Privacy Policy

Who We Are

Exaft LLC ("Exaft," "we," "us") operates the website at exaft.com. We provide software development services. This policy explains how we collect, use, store, and protect personal information when you visit our website or engage our services.

Information We Collect

Information you provide

When you contact us through the website, email, contact forms, or other channels, we may collect your name, email address, phone number, company name, and the content of your message. If you subscribe to a newsletter or download content, we collect the information required for that purpose (typically your email address). We only collect information you voluntarily provide.

Information collected automatically

When you visit our website and click "Accept all" on the consent banner, we may collect usage data through analytics and marketing tools, including:

• Pages visited, time on site, click paths, and interactions with content.
• Referral source, search terms, and campaign parameters.
• Browser type, device type, screen resolution, and operating system.
• Approximate location (country/city level derived from IP address).
• Anonymized or pseudonymized identifiers for returning visitor recognition.

If you click "Necessary only" or ignore the consent banner, no analytics, advertising, or marketing cookies are set and no usage data is collected beyond what is strictly necessary for the website to function.

Tools we use

We currently use the following third-party services that may process personal data:

• Google Analytics (measurement ID: G-DNJTJR5KDC) — website analytics. Only active with your consent. Data is processed by Google under their privacy policy.
• Cloudflare — hosting, CDN, and security. Cloudflare may set a strictly necessary cookie (__cf_bm) for bot detection. This cookie is set regardless of your consent choice as it is essential for website security. Cloudflare's privacy policy.

We may add or replace tools over time to improve our website experience, measure performance, and communicate with visitors. Examples of tools we may adopt include analytics platforms, heatmap and session recording tools, A/B testing services, email marketing platforms, CRM systems, chatbots, and social media pixels. When we add new tools that process personal data, we will update this section and our cookie policy. All tools we use are subject to the consent requirements described in this policy — tools that set non-essential cookies or track personal data will only activate after you give consent.

Cookies and Consent

Our website uses a consent banner that gives you two choices:

• Accept all — enables analytics, advertising, personalization, and marketing cookies from the tools listed above and in our cookie policy.
• Necessary only — only strictly necessary cookies (required for the website to function and for security) are used. No tracking, analytics, or advertising data is collected.

Your consent preference is stored in your browser's local storage and persists across sessions. You can change your preference at any time by clicking "Cookie preferences" in the site footer, which will re-open the consent banner.

For a detailed list of cookies we use, see our cookie policy.

Legal Basis for Processing (GDPR)

Under the EU General Data Protection Regulation, we process personal data based on the following legal grounds:

• Consent — for analytics, advertising, personalization, and marketing cookies, which are only activated when you click "Accept all" on the consent banner. Also for marketing communications, if applicable.
• Legitimate interest — for responding to inquiries, improving our website and services, ensuring website security, and for basic business communications.
• Contract performance — for processing data necessary to provide services you have engaged us for.
• Legal obligation — where we are required to process data to comply with applicable laws.

How We Use Your Information

• To respond to your inquiries and communicate about potential or ongoing projects.
• To provide and deliver the services you have engaged us for.
• To understand how visitors use our website and improve the user experience (only with consent).
• To measure the effectiveness of our content and marketing efforts (only with consent).
• To send you relevant communications about our services, if you have opted in.
• To personalize your experience on our website (only with consent).
• To comply with legal obligations.

Data Sharing

We do not sell, rent, or trade your personal information. We may share data with:

• Analytics and marketing providers — anonymized or pseudonymized usage data, only when you have given consent. Each provider's own privacy policy governs their processing of this data.
• Infrastructure providers — services such as Cloudflare that provide hosting, CDN, and security. These providers may process limited data (such as IP addresses) as part of delivering the website to you.
• Service providers — third-party tools (email, CRM, communication platforms) that process data on our behalf under appropriate data processing agreements.
• Legal requirements — we may disclose information if required by law, regulation, or legal process.

Data Retention

We retain personal information for as long as necessary to fulfill the purpose for which it was collected:

• Inquiry data — typically no longer than 2 years after our last communication.
• Analytics data — retained according to each tool's default settings (e.g., 14 months for Google Analytics).
• Marketing data — retained until you unsubscribe or request deletion.
• Client data — retained for the duration of the engagement plus any legally required retention period.

You can request earlier deletion at any time.

Your Rights Under GDPR

If you are in the European Economic Area, United Kingdom, or Switzerland, you have the following rights regarding your personal data:

• Access — request a copy of the personal data we hold about you.
• Rectification — request correction of inaccurate data.
• Erasure — request deletion of your data ("right to be forgotten").
• Restriction — request that we limit how we use your data.
• Portability — request your data in a structured, machine-readable format.
• Objection — object to processing based on legitimate interest.
• Withdraw consent — revoke consent for cookies at any time by clicking "Cookie preferences" in the site footer, or for marketing communications via an unsubscribe link.

To exercise any of these rights, contact us at . We will respond within 30 days.

You also have the right to lodge a complaint with a supervisory authority in your country of residence.

Your Rights Under CCPA

If you are a California resident, the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA) provide you with the following rights:

• Right to know — request what personal information we collect, use, and disclose, including the categories of data and the purposes for processing.
• Right to delete — request deletion of your personal information.
• Right to correct — request correction of inaccurate personal information.
• Right to opt out — opt out of the sale or sharing of personal information. We do not sell or share personal information as defined by the CCPA/CPRA.
• Right to limit use of sensitive personal information — we do not collect sensitive personal information as defined by the CCPA/CPRA.
• Non-discrimination — we will not discriminate against you for exercising your privacy rights.

To exercise these rights, contact us at . We will verify your identity and respond within 45 days.

In the preceding 12 months, we have not sold or shared personal information as defined by the CCPA/CPRA.

International Data Transfers

Your data may be transferred to and processed in countries outside of your country of residence, including the United States, where data protection laws may differ. Where required, we ensure appropriate safeguards are in place, such as standard contractual clauses approved by the European Commission or other legally recognized mechanisms.

Data Security

We implement appropriate technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. These include encrypted communications (HTTPS), access controls, and regular review of our security practices. However, no method of transmission over the internet is 100% secure.

Third-Party Links

Our website contains links to third-party sites (LinkedIn, GitHub, and others). We are not responsible for the privacy practices of these sites and encourage you to read their privacy policies.

Children's Privacy

Our website and services are not directed at individuals under the age of 16. We do not knowingly collect personal information from children. If you believe we have collected such information, contact us and we will delete it promptly.

Changes to This Policy

We may update this policy as we add new tools, features, or services. Changes will be reflected by the "last updated" date at the top of this page. For significant changes that affect how we process your data, we will make reasonable efforts to notify you (such as through a banner on the website). Where required by law, we will seek your renewed consent before applying changes that require it.

Contact

For questions about this privacy policy or to exercise your data rights, contact us at .