Privacy Policy

Privacy Policy

for REXTENT LLC

What information do we collect?

Last updated: 05 Oct 2025
Who we are: REXTENT LLC (“REXTENT”, “we”, “our”, “us”) – a remote-first BPO & IT solutions company.
Contact: masud@rextent.com • +880 1710-293675
Mailing address: 126 Jamadarpara Road, Jashore-7400, Bangladesh
U.S. presence: 1317 Edgewater Dr #4748, Orlando, FL 32804, USA

This Privacy Policy explains how we collect, use, share, and protect information on REXTENT.com (the “Site”) and when providing our services (the “Services”). By using the Site or our Services you agree to this Policy. If you do not agree, please do not use the Site.

1) What this policy covers (Controller vs. Processor)

  • When we are a “Controller”: for Site visitors, prospects, marketing contacts, billing contacts, and contract counterparties.

  • When we are a “Processor/Service Provider”: for data we handle on behalf of our clients in BPO, Managed Services, Web/E-commerce Development, Accounting & Books (operational bookkeeping), and Business Service (formation & compliance support). We process such data only under our client’s written instructions and our service agreements / Data Processing Addendum (DPA).

If you use our other brands (e.g., Business Stair), their own privacy notices apply to those sites and offerings.

2) Information we collect

A. From you (directly)

  • Identity & contact: name, email, phone, company, role, addresses.

  • Business details: project notes, requirements, files, credentials you provide for work.

  • Billing: invoicing details, tax IDs (we do not store full payment card numbers; payments are handled by third-party processors).

  • Support/communications: messages, tickets, call notes, meeting recordings where permitted.

  • Formation & compliance (Business Service): entity names, director/officer details, addresses; government forms required to obtain EIN or file with agencies (we avoid collecting sensitive IDs unless required by law and instructed by the client).

B. From devices & services (automatically)

  • Technical/usage: IP address, device/browser type, pages viewed, timestamps, referring URLs, approximate location, cookies/SDKs, and similar identifiers.

  • Service logs: authentication events, admin actions, error logs.

C. From third parties

  • Lead and enrichment tools, public sources (company websites/registries), partners, and client-provided systems (CRMs, helpdesks, e-commerce platforms, accounting apps).

3) How we use information (purposes & legal bases)

We use information to:

  1. Provide and improve Services – set up projects, process tasks, deliverables, helpdesk, and support. (Contract/Legitimate interests)

  2. Operate the Site & analytics – measure performance, debug, prevent abuse. (Legitimate interests/Consent where required)

  3. Security & fraud prevention – access controls, monitoring, incident response. (Legitimate interests/Legal obligation)

  4. Sales & marketing – respond to inquiries, send service updates, case studies, or newsletters (you can opt out anytime). (Consent/Legitimate interests)

  5. Billing & administration – quotes, invoicing, collections, tax, compliance. (Contract/Legal obligation)

  6. Entity formation & compliance support – prepare/submit filings, obtain EIN (U.S.), coordinate registered agent, and mail forwarding per your instructions. (Contract/Legal obligation)

4) Cookies & tracking

We use cookies and similar technologies to run the Site and improve your experience.

  • Essential – security, session management, consent.

  • Analytics – e.g., GA4 to understand traffic and improve content.

  • Marketing – email performance, campaign attribution, limited remarketing (where permitted).

Your choices: Manage preferences via your browser, our cookie banner (where available), or contact us. Blocking some cookies may affect Site functionality.

5) How we share information

We disclose information only as needed:

  • Sub-processors/Service providers: secure cloud hosting, email & productivity tools, CRM/helpdesk, analytics, payment processors, registered agent/mail forwarding providers (for formation), and e-signature/file-sharing platforms.

  • Professional advisors: auditors, accountants, lawyers.

  • Business transfers: merger, acquisition, or asset sale (we will notify you if permissible).

  • Legal: to comply with law, enforce agreements, or protect rights, security, and users.

  • At your direction: with partners you instruct us to work with.

We do not sell personal information. If we ever use cross-context behavioral advertising in a way considered “sharing” under applicable law, we will provide a clear opt-out.

6) International transfers

We operate remotely with team members and infrastructure that may be located in the Bangladesh and United States, and other countries. When transferring personal data internationally, we use appropriate safeguards (e.g., standard contractual clauses, confidentiality, access controls).

7) Data retention

We keep data only as long as necessary for the purposes above or as required by law/contract. Typical retention (subject to change by agreement):

  • Sales inquiries and marketing contacts: 24 months after last interaction.

  • Project and support records: up to 3 years after completion.

  • Contracts, invoices, and accounting: 7 years (or longer if law requires).

  • Access logs and security records: 12 months.

  • Backups: typically 30–90 days rolling.

When retention expires, we delete or anonymize data, unless a longer period is legally required or necessary to establish or defend legal claims.

8) Security

We apply administrative, technical, and organizational measures: role-based access, least privilege, MFA where supported, encryption in transit, network segmentation, audit logging, and employee confidentiality. No method is 100% secure; we cannot guarantee absolute security.

9) Your rights & choices

Depending on your location, you may have rights to:

  • Access the data we hold about you.

  • Correct inaccurate or incomplete data.

  • Delete data in certain circumstances.

  • Restrict or object to processing.

  • Portability of data you provided to us.

  • Opt-out of marketing communications at any time.

  • California/CPRA: right to know, correct, delete, and opt out of sale/sharing; limit use of sensitive information (we do not use sensitive data for inferring characteristics).

  • EU/UK GDPR: right to lodge a complaint with your local supervisory authority.

To exercise rights, email masud@rextent.com with “Privacy Request” in the subject. We may verify your identity before responding.

10) Children’s privacy

Our Site and Services are not intended for children under 16. We do not knowingly collect their data. If you believe a child provided us information, contact us to delete it.

11) Processor commitments (for client data)

When acting as a Processor/Service Provider, we will:

  • Process personal data only on documented instructions from the client (Controller).

  • Ensure staff confidentiality and appropriate training.

  • Maintain security measures appropriate to risk.

  • Assist with data subject requests and impact assessments, where applicable.

  • Engage sub-processors under written agreements with equivalent protections and provide notice of material changes upon request.

  • Notify clients without undue delay after becoming aware of a personal data breach affecting their data.

  • Delete or return client personal data at the end of the engagement per contract.

A detailed Data Processing Addendum (DPA) is available on request.

12) Third-party links

The Site may link to third-party websites or services. Their privacy practices are governed by their own policies; we are not responsible for them.

13) Changes to this Policy

We may update this Privacy Policy from time to time. We will post the new version on this page with the “Last updated” date. Material changes may also be notified via email or banner. Continued use means you accept the updated Policy.

14) Contact us

Questions or requests about privacy?