Privacy Policy

We collect information you provide directly to us, such as when you create an account, make a purchase, subscribe to our newsletter, fill out a form, or communicate with us. This includes: • Personal identification information: Name, email address, phone number, postal address • Professional information: Company name, job title, industry • Account credentials: Username, encrypted password • Payment information: Credit card details (processed securely through Stripe — we do not store card numbers) • Communication data: Messages sent through our contact forms, chatbot conversations, and email correspondence • Educational data: Course enrollments, progress, certifications, and learning preferences

When you access or use our platform, we automatically collect certain information, including: • Device information: IP address, browser type and version, operating system, device identifiers • Usage data: Pages visited, time spent on pages, click patterns, navigation paths • Performance metrics: Core Web Vitals (LCP, CLS, INP, FCP, TTFB) for service improvement • Cookies and similar technologies: Session cookies, preference cookies, and analytics cookies (see our Cookie Policy for details) • Referral data: The website that referred you to our platform

We use the information we collect for the following purposes: • Service delivery: To provide, maintain, and improve our IT consulting, training, and e-learning services • Account management: To create and manage your user account, process transactions, and send related information • Communication: To respond to your inquiries, send service updates, newsletters (with your consent), and marketing communications • Personalization: To tailor content, course recommendations, and learning experiences to your preferences • Analytics: To understand how our platform is used and to improve user experience and performance • Security: To detect, prevent, and address technical issues, fraud, and security threats • Legal compliance: To comply with applicable laws, regulations, and legal processes • AI-powered features: To provide intelligent chatbot assistance and personalized learning recommendations

We use cookies and similar tracking technologies to collect and track information about your activity on our platform. You can manage your cookie preferences through our Cookie Consent banner or by visiting our Cookie Policy page. We categorize cookies into four types: • Necessary cookies: Essential for the platform to function properly • Analytics cookies: Help us understand how visitors interact with our platform • Functional cookies: Enable enhanced functionality and personalization • Marketing cookies: Used to deliver relevant advertisements For detailed information about the cookies we use, please refer to our [Cookie Policy](/cookie-policy).

We do not sell your personal information. We may share your information in the following circumstances: • Service providers: With third-party vendors who perform services on our behalf (e.g., Stripe for payment processing, cloud hosting providers, email delivery services) • Business partners: With SAP, Microsoft, AWS, and other technology partners when necessary to deliver our consulting and training services • Legal requirements: When required by law, subpoena, or other legal process, or to protect our rights, privacy, safety, or property • Business transfers: In connection with a merger, acquisition, or sale of assets • With your consent: When you have given us explicit permission to share your information All third-party service providers are contractually obligated to protect your data and use it only for the purposes we specify.

We implement robust security measures to protect your personal information: • Encryption: All data transmitted between your browser and our servers is encrypted using TLS/SSL • Access controls: Strict role-based access controls limit who can access personal data • CSRF protection: Double-submit cookie pattern with constant-time comparison • Rate limiting: Multi-tier rate limiting to prevent abuse (API: 100/min, Auth: 10/min, Forms: 5/min) • Security headers: Content Security Policy (CSP), X-Frame-Options, X-Content-Type-Options, and other protective headers • Regular audits: Periodic security assessments and vulnerability testing • Secure payments: PCI-DSS compliant payment processing through Stripe While we strive to protect your personal information, no method of transmission over the Internet is 100% secure. We encourage you to use strong passwords and keep your account credentials confidential.

We retain your personal information for as long as necessary to fulfill the purposes outlined in this policy, unless a longer retention period is required or permitted by law. • Account data: Retained for the duration of your account plus 2 years after deletion • Transaction records: Retained for 7 years for tax and legal compliance • Communication logs: Retained for 3 years • Analytics data: Web Vitals and usage metrics are retained for 30 days, then automatically cleaned up • Chatbot conversations: Retained for 1 year for service improvement You may request deletion of your data at any time (see Your Rights section below).

Depending on your location, you may have the following rights regarding your personal data: • Right of access: Request a copy of the personal data we hold about you • Right to rectification: Request correction of inaccurate or incomplete data • Right to erasure: Request deletion of your personal data ("right to be forgotten") • Right to restrict processing: Request that we limit how we use your data • Right to data portability: Receive your data in a structured, commonly used format • Right to object: Object to processing of your data for certain purposes, including direct marketing • Right to withdraw consent: Withdraw consent at any time where processing is based on consent • Right to non-discrimination: We will not discriminate against you for exercising your privacy rights (CCPA) To exercise any of these rights, please contact our Data Protection Officer at [email protected] or use the contact information provided below.

X-MerAkI operates from Miami, Florida, USA, and serves clients globally. Your personal data may be transferred to and processed in countries outside your country of residence, including the United States. When we transfer data internationally, we ensure appropriate safeguards are in place: • Standard Contractual Clauses (SCCs) approved by the European Commission • Adequacy decisions where applicable • Binding Corporate Rules for intra-group transfers • Your explicit consent when other mechanisms are not available We comply with the EU-US Data Privacy Framework and Swiss-US Data Privacy Framework.

Our platform is not directed to children under 16 years of age. We do not knowingly collect personal information from children under 16. If we become aware that we have collected personal data from a child under 16 without parental consent, we will take steps to delete that information promptly. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at the email address provided below.

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. We will notify you of any material changes by: • Posting the updated policy on this page with a new "Last Updated" date • Sending an email notification to registered users for significant changes • Displaying a prominent notice on our platform We encourage you to review this Privacy Policy periodically. Your continued use of our platform after any changes constitutes acceptance of the updated policy.

If you have any questions about this Privacy Policy or our data practices, or if you wish to exercise your rights, please contact us: Data Protection Officer Email: [email protected] X-MerAkI 3643 S 24th Street Miami, FL 33145, USA Phone: +1 (786) 972-4030 Email: [email protected] For EU residents, you also have the right to lodge a complaint with your local data protection authority.