Privacy Policy

Effective Date: May 16, 2026 | Version 4.0 (Global Multi-Jurisdiction Dynamic Sync)

Welcome to CX SMART FILM™. We are deeply committed to protecting your global digital identity, maintaining enterprise transparency, and ensuring strict compliance with evolving data protection laws. This system runs on our V4 Autonomous Legal AI Architecture, designed to dynamically bridge operational telemetry with the requirements of the EU General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA/CPRA), the Chinese Personal Information Protection Law (PIPL), and the newly enforced EU AI Act.

This Privacy Policy defines how we autonomously manage, secure, minimize, and process personal information when you interface with our web domain (cxsmartfilm.com), communicate with our B2B commercial infrastructure, or initiate procurement for our switchable smart film and engineered smart glass products.

1. Data Controller & Governance

The specific legal entities determining the purposes and technical infrastructure of processing configurations are:
CX SMART FILM™ (Hunan Changxin Technology Co., Ltd.)
Address: No.580 Changsha Avenue, Yuhua District, Changsha City, Hunan Province, China
Autonomous Compliance Registry & DPO Portal: info@cxsmartfilm.com

2. Autonomous Data Minimization (Information We Process)

In adherence to the core principle of data minimization, our V4 architecture classifies and segments Incoming commercial records into two restricted pathways:

A. Intentionally Declared Commercial Data

• Identity & Corporate Metadata: Individual name, company legal entity status, professional email address, phone number, corporate WhatsApp parameters, and job description maps provided through inquiry modules.
• Project Engineering Schematics: Custom dimensions, architectural blueprints, CAD profiles, busbar orientations, glass layer compositions, and territorial delivery requirements uploaded for B2B pricing.

B. Automated Edge Telemetry

• Network Graph Elements: Obfuscated IP addresses (cleared and truncated at regional Cloudflare Edge Nodes before ingestion), browser signature strings, localized time zone layouts, and verified country-level geolocations.
• Behavioral Telemetry Logs: Highly anonymized engagement vectors tracking duration metrics across custom PDLC, PNLC, and SPD smart film technical landing documentation.

3. AI Mapping of Legal Frameworks

• Express Consent (Art. 6(1)(a) GDPR / PIPL Art. 13): Applies to non-essential browser analytics, behavioral conversion scripts, and targeted multi-channel marketing matrices verified via consumer opt-in.
• Contract Execution (Art. 6(1)(b) GDPR): Enforced when processing parameters are critically required to draft formal B2B Proforma Invoices, execute smart glass factory production queues, and clear custom declarations.
• Algorithmic Integrity & Security (Art. 6(1)(f) GDPR): Deployed to neutralize automated platform abuse, block web indexing scrapers, and guarantee absolute availability of corporate cloud properties.

4. Advanced Hybrid Tracking: GA4 & Meta CAPI Nodes

• Google Analytics 4 (GA4): Monitors platform structural efficiency. All regional client IP fields are completely anonymized by default at the nearest edge interface prior to any storage matrices.
• Meta Conversion API (CAPI): Bypasses typical client-side browser weaknesses by piping specific conversions over a private server-to-server gateway. Data layers are subjected to cryptographic hashing (SHA-256) at the transmission origin, ensuring identity profiles remain pseudonymized.
• EU AI Act Alignment: Algorithmic analytics loops deployed on this framework are used exclusively for localized B2B customer distribution routing and market analysis. They do not engage in discriminatory profiling, automated credit evaluations, or invasive user monitoring.

5. ConsentCore v4.0 Telemetry & Proof-of-Consent Logs

• Localized Vaulting: Consent permissions are held inside your system local store (via localStorage.getItem("consent_core_v2")). Tracking pixels remain inactive unless opt-in is given.
• Immutable Local Audit: Compliance logs are generated locally under token gdpr_audit_v2.

6. CRM Cascading Synchronization & Automated Delete API

• Integrated Lifecycles: Contact data is processed via automated CRM workflows for B2B operations.
• Automated Data Deletion API: Enforces full deletion propagation within 72 hours.

7. Non-Monetization & Sovereign Cross-Border Protection

CX SMART FILM™ does NOT sell or distribute user data to third parties.

• Supply Chain Logistics: Verified freight and shipping partners.
• Infrastructure Layers: Cloudflare and secure datacenters.

8. Global Statutory Rights Framework

A. GDPR Rights

• Access, correction, deletion, portability

B. CCPA/CPRA Rights

• Disclosure, opt-out, service equality

9. Continuous Autonomous Revisions

This policy may be updated dynamically to reflect legal changes.

10. Contact

Email: info@cxsmartfilm.com
WhatsApp: +86 153 6366 9377