Privacy Policy

Introduction

At XpertMatrix Inc. ("XpertMatrix," "XM," "we," "us," or "our"), we understand that privacy is fundamental to the trust you place in our services. This Privacy Policy comprehensively explains how we collect, use, process, store, and safeguard your Personal Data—which we define as any information that directly identifies or can reasonably be used to identify you as an individual—when you access or utilize our website, platform, products, services, or otherwise interact with us in any capacity. Our commitment to privacy extends beyond mere compliance with applicable laws and regulations; it reflects our core values and dedication to maintaining the confidentiality and integrity of the information entrusted to us.

This Privacy Policy applies comprehensively to all visitors to our website, registered users of our products and services, individuals who communicate with us through any channel, and individuals whose Personal Data we have obtained from public databases, third-party sources, or business partners. We process data across multiple jurisdictions and maintain strict standards regardless of the applicable legal framework governing such processing activities.

This Privacy Policy expressly does not apply to third-party websites, platforms, applications, or services that XpertMatrix does not own, operate, or control, even if such third-party services are linked to or integrated with our platform. We encourage you to review the privacy policies of any third-party services before providing them with your personal information.

By accessing or using our Services in any manner, you acknowledge that you have read, understood, and agree to be bound by the terms of this Privacy Policy. If you do not agree with any aspect of this Privacy Policy, you must immediately discontinue all use of our Services and refrain from providing us with any Personal Data.

Our Role in Handling Your Personal Data

1. As a Data Controller:
XpertMatrix functions as a data controller when we independently determine the purposes and means of processing Personal Data. This includes, but is not limited to, circumstances where you visit our website, create and maintain a user account, subscribe to our communications, interact with our marketing materials, or when we collect publicly available information about you for business intelligence purposes. In our capacity as a data controller, we bear primary responsibility for ensuring compliance with applicable data protection laws and implementing appropriate technical and organizational measures to protect your Personal Data.

2. As a Data Processor:
XpertMatrix acts as a data processor when we process Personal Data exclusively on behalf of another organization (the data controller), such as when an expert network, consulting firm, or enterprise client engages our services and provides us with Personal Data subject to their own privacy policies and data processing instructions. In such circumstances, our processing activities are governed by the contractual arrangements with the data controller, and we process Personal Data only in accordance with their documented instructions and applicable data processing agreements.

1. Who We Are

XpertMatrix Inc. is a Delaware corporation headquartered in New York, NY, USA. We are an AI-powered business intelligence platform specializing in identifying and analyzing decision-makers within target companies using only publicly available information sources. For all privacy-related inquiries, data subject requests, or other matters concerning this Privacy Policy, please contact us at support@xpertmatrix.com.

2. What Personal Data We Collect

We may collect, process, and store various categories of Personal Data depending on your relationship with us and how you interact with our Services. The scope and nature of data collection may vary based on the specific services you use, your account settings, and the legal basis for processing. The categories of Personal Data we may collect include, but are not limited to:

Customer Content and User-Generated Data: Any documents, files, data uploads, communications, feedback, or other content you voluntarily submit to our platform, including analysis requests, custom research parameters, and any annotations or modifications you make to our generated reports.
Account and Registration Information: Email addresses, telephone numbers, full names, company affiliations, job titles, professional roles, authentication credentials, account preferences, notification settings, and billing contact information necessary for account creation and management.
Professional and Business Information: Current and previous employer information, job titles and roles, industry background, professional certifications, educational background, work location, and other career-related information that may be relevant to our business intelligence services.
Financial and Billing Information: Payment method details, billing addresses, transaction history, subscription information, and other financial data necessary for processing payments and maintaining accurate billing records.
Marketing and Communication Preferences: Email subscription preferences, communication opt-ins and opt-outs, engagement metrics for our marketing communications, event attendance, and preferences regarding the types of content and updates you wish to receive from us.
Technical and Usage Data: IP addresses, browser types and versions, operating system information, device identifiers, pages viewed, click-through rates, session duration, referring URLs, search queries, feature usage patterns, error logs, and other technical information automatically collected through your use of our Services.
Device and System Information: Device type and model, screen resolution, browser capabilities, installed plugins, time zone settings, crash reports, performance metrics, and other technical specifications that help us optimize our Services for your device.
Location Information: General geographic location derived from IP addresses, location information you voluntarily provide in your profile or through address fields, and location data necessary for providing localized services or content.
Publicly Available Professional Data: Information sourced from public websites, professional social networks (such as LinkedIn), company websites, press releases, news articles, public registries, and other publicly accessible sources that is relevant to our business intelligence services.
Third-Party Integration Data: Information exchanged through authorized integrations with third-party services, CRM systems, productivity tools, or other business applications you choose to connect with our platform, subject to the permissions you grant.

3. How We Collect Personal Data

We employ multiple methods to collect Personal Data, each governed by appropriate legal bases and implemented with suitable privacy protections. Our data collection methods include:

Direct Collection: Information you voluntarily provide to us through account registration forms, contact forms, survey responses, email communications, customer support interactions, webinar registrations, trial account setups, subscription processes, and any other direct communications or interactions with our Services.
Automatic Collection: Data automatically gathered through cookies, web beacons, server logs, analytics tools, performance monitoring systems, and other tracking technologies as you navigate and interact with our website and platform. This includes behavioral data, usage patterns, and technical performance metrics.
Third-Party Sources: Information obtained from business partners, data providers, public databases, professional networking platforms, company websites, news sources, industry publications, marketing partners, and other external sources that provide publicly available professional information relevant to our business intelligence services.

4. Legal Bases for Processing

We process your Personal Data only when we have a valid legal basis for doing so under applicable data protection laws. The specific legal basis for processing depends on the type of Personal Data involved and the context in which we collect it. Our processing activities are based on one or more of the following legal grounds:

Consent: Where you have provided clear, informed, and freely given consent for specific processing activities, such as marketing communications, optional features, or voluntary data sharing arrangements.
Contractual Necessity: Where processing is necessary for the performance of a contract to which you are a party, such as providing our Services, processing payments, delivering customer support, or fulfilling our obligations under our Terms of Service.
Legal Obligation: Where processing is required to comply with applicable laws, regulations, court orders, or other legal requirements, including tax obligations, regulatory reporting, or law enforcement requests.
Legitimate Interests: Where processing is necessary for our legitimate business interests or those of third parties, provided that such interests are not overridden by your fundamental rights and freedoms. This includes fraud prevention, security monitoring, business analytics, product improvement, direct marketing to existing customers, and maintaining the security and integrity of our Services.

5. How We Use Your Personal Data

We use Personal Data for various business purposes that are directly related to providing, maintaining, and improving our Services, as well as protecting our legitimate business interests and complying with applicable legal obligations. Our primary uses of Personal Data include:

Service Provision and Platform Operation: Operating and maintaining our website and platform, processing your requests for business intelligence reports, delivering search results, providing customer support, managing user accounts, processing payments, and ensuring the proper functioning of all platform features and capabilities.
Customer Support and Communication: Responding to your inquiries, providing technical assistance, troubleshooting issues, delivering important service updates, sending transactional communications, and maintaining effective customer relationships through responsive support services.
Marketing and Business Development: Sending promotional communications about new features, services, and offerings, conducting market research, analyzing customer preferences, developing targeted marketing campaigns, and communicating about industry insights, events, and educational content that may be of interest to you.
Analytics and Service Improvement: Conducting internal analytics to understand user behavior, measuring the effectiveness of our Services, identifying areas for improvement, developing new features and capabilities, optimizing user experience, and making data-driven decisions about product development and business strategy.
Security and Compliance: Protecting against fraud, unauthorized access, and security threats, ensuring compliance with applicable laws and regulations, conducting internal audits, maintaining accurate records, preventing misuse of our Services, and protecting the rights and safety of our users and business partners.
Business Intelligence Services: Analyzing publicly available information to generate business insights, identifying decision-makers within target organizations, providing competitive intelligence, and delivering the core business intelligence services that constitute our primary value proposition.

We may aggregate or anonymize Personal Data to create statistical or analytical datasets that cannot reasonably be used to identify specific individuals. Such aggregated or anonymized data may be used for research, analytics, benchmarking, and other business purposes without restriction.

6. Sharing and Disclosure

We maintain strict policies regarding the sharing and disclosure of Personal Data and only share such information in specific circumstances that are necessary for our business operations or required by law. We may share your Personal Data with the following categories of recipients:

Authorized Users Within Your Organization: When you are part of a team or enterprise account, certain information may be accessible to other authorized users within your organization, such as account administrators, team members, or other users designated by your organization's account settings and permissions.
Third-Party Service Providers and Integrations: Vendors and service providers who perform services on our behalf or provide integrated functionality, including Customer Relationship Management (CRM) systems, Google Workspace applications, productivity tools, analytics platforms, and other business applications that you authorize us to connect with.
Technology Vendors and Subprocessors: Cloud infrastructure providers (including Railway for hosting services), email service providers, payment processors, analytics providers, security vendors, and other technology partners who provide essential infrastructure and services that enable us to operate our platform securely and effectively.
Corporate Affiliates and Successor Entities: In the event of a merger, acquisition, corporate reorganization, sale of assets, or other business transaction, Personal Data may be transferred to successor entities or acquiring parties, subject to appropriate confidentiality and data protection commitments.
Legal and Regulatory Authorities: When required by law, regulation, court order, subpoena, or other legal process, or when we believe in good faith that disclosure is necessary to protect our rights, investigate potential violations of our terms of service, or protect the safety and security of our users or the public.

Subprocessor Transparency: We maintain comprehensive oversight of all subprocessors and vendors who may have access to Personal Data in the course of providing services to us. Our complete list of authorized subprocessors, including their roles and jurisdictions, is available upon request by emailing support@xpertmatrix.com. Key subprocessors include cloud infrastructure providers (Railway), communication platforms (Google Workspace), and specialized business intelligence data providers. We ensure that all subprocessors are bound by appropriate data protection obligations and implement security measures consistent with our own standards.

7. International Data Transfers

Given the global nature of our business and technology infrastructure, your Personal Data may be transferred to, processed in, and stored in countries outside of your country of residence, including the United States and other jurisdictions where our service providers operate. We recognize that different countries have varying levels of data protection laws, and we are committed to ensuring that all international transfers of Personal Data are conducted in compliance with applicable legal requirements and with appropriate safeguards in place. When transferring Personal Data to countries that do not provide an adequate level of data protection as determined by relevant data protection authorities, we implement appropriate safeguards such as Standard Contractual Clauses approved by the European Commission, adequacy decisions, or other legally recognized transfer mechanisms to ensure that your Personal Data receives an adequate level of protection regardless of where it is processed.

8. Data Retention

We retain Personal Data only for as long as necessary to fulfill the purposes for which it was collected, comply with our legal and regulatory obligations, resolve disputes, enforce our agreements, and protect our legitimate business interests. Our retention periods are determined based on various factors, including the nature of the Personal Data, the purposes for which it is processed, applicable legal requirements, and our legitimate business needs. Generally, we retain Personal Data for the duration of your relationship with us and for a reasonable period thereafter to comply with legal obligations, maintain accurate business records, and provide continued support. Account information and transaction records may be retained for longer periods as required by applicable tax, accounting, and regulatory requirements. Upon expiration of the applicable retention period, we will securely delete or anonymize Personal Data in accordance with our data destruction policies and procedures.

9. Your Rights

Depending on your jurisdiction and the applicable data protection laws, you may have various rights regarding your Personal Data. These rights are designed to give you control over your Personal Data and ensure transparency in our processing activities. Your rights may include:

Right of Access: The right to obtain confirmation of whether we process your Personal Data and, if so, to receive a copy of such data along with information about how it is being processed.
Right to Rectification: The right to request correction of inaccurate or incomplete Personal Data we hold about you.
Right to Erasure: The right to request deletion of your Personal Data in certain circumstances, such as when it is no longer necessary for the purposes for which it was collected or when you withdraw consent.
Right to Restrict Processing: The right to request that we limit the processing of your Personal Data in certain circumstances, such as when you contest the accuracy of the data or object to processing.
Right to Object: The right to object to certain types of processing, particularly processing based on legitimate interests or for direct marketing purposes.
Right to Data Portability: The right to receive your Personal Data in a structured, commonly used, and machine-readable format and to have it transmitted directly to another controller where technically feasible.
Right to Withdraw Consent: Where processing is based on consent, the right to withdraw such consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.

To exercise any of these rights, please contact us at support@xpertmatrix.com with a detailed description of your request. We will respond to your request within the timeframes required by applicable law. For security purposes, we may require you to provide additional information to verify your identity before processing certain requests. If you believe that our processing of your Personal Data violates applicable data protection laws, you also have the right to lodge a complaint with the relevant supervisory authority in your jurisdiction.

10. Cookies and Tracking Technologies

We use various tracking technologies, including cookies, web beacons, pixels, and similar technologies, to enhance your experience with our Services, understand usage patterns, and deliver personalized content and advertisements. These technologies help us remember your preferences, analyze how our Services are used, measure the effectiveness of our marketing campaigns, and provide security features. The specific types of tracking technologies we use include:

Essential Cookies: Necessary for the proper functioning of our website and platform, including authentication, security, and basic functionality.
Analytics and Performance Cookies: Used to collect information about how you use our Services, including page views, session duration, and user interactions, helping us improve our platform's performance and user experience.
Functionality Cookies: Enable enhanced features and personalization, such as remembering your preferences, language settings, and previously viewed content.
Marketing and Advertising Cookies: Used to deliver relevant advertisements, measure the effectiveness of marketing campaigns, and create personalized marketing experiences across different platforms and websites.

You can control cookie settings through your browser preferences, and most browsers allow you to refuse or delete cookies. However, please note that disabling certain cookies may affect the functionality of our Services and your ability to access certain features. For more detailed information about the specific cookies we use and how to manage them, please refer to our Cookie Policy or contact us directly.

11. Third-Party Links

Our platform may contain links to third-party websites, services, or applications that are not owned, operated, or controlled by XpertMatrix. These links are provided for your convenience and reference only and do not constitute an endorsement of the content, products, services, or privacy practices of such third parties. We are not responsible for the privacy practices, data handling procedures, or content of any third-party websites or services. When you click on links to external sites or services, you will be subject to the privacy policies and terms of service of those third parties. We strongly encourage you to review the privacy policies and terms of service of any third-party websites or services before providing them with any personal information or engaging with their services.

12. Security

We are committed to protecting the security and confidentiality of your Personal Data and have implemented comprehensive technical, organizational, and administrative safeguards designed to prevent unauthorized access, disclosure, alteration, or destruction of Personal Data. Our security measures include, but are not limited to, encryption of data in transit and at rest using industry-standard protocols (TLS/SSL), role-based access controls with principle of least privilege enforcement, regular security assessments and vulnerability testing, secure authentication mechanisms including multi-factor authentication where appropriate, comprehensive audit logging and monitoring systems, and regular security training for our personnel. While XpertMatrix is not yet formally SOC 2 certified, we implement industry-standard security controls aligned with SOC 2 Type II and NIST Cybersecurity Framework requirements, including mandatory trust service criteria covering security, confidentiality, and system availability. A detailed security summary and information about our security practices is available upon request for enterprise customers and business partners.

Despite our commitment to security, it is important to understand that no system or method of data transmission over the internet or electronic storage can be guaranteed to be completely secure. While we strive to protect your Personal Data using appropriate security measures, we cannot guarantee absolute security, and you acknowledge that you provide Personal Data at your own risk. In the unlikely event of a security incident that may affect your Personal Data, we will notify you and relevant authorities as required by applicable law and will take appropriate remedial measures to address the incident and prevent future occurrences. We encourage you to take steps to protect your own account security, including using strong passwords, enabling two-factor authentication where available, and promptly notifying us of any suspected unauthorized access to your account at support@xpertmatrix.com.

13. Children's Privacy

Our Services are designed for and directed toward business professionals and organizations and are not intended for use by individuals under the age of 18. We do not knowingly collect, process, or maintain Personal Data from children under 18 years of age, and we do not knowingly allow such individuals to register for or use our Services. If we become aware that we have inadvertently collected Personal Data from a child under 18, we will take immediate steps to delete such information from our systems and terminate any associated accounts. Parents or guardians who believe that their child has provided Personal Data to us without their consent should contact us immediately at support@xpertmatrix.com so that we can take appropriate corrective action.

14. Changes to This Privacy Policy

We may periodically update, revise, or modify this Privacy Policy to reflect changes in our business practices, legal requirements, or to clarify our data handling procedures. When we make material changes to this Privacy Policy, we will notify you by posting the updated policy on our website with a revised "Last Updated" date and, where required by applicable law or where we determine it is appropriate, by sending you a direct notification via email or through our platform. We encourage you to review this Privacy Policy periodically to stay informed about how we collect, use, and protect your Personal Data. Your continued use of our Services after any changes to this Privacy Policy constitutes your acceptance of the updated terms. If you do not agree with any changes, you should discontinue use of our Services and may request deletion of your Personal Data in accordance with your rights under applicable law.

15. Enterprise Data Processing Agreements

For enterprise customers, consulting firms, expert networks, and other organizations that engage our services and act as data controllers in their own right, XpertMatrix provides comprehensive Data Processing Agreements (DPAs) that establish the terms and conditions governing our processing of Personal Data on their behalf. These DPAs include detailed provisions covering data processing instructions, security measures, subprocessor arrangements, data subject rights, international data transfers, and incident response procedures. Our DPAs are designed to ensure compliance with applicable data protection regulations, including the European General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), and other relevant privacy laws. To initiate a DPA or request more information about our enterprise data processing arrangements, please email support@xpertmatrix.com with details about your organization and specific requirements.

16. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy, our data processing practices, or your Personal Data, please do not hesitate to contact us. We are committed to addressing your inquiries promptly and thoroughly. You can reach us at support@xpertmatrix.com for all privacy-related matters, including data subject rights requests, security concerns, questions about our data processing activities, or requests for additional information about our privacy practices. When contacting us, please provide sufficient detail about your inquiry or request to enable us to respond effectively and in accordance with applicable legal requirements.