CXOwork← Back to home
Legal

Privacy Policy

Last updated: April 18, 2026

1 · Who we are

CXOwork ("CXOwork," "we," "us," or "our") operates a two-sided online marketplace at cxowork.com that connects companies ("Clients") with fractional executives such as CFOs, CMOs, CTOs, COOs, and other senior advisors ("Advisors").

This Privacy Policy describes how we collect, use, share, and protect information when you visit our website, create an account, post a request, send a message, or otherwise use our services (collectively, the "Services"). It applies to both Clients and visitors using our public site. Advisors using our Services are governed by additional terms covered separately on the Become a CXO flow.

By using the Services you confirm you have read this policy. If you do not agree, please do not use our Services.

2 · Information we collect

We collect information in three ways: directly from you, automatically as you use the site, and from third parties.

2.1 Information you give us

  • Account information. When you create a Client account we collect your name, work email address, and a password (or, if you sign in with Google, the OAuth identifier and email).
  • Profile and preference information. Through the onboarding wizard and your dashboard you may share your role you're hiring for, industry, company name, company size, business stage, location, current challenges, hourly-rate budget, phone number, and a brief description of what you're trying to accomplish.
  • Consultation requests. When you submit our Schedule a Consultation form we collect the name, company, email, phone (optional), preferred contact window, role, and free-text description you provide.
  • Messages. Content of direct messages you exchange with Advisors (or our support team) on the platform, including the time you sent them and read receipts where applicable.
  • Files you upload. Any documents, logos, or photos you choose to upload to your profile.
  • Communications with us. Records of email or chat conversations with our team, including any feedback, support questions, or survey responses.

2.2 Information collected automatically

  • Usage data. Pages viewed, features used, search queries, filter selections, time spent, and links clicked.
  • Device and log data. IP address, browser type and version, operating system, device identifiers, language, time zone, and referring URL.
  • Cookies and similar technologies. First- and third-party cookies, local storage, and session identifiers — see Section 7 for details.

2.3 Information from third parties

  • Authentication providers. If you sign in with Google, we receive your name, email, profile photo, and a unique provider identifier.
  • Payment processors. If we process a payment on your behalf via a service such as Stripe, we receive a tokenized reference and high-level transaction metadata. We do not store full card numbers.
  • Analytics and infrastructure providers. Aggregated, pseudonymized usage data from providers such as Firebase Analytics or our hosting platform.
  • Public sources. Publicly available business information (e.g., LinkedIn or company website) that we use to enrich profiles where you have consented.

3 · How we use your information

We use your information to operate and improve the Services. Specifically:

  • Match-making. To recommend Advisors whose skills, industry expertise, stage, and rate align with your stated needs.
  • Communication and intros. To enable direct messaging and introductions between you and Advisors, and to deliver platform notifications.
  • Account management. To create and maintain your account, verify your identity, and provide customer support.
  • Personalization. To remember your preferences (active persona, filter selections, language) and pre-fill forms.
  • Service improvement. To understand how Clients and Advisors use the Services, debug issues, and develop new features. We use aggregated and de-identified data wherever possible.
  • Marketing. To send product updates, tips, and occasional promotional emails. You can unsubscribe at any time.
  • Trust & safety. To detect and prevent fraud, spam, harassment, and abuse, and to enforce our Terms.
  • Legal obligations. To comply with applicable law, respond to legal requests, and protect our legal rights.

4 · Sharing your information

We share information only as described below. We do not sell your personal information to third parties.

4.1 With Advisors you choose to engage

When you initiate a conversation with an Advisor or accept a match, we share your name, role you're hiring for, company name, industry, and any context you have entered into your profile or messages. Advisors are bound by confidentiality terms. You control how much you share — e.g., whether to disclose company name, exact rate budget, or specific project details.

4.2 With service providers

We share data with vendors that help us run the platform under written confidentiality and data-protection commitments. These currently include:

  • Cloud hosting and database — Google Firebase / Cloud Firestore
  • Authentication — Google Identity (Firebase Auth, Sign in with Google)
  • Payments — Stripe (where applicable)
  • Email delivery — transactional and marketing email vendors
  • Analytics & error monitoring — aggregated usage telemetry

Service providers may only use your data to perform services for us, not for their own purposes.

4.3 With our team

Our internal staff and authorized contractors may access your information to operate the Services, provide support, and review content for safety. Access is limited to those who need it.

4.4 Legal and safety

We may disclose information when we have a good-faith belief it is necessary to comply with a valid legal request (subpoena, court order, government inquiry), to enforce our Terms, to investigate fraud or security incidents, or to protect the rights, property, or safety of CXOwork, our users, or the public.

4.5 Business transfers

If we are involved in a merger, acquisition, financing, or sale of assets, your information may be transferred as part of that transaction. We will notify you (e.g., by email or notice on the site) before your information becomes subject to a different privacy policy.

4.6 With your consent

We share information for any other purpose only with your explicit consent.

5 · How long we keep your information

We keep your information for as long as you maintain an account or as needed to provide the Services, comply with legal obligations, resolve disputes, and enforce our agreements. Specifically:

  • Account and profile: for the life of your account.
  • Messages: retained while either party to the conversation has an active account; you can delete messages from your dashboard at any time.
  • Consultation requests: up to 24 months after submission, then anonymized for analytics.
  • Logs and aggregated analytics: typically 12–24 months.
  • Legal/billing records: as required by tax, accounting, and other applicable law (typically up to 7 years).

You can request deletion of your account at any time from Settings → Delete Account. Some information may be retained as required by law or to prevent fraud (e.g., suppression lists, transaction records).

6 · Your rights and choices

Subject to applicable law, you have the following rights:

  • Access. Request a copy of the personal information we hold about you.
  • Correction. Update inaccurate or incomplete information directly in your dashboard or by contacting us.
  • Deletion. Delete your account at any time. Some data may be retained as described above.
  • Portability. Receive your data in a structured, commonly used format.
  • Objection / Restriction. Object to or restrict certain processing.
  • Withdraw consent. Where we rely on consent (e.g., marketing emails), withdraw it at any time without affecting the lawfulness of prior processing.
  • Opt out of marketing. Unsubscribe via the link in any marketing email or in Settings → Notifications.
  • Lodge a complaint. If you are in the EEA, UK, or California, you may also complain to your local data-protection authority.

To exercise any of these rights, email us at info@cxowork.com. We respond within 30 days.

7 · Cookies and tracking

We use cookies and similar technologies for the following purposes:

  • Strictly necessary. Authentication, security, and load balancing. Cannot be turned off.
  • Functional. Remembering your active persona, filter selections, and other UI state.
  • Analytics. Understanding how the Services are used so we can improve them.

You can disable cookies in your browser, but some features may not work as expected if you do.

8 · Security

We take reasonable administrative, technical, and physical safeguards to protect your information — including transport-layer encryption (TLS), encrypted storage, access controls, and audit logging. However, no system is 100% secure. Please use a strong, unique password and notify us promptly of any suspected unauthorized access at info@cxowork.com.

9 · International transfers

CXOwork is operated from the United States. If you access the Services from outside the U.S., your information may be transferred to, stored in, and processed in the U.S. or other countries where our service providers operate. Where required (e.g., from the EEA or UK), we use appropriate safeguards such as Standard Contractual Clauses.

10 · Children

The Services are intended for users 18 years of age and older. We do not knowingly collect personal information from children under 18. If you believe a child has provided us with information, please contact us and we will delete it.

11 · Region-specific notices

California (CCPA / CPRA)

California residents have the right to know what personal information we collect, the categories of sources, the business or commercial purpose, and the categories of third parties we share it with. You also have the right to request deletion, request correction, opt out of sale or sharing (we do not sell personal information), and limit our use of sensitive personal information. We do not discriminate against you for exercising these rights.

EEA / UK (GDPR / UK GDPR)

Our legal bases for processing are: (a) performance of a contract (to provide the Services you request), (b) our legitimate interests (improving the Services, marketing existing products to existing customers, fraud prevention) where not overridden by your rights, (c) compliance with legal obligations, and (d) consent (where required, e.g., certain cookies and marketing). You can exercise the rights described in Section 6 by contacting us.

12 · Changes to this policy

We may update this Privacy Policy from time to time. We'll post the new version here with an updated "Last updated" date and, for material changes, notify you by email or in-app notice. Your continued use of the Services after changes take effect means you accept the updated policy.

13 · Contact us

Questions, requests, or security incidents? Email us at info@cxowork.com and we’ll respond within one business day.

← Back to home