Privacy Policy

1. Introduction

Welcome to XprofitX OÜ ("we," "our," or "us"). We respect your privacy and are committed to protecting your personal data in accordance with the General Data Protection Regulation (EU 2016/679) ("GDPR"). This Privacy Policy explains what information we collect through our website xprofitx.com, how we use it, and what rights you have as a visitor.

2. Data Controller

This company acts as the data controller for all personal data processed through this website.

3. What Data We Collect

We collect only the data you voluntarily submit through the contact form:

• First Name
• Last Name
• Email Address
• Message Content

Additionally, our hosting provider may automatically log minimal technical information for security and server functionality:

• IP address
• Date and time of the request
• Browser type and operating system

We do not use cookies or any third-party tracking technologies.

4. Purpose and Legal Basis of Processing

We process your personal data for the following purposes:

• To respond to your inquiry submitted through the contact form
• To maintain communication records in case of follow-up or project discussions
• To ensure the security and proper functioning of our website

Legal basis under GDPR:

• Article 6(1)(f) — legitimate interest (communication and website security)
• Article 6(1)(b) — performance of pre-contractual steps, when you contact us to request our services

When subscription or payment features are added in the future, we will obtain your explicit consent before collecting additional data.

5. Data Retention

We retain personal messages and related data for up to 12 months after the last communication, unless legal or contractual obligations require longer storage.

Server logs are automatically deleted after 90 days.

6. Data Recipients and Transfers

Your data may be processed by trusted third parties strictly for hosting and technical support:

• OVH (EU-based hosting provider)
• Email service provider (for receiving form submissions)

We do not sell, rent, or share your data with third parties for marketing.

If any processing occurs outside the EEA, it will comply with GDPR Chapter V through EU Standard Contractual Clauses (SCCs) or Data Privacy Framework (DPF) mechanisms.

7. Your Rights under GDPR

You have the following rights:

• Access to your personal data
• Rectification or correction of inaccuracies
• Erasure ("Right to be forgotten")
• Restriction of processing
• Data portability
• Objection to processing

To exercise your rights, contact us at info@xprofitx.com.

If you believe your data has been mishandled, you may lodge a complaint with the Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon).

8. Children's Privacy

Our website is intended for business use and is not directed at children under 16 years old. We do not knowingly collect or process children's data.

9. Data Security

We apply appropriate organizational and technical measures to protect data against unauthorized access, alteration, loss, or destruction.

This includes encrypted connections (HTTPS), secured hosting, and access control within our infrastructure.

10. Updates to This Policy

We may update this Privacy Policy from time to time to reflect changes in law or website functionality.

The latest version will always be available at xprofitx.com/privacy.