Privacy & Personal Data Protection Policy

    Last updated: February 2026

    At Egixia we respect your time and your privacy. This policy explains clearly how we collect, use, store, and protect your personal data when you browse www.egixia.com or request information about our products.

    We do not sell your data. The information you share is used exclusively to contact you, show how our technology can help your company, and improve your experience with Egixia.

    1. Data Controller

    The Data Controller responsible for the processing of your personal data is:

    • Legal name: Egixia S.A.S.
    • Tax ID (NIT): 900.607.880-6
    • Registered address: Av. Calle 26 # 92-32, Bogotá D.C., Colombia
    • Activity: Digital Procure-to-Pay platform for enterprises across Latin America.
    • Data privacy contact: privacidad@egixia.com
    • Official website: www.egixia.com

    2. Key definitions

    We use these terms throughout the document:

    • Data Subject: The individual whose personal data is being processed (you).
    • Data Controller: The party that decides on the database and its processing (Egixia).
    • Data Processor: Third parties that process data on behalf of the Controller (hosting, CRM, analytics providers).
    • Processing: Any operation on personal data: collection, storage, use, transfer, or deletion.
    • Personal data: Any information that identifies or makes identifiable a natural person.
    • Sensitive data: Data that affects privacy or may generate discrimination (health, biometric, origin). Egixia does not collect sensitive data via its website.
    • Consent: Prior, express, and informed authorization by the Data Subject to process their data.

    3. What information we collect

    We only ask for what is necessary to start a professional business conversation:

    • Contact data: Name, corporate email, phone, job title, and company when you complete our "Request a Demo", "Contact" or resource download forms.
    • Browsing data: Information about how you use our site (pages visited, reading time, device, approximate IP-based location) collected via cookies and analytics.
    • Communications data: Records of emails, calls, or messages when you interact with our commercial team.

    4. Purposes of processing

    We process your data solely for the following specific purposes:

    • Respond to your demo, quote, or product/service inquiry.
    • Contact you by email, phone, or messaging for commercial follow-up.
    • Send you valuable content (guides, case studies, webinar invitations) — you can unsubscribe at any time.
    • Analyze site usage to improve the experience and measure campaign effectiveness.
    • Comply with applicable legal, contractual, accounting, and regulatory obligations.
    • Prevent fraud, spam, and misuse of our forms and platform.

    5. Legal basis and consent

    The legal basis for processing your data is your prior, express, and informed consent, obtained through explicit acceptance when you submit any of our forms (consent checkbox) and by continued browsing.

    You can withdraw your consent at any time by writing to privacidad@egixia.com. Withdrawal does not affect the lawfulness of processing carried out before your request.

    6. Sensitive data and minors

    We do not collect sensitive data (health, biometric, ethnic origin, sexual orientation, political or religious beliefs) through this website.

    Not directed to minors: Our site and products are directed exclusively to professionals and companies. We do not knowingly collect data from minors. If we detect that a minor has shared data, we will delete it immediately.

    7. Cookies and analytics tools

    We use first- and third-party cookies to make the site work properly, remember your preferences, and measure campaign effectiveness. We use, among others: Google Analytics, Google Tag Manager, LinkedIn Insights, HubSpot, and Amplitude.

    You are in control: you can accept or reject non-essential cookies from our consent banner and disable them via your browser settings at any time. Some features may be limited as a result.

    No financial data on the public site: We do not collect banking information or confidential supplier data on www.egixia.com. Such information is handled only within our secure client platform, under specific agreements.

    8. Data processors and international transfers

    Our technology infrastructure is hosted at cloud provider data centers (AWS and Azure) located in the United States, which hold international security certifications (ISO 27001, SOC 2, among others). By accepting this policy and providing your data, you authorize its international transfer and/or transmission to those providers, solely for the purposes described here and under the security measures set out in our Security & Trust page.

    We also work with global technology providers acting as Data Processors (transactional email, CRM, analytics, communications), with whom we sign data-processing agreements requiring a level of protection equivalent to that of the applicable regulation.

    9. Retention period

    We keep your data only for as long as needed to fulfill the stated purposes:

    • Contact and commercial data: while a commercial relationship or legitimate interest exists, or until you request deletion.
    • Browsing data and cookies: according to each cookie's duration (maximum 12 months, except technical session cookies).
    • Legal and accounting obligations: according to the periods required by applicable legislation in each jurisdiction.

    10. Security measures

    We apply reasonable technical, administrative, and human measures to protect your data against loss, unauthorized access, alteration, or disclosure:

    • Encryption in transit (TLS/SSL) across all site communications.
    • Encryption at rest in our databases and cloud providers.
    • Role-based access controls and multi-factor authentication for internal staff.
    • Periodic audits and providers certified under ISO 27001 and SOC 2.
    • Internal confidentiality policies for the entire Egixia team.

    11. Your rights as a Data Subject

    Under Colombian Law 1581 of 2012, as a Data Subject you have the following rights. You may exercise them by writing to privacidad@egixia.com:

    • Know, update and correct your personal data held by Egixia.
    • Request proof of the authorization granted for the processing of your data.
    • Be informed about the use given to your personal data.
    • Withdraw authorization and/or request deletion of your data when no legal or contractual duty prevents it.
    • Access free of charge the personal data that has been processed.
    • File complaints with the Superintendency of Industry and Commerce (SIC) for infringements of the data protection regime, once the query or claim procedure before Egixia has been exhausted.

    Query and claim procedure

    You may exercise these rights by writing to privacidad@egixia.com, indicating your full name, the right you wish to exercise, the description of your request, and a contact channel for our reply. Queries: we will respond within a maximum of ten (10) business days from receipt; if we cannot answer within that term, we will inform you of the reasons and the new date, which will not exceed five (5) business days after the initial term. Claims: if you consider your data should be corrected, updated or deleted, or notice a presumed breach, we will respond within a maximum of fifteen (15) business days from the day following receipt; if the claim is incomplete, we will request completion within five (5) days, and if two (2) months elapse without response we will consider the claim withdrawn; if it cannot be answered within the term, we will inform you of the reasons and the new date, which will not exceed eight (8) business days after the initial term.

    12. Applicable legal framework

    This policy is governed by the laws of the Republic of Colombia, in particular Law 1581 of 2012 and Decree 1377 of 2013, and any regulations that modify or complement them. The competent supervisory authority is the Superintendency of Industry and Commerce (SIC).

    • Egixia serves visitors and clients across several Latin American countries. If you reside in a jurisdiction whose data protection regulation grants additional rights (for example, Mexico, Brazil, Chile, Peru or the European Union), your request will be received and considered taking that regulation into account, without this implying that Egixia assumes full compliance with regimes other than the Colombian one.
    • Data processing within our SaaS platform is governed by the service agreement and data-processing agreements signed with each client, which may incorporate the requirements of the local regulation applicable to that client.

    Where regulations conflict, we will apply the one that grants the greatest protection to the Data Subject, without exceeding the scope of the Colombian framework.

    13. Contact

    If you have questions, comments, or want to exercise your rights, write to us at contacto@egixia.com.

    This policy applies to browsing our public website (www.egixia.com). Client use of our SaaS platform is governed by specific service agreements that include detailed data processing addenda.