WGWEXLER GRAY

Legal

Privacy Policy

Current version

1. Who we are

Wexler Gray operates an executive intelligence platform serving private equity firms and their portfolio companies. This policy explains how we collect, use, share, and protect personal data in connection with our services. References to “Wexler Gray,” “we,” “us,” or “our” in this policy refer to the Wexler Gray operating entity.

For questions about this policy, contact us at legal@wexlergray.com.

2. Data we collect

We collect data in three categories:

  • Account information. Names, email addresses, job titles, and firm affiliations provided when accounts are created or updated. This applies to PE firm users, portfolio company users, and Operator Consortium members.
  • Usage data. Log data, session information, feature interactions, and access timestamps collected automatically when users interact with the platform. This data is used for security, performance monitoring, and product improvement.
  • Assessment data. Operator scoring submissions, assessment responses, synthesis outputs, escalation records, and interpretation content generated through use of the Parallel, Beacon, and Bearing modules. This data is submitted by users in connection with specific client engagements.

3. How we use data

We use collected data to:

  • Provide, operate, and maintain the Wexler Gray platform and its modules
  • Authenticate users and enforce role-based access controls
  • Generate assessment syntheses, escalations, and board-ready interpretations
  • Send transactional communications including magic link authentication emails and platform notifications
  • Monitor platform security, investigate abuse, and maintain audit records
  • Improve platform features and address technical issues
  • Comply with applicable legal obligations

We do not use assessment data for any purpose other than delivering the services requested by the instructing PE firm client. We do not use assessment data for training AI models or for cross-client analysis without explicit written consent.

4. Data sharing

We do not sell personal data. We share data only in the following circumstances:

  • Within an engagement. Assessment data is shared with portfolio company users only as directed by the instructing PE firm client. Operator scoring remains blind until synthesis is complete; individual operator submissions are never shared with portfolio companies.
  • Service providers. We engage third-party providers for infrastructure (database hosting), authentication (magic link delivery), and communications (email). These providers process data only as instructed and under appropriate data processing agreements.
  • Legal requirements. We may disclose data when required by law, court order, or regulatory authority, or where necessary to protect the rights, safety, or property of Wexler Gray, its users, or third parties.

5. Data retention

Account data is retained for the duration of the account relationship and for a period of 36 months thereafter, unless a shorter period is requested or required by law. Assessment data is retained for the duration of the client engagement plus 24 months, after which it is securely deleted unless the client requests extended retention. Audit log data is retained for 12 months.

Clients may request earlier deletion of assessment data by contacting legal@wexlergray.com. We will action deletion requests within 30 days subject to any applicable legal retention obligations.

6. Security

We implement appropriate technical and organizational measures to protect data against unauthorized access, alteration, disclosure, or destruction. These include encryption in transit and at rest, row-level security enforced at the database layer, role-based access controls, and audit logging of all data access events.

Authentication uses a passwordless magic link model, eliminating the risk of password-based credential compromise. No passwords are stored in the Wexler Gray platform.

For a full overview of our security posture, see our Security overview.

7. Your rights

Depending on your jurisdiction, you may have rights to access, correct, delete, or restrict processing of your personal data, as well as rights to data portability and to object to certain processing activities. To exercise any of these rights, contact us at legal@wexlergray.com. We will respond to all requests within 30 days.

8. Changes to this policy

We may update this Privacy Policy from time to time. Where changes are material, we will notify active users by email and post the updated policy at wexlergray.com/privacy with a revised effective date. Continued use of the platform following notification constitutes acceptance of the updated policy.

9. Contact

For questions, concerns, or requests relating to this Privacy Policy, contact legal@wexlergray.com.