Privacy Notice

Introduction

This Privacy Notice ("Notice") explains how personal data is collected, processed, protected, and used by the digital platform XRAYTRUTH ("Platform"), operated by a legal entity registered within the European Union ("we," "us," or "the Platform"), in relation to users interacting with the Platform's services ("you" or "the User").

We are committed to ensuring the appropriate protection of personal data in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (the General Data Protection Regulation – GDPR).

At XRAYTRUTH AI, we take your privacy seriously. Please read this Privacy Notice to understand how we handle your personal data. By accessing or using our Services in any way, you acknowledge that you accept the practices and policies outlined below, and you hereby consent to our collection, use, and disclosure of your information as described in this Notice.

Please note that your use of XRAYTRUTH AI's Services is always subject to the Platform's Terms of Service, which incorporate this Privacy Notice. Any undefined terms used herein have the same meaning as defined in the Terms of Use.

You may print a copy of this Privacy Notice by clicking here.

As we continuously improve our Services, we may revise this Privacy Notice from time to time. If material changes are made, we will notify you by posting a notice on the XRAYTRUTH AI website, sending you an email, or through other means. Please note that if you choose not to receive legal notices from us (or fail to provide a valid email address), such legal notices will still govern your use of the Services, and you remain responsible for reviewing and understanding them. By continuing to use the Services after changes are published, you agree to the updated terms.

Table of Contents

• Privacy Notice
• What This Privacy Notice Covers
• Personal Data
• Categories of Personal Data We Collect
• Business or Commercial Purposes for Collecting Personal Data
• Additional Permitted Purposes of Data Processing
• Categories of Sources of Personal Data
• How We Disclose Your Personal Data
• Tracking Tools, Advertising, and Opt-Out Options
• Data Security
• Data Retention
• Children's Personal Data
• State-Specific Privacy Rights
• Rights of Data Subjects under the EU and UK GDPR
• Contact Information

Privacy Notice

This Privacy Notice describes how we handle Personal Data that we collect when you access or use our Services. "Personal Data" refers to any information that identifies, relates to, describes, or could reasonably be linked to an individual, including what is commonly referred to as personally identifiable information (PII), personal information, or sensitive personal information, under applicable privacy laws and regulations.

This Privacy Notice does not apply to the practices of companies that we do not own or control or to individuals that we do not employ or manage.

Personal Data

Categories of Personal Data We Collect

The following table outlines the categories of personal data that we collect and have collected over the past 12 months:

Our Commercial or Business Purposes for Collecting Personal Data

Providing, Customizing, and Improving the Services

• Granting access to the Platform's features and functionality.
• Creating and managing your user account or related user profiles.
• Processing speech, emotion, and behavioral recognition.
• Handling orders and other transactions; generating billing documents.
• Delivering products, services, or information requested by you.
• Integrating with third-party messaging applications.
• Enhancing service quality and developing AI algorithms.
• Fulfilling the purpose for which the information was provided.
• Providing user support and assistance with Services.
• Improving the Services through testing, research, internal analytics, and product development.
• Personalizing the Services, website content, and communications based on your preferences.
• Preventing fraud, ensuring security, and performing debugging activities.

Marketing of Services

• Promoting and selling our Services.
• Displaying advertisements, including interest-based advertising, behavioral targeting, or other personalized ads.

Communicating with You

• Responding to your inquiries, contacting you when necessary or requested, and sending you information about XRAYTRUTH AI or the Services.
• Sending emails and other messages consistent with your communication preferences.

Other Permitted Uses of Personal Data

Each of the above categories of Personal Data may also be collected, used, and disclosed to government entities (including law enforcement) or other third parties, as required to meet certain legal obligations and enforce legal terms. This includes:

• Complying with applicable laws, regulations, court orders, or other legal proceedings (e.g., detecting, preventing, or investigating security incidents and potentially unlawful or prohibited conduct).
• Protecting the rights, property, or safety of you, XRAYTRUTH AI, or any other party.
• Enforcing agreements made with you.
• Responding to claims that any content violates the rights of third parties or resolving disputes.

We will not collect additional categories of Personal Data or use the data we collect for materially different, unrelated, or incompatible purposes without first providing you with notice or obtaining your explicit consent.

Categories of Sources of Personal Data

We collect Personal Data about you from the following categories of sources:

Directly from You

• When you voluntarily provide the information.
• When you create an account or use our interactive tools and Services.
• Through speech, emotion, and behavioral recognition tools.
• When you enter information into free-form text fields or respond to surveys or questionnaires.
• When you email us or contact us via other means.

Automatically When Using the Services

• Through your use of our Services (collected automatically).
• Via integration with messaging platforms.
• Through cookies (as defined in the "Tracking Tools, Advertising, and Opt-Out" section below).
• Via geolocation features enabled in your browser or mobile device.
• If you download or install any applications or software we provide, we may collect information transmitted from your device, such as log-in time, update readiness, or alert preferences.

Public Records

• From government or other publicly available sources.

Third Parties

• Vendors: We may engage analytics providers to help analyze how users interact with the Services or to provide customer support.
• Advertising Partners: We may receive information from partners who deliver marketing or advertising services about your interaction with our website, applications, Services, or messages.
• Third-Party Account Credentials: If you provide login credentials for a third-party account (e.g., a social media account), certain content or information from those accounts may be transmitted to your account with us.

How We Disclose Your Personal Data

We disclose your Personal Data to categories of service providers and other parties described in this section. Under certain EU data protection laws, such disclosures may qualify as a "transfer" of your Personal Data.

Service Providers

These parties help us provide the Services or carry out business functions on our behalf, including:

• Hosting, technology, and communication providers.
• Web traffic or usage analytics providers.
• Security and fraud prevention consultants.
• Customer support and service providers.
• Payment processors.

Payment Processing

We use Stripe as our payment processing partner. Stripe collects any payment card information you voluntarily provide that is necessary to process your transaction. For details on how Stripe uses and stores your data, please refer to Stripe's Terms of Service and Privacy Policy.

Advertising Partners

These parties assist us in promoting our Services and providing you with other offers that may be of interest to you. They include:

• Advertising networks.

Analytics Partners

These parties provide analytics regarding web traffic or usage of the Services. They include:

• Companies that track how users discover or navigate to the Services.
• Companies that track how users interact with the Services.

Legal Obligations

We may disclose any Personal Data we collect to third parties in connection with any of the activities outlined in the section titled "Other Permitted Purposes for Processing Personal Data" above.

Business Transfers

All of your Personal Data that we collect may be transferred to a third party in the event of a merger, acquisition, bankruptcy, or other transaction in which such third party assumes control of our business (in whole or in part).

Non-Personal Data

We may create aggregated, de-identified, or anonymized data from the Personal Data we collect, including by removing information that makes the data personally identifiable to a specific user. We may use and disclose such aggregated, de-identified, or anonymized data to third parties for our legitimate business purposes, including to analyze, develop, and improve the Services and promote our business, provided that we do not disclose such data in a manner that could identify you.

Tracking Tools, Advertising, and Opt-Out Options

The Services use cookies and similar technologies such as pixel tags, web beacons, clear GIFs, JavaScript, and Payton (collectively, "Cookies") to allow our servers to recognize your web browser, determine your country geolocation based on IP address, understand how and when you visit and use the Services, analyze trends, learn about our user base, and operate and improve the Services. Cookies are small data files usually text files placed on your computer, tablet, phone, or similar device when you use that device to access our Services. We may also supplement the information we collect from you with information received from third parties, including third parties who have placed their own cookies on your device(s).

Please note that due to our use of cookies, the Services currently do not support "Do Not Track" requests sent from browsers.

Essential Cookies

Essential cookies are necessary to provide you with features or services you have requested. For example, some cookies allow you to log into secure areas of the Services. Disabling these cookies may make certain features and services unavailable.

Performance and Analytics Cookies

Performance and analytics cookies allow us to understand how visitors use the Services and our tools. They collect information about the number of visitors to the Services, the pages viewed, usage duration, and interaction with features. These cookies also help us measure the effectiveness of our advertising campaigns and improve our campaigns and Service content for users who interact with our ads.

For example, Google LLC ("Google") uses cookies in connection with its Google Analytics services. Google's ability to use and share information collected by Google Analytics about your visits to the Services is governed by the Google Analytics Terms of Service and Google Privacy Policy. . You can opt out of Google's cookies by visiting Google Ads Settings or by installing the Google Analytics Opt-out Browser Add-on.

.

You can decide whether to accept or reject cookies through your browser settings. Most browsers allow you to disable cookies entirely, prevent new cookies from being accepted, or configure cookie settings in various ways. You can also delete existing cookies from your device. However, doing so may require you to reconfigure some settings each time you visit our website, and some Services or features may not function properly.

• https://allaboutcookies.org
• To learn more about cookies and how to manage or delete them, visit: https://ico.org.uk/for-the-public/online/cookies

Session Replay Technology

We may use session replay technology to diagnose customer issues, monitor and analyze how you use the Services, better understand user behavior, and improve our Services. By continuing to use the Services, you consent to our use of session replay technologies.

Data Security

We are committed to protecting your Personal Data from unauthorized access, use, and disclosure by implementing appropriate physical, technical, organizational, and administrative security measures, based on the type of Personal Data and the way it is processed. You must also take responsibility for protecting your data by selecting and safeguarding your password or other login credentials appropriately, limiting access to your devices and browser, and logging out of your account after use. While we strive to protect your information, please note that no method of data transmission or storage is entirely secure.

Data Retention

We retain your Personal Data for as long as necessary to provide you with our Services or to fulfill our commercial and business purposes for which the data was collected. When determining the appropriate retention period for specific data categories, we consider the source of the data, our need for the data, the purpose of collection, and the sensitivity of the data.

In some cases, we may retain Personal Data longer if required by legal obligations, for dispute resolution, or to collect outstanding payments, or as otherwise permitted or required by applicable law or regulation. We may also retain information in an anonymized or aggregated form that does not identify you personally.

For example:

• We retain your profile and account information as long as you maintain an account with us.
• We and our partner Stripe retain your payment information as long as necessary to process your purchase or subscription.
• We retain your IP address and device data as long as necessary to ensure proper, effective, and reliable system performance.
• We retain your biometric/sensory data for as long as necessary to deliver Services to you properly and effectively.

Children's Personal Data

We do not knowingly collect or solicit Personal Data from children under the age of 16. If you are under 16, please do not attempt to register for or otherwise use the Services or send any Personal Data to us. If we learn that we have collected Personal Data from a child under 16, we will delete that information as quickly as possible. If you believe a child under 16 may have provided us with Personal Data, please contact us at: [email protected]

Privacy Rights Under Applicable State and International Laws

Data Subject Rights for Residents of the European Union and the United Kingdom

EU and UK Residents

If you are a resident of the European Union ("EU"), the United Kingdom ("UK"), Liechtenstein, Norway, or Iceland, you may have additional rights under the EU or UK General Data Protection Regulation ("GDPR") with respect to your Personal Data, as described below.

In this section, we use the terms "Personal Data" and "processing" as defined under the GDPR. Generally, "Personal Data" means information that can be used to identify an individual, and "processing" refers to operations that can be performed on such data, including collection, use, storage, and disclosure. XRAYTRUTH AI is the data controller of your Personal Data processed in connection with the Services.

We may transfer Personal Data to:

• Contractors and technical service providers (under data processing agreements pursuant to Art. 28 GDPR).
• Authorized public authorities upon lawful request.
• Within the European Economic Area (EEA). Transfers outside the EEA are permitted only with appropriate safeguards (Art. 46 GDPR).

Data Subject Rights

Under the GDPR, you have the following rights:

• Right of access (Art. 15).
• Right to rectification (Art. 16).
• Right to erasure ("right to be forgotten") (Art. 17).
• Right to restrict processing (Art. 18).
• Right to data portability (Art. 20).
• Right to object to processing (Art. 21).
• Right to withdraw consent at any time (Art. 7(3)).
• Right to lodge a complaint with a supervisory authority (Art. 77).

You may direct inquiries to: [email protected]

California Resident Rights

Under California Civil Code Sections 1798.83–1798.84, California residents have the right to request that we refrain from disclosing Personal Data to third parties for their direct marketing purposes. To make such a request, please contact us at [email protected].

Your browser may offer a "Do Not Track" (DNT) setting that allows you to express your preferences regarding tracking across websites. Our Services currently do not respond to DNT signals. To learn more about DNT, visit www.allaboutdnt.com.

Nevada Resident Rights

Please note that we do not currently sell your Personal Data as defined under Chapter 603A of the Nevada Revised Statutes.

Conflicts with This Privacy Policy

If there is a conflict between this section and any other portion of this Privacy Policy, the provision that offers greater protection to Personal Data shall prevail. If you have questions about this section or whether it applies to you, please contact us at [email protected].

Please note that we may also process Personal Data of end users or employees of our clients in connection with providing certain services to those clients. In such cases, we act as a data processor. If we are acting as a processor of your Personal Data (i.e., not as the controller), you should contact the data controller directly to exercise your rights.

Rights of Data Subjects in the EU, UK, and Switzerland

You have specific rights regarding your Personal Data, including those listed below. In some cases, we may not be able to fully comply with your request—for example, if the request is frivolous, extremely impractical, compromises the rights of others, or is not legally required. In such cases, we will still respond to inform you of our decision. We may also require additional information from you to verify your identity before processing your request.

• Access: You may request more information about the Personal Data we hold about you and request a copy of such data. You may also access certain Personal Data by logging into your account.
• Correction: If you believe any Personal Data we hold is inaccurate or incomplete, you may request that we correct or complete it. You may also update some information directly in your account.
• Deletion: You may request deletion of some or all of your Personal Data from our systems.
• Withdrawal of Consent: If we process your data based on your consent, you may withdraw it at any time. Please note that withdrawing consent may limit your ability to use some features or services.
• Portability: You may request a copy of your Personal Data in a machine-readable format and may also ask us to transfer it to another controller, where technically feasible.
• Objection: You may object to further use or disclosure of your Personal Data for specific purposes, such as direct marketing.
• Restriction: You may ask us to restrict further processing of your Personal Data.
• Right to Lodge a Complaint: You have the right to file a complaint with the data protection authority in your country or EU Member State. A list of supervisory authorities is available here: https://edpb.europa.eu/about-edpb/board/members_en

Transfer of Personal Data

The Services are hosted and operated in the European Union ("EU") by XRAYTRUTH AI and its service providers. If you reside outside the EU, please be aware that the data protection laws in the EU may differ from those in your country of residence. By using the Services, you acknowledge that any Personal Data about you—whether provided by you or obtained from a third party—is being transferred to XRAYTRUTH AI within the EU and will be hosted on servers located in the European Union. You consent to the transfer, storage, and processing of your information in the EU and, where applicable, in other countries.

In certain cases, your Personal Data may be transferred to the United States under a data processing agreement that includes Standard Contractual Clauses (SCCs) or other appropriate safeguards, in accordance with applicable data protection regulations.

Automated Decision-Making and Profiling

The Platform utilizes automated processing, including profiling, to analyze communications, speech patterns, and the emotional tone of messages. However, no legally significant decisions are made solely through automated means without human involvement, unless explicitly agreed otherwise.

Contact Information

If you have any questions or comments regarding this Privacy Policy, the ways in which we collect and use your Personal Data, or your rights and choices regarding such use, please feel free to contact us at:

XRAYTRUTH.AI
Attn: Legal Department
3is Septemvriou 144 – Republic of Greece, PO BOX 112 51 Athens
[email protected]