Privacy Policy

1. Introduction

IX Bond Inc. ("IX Bond," "we," "us," or "our") is committed to protecting your privacy and ensuring transparency about how we collect, use, and safeguard your personal information. This Privacy Policy describes our practices concerning the data we collect when you visit our website at ixbond.com (the "Website"), interact with our services, or use the IX Bond software platform (the "Software").

This Privacy Policy applies to all visitors, users, and others who access the Website or interact with IX Bond Inc. in any capacity. By accessing our Website or using our Software, you acknowledge that you have read, understood, and agree to the practices described in this Privacy Policy.

IX Bond Inc. is incorporated in the State of Delaware, United States. Our principal contact email is hello@ixbond.com. For privacy-specific inquiries, please contact us at privacy@ixbond.com.

2. The Cloud-Managed Nature of IX Bond

IX Bond is a cloud-managed enterprise mesh VPN platform. Our software is designed to be deployed and operated entirely on your own infrastructure. This architectural decision has significant privacy implications that we want to make explicitly clear:

• Your data stays on your infrastructure. When you deploy IX Bond, the control server, mesh nodes, encryption keys, access control lists, audit logs, and all network traffic remain within your own environment. IX Bond Inc. does not operate servers that route, inspect, store, or process your network traffic.
• We do not hold your encryption keys. WireGuard key pairs are generated locally on each node within your deployment. Private keys never leave the machines on which they are generated. IX Bond Inc. has no mechanism to access, retrieve, or reconstruct your encryption keys.
• We cannot see your mesh topology. Your network configuration, node inventory, tag-based ACL rules, and device posture policies are stored on your cloud-managed control server. IX Bond Inc. does not have visibility into how you structure your mesh network.
• Audit logs are yours. All connection events, authentication attempts, policy changes, and administrative actions are logged within your own infrastructure. We do not collect, aggregate, or have access to these logs.

The only interactions between your IX Bond deployment and IX Bond Inc.'s infrastructure are limited to: (a) optional license validation checks, (b) software update notifications, and (c) optional anonymized telemetry data if you have explicitly enabled it. Each of these is described in further detail below.

3. Information We Collect

3.1 Information You Provide to Us

We collect information that you voluntarily provide when you interact with IX Bond Inc. directly:

• Account Information: When you create an account on our website to download the Software or access documentation, we collect your name, email address, company name (if provided), and any password you create.
• Contact Information: When you reach out through our contact form, email us, or request support, we collect your name, email address, company name, and the content of your communication.
• Newsletter Subscription: If you subscribe to our newsletter or product updates, we collect your email address.
• Event Registration: If you register for webinars, workshops, or other events, we collect your name, email, company, and role.

3.2 Information Collected Automatically from Website Visitors

When you visit ixbond.com, we automatically collect certain technical information:

• Device and Browser Information: Browser type and version, operating system, device type, screen resolution, and language preferences.
• Usage Data: Pages visited, time spent on pages, click patterns, referring URLs, and navigation paths through our Website.
• Network Information: IP address (which may be truncated or anonymized depending on your jurisdiction), approximate geographic location derived from IP address, and Internet service provider.
• Cookies and Similar Technologies: We use cookies and similar tracking technologies as described in Section 6 below.

3.3 Information Collected by the Software

As detailed in Section 2, the IX Bond Software operates on your infrastructure. The Software's control server and mesh nodes process data locally within your environment. However, the following limited interactions with IX Bond Inc.'s servers may occur:

• License Validation: If you are using a licensed version of IX Bond, your deployment may periodically contact our license server to validate your license key. This transmits your license key identifier, the version of IX Bond installed, and a count of active nodes. No personal data or network configuration is transmitted.
• Update Checks: Your IX Bond control server may check for software updates by contacting our update server. This transmits the current software version and operating system type. No personal data is transmitted.
• Optional Telemetry: If you explicitly opt in to anonymized telemetry, your deployment may send aggregate, non-identifying usage statistics such as the number of nodes, operating system distribution, feature utilization rates, and error counts. This telemetry contains no personal data, IP addresses of your mesh nodes, network configurations, or traffic data. Telemetry is disabled by default and must be explicitly enabled by an administrator.

4. How We Use Your Information

We use the information we collect for the following purposes:

• Providing and Improving Our Services: To operate the Website, deliver software updates, respond to support requests, and improve the IX Bond platform based on aggregated, anonymized usage patterns.
• Communication: To send you product updates, security advisories, newsletters (if subscribed), and responses to your inquiries. We will never send unsolicited marketing emails without your consent.
• Security and Fraud Prevention: To detect, investigate, and prevent unauthorized access, abuse, or other harmful activities on our Website and services.
• Legal Compliance: To comply with applicable laws, regulations, legal processes, or governmental requests.
• Analytics: To understand how visitors use our Website, identify trends, and optimize our content and user experience.

5. How We Share Your Information

IX Bond Inc. does not sell, rent, or trade your personal information to third parties for advertising purposes. We may share your information only in the following limited circumstances:

• Service Providers: We engage trusted third-party companies to perform services on our behalf, such as website hosting, email delivery, analytics, and customer support tools. These providers are contractually bound to use your data only for the purposes we specify and to maintain appropriate security measures.
• Legal Requirements: We may disclose your information if required by law, subpoena, court order, or government regulation, or if we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to a law enforcement request.
• Business Transfers: In the event of a merger, acquisition, reorganization, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change in ownership or control of your personal data.
• With Your Consent: We may share your information for other purposes if you provide explicit consent.

6. Cookies and Tracking Technologies

Our Website uses cookies and similar technologies to enhance your browsing experience and collect analytics data:

6.1 Essential Cookies

These cookies are necessary for the Website to function properly. They enable core features such as session management, security tokens, and cookie consent preferences. Essential cookies cannot be disabled.

6.2 Analytics Cookies

We use Google Analytics to understand how visitors interact with our Website. Google Analytics uses cookies to collect anonymized information about page views, session duration, traffic sources, and user behavior. You can opt out of Google Analytics by installing the Google Analytics Opt-out Browser Add-on.

We have configured Google Analytics with the following privacy-enhancing measures:

• IP anonymization is enabled
• Data sharing with Google is disabled
• Advertising features are disabled
• Data retention is set to 14 months

6.3 Managing Cookies

You can control cookie settings through your browser preferences. Most browsers allow you to block or delete cookies. However, blocking essential cookies may impair the functionality of our Website. When you first visit our Website, we present a cookie consent banner that allows you to accept or decline non-essential cookies.

7. Data Retention

We retain your personal information only for as long as necessary to fulfill the purposes described in this Privacy Policy:

• Website analytics data: Retained for 2 years from the date of collection, after which it is automatically deleted or anonymized.
• Account information: Retained for as long as your account is active. If you request account deletion, we will delete your data within 30 days, except where we are required to retain it for legal or compliance purposes.
• Support tickets and communications: Retained for 5 years from resolution to assist with future inquiries and to meet legal record-keeping requirements.
• Newsletter subscriptions: Retained until you unsubscribe. Unsubscribe requests are processed immediately.
• License validation logs: Retained for 1 year for fraud prevention and audit purposes.

8. Rights of European Economic Area (EEA) Residents — GDPR

If you are a resident of the European Economic Area, the United Kingdom, or Switzerland, you have the following rights under the General Data Protection Regulation (GDPR) and related legislation:

• Right of Access (Article 15): You have the right to request a copy of the personal data we hold about you, along with information about how it is processed.
• Right to Rectification (Article 16): You have the right to request correction of inaccurate or incomplete personal data.
• Right to Erasure (Article 17): You have the right to request deletion of your personal data when it is no longer necessary for the purposes for which it was collected, or when you withdraw consent.
• Right to Restriction of Processing (Article 18): You have the right to request that we restrict the processing of your personal data in certain circumstances, such as when you contest its accuracy.
• Right to Data Portability (Article 20): You have the right to receive your personal data in a structured, commonly used, and machine-readable format, and to transmit that data to another controller.
• Right to Object (Article 21): You have the right to object to the processing of your personal data for direct marketing purposes or when processing is based on legitimate interests.
• Right to Withdraw Consent: Where processing is based on your consent, you have the right to withdraw that consent at any time without affecting the lawfulness of processing carried out before withdrawal.
• Right to Lodge a Complaint: You have the right to lodge a complaint with a supervisory authority in the EU member state where you reside or work, or where the alleged infringement occurred.

Our lawful bases for processing personal data under the GDPR include: (a) your consent, (b) performance of a contract, (c) compliance with legal obligations, and (d) our legitimate interests in operating and improving our services, provided those interests are not overridden by your rights and freedoms.

To exercise any of these rights, please contact us at privacy@ixbond.com. We will respond to your request within 30 days.

9. Rights of California Residents — CCPA/CPRA

If you are a California resident, the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA) provide you with specific rights regarding your personal information:

• Right to Know: You have the right to request that we disclose the categories and specific pieces of personal information we have collected about you, the categories of sources from which it was collected, the business or commercial purpose for collecting it, and the categories of third parties with whom we share it.
• Right to Delete: You have the right to request that we delete the personal information we have collected from you, subject to certain exceptions permitted by law.
• Right to Correct: You have the right to request that we correct inaccurate personal information that we maintain about you.
• Right to Opt-Out of Sale or Sharing: IX Bond Inc. does not sell personal information and does not share personal information for cross-context behavioral advertising. Therefore, there is no need to opt out, but we respect your right to make this request.
• Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA/CPRA rights. We will not deny you services, charge different prices, or provide a different quality of service because you exercised your privacy rights.
• Right to Limit Use of Sensitive Personal Information: We do not collect sensitive personal information as defined by the CPRA.

To exercise your California privacy rights, please contact us at privacy@ixbond.com or submit a request through our Website. We will verify your identity before fulfilling your request. You may also designate an authorized agent to make a request on your behalf.

In the preceding 12 months, we have collected the following categories of personal information: identifiers (name, email, IP address), Internet or electronic network activity information (browsing history on our Website), and professional or employment-related information (company name, job title). We have not sold any personal information.

10. Security Measures

IX Bond Inc. implements industry-standard security measures to protect the personal information we collect:

• Encryption in Transit: All communications with our Website and services are encrypted using TLS 1.3. We enforce HTTPS on all pages and API endpoints.
• Encryption at Rest: Personal data stored in our databases is encrypted at rest using AES-256 encryption.
• Access Controls: We enforce the principle of least privilege. Access to personal data is restricted to authorized employees who require it for their job functions. All access is logged and regularly audited.
• Regular Security Audits: We conduct regular security assessments, vulnerability scans, and penetration tests of our infrastructure.
• Employee Training: All IX Bond Inc. employees receive annual security awareness and data privacy training.
• Incident Response: We maintain a formal incident response plan to address potential data breaches promptly and effectively.

While we strive to protect your personal information, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security but are committed to maintaining the highest practicable standards.

11. Children's Privacy

IX Bond's Website and Software are not directed at children under the age of 16. We do not knowingly collect personal information from children under 16. If we become aware that we have inadvertently collected personal data from a child under 16, we will take steps to delete that information as promptly as possible. If you believe that a child under 16 has provided us with personal information, please contact us at privacy@ixbond.com.

12. International Data Transfers

IX Bond Inc. is based in the United States. If you access our Website or interact with us from outside the United States, your personal data may be transferred to, stored in, and processed in the United States or other jurisdictions where our service providers operate.

For transfers of personal data from the European Economic Area, the United Kingdom, or Switzerland to the United States, we rely on the following mechanisms:

• EU-US Data Privacy Framework: IX Bond Inc. complies with the EU-US Data Privacy Framework (DPF) as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union to the United States.
• Standard Contractual Clauses: Where the DPF does not apply, we utilize the European Commission's Standard Contractual Clauses (SCCs) to provide appropriate safeguards for international data transfers.
• Supplementary Measures: In addition to contractual safeguards, we implement technical measures such as encryption and access controls to protect data during transfer and storage.

13. Third-Party Links

Our Website may contain links to third-party websites, services, or resources that are not operated by IX Bond Inc. We are not responsible for the privacy practices or content of these third-party sites. We encourage you to review the privacy policies of any third-party sites you visit. This Privacy Policy applies solely to information collected by IX Bond Inc. through our Website and services.

14. Do Not Track Signals

Some web browsers transmit "Do Not Track" (DNT) signals. Because there is no uniform standard for interpreting DNT signals, our Website does not currently respond to DNT signals. However, you can manage your tracking preferences through cookie settings as described in Section 6.3.

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:

• Update the "Effective Date" at the top of this page
• Post a prominent notice on our Website
• Send an email notification to registered users
• Where required by law, obtain your consent before applying changes to previously collected data

We encourage you to review this Privacy Policy periodically. Your continued use of our Website or Software after the posting of changes constitutes your acceptance of such changes.

16. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

• Privacy Inquiries: privacy@ixbond.com
• General Contact: hello@ixbond.com
• Mail: IX Bond Inc., Attn: Privacy Team

We will respond to all privacy-related inquiries within 30 days. If you are not satisfied with our response, you have the right to lodge a complaint with the appropriate supervisory authority in your jurisdiction.