Legal

Privacy Policy

Last updated: January 1, 2025  ·  Effective: January 1, 2025

1. Overview

IMXAL Tech ("we", "our", or "us") is committed to protecting the privacy and security of the personal information we collect from clients, website visitors, and business partners. This Privacy Policy explains what data we collect, how we use it, who we share it with, and the rights you hold over your information.

By using our website at imxaltech.com (the "Site") or engaging our services, you agree to the practices described in this Policy. If you do not agree, please discontinue use of our Site and services.

2. Information We Collect

2.1 Information You Provide

  • Contact & Quote Forms: Name, company email, company name, project description, and budget range when you submit a quote request.
  • Newsletter Subscriptions: Email address when you opt-in to our engineering newsletter.
  • Business Communications: Any information you share during client onboarding, project scoping calls, or email correspondence.
  • Contractual Data: Billing information, legal entity names, and signatory details required to execute service agreements.

2.2 Information Collected Automatically

  • Log Data: IP address, browser type, operating system, referring URLs, pages visited, and timestamps.
  • Device Data: Hardware model, screen resolution, and language settings.
  • Cookies & Tracking: Session identifiers, analytics cookies, and performance beacons as described in Section 5.

2.3 Information From Third Parties

  • Publicly available business information (e.g., LinkedIn profiles) used for pre-sales research.
  • Integration metadata from tools you authorise us to connect during a project (e.g., GitHub, Jira, AWS).

3. How We Use Your Information

We process your data for the following purposes:

  • Service Delivery: Scoping, developing, testing, and deploying software solutions under contract.
  • Communications: Responding to enquiries, sending project updates, and delivering newsletters you have subscribed to.
  • Billing & Compliance: Generating invoices, processing payments, and maintaining records required by law.
  • Security: Monitoring for fraudulent activity, preventing unauthorised access, and maintaining system integrity.
  • Analytics & Improvement: Understanding how visitors interact with our Site to improve UX and content.
  • Marketing: Sending relevant engineering insights and product updates (with your consent where required).
  • Legal Obligations: Complying with applicable laws, court orders, or regulatory requests.

4. Sharing Your Information

We do not sell your personal data. We may share it in these limited circumstances:

  • Service Providers: Cloud hosting providers (AWS, Azure, GCP), analytics platforms (Google Analytics), CRM tools, and payment processors — all bound by data processing agreements.
  • Professional Advisors: Lawyers and accountants under confidentiality obligations.
  • Business Transfers: In the event of a merger, acquisition, or asset sale, your data may transfer to the successor entity with equivalent protections.
  • Legal Requirements: When disclosure is required by law, subpoena, or to protect the rights, property, or safety of IMXAL Tech, our clients, or the public.
  • With Your Consent: For any other purpose with your explicit consent.

5. Cookies & Tracking Technologies

We use the following types of cookies:

  • Strictly Necessary: Essential for the Site to function (session management, security tokens). Cannot be disabled.
  • Analytics: Google Analytics 4 and similar tools that collect anonymised usage statistics. You may opt out via your browser settings or our cookie banner.
  • Marketing: Only activated with your explicit consent. Used to deliver relevant advertising on third-party platforms.

You can manage cookie preferences through your browser settings. Disabling cookies may affect certain Site functionality.

6. Data Security

We implement industry-standard technical and organisational measures to protect your data, including:

  • TLS/HTTPS encryption for all data in transit.
  • AES-256 encryption for sensitive data at rest.
  • Role-based access controls and least-privilege principles.
  • Regular penetration testing and security audits (the same standard we apply for clients).
  • Incident response procedures with notification timelines compliant with applicable law.

No transmission over the internet is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

7. Data Retention

We retain personal data for as long as necessary to fulfil the purposes outlined in this Policy:

  • Client Project Data: 7 years after project completion for legal and audit purposes.
  • Enquiry & Quote Data: 2 years from last contact if no contract is executed.
  • Newsletter Subscribers: Until you unsubscribe, and then purged within 30 days.
  • Log & Analytics Data: 26 months (Google Analytics default) then automatically deleted.

8. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

  • Access: Request a copy of the data we hold about you.
  • Rectification: Request correction of inaccurate or incomplete data.
  • Erasure: Request deletion of your data ("right to be forgotten") where no legal basis for retention exists.
  • Portability: Receive your data in a structured, machine-readable format.
  • Restriction: Request that we limit processing of your data in certain circumstances.
  • Objection: Object to processing based on legitimate interests or for direct marketing.
  • Withdrawal of Consent: Withdraw consent at any time without affecting prior processing.

To exercise any of these rights, contact us at privacy@imxaltech.com. We will respond within 30 days.

9. International Data Transfers

IMXAL Tech operates globally. Your data may be transferred to and processed in countries outside your country of residence, including the United States, where data protection laws may differ. Where required, we rely on Standard Contractual Clauses (SCCs) approved by the European Commission or equivalent legal mechanisms to safeguard cross-border transfers.

10. Children's Privacy

Our Site and services are directed at businesses and professionals aged 18 and over. We do not knowingly collect personal data from individuals under 18. If you believe a minor has provided us with personal data, please contact us at privacy@imxaltech.com and we will delete it promptly.

11. Changes to This Policy

We may update this Privacy Policy periodically to reflect changes in our practices or applicable law. When we do, we will revise the "Last updated" date at the top of this page. For material changes, we will provide prominent notice on our Site or via email. We encourage you to review this Policy regularly.

12. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or your personal data, please reach out:

For EU/UK residents: You have the right to lodge a complaint with your local supervisory authority if you believe we have processed your personal data unlawfully.