Clarification regarding a recent LinkedIn post about Cruxi
Last updated: February 3, 2026
TL;DR
Cruxi is a directory/marketplace for comparing compliance service providers. We are not affiliated with providers unless explicitly stated. When a provider requests a listing be hidden or corrected, we action it promptly. A recent LinkedIn post contains claims that are now out of sync with the documented timeline and how our RFQ workflow operates for unclaimed listings. This page clarifies the facts and our current EU/UK scope position based on a periodic assessment against the territorial-scope tests.
What Cruxi is (and is not)
Cruxi helps businesses discover and compare compliance service providers and submit quote requests (“RFQs”) to providers.
Cruxi does not claim affiliation with listed providers unless clearly stated on the page. Providers are independent businesses that deliver services under their own terms.
Cruxi is not a lead-collection agent for providers by default. RFQs are submitted by clients to Cruxi, and providers can choose whether to participate.
Timeline and actions taken (with correspondence context)
- January 18, 2026 — A client submitted an RFQ for GDPR Article 27 representative services. Our matching logic identified DataRep as a potential match based on publicly available company-level information, and our system sent a notification email to the provider.
- January 19, 2026 — DataRep replied, stating they do not operate via the platform and requested no further contact through Cruxi. We responded the same day, offered correction/removal options, and asked them to confirm their preference (removal + suppression vs. corrections + claim option).
- January 20, 2026 — DataRep requested the listing be hidden (not deleted).
- January 20, 2026 — We hid/suppressed the listing and ensured it is not publicly visible or indexed. We will not reinstate the listing unless the provider explicitly requests it and approves the content.
- January 22, 2026 — DataRep acknowledged the steps taken and indicated they would reconsider participation once certain conditions were met (including non-Google sign-in and EU/UK compliance posture).
- January 26, 2026 — We continued the email exchange regarding (i) our scope review and compliance roadmap, (ii) the fact that we had already hidden the listing, and (iii) that the LinkedIn post still stated the author was “attempting to contact” us despite the ongoing email correspondence.
RFQs and unclaimed listings: what actually happened
A key point of confusion is the idea that Cruxi “collected RFQs on behalf of” a provider.
That is not how this works. The RFQ was submitted by a client to Cruxi. DataRep received a notification because they appeared to be a strong potential match. The notification was an invitation to participate—not an indication of a relationship, representation, or prior consent.
How unclaimed-provider RFQs work on Cruxi
- Unclaimed listings are not treated as opted-in customers. An unclaimed listing does not imply any partnership, endorsement, or ongoing participation in Cruxi RFQ routing.
- Limited RFQ information may be included in an invitation email so the provider can quickly determine whether they want to participate.
- Full RFQ details and any structured “in-platform” response flow require an opt-in action (e.g., claiming a profile or otherwise explicitly choosing to participate).
- If a provider does not want to claim an account, they can reply by email, and we can relay their response to the requester when appropriate (or stop contact entirely, as requested).
- Providers can also request suppression / no further contact, which we honor.
What we changed as a result
This situation highlighted that even a match invitation can be interpreted as unwanted “lead routing” by providers who do not wish to be contacted via marketplaces. As a result, we strengthened controls and messaging so the invitation nature is unambiguous and opt-out is frictionless.
Status of the LinkedIn post
After the provider requested that their listing be hidden, we complied immediately and confirmed in writing that it would remain hidden and not indexed.
We also asked the author of the LinkedIn post to update or append a note reflecting that (i) we were already in active contact by email and (ii) the listing issue had been resolved. In an email dated January 26, 2026, the author stated: "Once this has been done and the post is no longer accurate in this regard, I'll be happy to reconsider the wording." (referring to appointing a GDPR and DSA representative or creating an EU establishment).
We respect that the author may choose not to edit a public post. We are publishing this clarification so readers have the up-to-date facts and our current scope position.
Why "EU representative" is not a universal requirement
Whether an EU representative is required depends on whether EU rules apply to a non-EU organisation's activities.
Under the GDPR, the obligation to appoint an EU representative arises only where the GDPR applies under Article 3(2) (for example, where processing relates to offering goods/services to people in the EU or monitoring behaviour in the EU). If Article 3(2) applies, Article 27 generally requires appointing an EU representative, subject to limited exemptions.
Under the EU Digital Services Act, Article 13 requires certain providers of intermediary services not established in the EU, but offering services in the EU, to designate a legal representative in the EU.
Cruxi periodically reviews scope indicators against these legal tests and updates our compliance measures if our operations evolve such that additional EU obligations become applicable.
Provider listings and controls
Some provider pages may be created from publicly available, company-level business information and shown as Unverified until a provider claims and updates the profile.
Every provider page includes:
- A clear Unverified label (where applicable)
- A Request correction / removal option that does not require login
- A Hidden by request state when a provider asks to be removed/hidden
Request correction/removal: Request removal or update info
DSAR / privacy requests: Data Subject Request
What information we publish
We aim to publish company-level information (e.g., business name, website, general service categories, HQ country). We do not intend to publish personal data about individuals.
RFQs are submitted by clients. We encourage clients not to include unnecessary personal data in RFQs. If any page contains inaccurate information or information a provider does not want displayed, the provider can request correction or removal and we will act on it.
EU/UK scope position (current)
Cruxi is U.S.-based and not established in the EU. We do not currently run EU/UK-targeted marketing campaigns. We periodically review scope indicators and, if our operations change such that EU-specific requirements become applicable, we will implement the relevant measures.
EU/UK scope & contacts: Compliance & Contacts
Cookie controls: Cruxi provides cookie consent controls for EU/UK users and supports opt-in for non-essential cookies.
Our commitment
Cruxi is building infrastructure that makes compliance services easier to compare and purchase responsibly. If we make a mistake in a provider listing—or if a provider does not want to be listed—we act quickly. Providers can request correction or removal at any time.
- For questions: privacy@cruxi.ai
- For provider listing updates/removal: Request removal or update info