any data you need before deletion occurs.
Security Measures
We implement reasonable administrative, technical, and organisational measures designed to protect personal data and Customer Data against unauthorised access, loss, misuse, alteration, or disclosure. However, no system can guarantee complete security. You are responsible for using strong passwords, limiting access to authorised users, and ensuring that your internal team handles exported data securely.
Your Rights and Choices
Depending on applicable law, you may have rights to request access to your personal data, request correction of inaccurate data, request deletion, object to or restrict processing, and request portability of your data. You may also withdraw consent where we rely on consent, without affecting processing carried out before withdrawal. To exercise your rights, contact support@ixlcore.com . We may need to verify your identity before completing a request. If you are an end-customer of one of our business customers (meaning your data is stored in IXL CORE by a business using our platform), you should direct your request to that business, because they control the data and we process it on their instructions.
Cookies and Tracking
Our website and platform may use cookies and similar technologies to enable core functionality, improve your experience, remember preferences, analyse traffic, and enhance security. You can control cookies through your browser settings, but some website features may not function properly if cookies are disabled. Where legally required, we will request cookie consent before placing non-essential cookies.
Marketing Communications
We may send service-related communications that are necessary to operate your account, such as security notices, billing messages, and product updates. Where permitted by law, we may also send marketing messages about IXL CORE. You can opt out of marketing communications by using the unsubscribe link (where provided) or by contacting support@ixlcore.com . Opting out of marketing does not affect essential service communications.
Third-Party Services and Integrations
IXL CORE may integrate with third-party services such as messaging tools, payment providers, email services, and other external systems. If you enable an integration, data may be exchanged with that provider as required for the integration to function. Your use of third-party services is governed by their own policies and terms, and we are not responsible for their privacy practices, outages, or changes.
Children’s Privacy
IXL CORE is not intended for use by children. We do not knowingly collect personal data from children. If you believe a child has provided personal data to us, contact support@ixlcore.com so we can take appropriate action.
Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or Service features. If we make material changes, we will provide notice via the Service or by email where appropriate. Continued use of the Service after the effective date of an updated policy means you accept the revised policy.
Contact Us
If you have questions about this Privacy Policy, how your data is handled, or you want to exercise your rights, contact support@ixlcore.com . For billing matters, contact billing@ixlcore.com .
Last updated: 27 Oct, 2025
