Privacy Policy for CXI Software DOOEL and the Simple Store Application Last Updated: 09/05/2025 CXI Software DOOEL (“we”, “our”, “us”, or “the Company”) operates in strict adherence to data protection principles and in full observance of applicable data privacy regulations. This Privacy Policy outlines, in exhaustive detail and with heightened emphasis on transparency and disclosure, the nature, scope, and purposes of data processing activities conducted through and in association with the Simple Store software application (“Simple Store” or “the Application”) and all relevant ancillary services or systems managed by CXI Software DOOEL. By installing, accessing, or using the Application or related services, the user (“you”, “your”, “Data Subject”, or “Customer”) expressly acknowledges, agrees, and consents—either by affirmative action or continued usage—to the collection, retention, processing, usage, analysis, transmission, and potential disclosure of the categories of information enumerated herein for the legitimate, operational, analytical, or networking purposes as further elaborated below. 1. Information We Collect In the normal course of interaction with our software platform and during the engagement with its features, functionalities, and networked services, we may collect, process, store, analyze, and transmit various forms of data, either provided directly by the user, collected automatically through device interactions, or derived from integrations with third-party services, including but not limited to the following categories: 1.1 Product and Commercial Data Detailed product information, including SKU identifiers, barcodes, pricing data, measurement units, packaging specifications, and all metadata pertaining to inventory management; Company-related records such as business name, tax number, registration credentials, regional and postal addresses, contact numbers, and banking information; Corporate client and partner lists, which may contain names, locations, identification numbers, transaction records, and historical logs of commercial interaction. This data is collected with the express intent to enable business-to-business networking, to facilitate interoperability among stakeholders, and to enrich analytical processes for internal feature enhancements and user-experience optimization. 1.2 Device and Technical Data Device-specific identifiers including device model, manufacturer, operating system version, screen dimensions, language settings, and unique user-generated or system-derived IDs; Diagnostic and telemetry data, inclusive of application crash reports, error logs, and performance metrics, which may be periodically uploaded to our servers or a third-party analytics service for root-cause identification and service improvement. 2. Purposes of Data Usage All aforementioned categories of data may be collected, aggregated, used, and retained, with or without direct user intervention, for the following (non-exhaustive) list of purposes: Operational Necessity: To ensure the uninterrupted and optimized delivery of services, inclusive of syncing data between local and cloud repositories, generating reports, maintaining inventory continuity, and fulfilling billing and invoicing functions; Networking Enablement: To facilitate the lawful exchange of company and product metadata with business partners, vendors, or clients within the software ecosystem for the purposes of streamlined commerce, procurement, and communication; Analytical Processing: To monitor usage trends, perform advanced statistical analysis, enhance user experience, and calibrate internal algorithms based on anonymized or pseudonymized data patterns; Security and Diagnostics: To detect, prevent, and investigate security incidents, malicious behavior, or functional anomalies by leveraging crash reports, telemetry data, and hardware analytics; Regulatory Compliance: To meet any legal obligations, including but not limited to retention requirements, audit logs, or reporting duties to governmental or regulatory bodies. 3. Legal Grounds for Processing All data processing activities undertaken by CXI Software DOOEL are rooted in at least one of the following lawful bases, as mandated under applicable legislation: The performance of a contract between the user and the Company; The legitimate interests of CXI Software DOOEL, such as maintaining software integrity, expanding commercial networks, and improving analytical precision; Compliance with a legal obligation; Explicit user consent, where required, which may be withdrawn at any time without retroactive effect. 4. Data Sharing and Disclosure While CXI Software DOOEL does not, as a matter of policy, sell or commercialize personal data for direct profit, the following scenarios may necessitate the sharing or transfer of certain data categories: With trusted third-party service providers (e.g., Firebase, analytics platforms) engaged under strict confidentiality agreements for data processing and hosting purposes; In the context of business transactions such as mergers, acquisitions, or asset sales, where such data constitutes a necessary part of operational continuity; With authorities or regulatory bodies upon lawful request or subpoena; With other users of the platform, for explicitly enabled networking features that rely on the sharing of company metadata or product catalogs. 5. Data Retention and Security All data, unless subject to legal retention periods or user-requested deletion, will be retained for as long as necessary to fulfill the purposes stated herein. We implement a wide range of organizational, technical, and administrative safeguards—both at rest and in transit—to mitigate unauthorized access, disclosure, loss, or alteration of user data. 6. User Rights and Control Subject to verification and legal exceptions, users may exercise rights concerning their data, which may include: The right to access, correct, or delete personal data; The right to object to or restrict processing; The right to withdraw previously granted consent; The right to lodge a complaint with a supervisory authority. Requests for data access or deletion may be submitted via support@cxi.mk 7. Jurisdiction and Governing Law This Privacy Policy, and any disputes arising from or relating to data practices governed herein, shall be interpreted in accordance with the laws of North Macedonia, and any legal actions must be brought within its competent jurisdictional courts, unless otherwise mandated by applicable international treaties. 8. Policy Updates We reserve the unequivocal right to amend or revise this Privacy Policy at our sole discretion. All changes will be communicated through updates to this document, and continued usage of our services shall constitute acceptance of such modifications. Contact Us For further inquiries, requests, or clarifications, you may contact us at: CXI Software DOOEL UL 100 BB 100 Vrapchiste 1230 Email: contact@cxi.mk