Privacy Policy

Vexelon Cybersecurity ("we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains what personal information we collect, how we use it, with whom we share it, and your rights related to your data when you use our website and services. This policy applies to all information collected through our website, services, and any related communications. By using our services, you consent to the data practices described in this policy.

We collect several types of information to provide and improve our services: Personal Information You Provide: • Name, email address, phone number, and job title • Company information and business contact details • Payment and billing information • Account credentials and authentication data • Communications and correspondence with us • Information provided during security assessments or consultations Automatically Collected Information: • IP address and geographic location • Browser type, version, and language preferences • Operating system and device information • Pages visited, time spent, and navigation patterns • Referral sources and exit pages • Cookies and similar tracking technologies Information from Third Parties: • Business contact information from data providers • Social media profile information (if you connect accounts) • Credit and fraud detection information from payment processors

We use collected information for the following purposes: Service Delivery: • Provide, maintain, and improve our cybersecurity services • Process transactions and manage billing • Deliver security assessments, monitoring, and incident response • Provide customer support and technical assistance Communication: • Send service-related notifications and updates • Respond to inquiries and requests • Deliver marketing and promotional materials (with your consent) • Conduct surveys and gather feedback Business Operations: • Analyze usage patterns to improve our services • Develop new products and features • Conduct research and analytics • Maintain business records and reporting Legal and Security: • Comply with legal obligations and regulatory requirements • Protect against fraud, unauthorized access, and security threats • Enforce our Terms of Service and other agreements • Defend our legal rights and interests

We do not sell your personal information. We may share your data in the following circumstances: Service Providers: We work with trusted third-party service providers who assist in: • Cloud hosting and infrastructure • Payment processing and billing • Customer relationship management (CRM) • Email delivery and marketing automation • Analytics and performance monitoring These providers are bound by strict confidentiality agreements and may only use your information to perform services on our behalf. Business Transfers: In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity. Legal Requirements: We may disclose information when required to: • Comply with legal obligations, court orders, or government requests • Protect our rights, property, or safety • Investigate fraud or security incidents • Enforce our Terms of Service With Your Consent: We may share information with your explicit consent for purposes not covered in this policy.

We implement industry-standard security measures to protect your information: Technical Safeguards: • Encryption of data in transit (TLS/SSL) and at rest • Secure data centers with physical access controls • Multi-factor authentication for system access • Regular security assessments and penetration testing • Network segmentation and firewalls • Intrusion detection and prevention systems Administrative Safeguards: • Employee training on data protection and privacy • Strict access controls and need-to-know principles • Incident response and breach notification procedures Organizational Measures: • Regular security audits and compliance reviews • Data retention and deletion policies • Vendor security assessments While we strive to protect your information, no security measure is 100% effective. We cannot guarantee absolute security but will notify you of any breach as required by law.

Depending on your location, you may have the following rights regarding your personal data: Access and Portability: • Request a copy of your personal information • Receive your data in a structured, machine-readable format • Transfer your data to another service provider Correction and Deletion: • Update or correct inaccurate information • Request deletion of your personal data (subject to legal requirements) • Request restriction of processing Objection and Withdrawal: • Object to processing for direct marketing purposes • Withdraw consent for optional data processing • Opt-out of automated decision-making How to Exercise Your Rights: Contact us at contact@vexelon.io with your request. We will respond within 30 days. Note: Some rights may be limited by legal obligations or legitimate business interests.

We use cookies and similar technologies to enhance user experience and collect usage data: Types of Cookies: • Essential Cookies: Required for website functionality and security • Performance Cookies: Analyze site usage and performance • Functional Cookies: Remember your preferences and settings • Marketing Cookies: Deliver personalized advertisements Third-Party Services: We use analytics and marketing tools from: • Google Analytics (website traffic analysis) • LinkedIn (professional networking and advertising) Your Choices: You can control cookies through your browser settings. Note that disabling certain cookies may limit website functionality. Refer to our detailed Cookie Policy for more information.

Vexelon operates globally, and your information may be processed or stored in countries outside your residence, including the United States and European Union. We ensure appropriate safeguards through: • Standard Contractual Clauses (SCCs) approved by regulatory authorities • Adequacy decisions recognizing equivalent data protection • Privacy Shield frameworks (where applicable) • Binding corporate rules for internal transfers Data transferred internationally receives the same level of protection as described in this policy.

Our services are not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected information from a child without parental consent, we will take steps to delete such information promptly. Parents or guardians who believe we may have collected information from a child should contact us immediately at contact@vexelon.io.

We retain personal information for as long as necessary to fulfill the purposes outlined in this policy, unless a longer retention period is required or permitted by law. Retention Periods: • Account information: Duration of relationship plus 7 years • Service data: As specified in service agreements • Marketing data: Until you opt-out or request deletion • Legal and compliance records: As required by applicable regulations When data is no longer needed, we securely delete or anonymize it according to our data retention schedule.

We may update this Privacy Policy periodically to reflect changes in our practices, technology, legal requirements, or business operations. Notification of Changes: • Material changes will be communicated via email or website notice • The "Last Updated" date at the top indicates the most recent revision • Continued use of our services after changes constitutes acceptance We encourage you to review this policy regularly to stay informed about how we protect your information.

For questions, concerns, or requests regarding this Privacy Policy or your personal data: Privacy Team: Email: contact@vexelon.io Response Time: Within 5 business days Data Protection Officer: Email: contact@vexelon.io We take your privacy seriously and will address all inquiries promptly and professionally.