Privacy Policy
Your privacy is important to us. This policy explains how we collect, use, and protect your information in compliance with GDPR and other privacy regulations.
Last updated: January 2025
This Privacy Policy complies with the EU General Data Protection Regulation (GDPR). If you are a resident of the European Economic Area (EEA), you have specific rights regarding your personal data. We are committed to protecting your privacy and ensuring transparent data processing practices.
x-Brainiac is the data controller responsible for your personal data. Our contact details are:
Company: x-Brainiac AI & Analytics Consulting
Email: hello@cx.xbrainiac.com
Phone: +1 (904) 664-8904
Address: Jacksonville, FL, United States
Data Protection Officer: hello@cx.xbrainiac.com
Under GDPR, we process your personal data based on the following legal grounds:
Consent (Article 6(1)(a))
When you voluntarily provide information through our contact forms or subscribe to our communications.
Legitimate Interests (Article 6(1)(f))
For business communications, website analytics, and improving our services, where our interests don't override your rights.
Contract Performance (Article 6(1)(b))
When processing is necessary to perform our consulting services or respond to your service requests.
Legal Obligation (Article 6(1)(c))
When we must process data to comply with legal requirements, such as tax or accounting obligations.
Data You Provide Directly
| Data Category | Examples | Purpose |
|---|---|---|
| Contact Information | Name, email, phone number | Communication and service delivery |
| Professional Information | Company name, job title, industry | Tailoring our services to your needs |
| Project Information | Business requirements, project details | Providing consulting services |
Data Collected Automatically
| Data Category | Examples | Legal Basis |
|---|---|---|
| Technical Data | IP address, browser type, device info | Legitimate interests |
| Usage Data | Pages visited, time spent, click patterns | Legitimate interests |
| Location Data | Country/region (from IP address) | Legitimate interests |
If you are a resident of the EEA, you have the following rights regarding your personal data:
Right of Access (Article 15)
Request a copy of your personal data we hold
Right to Rectification (Article 16)
Correct inaccurate or incomplete data
Right to Erasure (Article 17)
Request deletion of your personal data ("right to be forgotten")
Right to Restrict Processing (Article 18)
Limit how we use your data in certain circumstances
Right to Data Portability (Article 20)
Receive your data in a structured, machine-readable format
Right to Object (Article 21)
Object to processing based on legitimate interests
Right to Withdraw Consent
Withdraw consent for processing at any time
Right to Lodge a Complaint
File a complaint with your local data protection authority
How to Exercise Your Rights: Contact us at hello@cx.xbrainiac.com with your request. We will respond within 30 days (or 60 days for complex requests) and may need to verify your identity.
We retain personal data only for as long as necessary for the purposes outlined in this policy:
| Data Type | Retention Period | Reason |
|---|---|---|
| Contact form submissions | 3 years | Business relationship management |
| Client project data | 7 years after project completion | Legal and contractual obligations |
| Website analytics | 26 months | Website optimization |
| Marketing communications | Until consent withdrawn | Ongoing marketing activities |
As we are based in the United States, your personal data may be transferred outside the EEA. We ensure adequate protection through:
- Standard Contractual Clauses (SCCs): EU-approved contractual terms with service providers
- Adequacy Decisions: Transfers to countries deemed adequate by the European Commission
- Appropriate Safeguards: Technical and organizational measures to protect your data
- Data Processing Agreements: Binding agreements with all data processors
Third-Party Services: We use GDPR-compliant service providers including Resend (email), Vercel (hosting), and other tools that provide adequate data protection.
We implement appropriate technical and organizational measures to ensure data security:
Technical Measures
- End-to-end encryption (TLS 1.3)
- Data encryption at rest (AES-256)
- Regular security updates and patches
- Secure hosting infrastructure
- Access controls and authentication
- Regular security assessments
Organizational Measures
- Staff training on data protection
- Data processing agreements
- Privacy by design principles
- Regular compliance audits
- Incident response procedures
- Data minimization practices
In the unlikely event of a data breach that poses a risk to your rights and freedoms:
- We will notify the relevant supervisory authority within 72 hours of becoming aware of the breach
- If the breach poses a high risk, we will notify affected individuals without undue delay
- We will document all breaches and our response measures
- We will take immediate steps to contain and remedy the breach
- We will review and improve our security measures to prevent future incidents
We use cookies and similar technologies in compliance with GDPR requirements:
| Cookie Type | Purpose | Legal Basis | Duration |
|---|---|---|---|
| Essential | Website functionality | Legitimate interest | Session |
| Analytics | Website improvement | Consent | 26 months |
| Preferences | Remember settings | Consent | 1 year |
You can manage cookie preferences through your browser settings or our cookie consent banner.
For any privacy-related questions, to exercise your GDPR rights, or to contact our Data Protection Officer:
Subject: "GDPR Request" or "Privacy Inquiry"
Response Time: We will respond to your privacy requests within 30 days (or 60 days for complex requests). We may need to verify your identity before processing certain requests.
If you believe we have not handled your personal data in accordance with GDPR, you have the right to lodge a complaint with your local supervisory authority:
- EU residents: Contact your national data protection authority
- UK residents: Information Commissioner's Office (ICO) - ico.org.uk
- Other jurisdictions: Contact your local privacy regulator
However, we encourage you to contact us first so we can address your concerns directly.