PRIVACY POLICY

This Privacy Policy (“Policy”) describes how INSIDX For Data Exchange LLC, a limited liability company incorporated under the laws of the Arab Republic of Egypt, Commercial Registration No. 268443 (“INSIDX”, “IDX”, “Company”, “we”, “us”, or “our”), handles information in connection with the use of its websites, platforms, infrastructure, hosting, cloud, and related services (collectively, the “Services”).

This Policy is provided for transparency purposes only and forms an integral part of, and is incorporated by reference into, the INSIDX Master Services Agreement (MSA), Terms of Service (TOS), and where applicable, the Data Processing Agreement (DPA).
In the event of any inconsistency, the MSA shall prevail.

1. SCOPE AND APPLICATION

1.1 This Policy applies to visitors, customers, clients, and authorized users accessing or using the Services.

1.2 INSIDX provides Services globally and may process information across multiple jurisdictions through its own operations and authorized third‑party providers.

1.3 This Policy applies solely to information processed by INSIDX in connection with the Services and does not apply to third‑party websites, applications, platforms, or services, even if linked or integrated.

2. ROLES AND DATA RESPONSIBILITY MODEL

2.1 Customer as Data Controller

Unless expressly agreed otherwise in writing, the Customer acts as the Data Controller and is solely responsible for determining the purposes and means of processing any Client Data.

2.2 INSIDX as Data Processor

INSIDX acts exclusively as a Data Processor or service provider, processing Client Data strictly on behalf of and under the instructions of the Customer.

2.3 No Ownership or Control

INSIDX does not own, control, monitor, validate, or determine the content, legality, accuracy, or purpose of Client Data.

3. INFORMATION PROCESSED

3.1 Information Provided by Customers

INSIDX may process information voluntarily provided by Customers, including:

• Name, company name, and contact details

• Account credentials

• Billing and payment-related information

• Communications, tickets, and support requests

3.2 Automatically Processed Technical Data

INSIDX may process limited technical and non‑personal data necessary for Service operation, including:

• IP addresses

• Device and browser information

• Operating system details

• System logs, timestamps, and usage metadata

3.3 Client Data

“Client Data” means any data uploaded, stored, transmitted, or processed by the Customer through the Services.
INSIDX does not access or process Client Data except as technically required to provide the Services.

4. PURPOSES OF PROCESSING

INSIDX processes information solely for legitimate and lawful business purposes, including:

• Providing, operating, and maintaining the Services

• Account administration, authentication, and billing

• Technical support and service optimization

• Security monitoring, abuse prevention, and fraud detection

• Compliance with Applicable Law and contractual obligations

INSIDX does not sell personal data and does not engage in advertising resale or behavioral profiling.

5. LEGAL BASIS FOR PROCESSING

INSIDX processes personal data based on one or more of the following legal grounds, as applicable:

• Performance of a contract

• Legitimate business interests

• Compliance with legal obligations

• Explicit consent, where required by Applicable Law

INSIDX does not process personal data as an independent data controller unless expressly agreed in writing.

6. COOKIES AND SIMILAR TECHNOLOGIES

6.1 INSIDX may use cookies or similar technologies strictly for functionality, analytics, and security.

6.2 Customers may control cookies via browser settings. Disabling cookies may impact Service functionality.

7. DATA SHARING AND DISCLOSURE

7.1 INSIDX may disclose information to:

• Authorized datacenter operators and infrastructure providers

• Payment processors and financial institutions

• Professional advisors (legal, accounting, compliance)

• Governmental or regulatory authorities where legally required

7.2 INSIDX does not disclose personal data for commercial resale or marketing purposes.

8. INTERNATIONAL DATA TRANSFERS

8.1 Information may be processed or stored in jurisdictions outside the Customer’s country of residence, including outside the Arab Republic of Egypt.

8.2 INSIDX relies on appropriate safeguards, including contractual protections, to support lawful international data transfers and does not assume liability for third‑party actions beyond its reasonable control.

9. DATA RETENTION

INSIDX retains information only for as long as necessary to:

• Provide the Services

• Comply with Applicable Law

• Enforce contractual rights

• Resolve disputes

Retention periods may vary based on data type and legal requirements.

10. DATA SECURITY

10.1 INSIDX implements commercially reasonable technical and organizational measures appropriate to the scope and nature of the Services.

10.2 INSIDX does not guarantee uninterrupted service, error‑free operation, or absolute security.

10.3 INSIDX shall not be liable for security incidents resulting from Customer actions, misconfigurations, insecure applications, or third‑party failures beyond its reasonable control.

11. DATA SUBJECT RIGHTS

Where required by Applicable Law, data subjects may have rights to:

• Access personal data

• Request correction or update

• Request deletion or restriction

• Object to processing

• Request data portability

Requests may be submitted to legal@insidx.com.
INSIDX may require verification and may lawfully refuse requests where permitted.

12. THIRD‑PARTY SERVICES

INSIDX is not responsible for the privacy, security, or data practices of third‑party services, software, or platforms used by the Customer.

13. CHILDREN’S PRIVACY

The Services are not intended for individuals under eighteen (18) years of age. INSIDX does not knowingly process personal data relating to children.

14. POLICY MODIFICATIONS

INSIDX may modify this Policy at any time. Updates become effective upon publication. Continued use of the Services constitutes acceptance of the updated Policy.
INSIDX assumes no liability for impacts resulting from Policy changes.

15. CONTACT INFORMATION

INSIDX For Data Exchange LLC
Email: legal@insidx.com
Website: www.insidx.com