Introduction

X5 Core, LLC (“X5 Core,” “we,” or “us”) is committed to protecting your privacy. This Privacy Policy explains what personal information we collect, how we use and share it, and your rights with respect to that information. It applies to information collected through our website, through web forms or landing pages we operate, in the course of providing our digital marketing and CRM services, and via communications (SMS, email, push notifications, social media messaging) with you. By using our website or services, or by providing your information to us, you agree to the collection and use of your information in accordance with this Privacy Policy.

We comply with applicable U.S. state and federal privacy laws (including the California Consumer Privacy Act “CCPA”, as amended by the CPRA) and international privacy regulations such as the EU General Data Protection Regulation (“GDPR”). If any provision of this Policy conflicts with a legal requirement applicable to us, such as GDPR or state law, we will follow the law.

Effective Date: This Privacy Policy is effective as of the “Last Updated” date posted at the bottom. We may update this Policy from time to time to reflect changes in our practices or relevant laws. If we make material changes, we will notify users (e.g., by posting a notice on our site or via email). Your continued use of our services after an update indicates your acceptance of the revised Policy.

Information We Collect

We collect personal information that you provide to us directly, information automatically collected through your interactions with our site/services, and information from third parties as needed to deliver our services. The types of information we may collect include:

·      Contact Information: Such as your name, business name, email address, telephone number, mailing address, or social media handle. For example, you may provide this information by filling out a contact form, subscribing to a newsletter, signing up for a CRM sub-account, or communicating with us.

·      Account Credentials: If you register for an account on our platform or a GHL sub-account, we may collect a username, password, or other login details.

·      Business Information: If you are our client (or prospective client), we might collect information about your business, such as your industry, company website, marketing goals, and other details you choose to share for project purposes.

·      Content and Submissions: Any content you submit through forms or tools we provide (for example, text of inquiries, feedback, survey responses, or support requests). If we manage social media or advertising for you, we may also collect content or data you provide for those campaigns.

·      Lead and Customer Data: In the course of providing marketing services, you might import or input personal data of your own customers or leads into our systems (for instance, uploading a contact list into the CRM). We handle such data as described in this Policy (see “Your Data in Our CRM” below).

·      Device and Usage Information: When you interact with our website or platform, we automatically collect technical data about your device and usage. This may include your IP address, browser type and version, device identifiers, operating system, referral URLs, pages viewed, links clicked, and the dates/times of access. We also collect information about how you use our site (e.g., time spent on pages, scroll depth) and how you interact with our emails or notifications. This data helps us analyze and improve our site’s performance.

·      Cookies and Similar Technologies: We use cookies, pixels, and similar tracking technologies to enhance your experience and gather usage data. Cookies may collect information such as your browsing preferences, session information, and referral source. For details on our use of cookies and how to manage them, see our Cookie Policy (which is incorporated here by reference).

·      Location Information: We do not specifically track your precise geolocation. However, your IP address may provide a general location (e.g., city or region). We may infer your location to customize content (such as language or regional offerings) and for fraud prevention.

·      Communication Records: We keep records of our communications with you. If you call us, email us, chat with us, or message us via SMS or other channels, we may log the communication and any contact information or content provided. For SMS communications specifically, we log when you opt in or out and any messages sent/received for compliance and support purposes.

·      Third-Party Data: We may receive information about you from third-party sources. For example, if you interact with us on social media, we may receive your public profile information; or if you register or login via a third-party platform (like Google or Facebook), we may receive certain profile information from them with your consent. Also, if we run a referral program or co-marketing arrangement, another person may provide your contact information to us (we will process such referrals in accordance with this Policy and applicable law).

We do not intentionally collect sensitive personal information (such as Social Security numbers, government ID numbers, financial account info, or health data) as part of our standard services. Please refrain from submitting such sensitive data through our forms or systems unless it is necessary for a specific service and we have agreed to it. We also do not knowingly collect personal information from children under 13. Our website and services are intended for business use by adults. If you believe a child under 13 has provided personal data to us, please contact us so we can promptly delete it.

How We Use Personal Information

We use the personal information we collect for the following business and commercial purposes:

·      Providing and Improving Services: We use data to operate our website and deliver our marketing and CRM services. For example, we process contact information and inquiries to respond to your requests or provide quotes; we use client data and lead lists within the CRM platform to run campaigns as instructed; and we use usage data to troubleshoot and enhance our website and user interfaces.

·      Account Creation and Management: If you register for an account or are provisioned a CRM sub-account on our GoHighLevel platform, we use your information to create and manage your user account, authenticate you at login, and provide you with appropriate access to tools and data.

·      Communication: We use contact details (email, phone number, mailing address) to communicate with you. This includes sending service-related communications (e.g. appointment or meeting reminders, billing invoices, support and administrative messages, notifications of platform changes) and marketing communications (e.g. newsletters, promotions, or new service announcements) if you have opted to receive them. We also use SMS text messaging, push notifications, or social media messaging to reach you if you have given consent. For instance, if you fill out a web form requesting information and provide your phone number, we may follow up via phone call or text. You can opt out of marketing emails or texts as described below in the “Your Choices” section.

·      Service Delivery and Customer Support: We process personal data as necessary to perform our contracts with clients and to run campaigns. For example, if you are a client for whom we manage email marketing, we might use the information of email subscribers (which you have provided or collected lawfully) to send newsletters on your behalf. If you contact our support, we will use your information to respond and resolve issues.

·      Customization and User Experience: We may use cookies and usage data to remember your preferences and personalize your experience on our site. For instance, we might store your language preference or keep you logged in (via a session cookie). We also use analytics to understand user behavior on our site and improve navigation and content.

·      Marketing and Advertising: We may use certain data (like cookies and email engagement info) to market our services. This can include: sending promotional emails, showing you ads on third-party platforms (e.g. Google, Facebook) through retargeting, or recommending content that aligns with your interests. Any such marketing will be done in accordance with applicable law (for example, we will obtain consent for cookies or direct marketing where required). Note: We do not sell your personal data to third-party companies for their independent marketing[20][21]. Any advertising cookies or tools we use are for our own business promotion or site analytics only.

·      Compliance and Legal Obligations: We may use or disclose personal information as necessary to comply with our legal obligations, resolve disputes, enforce our agreements, or protect our legal rights or the rights of our users or partners. For example, we may retain certain transaction records for accounting/tax purposes, or disclose information in response to valid legal process (such as a court order or subpoena).

·      Security and Fraud Prevention: We use data to maintain the security of our services and users. This can include verifying identity, detecting and preventing fraud or unauthorized access, debugging and repairing errors, and monitoring for suspicious activity. For example, IP addresses and log-in attempt information may be used to identify potential malicious activity on accounts.

·      Aggregate and De-Identified Insights: We may aggregate or de-identify personal information so that it no longer can reasonably identify any individual, and use that information for purposes such as statistical analysis, improvement of our services, and research. For instance, we might analyze aggregated website traffic sources or conversion rates to measure the effectiveness of a marketing campaign.

We will not use the personal information we collected for materially different, unrelated, or incompatible purposes without updating this Privacy Policy or obtaining your consent where required by law.

How We Share or Disclose Information

X5 Core does not sell your personal information to third parties for their own marketing or other purposes[21]. We also do not share your mobile phone number or any “text message originator opt-in data and consent” with third parties or affiliates for marketing/promotional purposes[21]. In other words, if you opt in to receive SMS messages from us, we will use that data only to send you our communications via our service providers, and we will not provide it to external parties for their independent use.

However, in the normal course of operating our business and providing services, we do share personal information with certain categories of recipients, as described below, only for legitimate purposes (such as to perform services you’ve requested or as required by law):

·      Service Providers (Processors): We share personal information with trusted third-party service providers who perform functions on our behalf and under our instructions. These include: cloud hosting providers, CRM platform providers (e.g., we use the GoHighLevel SaaS platform to deliver our CRM services, which means data you enter into the CRM is stored on GHL’s servers on our behalf), email service providers and SMS gateway providers (to send communications to you), analytics and advertising partners (to help us analyze usage or serve our ads), payment processors (to handle billing transactions), customer support software, and other IT or business service vendors. These service providers are given access to the minimum necessary information to perform their functions and are contractually obligated to protect your data, use it only for our purposes, and maintain confidentiality. For example, if we use an SMS delivery service, your phone number and message content will be shared with that provider to send you the text; or if we use a website analytics tool like Google Analytics, it will collect usage data through our site.

·      Business Partners and Affiliates: We may share information with business partners or affiliates in situations where you have requested a service or product that involves a third-party integration, or where we collaborate with a partner to fulfill your request. For instance, if we refer you to a third-party specialist or include a third-party product as part of a marketing bundle, we will share only the data necessary for that third party to provide their part of the service (with your consent). Our parent and subsidiary companies (if any) may also receive information, but any such sharing will honor the commitments in this Privacy Policy. (As of the date of this Policy, X5 Core does not have corporate affiliates that use personal data in any way different from what is described here.)

·      Clients (for Lead Data you provide): If you are an individual whose information was entered into our system by one of our client businesses (for example, you filled out a form on a client’s website which is connected to our CRM, or your contact info is part of a marketing list that a client provided to us), that client is the owner of that data. We may share back with that client any analytics or results related to their campaign involving your data. For example, if you, as a lead, clicked on an email or responded to a text, our client may see that interaction via reports we provide. We act as a service provider in those cases, and the client’s privacy policy, in combination with ours, will govern how your data is used. If you contact us regarding such data, we might direct you to talk to that client (the data controller) as required by law.

·      Legal and Compliance: We may disclose personal information to third parties (such as courts, law enforcement, regulators, or attorneys) if required to do so by law or if we have a good-faith belief that such action is necessary to: (i) comply with a legal obligation or respond to valid legal process (e.g., a subpoena, warrant, or court order); (ii) protect and defend our rights or property, or the rights, property or safety of our users, clients, or others; (iii) investigate fraud, security breaches, or other potentially illegal activity; or (iv) enforce our contracts and policies. We will limit such disclosures to what is reasonably necessary in the circumstances.

·      Business Transfers: In the event that X5 Core is involved in a merger, acquisition, financing due diligence, reorganization, bankruptcy, receivership, sale of assets, or transition of service to another provider, your information may be transferred as part of that transaction. We would seek to ensure the acquiring or successor entity honors the commitments in this Privacy Policy with respect to your personal information (unless, for instance, you are notified otherwise and given an opportunity to opt-out of changes).

·      With Your Consent: In cases where you have provided consent for a specific additional sharing of information, we may share according to your direction. For example, if you ask us to introduce you to one of our partners, or if you explicitly agree that we may share a testimonial including your name, we will do so with your consent.

Importantly, aside from the situations described above, we do not share personal information with third parties for their own marketing purposes, and specifically no mobile opt-in data or personal information is shared with third parties or affiliates for marketing/promotional use[21]. If our Privacy Policy mentions any sharing of personal information with third parties for business purposes (like service providers), be assured that “all the above categories exclude text messaging originator opt-in data and consent; this information will not be shared with any third parties, except for aggregators and providers of the text message services.”[22] In plain language, that means any data related to your consent to receive SMS (your phone number and opt-in status) is kept strictly within the services needed to send you texts (such as our SMS delivery provider) and is not included in any other sharing.

Cookies and Tracking Technologies

Our use of cookies and similar technologies is described in detail in our Cookie Policy, which covers the types of cookies we use (e.g., essential cookies for site functionality, analytics cookies for site usage analysis, and advertising cookies for retargeting), the purposes of those cookies, and how you can manage your preferences[23]. We summarize key points here:

·      We use cookies to remember user preferences and enhance your experience. For example, cookies may keep you logged into your account or remember your language/region selection. These are typically “necessary” or “functional” cookies required for the site to work properly and do not store personal data beyond what’s needed for functionality.

·      We use analytics cookies (such as Google Analytics cookies) to collect information about how visitors use our site, which pages are popular, and other website metrics[24]. This helps us improve our content and services. The data collected is usually aggregated and does not directly identify individuals. Google Analytics, for instance, uses cookies to distinguish users and sessions, track page views and traffic sources, and it may set persistent cookies like “_ga” that last up to 2 years[25][26]. We honor any required consent for these analytics cookies in jurisdictions (like the EU) where consent is needed.

·      We may use advertising or retargeting cookies (for example, from Google Ads or Facebook Pixel) to help deliver personalized ads to you on other platforms. These cookies collect information about your browsing behavior on our site (such as pages visited or links clicked) and can help us show you relevant promotions on other websites you visit. These are considered non-essential cookies and require your opt-in consent where applicable[27]. You can opt out of targeted advertising as described below in “Your Choices.”

·      Our site may also include third-party cookies from content or plugins embedded in our pages. For example, if we embed a YouTube video, YouTube may set its own cookies on your browser; or our social media “share” buttons might set cookies. These third parties have their own cookie and privacy policies.

·      In addition to cookies, we may use pixel tags (web beacons) in emails or on our site. These are tiny graphics that can recognize when an email is opened or a certain page is viewed, which helps us measure the effectiveness of our communications and gather aggregate usage analytics.

·      We may also use session storage and local storage (browser-based storage) for certain interactive features of our site or to store your preferences.

Cookie Consent & Management: When you first visit our website (and periodically thereafter as required), you may see a cookie banner or pop-up that asks for your consent to place non-essential cookies on your device. You have the right to accept or reject non-essential cookies. Essential cookies (which are necessary for the site to function) will be set regardless, as they do not require consent. For other cookies, you can manage your preferences via the cookie consent tool (if available) or by adjusting your browser settings[23]. Most web browsers allow you to control cookies through their settings (for example, you can usually choose to block third-party cookies or all cookies, and you can delete cookies at any time). Please note that disabling certain cookies may affect the functionality of our site – for instance, blocking all cookies might prevent you from logging in or using some features[28][29].

For more information on how to manage cookies in various browsers: you can visit the help pages of Chrome, Firefox, Safari, and Internet Explorer, etc., which provide instructions on controlling cookie storage[30]. Our Cookie Policy provides relevant links and guidance.

We do not currently respond to “Do Not Track” (DNT) signals from web browsers, because there is no consensus on the standard for how to interpret such signals. If a uniform standard is established in the future, we will update our practices accordingly.

Your Choices and Rights

We respect that you have rights and choices regarding your personal information. This section describes how you can control certain uses of your information and exercise your privacy rights:

1. Opting Out of Marketing Communications: If at any time you want to stop receiving promotional emails from us, you can click the “unsubscribe” link in the footer of any marketing email we send. You can also contact us at [email protected] to request removal. For SMS marketing messages, you can opt out by replying “STOP” to any message (which we will confirm via a one-time reply[31]), or by contacting us as provided in our SMS Terms. Once you opt out, we will not send you further marketing texts or emails, though it may take a short time to process (and does not affect communications you’ve consented to from our clients, or transactional/service messages as noted above).

2. Access, Correction, Deletion: Depending on your jurisdiction, you may have the right to request access to the personal information we hold about you and to receive it in a portable format, to request correction of any inaccuracies, and to request deletion of your personal information. For example, California residents have the right to request that we disclose what personal information we collect, use, and disclose about them (the “Right to Know”) and to request deletion of their personal information (with certain exceptions)[32][33]. Similarly, under GDPR, individuals in the EEA/UK have the right to access their data, rectify errors, or request erasure (“right to be forgotten”), subject to certain limitations.

If you would like to exercise any of these rights, please contact us at [email protected] with the specifics of your request. We will respond as required by applicable law (generally within 30-45 days for CCPA requests, for example). We may need to verify your identity (for instance, by confirming information we have on file or asking for additional proof) before fulfilling certain requests. Please note that some requests can be refused by us if an exemption applies – for instance, if retaining certain data is necessary to complete a transaction you requested, to detect security incidents, for legal compliance, or if the data is not tied to your identity in our systems. If we deny a request, we will explain the reason to the extent required.

3. California “Do Not Sell/Share” Opt-Out: We already state that we do not sell personal information, as “sell” is traditionally understood[34], and under the broad CCPA definition we also do not “share” personal information for cross-context behavioral advertising[35]. Thus, we do not provide a “Do Not Sell or Share My Personal Information” link because it is not applicable – we do not exchange your data for money or for other valuable consideration for third parties’ marketing. If this ever changes, we will update our policies and provide appropriate opt-outs. If you have any concerns or want to double-check, you can contact us to confirm that we have not sold your data. (Note: In the last 12 months, X5 Core has not sold or shared personal information of customers or end-users for third-party marketing)[33].

4. Cookies and Advertising Choices: As discussed in the Cookie Policy, you can opt out of analytics and advertising cookies by not giving consent or adjusting settings. Additionally, many advertising networks participate in industry opt-out programs. You can visit the Digital Advertising Alliance’s opt-out page or the Network Advertising Initiative’s opt-out page to opt out of targeted advertising by participating companies. For mobile devices, you can usually limit ad tracking via your device settings (“Limit Ad Tracking” on iOS or “Opt out of Ads Personalization” on Android). Keep in mind, opting out of targeted ads does not mean you will see no ads at all; it means the ads you see will likely be less tailored to your interests.

5. European/International Rights: If you are in the European Economic Area (EEA), United Kingdom, or other region with similar laws, you may have some additional rights under GDPR or local law, including: the right to object to or restrict processing of your information, the right to data portability (if processing is based on consent or contract and carried out by automated means), and the right to withdraw consent at any time for any processing based on consent. You also have the right not to be subject to a decision based solely on automated processing (which we typically do not do in a way that produces legal effects). To exercise any of these rights, contact us as detailed below. You also have the right to lodge a complaint with a supervisory authority (for example, a Data Protection Authority in the EU or the UK’s Information Commissioner’s Office) if you believe your rights have been violated. We encourage you to contact us first, so we have the opportunity to address your concerns directly.

6. Managing GHL CRM Data: If you have access to a CRM sub-account we provide (for example, as our client or one of our client’s team members), you can directly access, update, or delete certain profile or contact data within that platform. For any data in the CRM that is about your customers or leads (that you imported), you as the client are responsible for handling those individuals’ requests under privacy laws. We will assist you as needed and as required by our role as a processor.

7. Declining to Provide Information: You have the option not to provide certain personal information to us. However, please note that if you choose not to provide information that is necessary to deliver a service or feature (for example, your email for account creation, or your phone number for SMS updates you desire), we may not be able to fulfill that service for you.

We will not discriminate against you for exercising any of these privacy rights. For example, if you are a California consumer and you exercise your CCPA rights, we will not deny you goods or services, charge you a different price, or provide a different level of quality because of your choices, except to the extent permitted (e.g., if a particular feature is tied to data use, we may not be able to provide that feature without the data).

Data Security and Retention

Security: X5 Core takes reasonable and appropriate measures to protect personal information from loss, misuse, unauthorized access, disclosure, alteration, or destruction. We implement industry-standard security practices including encryption of data in transit (e.g., HTTPS on our website) and encryption of sensitive data at rest where applicable, firewalls and access controls to our servers, regular software updates and security patches, and restricted access to personal data by our employees/contractors on a need-to-know basis. We also utilize secure data centers and cloud services with robust physical security and redundant systems. However, please be aware that no method of transmission over the Internet or method of electronic storage is 100% secure. While we strive to protect your personal information, we cannot guarantee absolute security. You share and transmit data to us at your own risk. In the event of a data breach that affects your personal information, we will notify you and the relevant authorities as required by law.

We also encourage you to take steps to protect yourself, such as using strong, unique passwords for your accounts, not sharing your account credentials, and being cautious about phishing attempts. Remember that X5 Core will never ask you for your password via email, and any suspicious communications should be reported to us.

Retention: We retain personal information for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law. The exact duration depends on the type of information and the context in which it was collected. For example:

·      Contact information provided for marketing communications will be kept until you unsubscribe or request deletion (or become inactive for a long period, at which point we may remove you from our list).

·      Account information for our clients is kept for the duration of the customer relationship. After termination, we may retain certain data for a period of time in backups or archives, or as needed for legal/financial reasons.

·      Content and project data will be kept at least through the project duration, and thereafter based on client instructions or our internal archiving policy. We may keep a portfolio of work or anonymized results unless instructed otherwise.

·      CRM data that you (as a client) input about your customers is retained until you remove it or instruct us to remove it, or as otherwise required by our contract. We periodically may purge old lead data in accordance with agreements or space considerations, but generally we do not delete your business data unless asked, even if a particular lead has been inactive.

·      Website logs and analytics records are generally retained for a shorter period (often 12-24 months) unless needed longer for security analysis.

·      If you apply for a job with us, personal data in an application may be retained for the duration of recruitment and for a period after (unless you ask us to delete it sooner).

In all cases, when we have no ongoing legitimate business need to process your personal information, we will either delete it or anonymize it. If deletion (or anonymization) is not immediately feasible (for example, because the data is stored in backup archives), we will securely store the information and isolate it from any further use until deletion is possible.

International Data Transfers

X5 Core is based in the United States, and the majority of our data processing occurs in the U.S. If you are accessing our site or services from outside the United States, please be aware that your personal information may be transferred to, stored, and processed in the United States or other jurisdictions where our service providers are located. Data protection laws in these countries may not be as comprehensive or equivalent to those in your country of residence.

However, we take steps to ensure that adequate safeguards are in place for cross-border data transfers as required by applicable law. For example, for personal data received from the European Economic Area or UK, we rely on legal transfer mechanisms such as the European Commission’s Standard Contractual Clauses (SCCs) or other acceptable solutions to ensure personal data is protected when transferred internationally. By using our services or providing us with your information, you acknowledge this transfer, processing, and storage of your personal information in the United States and other jurisdictions. We will protect it as described in this Privacy Policy.

If you have questions about our international data practices or require more information about the safeguards in place, you can contact us (see Contact Information below).

Your Data in Our CRM Platform (GoHighLevel)

A core part of X5 Core’s offerings is setting up and managing CRM sub-accounts for our clients through the GoHighLevel (“GHL”) platform. When you use our CRM services, whether as a client with your own login or as an end-customer interacting with that system (e.g., filling out a form or receiving communications via the CRM), your data is handled as follows:

·      Data Storage and Processing: The personal information (like contact details, notes, conversation history) entered into the CRM is stored on GHL’s cloud servers. GHL acts as a service provider to us, meaning they process that data under our instructions and in accordance with their data protection commitments. We have a Data Processing Agreement in place with GHL to safeguard personal data.

·      Access: If you are an authorized user of a sub-account (our client or their team member), you can access the personal data in that account relevant to your business needs (for example, your customer list, pipeline, etc.). X5 Core administrators also have access to all sub-account data in order to support and manage the service. We treat all such data as confidential business information. We do not access client CRM data except as necessary to provide services (troubleshooting, campaign execution, etc.) or as instructed by the client.

·      Use of CRM Data: We only use the personal data within your CRM sub-account to deliver the services you have requested. For example, if you ask us to run an email campaign to your leads, we’ll use the email addresses and names in your account to send those emails. We may also use aggregated data across accounts for internal analytics to improve the CRM service, but we do not extract personal details for any other purpose.

·      Disclosure: We do not independently share or disclose the personal data contained in your CRM to anyone except as needed to provide the service (e.g., through integrated services like an SMS gateway as described earlier) or if required by law. It remains under your control as the client. If one of your customers (whose information is in the CRM) contacts us directly about their data, we will usually refer them to you unless we are legally obligated to respond directly.

·      Retention and Deletion: The data in your CRM sub-account is retained as long as you maintain the account. You can typically delete individual contacts or records via the interface. If you terminate your relationship with X5 Core, we will provide options for you to export your data, and after a grace period we will delete or anonymize the CRM data in our possession. There may be some latency in backups, but we will not retain the data longer than needed.

For more details on the CRM platform’s own privacy and security measures, you may review GoHighLevel’s terms and privacy documentation. Rest assured, X5 Core’s privacy commitments to you extend to data handled in the CRM environment, and we abide by all relevant laws (including ensuring explicit consent is obtained for any messages sent through the CRM as required by TCPA, GDPR, etc.). Our Acceptable Use Policy also outlines proper usage of the CRM to prevent abuse or unlawful processing of personal data.

CTIA, TCPA, and Messaging Compliance

Because we interact with personal data through SMS and other messaging on your behalf, compliance with communication laws and carrier requirements is critical. We want to explicitly assure you (and the individuals we contact on your behalf) that:

·      We obtain prior express consent from every contact before sending marketing SMS messages, as required by the TCPA[36]. We document that consent (e.g., via opt-in forms or written agreement) and honor all opt-out requests promptly.

·      Our messaging program disclosures are clear: any time someone opts in to our SMS program (through a form or texting a keyword), we provide the required terms such as message frequency, that messages may be automated, that consent isn’t a condition of purchase, and how to opt-out and get help[37][38]. See our “SMS Consent & A2P Terms” policy for full details on this.

·      We adhere to CTIA guidelines for content. We will not send text content that is prohibited, such as messages related to illegal subjects, or those containing profanity, hate speech, or adult content in violation of CTIA standards[3]. We also register messaging campaigns as required under 10DLC (10-digit long code) rules to ensure high deliverability and compliance.

·      We do not charge recipients for our messages beyond standard carrier fees (i.e., “Msg & Data rates may apply”, as we disclose). We also respect any “quiet hours” and frequency caps as appropriate.

·      We honor Do-Not-Call requests and maintain opt-out lists. If someone opts out of our messages, we will prevent further outreach to that number aside from a final confirmation. We train any staff or sub-contractors involved in messaging on these compliance requirements.

Following these principles protects both consumer privacy and our company (and our clients) from legal risk. If you have any questions about our messaging practices or need to report unwanted messages, you can contact us at the support information below.

Additional Notices for California Residents

If you are a California resident, this section provides some additional information as required by the California Consumer Privacy Act (CCPA) and subsequent regulations:

·      Categories of Personal Information Collected: In the preceding 12 months, we have collected the following categories of personal information (as defined by CCPA) from or about California consumers: identifiers (like name, email, phone number); business information; internet or electronic network activity information (like browsing interactions on our site); geolocation (approximate, from IP); and in some cases professional or employment information (if you provided it as context). We do not collect sensitive personal information as defined by the CPRA, except possibly account login (for our clients) which we protect, and we do not use or disclose sensitive info except for providing the services requested (thus we believe we do not trigger the need for a special “Limit Use of Sensitive PI” notice under CPRA).

·      Sources: We collect this information directly from you, from your use of our site/services (e.g. via cookies), and from our business clients or partners (for whom we might process data).

·      Purposes of Collection: As detailed in earlier sections, we collect and use personal information for the business purposes of providing services, communicating with you, improving our services, security, etc. These correspond to the CCPA’s enumerated purposes like performing services on behalf of the business, debugging, advertising/marketing (our own not third parties’), and quality assurance.

·      Disclosure of PI: We have disclosed the above categories of personal information to service providers (internet/cloud hosts, communications providers, analytics providers, etc.) for business purposes in the last 12 months. We do not sell personal information to third parties. We also have not shared personal information for cross-context behavioral advertising in the sense of CPRA.

·      No Sale or Sharing of Minors’ Data: We do not have actual knowledge that we sell or share the personal information of consumers under 16 years of age, and indeed we do not sell/share any personal data as noted.

·      CCPA Rights: California residents have the right to request (1) access to specific pieces and categories of personal information we have collected about them, (2) deletion of personal information (with exceptions), (3) correction of inaccurate personal information, (4) information about personal information disclosed for a business purpose, and (5) to opt out of sales/sharing (not applicable here since we don’t do it). You also have the right to not receive discriminatory treatment for exercising these rights. To exercise access, deletion, or correction rights, you (or your authorized agent) may contact us at [email protected]. We will verify your request by confirming personal identifiers (and if an agent makes the request, we may require proof of written permission or power of attorney).

·      Financial Incentives: We do not offer financial incentives or price differences in exchange for your personal information. If that changes (for example, a referral program or reward for data sharing), we will provide a notice and opt-in opportunity per law.

For a full list of categories of personal information and how they correspond to what we collect, feel free to contact us for our CCPA-specific privacy notice.

Additional Notices for EU/EEA/UK Individuals

For individuals in the EEA, UK, or other regions with comprehensive data protection laws, we provide the following information as required by GDPR and similar regulations:

·      Legal Bases for Processing: We process personal data only when we have a legal basis to do so under Article 6 of GDPR. The legal bases we rely on are: Consent (e.g., for sending marketing emails or placing non-essential cookies, we rely on your consent[37]); Contract (e.g., when you are a customer, we process your data as needed to perform our contract with you for services); Legitimate Interests (e.g., for improving our services, preventing fraud, or communicating with business contacts, we rely on legitimate interests, after evaluating that our interests are not overridden by your privacy rights); and Legal Obligation (where we need to comply with a law, such as retaining records for tax purposes or providing information to law enforcement). If we ever process sensitive personal data (as defined by GDPR, e.g., health, biometrics, etc.), we would obtain explicit consent or ensure another valid condition applies (but as noted, we generally avoid collecting sensitive data).

·      Your Rights: Under GDPR, you have the rights of access, rectification, erasure, restriction, objection, data portability, and to withdraw consent. We have covered these in the “Your Choices and Rights” section above. Notably, you have the right to object to processing of your data where that processing is based on our legitimate interests or for direct marketing. If you object, we will cease processing your data for that purpose unless we demonstrate compelling legitimate grounds or it’s needed for legal claims. For direct marketing, if you object or opt out, we will stop.

·      International Transfers: As mentioned, data may be transferred outside of the EEA/UK. We ensure appropriate safeguards, such as Standard Contractual Clauses. If you want a copy of the relevant SCCs or information on transfer mechanisms, contact us.

·      Data Protection Officer: X5 Core is not required under GDPR to appoint a formal Data Protection Officer (as we are a small business not engaged in large scale sensitive processing). However, we do have a designated privacy point of contact (see below) who acts in a similar capacity to address privacy inquiries and issues.

·      Representative: Because we may offer services to EU/UK individuals while being established outside those regions, we will appoint an EU and/or UK representative if legally required and will provide their contact details here. (As of the Last Updated date, our evaluation is that we do not trigger Article 27 requirement, since we do not regularly monitor EU behavior or process special categories extensively; but we will reassess as needed.)

Links to Other Websites

Our website or communications may contain links to third-party websites, plug-ins, or services that are not owned or controlled by X5 Core. Please be aware that this Privacy Policy does not apply to those third-party sites. We are not responsible for the privacy practices or content of external websites. We encourage you to review the privacy policies of any third-party sites or services before providing any information to them. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. Use caution and read their policies.

Updates to This Privacy Policy

We may modify this Privacy Policy from time to time. If we make material changes to how we treat your personal information, we will notify you by (for example) updating the effective date and posting a notice on our website, or by emailing you if you have provided your email to us. Your continued use of our website or services after any changes indicates your acceptance of the updated Privacy Policy. We encourage you to review this Policy periodically for any updates.

If you do not agree with any changes to the Privacy Policy, you should stop using our services and may request us to delete your personal information if applicable.

Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

X5 Core, LLC – Privacy Team
Email: [email protected]
Phone: +1 (888) 906-8090 (available during normal business hours)
Address: Tampa, FL

We will address your inquiry as promptly as possible. If you are not satisfied with our response, and you are in a jurisdiction that provides for further recourse, you may have the right to contact your local data protection authority.

Thank you for entrusting X5 Core with your personal information. We value your privacy and work hard to protect it.

Last Updated: October 18, 2025