Document Classification

This document is a legally binding corporate privacy policy. It applies to Agency PhoenixX LLC, its affiliates, data processors, subcontractors, partner agencies, B2B clients and their authorized representatives. It governs all processing of personal data, sensitive data, compliance data, AI training datasets and data derived through the use of PhoenixX Systems.

Confidentiality Level: Public Legal Document
Status: Approved by PhoenixX Compliance & Risk Management

3. Nature of Processing and B2B Relationship

PhoenixX provides enterprise-grade digital infrastructure, compliance architecture, fraud risk mitigation, moderation auditing, secure data processing and artificial intelligence enhancement services exclusively within a Business-to-Business (B2B) commercial framework. PhoenixX is not a consumer service provider, social media platform, digital publisher, chat service, payment processor or employer. PhoenixX does not establish any employment relationship, agency relationship or fiduciary duty with Users or Client personnel. All access to PhoenixX Systems is strictly business-purpose only and subject to contractual compliance.

PhoenixX acts either as Data Processor or Data Controller depending on the category of data processed and the lawful purpose of Processing. When processing Personal Data provided by the Client solely for contractual execution, PhoenixX operates as a Data Processor. When PhoenixX generates Derived Data, Moderation Data, Compliance Intelligence or AI Training Data from Client submissions, PhoenixX acts as Data Controller. PhoenixX assumes no liability for Client misuse of data, unlawful data acquisition, unverified third-party submissions or hidden subcontractor chains. PhoenixX may require evidence of Client data sourcing legality and may suspend Processing in cases of compliance risk.

4. Legal Basis for Processing

PhoenixX processes Personal Data strictly in accordance with legally recognized processing bases under Article 6 GDPR, Articles 4 and 31 Swiss FADP and equivalent international privacy law. PhoenixX processes Personal Data for the performance of a contract, for compliance with legal obligations, for legitimate interests pursued by PhoenixX including fraud monitoring, platform integrity, AI system security and defence against legal claims, and where applicable based on Client instructions or explicit consent for special category data. The Client warrants that all data submitted to PhoenixX complies with Article 5 GDPR data processing principles, is collected lawfully and transparently, and is free of illegality. PhoenixX shall not be liable for unlawful Client data acquisition or submission. PhoenixX is entitled to suspend Processing, restrict access or report any data that poses legal, criminal or regulatory risk under Applicable Law.

5. Categories of Data Processed

PhoenixX may process the following legally defined data categories: Personal Data relating to identified or identifiable individuals; Sensitive Personal Data as defined under Article 9 GDPR including explicit data relating to sexuality where lawfully provided by the Client; Compliance Data including identification documents, invoices, tax records and sanctions screening data; Operational Data including chat logs, platform interaction records and communication metadata; Moderation Data consisting of message decisions, content analysis, annotation logs and dispute records; Derived Data meaning metadata, fraud risk assessments, system interaction logs and analytics produced by PhoenixX Systems; and AI Training Data meaning anonymised or pseudonymised datasets derived from Client submissions processed to develop AI, compliance and automation systems. No Client shall acquire ownership or intellectual property rights over Derived Data or AI Training Data.

6. Special Category and Erotic Data Handling

PhoenixX processes erotic, intimate or adult communication data only when submitted voluntarily and lawfully by Clients who confirm a lawful basis in accordance with Article 9 GDPR and equivalent legislation. PhoenixX explicitly prohibits and reports illegal material including child sexual abuse material (CSAM) in accordance with international law including EU Regulation 2021/1232 (TCO Directive), U.S. 18 U.S. Code §2258A, and Swiss Criminal Code Article 197. Any submission of unlawful content including non-consensual exploitation, trafficking, coercion, minors, incest or extreme sexual violence constitutes a material breach and triggers immediate suspension, evidence retention, reporting obligations and legal escalation. PhoenixX processes lawful erotic data solely for contractual purposes including moderation analysis, compliance verification, fraud detection, annotation services and AI model refinement with strict confidentiality controls. PhoenixX rejects liability for the legality of Client-provided data and enforces a zero-tolerance policy for criminal content. Categories of Data Processed.

7. Client Data Origin Responsibilities and Warranties

The Client warrants, represents and undertakes that all data submitted to PhoenixX is collected lawfully, does not infringe the rights of any third party and complies with all applicable data protection, criminal, telecommunications, child protection and commercial regulations. The Client is solely responsible for obtaining any required consents, providing data protection notices to its own users and ensuring a valid legal basis prior to transferring any Personal Data or Sensitive Data to PhoenixX. The Client shall not transmit any data obtained through coercion, fraud, extortion, scraping, device surveillance, unauthorized interception or platform policy violations. Any breach of this Clause constitutes a material breach and authorizes PhoenixX to immediately suspend Processing, initiate a Compliance Review, retain relevant evidence and notify supervisory or law enforcement authorities.

8. Purpose Limitation and Prohibited Use

PhoenixX processes Client Data strictly for lawful and contractually defined purposes including compliance auditing, moderation review, fraud prevention, annotation services, AI model refinement, risk intelligence development, and secure data infrastructure operations. No Processing shall occur outside the scope defined herein. The Client is prohibited from using PhoenixX Systems to generate unlawful data, manipulate compliance mechanisms, fabricate disputes, conceal subcontracting chains or create synthetic identities. PhoenixX reserves the right to restrict or block Processing when data misuse, criminal exposure or reputational risk is suspected.

9. Data Ownership and Intellectual Property Rights

PhoenixX does not claim ownership over raw Client Data provided for processing. However, PhoenixX retains full and exclusive ownership over all Derived Data, Moderation Data, Compliance Intelligence, Risk Models, Quality Metrics, Audit Records, System Logs, Encryption Keys, Workflow Structures, Prompt Logic, Classification Taxonomies, and Security Algorithms created, developed or improved through PhoenixX Systems. No Client or User is granted any right, title or interest in any PhoenixX intellectual property by virtue of interacting with PhoenixX Systems. Any unauthorized use, replication, disclosure, transfer or reverse engineering of PhoenixX IP constitutes IP theft and triggers immediate enforcement action.

9. Data Ownership and Intellectual Property Rights

PhoenixX does not claim ownership over raw Client Data provided for processing. However, PhoenixX retains full and exclusive ownership over all Derived Data, Moderation Data, Compliance Intelligence, Risk Models, Quality Metrics, Audit Records, System Logs, Encryption Keys, Workflow Structures, Prompt Logic, Classification Taxonomies, and Security Algorithms created, developed or improved through PhoenixX Systems. No Client or User is granted any right, title or interest in any PhoenixX intellectual property by virtue of interacting with PhoenixX Systems. Any unauthorized use, replication, disclosure, transfer or reverse engineering of PhoenixX IP constitutes IP theft and triggers immediate enforcement action.

10. AI Training Data Rights and Commercial Licensing

PhoenixX retains full legal and beneficial ownership of all AI Training Data generated from or derived through Client Data, including pseudonymized and anonymized datasets, embeddings, model weights, labels and structured knowledge representations. PhoenixX is granted an irrevocable, royalty-free, perpetual, worldwide, transferable license, with full sublicensing rights, to use, reproduce, modify, adapt, translate, analyze, distribute, commercialize and license any AI Training Data created by PhoenixX. The Client expressly waives any current or future claims to revenue participation, royalties, compensation or licensing fees arising from PhoenixX Data Processing. This Clause survives termination indefinitely and is enforceable against successors, affiliates, subcontractors and mirror entities.

11. AI Integrity and Anti-Scraping Protection

The Client is strictly prohibited from using PhoenixX Systems, interfaces, datasets or outputs for AI model training, reverse engineering, fine-tuning, data scraping, dataset extraction, prompt harvesting, model inversion attacks or competitive replication. The Client shall not deploy automated bots or unauthorized scripts to extract or analyze PhoenixX Systems. Any such conduct constitutes a material breach and malicious IP interference and entitles PhoenixX to seek emergency injunctive relief, forensic evidence preservation, account seizure and cross-border enforcement under Swiss arbitration.

12. Confidentiality Obligations

The Client shall treat all PhoenixX Confidential Information strictly confidential and shall not disclose, transmit, reproduce, or provide access to any unauthorized third party. Confidential Information includes PhoenixX business methods, compliance frameworks, legal strategies, audit tools, contractual logic, data models, communication flows and system architecture. Confidentiality obligations extend to all subcontractors engaged by the Client. Any unauthorized disclosure triggers immediate enforcement rights, mandatory injunctive relief and financial recovery. Confidentiality obligations survive termination for a period of ten (10) years or longer if required by Applicable Law.

13. Sub-processing and Vendor Control

PhoenixX may engage carefully selected sub-processors, including but not limited to Amazon Web Services, Microsoft Azure, Google Cloud, OpenAI, Anthropic, Meta AI, Zoho Corporation, Cloudflare and security intelligence providers for lawful Processing purposes. PhoenixX ensures appropriate contractual safeguards with each sub-processor through Data Processing Agreements and international transfer mechanisms where required. The Client authorizes PhoenixX to appoint sub-processors at its discretion to maintain operational continuity, AI integrity, data resilience and security compliance. PhoenixX maintains the right to replace, expand or limit its vendor ecosystem as necessary without prior Client approval.

13. Sub-processing and Vendor Control

PhoenixX may engage carefully selected sub-processors, including but not limited to Amazon Web Services, Microsoft Azure, Google Cloud, OpenAI, Anthropic, Meta AI, Zoho Corporation, Cloudflare and security intelligence providers for lawful Processing purposes. PhoenixX ensures appropriate contractual safeguards with each sub-processor through Data Processing Agreements and international transfer mechanisms where required. The Client authorizes PhoenixX to appoint sub-processors at its discretion to maintain operational continuity, AI integrity, data resilience and security compliance. PhoenixX maintains the right to replace, expand or limit its vendor ecosystem as necessary without prior Client approval.

13. Sub-processing and Vendor Control

PhoenixX may engage carefully selected sub-processors, including but not limited to Amazon Web Services, Microsoft Azure, Google Cloud, OpenAI, Anthropic, Meta AI, Zoho Corporation, Cloudflare and security intelligence providers for lawful Processing purposes. PhoenixX ensures appropriate contractual safeguards with each sub-processor through Data Processing Agreements and international transfer mechanisms where required. The Client authorizes PhoenixX to appoint sub-processors at its discretion to maintain operational continuity, AI integrity, data resilience and security compliance. PhoenixX maintains the right to replace, expand or limit its vendor ecosystem as necessary without prior Client approval.

14. Cross-Border Data Transfers

PhoenixX processes and stores data within the United States of America and Switzerland, and may lawfully transfer data to jurisdictions including the European Union, the United Kingdom, Latin America and other regions strictly in accordance with Applicable Law. International transfers are secured by legally recognized mechanisms including Standard Contractual Clauses pursuant to Article 46 GDPR, adequacy safeguards under the Swiss FADP, and contractual processing guarantees. The Client acknowledges and expressly authorizes PhoenixX to transfer data across borders for the purposes of Processing, security continuity, AI system resilience and lawful enforcement.

15. Data Retention and Legal Hold

PhoenixX retains data only for as long as necessary to fulfil contractual obligations, ensure lawful enforcement, comply with statutory requirements or defend legal claims. PhoenixX may retain data for a period of up to ten (10) years from the date of collection or longer if required under Swiss commercial law, U.S. statutory compliance, tax record obligations, sanctions investigations or AML/CTF regulations. Where legal or regulatory investigations are pending, PhoenixX may impose a data preservation order and retain data under Legal Hold irrespective of Client deletion requests.

16. Data Subject Rights

PhoenixX respects the rights of data subjects under GDPR Chapter III, Swiss FADP Articles 25–29 and equivalent frameworks. PhoenixX may respond to access, rectification, restriction or erasure requests where legally permissible and technically feasible. PhoenixX is not obligated to delete data retained under legal obligation, fraud investigation, AML/CTF enforcement, contractual dispute retention or AI model integrity requirements. PhoenixX does not respond directly to consumer or end-user claims submitted by individuals without lawful proof of identity and relationship to the dataset.

17. Illegal Content, CSAM and Law Enforcement Cooperation

PhoenixX enforces a zero-tolerance policy for unlawful data including child sexual abuse material (CSAM), coerced content, non-consensual intimate media, trafficking-related material, malicious exploitation or data obtained through criminal misconduct. PhoenixX complies with U.S. 18 U.S.C. §2258A, Swiss Criminal Code Article 197, EU Regulation 2021/1232 (TCO) and INTERPOL child safety directives. PhoenixX cooperates with NCMEC (USA), EUROPOL, INTERPOL, FedPol (Switzerland), the UK National Crime Agency (NCA) and other competent authorities. Any submission of prohibited content constitutes a Severe Breach, triggers immediate data quarantine, Legal Hold enforcement, report filing with competent authorities and permanent termination of Client access.

18. Compliance, AML, Sanctions and Financial Crime

PhoenixX conducts compliance Monitoring in accordance with AML/CTF regulation including the U.S. Bank Secrecy Act, FATF Recommendations, FINMA risk controls, OFAC sanctions regimes, SECO Switzerland sanctions directives and EU Council Regulation No 269/2014. PhoenixX may conduct sanctions screening and UBO verification at any time during engagement. PhoenixX may freeze transactions, suspend accounts and retain funds in the event of sanctions risk, suspicious activity, hidden subcontracting, false invoicing or fraud exposure.

19. No Data Sale Statement

PhoenixX does not sell Personal Data as defined under the California Consumer Privacy Act (CCPA §1798.140). PhoenixX may analyze, transform, enrich, anonymize and license AI Training Data and Derived Data lawfully generated from Processing. Such activity does not constitute a sale of Personal Data but forms an essential part of PhoenixX Data Governance and AI development strategy.

20. Liability and Indemnification

PhoenixX shall not be liable for any indirect, incidental, punitive, reputational or consequential loss arising from the Client’s unlawful data submission, negligence, contract breach, compliance violation or misuse of PhoenixX Systems. The Client shall fully indemnify PhoenixX against all claims, damages, regulatory penalties, enforcement costs, expert fees and legal expenses arising from Client breach of this Policy. PhoenixX exercises no responsibility over the legality of Client-provided data and rejects any attempt to transfer liability arising from criminal or unlawful data.

21. Supervisory Authority Communication

PhoenixX cooperates in good faith with competent supervisory authorities including European Data Protection Authorities (DPAs), the Swiss FDPIC, the UK ICO and the U.S. FTC when legally required. PhoenixX shall not be compelled to provide direct communications to third-party authorities without due process, lawful documentation or jurisdictional review. PhoenixX reserves the right to challenge unlawful or abusive regulatory requests.

22. Governing Law and Arbitration

This Policy and any dispute, controversy or claim arising out of or in relation to it, including its existence, validity, interpretation, performance, breach or termination, shall be governed exclusively by Swiss substantive law, excluding its conflict of law rules. All disputes shall be finally resolved through binding arbitration administered by the Swiss Arbitration Centre in accordance with the Swiss Rules of International Arbitration in force on the date the Notice of Arbitration is submitted. The seat of arbitration shall be Zurich, Switzerland. The language of arbitration shall be English. PhoenixX shall be entitled to seek emergency or injunctive relief, interim measures, evidence preservation, digital forensic orders or data protection injunctions from any competent court of jurisdiction without this being deemed incompatible with this Clause. The Client irrevocably waives any right to participate in class actions, collective proceedings or representative litigation against PhoenixX. The arbitral tribunal shall have the authority to order asset freezing, account suspension, evidentiary seizure and cross-border enforcement. The prevailing party shall be entitled to full recovery of arbitration costs, legal fees, expert witness expenses and enforcement costs.

23. Modification and Policy Supremacy

PhoenixX may amend, update or supplement this Policy at any time to reflect changes in legal, regulatory, operational or security requirements. Modifications take effect immediately upon publication at PhoenixX.one or official PhoenixX systems. Continued use of PhoenixX Systems constitutes binding acceptance of any modification. In the event of conflict between this Policy and any external privacy or data policy, including Client privacy notices, this Policy shall prevail to the fullest extent permitted by law. The Client acknowledges that PhoenixX System Policies and Compliance Directives have immediate contractual effect and override any conflicting Client instructions.

24. Notices and Official Communication

All legal notices and formal communications to PhoenixX shall be sent via email to legal@PhoenixX.one with a copy to compliance@PhoenixX.one. PhoenixX may transmit notices to the Client via email, secure system message, legal notice portal, compliance alert or contractual correspondence. Notices shall be deemed received within forty-eight (48) hours of transmission, regardless of Client acknowledgement. PhoenixX is not required to respond to communications submitted through unauthorized channels such as messaging apps or social media.

25. Interpretation, Survival and Entire Agreement

Headings are for reference only and do not affect the interpretation of this Policy. If any provision is held invalid, the remaining provisions shall continue in full force and effect. All obligations relating to data ownership, confidentiality, IP protection, AI Training Data rights, legal hold, indemnification, arbitration and enforcement shall survive termination indefinitely. This Policy constitutes the entire data governance agreement between PhoenixX and the Client and supersedes all prior privacy or data processing statements.

Annex A – Lawful Basis and Processing Framework

PhoenixX processes data exclusively within a Business-to-Business (B2B) framework. PhoenixX does not provide services to consumers and does not engage in direct-to-consumer data processing. Any Personal Data transmitted to PhoenixX must originate from lawful business activity and must be submitted solely for compliance, security, moderation, auditing or AI operational purposes. The Client remains solely responsible for obtaining a valid legal basis prior to transferring data to PhoenixX.

PhoenixX processes Personal Data in accordance with Article 6 GDPR, Articles 4 and 31 Swiss FADP, UK GDPR Article 6, and U.S. Commercial Privacy Principles. Sensitive Personal Data, including data revealing sexual life or orientation, is processed lawfully under Article 9(2)(a), (f), and (g) GDPR where explicitly authorized by the Client for legitimate contractual purposes. PhoenixX may act as Data Processor or Data Controller as defined below.

PhoenixX does not accept data from minors. The Client warrants that no personal data of children under 18 years (or higher national age thresholds) is transmitted to PhoenixX. PhoenixX reserves the right to suspend or reject any data lacking a lawful basis or compliance justification. The Client shall indemnify PhoenixX for any breach of lawful data acquisition duties.

Annex B – Erotic Content and Illegal Data Protocol

PhoenixX processes adult industry and erotic communication data exclusively within a lawful Business-to-Business (B2B) context for compliance analysis, security monitoring, moderation review, annotation services and AI system development. PhoenixX is not a publisher, platform operator or distributor of erotic content and does not provide consumer erotic services. All erotic data is processed solely upon Client submission and the Client remains fully responsible for the lawful origin of such data.

PhoenixX enforces a Zero-Tolerance Policy for illegal content. The following categories of data are strictly prohibited and shall trigger immediate enforcement action: child sexual abuse material (CSAM), minors portrayed in sexualised contexts, incest, coercion or non-consensual sexual conduct, exploitation, human trafficking (including grooming and sexual extortion), bestiality, violent sexual abuse and content obtained through criminal activity, extortion, threats or hidden surveillance. PhoenixX complies with mandatory reporting obligations as required under U.S. 18 U.S.C. §2258A, EU Regulation 2021/1232 (TCO) and Swiss Criminal Code Article 197. PhoenixX cooperates fully with NCMEC (USA), INTERPOL Crimes Against Children Unit, EUROPOL EC3, UK National Crime Agency (NCA), Swiss FedPol and other competent authorities.

PhoenixX is legally protected as a data intermediary and infrastructure provider under Section 230 of the U.S. Communications Decency Act, Article 14 of the EU eCommerce Directive and the Swiss legal doctrine of data transmission neutrality. PhoenixX shall not be held liable for content submitted by Clients or Users. Upon detection or reasonable suspicion of illegal data, PhoenixX may immediately suspend Processing, block Client access, quarantine evidence, implement a Legal Hold, notify relevant authorities and provide forensic cooperation.

The Client represents and warrants that no illegal or criminal erotic content will be transmitted to PhoenixX and that erotic data submissions comply with legal requirements for consent, age verification, content authorization and contractual legality. Failure to comply constitutes a Severe Breach of contract and triggers permanent blacklisting and international enforcement cooperation. The Client agrees to indemnify PhoenixX for all costs, damages, regulatory penalties and legal consequences arising from any breach of this Annex.

Annex C – AI Training Data Rights and Licensing Notice

PhoenixX retains full legal and beneficial ownership of all AI Training Data generated from Client Data, whether such data is derived, transformed, pseudonymized, anonymized, aggregated or embedded into AI or machine learning systems. AI Training Data includes annotations, structured datasets, embeddings, model weights, classifier logic, performance metrics, content feature extraction, tokenization output and algorithmic risk scoring derived during Processing.

PhoenixX is granted an irrevocable, perpetual, worldwide, royalty-free, transferable and sublicensable licence to use, reproduce, process, combine, enhance, modify, translate, analyze, commercialize, license and distribute AI Training Data, Derived Data and any associated knowledge artifacts for any lawful business purpose. PhoenixX may license AI Training Data and AI model outputs to third-party commercial partners, technology vendors, machine learning frameworks and enterprise compliance ecosystems without notification or compensation to the Client.

The Client irrevocably waives any and all moral rights, economic rights, revenue claims, royalty entitlements, intellectual property participation and future legal claims relating to PhoenixX AI Training Data. The Client expressly acknowledges that no joint ownership arises as a result of Processing under this Policy.

Back-to-Back Assignment Obligation

The Client represents and warrants that all subcontractors, freelancers, employees, data providers and affiliated entities engaged by the Client for the creation, submission or transmission of data to PhoenixX have contractually assigned all intellectual property rights, data rights and AI training rights to the Client, who in turn assigns such rights to PhoenixX. The Client must provide PhoenixX with documentary proof of such assignment upon request. Failure to comply constitutes a material breach and authorizes PhoenixX to suspend services, enforce legal remedies and recover damages.

PhoenixX has no obligation to delete AI Training Data once generated, as such data no longer constitutes Personal Data when anonymized or pseudonymized in accordance with Recital 26 GDPR and Article 5 Swiss FADP. PhoenixX retains AI Training Data indefinitely for legitimate business purposes including AI system integrity, security improvement, fraud prevention, compliance analytics and commercial licensing.

 Cient remains responsible for device security, password integrity, VPN usage and compliance with PhoenixX access control policies.

Annex D – Security and Encryption Statement

PhoenixX implements a multilayer security architecture based on zero-trust principles and industry-recognized security frameworks including NIST SP 800-53, ISO/IEC 27001, SOC 2 Type II security standards and GDPR Article 32 requirements for integrity, confidentiality and resilience. PhoenixX enforces strict access controls, encryption, forensic audit logs and identity verification mechanisms across all PhoenixX Systems.

PhoenixX secures data in transit using TLS 1.3 and at rest using AES-256 encryption. Security monitoring includes intrusion detection, anomaly detection, multi-factor authentication, device fingerprint control, IP reputation assessment, geolocation risk scoring and behavior-driven access monitoring. PhoenixX enforces controlled access under the principle of least privilege and segmented authorization.

PhoenixX maintains operational security through encrypted data replication, georedundant infrastructure and high-availability continuity procedures. PhoenixX does not guarantee uninterrupted service or immunity from cyberattacks and disclaims liability for downtime, force majeure events, third-party failures or hostile cyber activity, provided reasonable security measures were in place.

PhoenixX shall notify the Client without undue delay upon confirmed detection of a security breach materially affecting Client Data, in accordance with GDPR Article 33, Swiss FADP Article 24 and applicable breach laws. PhoenixX is authorized to retain forensic records and system evidence for internal security investigations, arbitration, litigation or regulatory defense.

PhoenixX shall not be liable for security incidents caused by Client negligence, insecure Client systems, unauthorized access due to compromised Client credentials, the use of unverified subcontractors or failure to comply with PhoenixX security requirements. Security is a shared responsibility between PhoenixX and the Client, and the Cl

Approval and Enforcement

This Privacy Policy – PHX-DP-1.0 is issued by Agency PhoenixX LLC and is legally binding upon all Clients, Users, contractors, subcontractors, data processors and affiliated parties engaging with PhoenixX Systems. This Policy shall be enforced without exception. Use of PhoenixX Systems constitutes unconditional acceptance of this Policy.

Approved by: PhoenixX Compliance & Risk Management
Agency PhoenixX LLC
PhoenixX.one
legal@PhoenixX.one | compliance@PhoenixX.one

© 2025 Agency PhoenixX LLC – A Wyoming Limited Liability Company. All rights reserved.
Governing Law: Swiss Substantive Law | Dispute Resolution: Zurich Arbitration (Swiss Rules)
This policy includes mandatory arbitration and contractual enforcement provisions.