Privacy Policy of the ideaXPOSE platform

This Privacy Policy (hereinafter: "Policy") sets out the rules for the processing and protection of personal data of Users using the online platform available at http://www.ideaxpose.com/ (hereinafter: 'Platform') and the rules for the use of cookies.

The administrator of personal data is ideaXPOSE, contact: contact@ideaxpose.com (hereinafter: 'Administrator').

Users' personal data is processed in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation, hereinafter: "GDPR") and the Act of May 10, 2018 on the protection of personal data (i.e. Journal of Laws of 2019, item 1781).

The Administrator attaches particular importance to the protection of Users' privacy and applies the principle of "privacy by design", selecting appropriate technical and organizational measures to ensure the proper protection of personal data being processed.

The Administrator can be contacted in matters related to the protection of personal data via the following e-mail address: contact@ideaxpose.com

The Administrator processes Users' personal data to the extent necessary to provide services within the Platform, in particular:

• Data provided during registration: first name, last name, email address, login, password (in encrypted form);
• Data provided when completing the profile: profile photo, information about education, professional experience, skills, interests;
• Data related to user projects entered during interaction with the AI agent;
• Data necessary to carry out financial transactions: payment card details, bank account numbers;
• Data generated during use of the Platform: IP address, device and browser data, cookies, information about activity on the Platform.

The Administrator may also, with the User's consent, process other personal data that the User voluntarily provides when using the Platform.

The Administrator processes Users' personal data for the following purposes and on the following legal bases:

• Conclusion and performance of a contract for the provision of electronic services - legal basis: Article 6(1)(b) of the GDPR (necessary for the performance of the contract);
• Maintaining the User's account, including ensuring the functionality of the Platform, such as interactions with the AI agent and generating a "starter pack" - legal basis: Article 6(1)(b) of the GDPR (necessary for the performance of the contract);
• Execution of payment and settlement processes - legal basis: Article 6(1)(b) of the GDPR (necessary for the performance of a contract) and Article 6(1)(c) of the GDPR (compliance with a legal obligation);
• Handling complaints, requests and claims - legal basis: Article 6(1)(b) of the GDPR (necessary for the performance of a contract) and Article 6(1)(c) of the GDPR (compliance with a legal obligation);
• Marketing of own products and services - legal basis: Article 6(1)(f) of the GDPR (legitimate interest of the controller);
• Analysis and statistics of Platform use - legal basis: Article 6(1)(f) of the GDPR (legitimate interest of the controller);
• Ensuring security and protection against abuse - legal basis: Article 6(1)(f) of the GDPR (legitimate interest of the controller);
• Establishing, pursuing or defending claims - legal basis: Article 6(1)(f) of the GDPR (legitimate interest of the controller).

Users' personal data will be stored by the Administrator for the following periods:

• Data related to the performance of the service contract - for the duration of the contract, and after its termination for the period necessary to secure or pursue claims (limitation period for claims) and for the period required by law, in particular tax and accounting regulations;
• Data processed on the basis of consent - until consent is withdrawn;
• Data processed on the basis of the legitimate interest of the Administrator - until an effective objection is raised or this interest ceases to exist.

After the storage period has expired, personal data will be irretrievably deleted or anonymized.

Users' personal data may be transferred to the following categories of recipients:

• Entities processing data on behalf of the Controller on the basis of a personal data processing agreement (e.g. hosting service providers, IT system providers, technical support companies);
• Payment operators, to the extent necessary to complete financial transactions;
• Entities providing analytical and statistical services;
• Entities providing marketing services (e.g. providers of email marketing tools);
• Competent state authorities, to the extent required by applicable law.

The Administrator may transfer personal data to third countries (i.e. outside the European Economic Area) or international organizations. In such a case, the Administrator shall provide appropriate safeguards and the User shall have the right to obtain a copy of these safeguards.

The User has the following rights in relation to the processing of personal data:

• The right to access personal data and receive a copy thereof;
• The right to rectify (correct) personal data;
• Right to delete personal data, if the data is not processed to fulfill a legal obligation or in the exercise of public authority;
• Right to restrict the processing of personal data;
• Right to transfer personal data;
• Right to object to the processing of personal data where the legal basis for the processing is the legitimate interest of the Controller;
• Right to withdraw consent to the processing of personal data, where the data is processed on the basis of consent; withdrawal of consent does not affect the lawfulness of the processing carried out on the basis of consent before its withdrawal;
• The right to lodge a complaint with the supervisory authority - the President of the Personal Data Protection Office (ul. Stawki 2, 00-193 Warsaw).

To exercise the above rights, the User should contact the Administrator via the following e-mail address: contact@ideaxpose.com

The Platform uses cookies and other similar technologies to adapt the Platform to the needs of Users and for statistical and advertising purposes.

Cookies are small text files sent by a web server and stored on the User's end device (e.g. on the hard drive of a computer, laptop or smartphone memory card).

The following types of cookies may be used on the Platform:

• Necessary cookies - files necessary for the proper functioning of the Platform, enabling the use of services available on the Platform;
• Functional cookies - files enabling the storage of settings selected by the User and personalization of the User interface, e.g. in terms of the selected language or region from which the User originates, font size, website appearance, etc.;
• Analytical cookies - files enabling the collection of information on how the Platform is used;
• Advertising cookies - files enabling the delivery of advertising content to Users that is more tailored to their interests.

The User may change their cookie settings at any time using their web browser settings. Detailed information about the possibilities and methods of handling cookies is available in the web browser settings.

Restricting the use of cookies may affect some of the functionalities available on the Platform's websites.

The administrator uses appropriate technical and organizational measures to ensure the security of personal data, in particular to prevent unauthorized access or processing in violation of the law, and to prevent data loss, damage or destruction.

The administrator shall apply, among others, the following security measures:

• Data encryption;
• Internal security procedures;
• Access control mechanisms;
• Regular backups;
• Regular testing and evaluation of the effectiveness of security measures.

The administrator shall exercise due diligence to ensure that entities processing data on its behalf provide adequate security measures for personal data.

The Administrator reserves the right to change this Privacy Policy in the event of changes in the law, changes in the functionality of the platform or technological developments.

Changes to the Privacy Policy will be published on the Platform's website.

The Administrator will inform Users about significant changes to the Privacy Policy via email or a message displayed on the Platform website.

In matters related to the processing of personal data, you can contact the Administrator:

Email address: contact@ideaxpose.com

The current version of the Privacy Policy is effective from: May 12, 2025.