Privacy Policy

XimTier collects the following information to provide its services. - Demo requests: name, email, company, role, industry, data description, optional file, preferred time - Contact inquiries: name, email, company, industry, message - IR downloads: name, email, company, role - Auto-collected: access logs (IP, browser, page views — cookieless analytics)

- Responding to demo requests and inquiries; scheduling - Sending IR deck download links - Anonymous statistical analysis for service improvement - Legal compliance (e-commerce law, information & communications network act)

- Demo / inquiry: 1 year after meeting or until user requests deletion - IR download token: 24 hours after issuance (v1.5) - Access logs: 90 days (Plausible anonymous stats retained longer)

XimTier does not share personal information with third parties, except: - Required by law or investigation - Service operation processing (Postmark/SendGrid for email — announced after domain confirmation)

You may exercise the following rights at any time. - Access, correct, or delete your personal information - Withdraw consent and stop processing - GDPR additional rights (EU residents): data portability, object to automated decisions Contact: contact@ximtier.io

XimTier uses only the following cookies: - Essential: Devise session cookie (login) - Analytics: Plausible (cookieless — activated after domain confirmation, no personal identification) No tracking or advertising cookies.

- In transit: TLS 1.2/1.3 (when HTTPS active) - At rest: PII encryption review (v2) - Access control: Admin role separation, Rack::Attack rate limit

- Privacy Officer: Kang Seung-sik (CTO) - Contact: contact@ximtier.io - Dispute resolution: Korea PIPC (privacy.go.kr) / EU local DPA