Circle X
Effective date: April 2026
Circle X operates the membership platform available at circlexapp.com. References to "we", "us", or "Circle X" in this policy refer to the operator of this platform. For data protection enquiries, contact: privacy@circlexapp.com.
When you apply for membership we collect:
• Identity data: full name and email address • Professional data: your professional URL or presence link • Application data: your statement of intent and selected membership tier • Payment data: your payment method details are collected directly by Stripe, Inc. and are not stored on our servers. We receive and store only Stripe's references (Customer ID, PaymentIntent ID) and the deposit amount • Technical data: IP address, browser user agent, and UTM attribution parameters from your session • Referral data: the referral code you entered, if any
If you become a member, we additionally collect:
• Authentication data: your Supabase user account identifier • Identity verification data: the reference ID of your identity verification inquiry (processed by a third-party KYC provider)
We use your data to:
• Review and process your membership application • Place and, upon approval, capture the authorisation hold on your payment method • Communicate application outcomes and membership information to you by email • Provide and maintain your member account and access to member services • Comply with legal obligations, including anti-money-laundering and identity verification requirements • Maintain an audit trail of account and administrative actions for security and accountability purposes
We process your personal data on the following bases:
• Contract: processing necessary to manage your application and, if approved, your membership • Legitimate interests: fraud prevention, security, and maintaining the integrity of the Circle X community • Legal obligation: identity verification and financial record-keeping requirements • Consent: where you have explicitly agreed, such as agreeing to these Terms at the time of application
We use the following third-party processors who may handle your personal data:
• Stripe, Inc. — payment processing. Privacy policy: stripe.com/privacy • Supabase, Inc. — database and authentication infrastructure. Privacy policy: supabase.com/privacy • Resend, Inc. — transactional email delivery. Privacy policy: resend.com/privacy • Persona (Persona Identities, Inc.) — identity verification (KYC). Privacy policy: withpersona.com/privacy
Each processor is contractually bound to handle your data in accordance with applicable data protection law.
Application data is retained for a minimum of 7 years from the date of application to comply with financial record-keeping obligations.
If your application is rejected, your personal data is retained for the statutory minimum period and then deleted or anonymised, unless we are required by law to retain it longer.
Audit log records are retained permanently as an immutable record of account actions.
Depending on your jurisdiction, you may have the right to:
• Access a copy of the personal data we hold about you • Correct inaccurate personal data • Request deletion of your personal data (subject to our retention obligations) • Object to or restrict certain processing • Receive your data in a portable format • Withdraw consent where processing is based on consent
To exercise any of these rights, contact us at privacy@circlexapp.com. We will respond within 30 days.
We implement appropriate technical and organisational measures to protect your personal data, including:
• Row-level security on all database tables, enforced at the database level • Service role keys used exclusively server-side and never exposed to client code • All data transmitted over HTTPS with TLS • Access to applicant data restricted to authenticated administrators • Stripe handles all card data under PCI-DSS compliance — we never receive or store raw card numbers
We use only functional cookies required for authentication (Supabase session cookies). We do not use tracking, advertising, or analytics cookies. Vercel Analytics, which we use for aggregate performance monitoring, does not set cookies and is privacy-preserving by design.
Your data may be processed in countries outside your own. Where we transfer data internationally, we ensure appropriate safeguards are in place, such as standard contractual clauses approved by the relevant data protection authority.
Circle X is not directed at individuals under the age of 18. We do not knowingly collect personal data from minors. If we become aware that a minor has submitted an application, we will delete their data.
We may update this Privacy Policy from time to time. We will notify members of material changes by email at least 30 days before they take effect. The effective date at the top of this page will reflect the most recent revision.
For privacy enquiries, data subject access requests, or complaints:
Email: privacy@circlexapp.com
You also have the right to lodge a complaint with your local data protection authority.