Privacy Policy

Our Commitment to Privacy: At Nexxence, your privacy is fundamental to our service. We are committed to protecting your personal information and being transparent about how we collect, use, and share your data. This Privacy Policy explains how Nexxence LLC ("we," "us," or "our") collects, uses, and protects your information when you use our LinkedIn authority building services. Compliance Framework: • We comply with the General Data Protection Regulation (GDPR) • We adhere to the California Consumer Privacy Act (CCPA) • We follow industry best practices for data security • We operate as a data processor for your LinkedIn information By using our services, you consent to the collection and use of your information in accordance with this Privacy Policy.

Account Information: • Full name and professional title • Email address and phone number • Company name and industry • Job title and professional background • LinkedIn account credentials (encrypted and secure) • Payment information (processed securely via Stripe) LinkedIn Data: • Profile information (headline, summary, experience) • Connection lists and network data • Post engagement metrics and performance • Content published through our platform • Messaging history and communication data • Profile view statistics and visitor data Usage Data: • Login times and session duration • Features used within our platform • Click patterns and navigation behavior • Device information (browser type, operating system) • IP address and geolocation data • Error logs and technical diagnostic information Communication Data: • Support ticket content and correspondence • Email communications with our team • Survey responses and feedback • Phone call recordings (with consent)

Service Delivery: • Optimize your LinkedIn profile for maximum impact • Create and schedule content on your behalf • Manage connection outreach and networking activities • Track performance metrics and generate reports • Provide personalized strategy recommendations Customer Support: • Respond to your inquiries and support requests • Troubleshoot technical issues and account problems • Provide training and onboarding assistance • Send service updates and important notifications Billing and Account Management: • Process subscription payments and billing • Send invoices and payment confirmations • Manage account upgrades and downgrades • Handle refund requests and payment disputes Service Improvement: • Analyze usage patterns to enhance features • Conduct A/B testing on service effectiveness • Develop new tools and functionalities • Create aggregated performance benchmarks (anonymized) Legal and Compliance: • Comply with legal obligations and court orders • Protect against fraud and abuse • Enforce our Terms of Service • Maintain accurate business records

We Do Not Sell Your Personal Data: We never sell, rent, or lease your personal information to third parties for marketing purposes. Service Providers: • Stripe for payment processing (PCI DSS compliant) • Email service providers for communication • Cloud hosting providers for data storage • Analytics tools for service improvement (anonymized data only) Offshore Team Access: • Our offshore team members have access to your data under strict NDAs • All offshore personnel undergo security training • Access is limited to job function requirements • Data processing agreements are in place Aggregated Insights: • We may share anonymized, aggregated statistics • Industry benchmarks and performance trends • No individual identification possible • Used for service improvement and marketing Legal Requirements: • Court orders and legal subpoenas • Government investigations and compliance • Protection of our rights and safety • Prevention of fraud and abuse Business Transfers: • Merger, acquisition, or sale of assets • Customer data may be transferred to new entity • You will be notified of any ownership changes • Privacy protections will continue under new ownership

Encryption and Protection: • 256-bit AES encryption for LinkedIn credentials • SSL/TLS encryption for all data transmission • Encrypted databases and secure cloud storage • Regular security updates and patches Access Controls: • Multi-factor authentication for team access • Role-based access controls and permissions • Regular access reviews and deprovisioning • Principle of least privilege enforcement Security Monitoring: • 24/7 security monitoring and alerting • Regular vulnerability assessments and testing • Intrusion detection and prevention systems • Security incident response procedures Data Backup and Recovery: • Regular automated backups of all data • Geographically distributed backup storage • Tested disaster recovery procedures • Business continuity planning Security Audits: • Annual third-party security assessments • Penetration testing by certified professionals • Compliance audits for industry standards • Employee security training programs Incident Response: • Documented incident response procedures • Rapid containment and mitigation protocols • Customer notification within 72 hours • Coordination with law enforcement if needed

Active Account Data: • Data retained throughout the duration of your subscription • Regular updates and synchronization with LinkedIn • Historical performance data maintained for trending • Account settings and preferences preserved Post-Cancellation Retention: • Data retained for 90 days after cancellation • Allows for account reactivation if desired • Data permanently deleted after 90-day period • Customer may request immediate deletion Aggregated Data: • Anonymous, aggregated data may be retained indefinitely • Used for service improvement and benchmarking • Cannot be traced back to individual users • Helps improve service for all customers Legal Hold Requirements: • Data retained longer if required by legal proceedings • Compliance with court orders and investigations • Data deletion resumes after legal holds are lifted • Customers notified of extended retention periods Your Right to Deletion: • Request immediate deletion of your data • We will comply within 30 days of request • Some data may be retained for legal compliance • Anonymized data may remain in aggregated form

For users in the European Union, you have the following rights: Right to Access: • Request copies of your personal data • Information about how your data is processed • Details about data recipients and retention periods • Free of charge, with some exceptions Right to Rectification: • Correct inaccurate or incomplete data • Update outdated personal information • Ensure data accuracy across all systems • No charge for corrections Right to Erasure ("Right to be Forgotten"): • Request deletion of your personal data • Applies when data is no longer necessary • Must be balanced against our legitimate interests • Some data may be retained for legal compliance Right to Data Portability: • Receive your data in a structured, machine-readable format • Transfer data to another service provider • Available for data provided with consent or contract • Technically feasible transfers only Right to Object: • Object to processing for legitimate interests • Object to direct marketing communications • Object to automated decision-making and profiling • We must stop processing unless we have compelling grounds Right to Restrict Processing: • Limit how we process your data • When accuracy is contested or processing is unlawful • When we no longer need the data but you need it for legal claims • While we verify grounds for objection Right to Withdraw Consent: • Withdraw consent for data processing at any time • Does not affect lawfulness of past processing • May impact our ability to provide services • Alternative legal basis may still apply To exercise these rights, contact our Data Protection Officer at dpo@nexxence.com.

For California residents, you have the following rights: Right to Know: • What personal information we collect about you • Sources from which we collect information • Business purposes for collecting information • Categories of third parties with whom we share information Right to Delete: • Request deletion of personal information we collected • Subject to certain exceptions for legal compliance • We will delete information from our records and instruct service providers to delete Right to Opt-Out: • We do not sell personal information • Right to opt-out would apply if we sold information • We will not discriminate against you for exercising rights Right to Non-Discrimination: • We will not discriminate against you for exercising CCPA rights • No denial of services or different pricing • No reduced service quality • Incentive programs may offer different pricing with opt-in consent Categories of Information Collected: • Identifiers (name, email, phone) • Commercial information (transaction history) • Internet activity (usage data) • Professional information (LinkedIn data) • Geolocation data (general location) Information Sources: • Directly from you • From your LinkedIn account • From your use of our services • From third-party service providers How to Exercise Rights: • Email privacy@nexxence.com • Call our privacy hotline (number provided upon request) • Submit request through your account dashboard • Designate authorized agent with written permission We will verify your identity before processing requests and respond within 45 days.

Essential Cookies: • Required for basic website functionality • Session management and user authentication • Security features and fraud prevention • Cannot be disabled without affecting service Analytics Cookies: • Google Analytics for website usage statistics • Performance monitoring and error tracking • User behavior analysis for service improvement • Can be disabled through browser settings No Third-Party Advertising: • We do not use advertising cookies • No third-party advertising networks • No behavioral advertising or remarketing • No cross-site tracking for advertising Cookie Management: • Most browsers accept cookies by default • You can modify browser settings to refuse cookies • Some features may not work without cookies • Clear instructions provided for each browser type Local Storage: • HTML5 local storage for preferences • Cached data for improved performance • User interface customizations • Data persists until manually cleared Do Not Track: • We respect Do Not Track browser signals • Analytics tracking disabled when DNT is enabled • Essential functionality cookies still required • Privacy settings respected across all services

Data Processing Locations: • Primary data processing in the United States • Cloud infrastructure hosted in US data centers • Backup storage may be located internationally • All locations provide adequate protection levels Offshore Team Access: • Team members in India and Southeast Asia • Access limited to job function requirements • Standard Contractual Clauses (SCCs) in place • Regular audits of offshore data handling Safeguards for International Transfers: • Standard Contractual Clauses approved by EU • Binding Corporate Rules where applicable • Adequate data protection levels verified • Regular assessment of transfer mechanisms Your Consent: • By using our services, you consent to international transfers • Transfers necessary for service provision • Same privacy protections apply globally • Right to withdraw consent (may impact service) Data Localization: • EU customer data remains in EU where feasible • Data minimization for international transfers • Local data residency options available upon request • Compliance with local data protection laws

Age Restrictions: • Our services are not intended for individuals under 18 • We do not knowingly collect information from minors • Account registration requires age verification • Parents/guardians must consent for users under 18 COPPA Compliance: • We comply with the Children's Online Privacy Protection Act • No collection of information from children under 13 • Parental consent required for any data collection • Special protections for educational accounts Discovery of Minor Information: • If we discover information from a minor, we will delete it immediately • Parents may request information about data collected • Verification of parental identity required • Deletion occurs within 30 days of discovery Educational Use: • Special provisions for educational institutions • Parental consent obtained through schools • Limited data collection for educational purposes only • Enhanced security and privacy protections Reporting: • Parents may report underage account usage • Immediate investigation and account suspension • Cooperation with parents and educational authorities • Regular audits of age verification processes

External Website Links: • Our service may contain links to third-party websites • We are not responsible for the privacy practices of external sites • Third-party sites have their own privacy policies • We recommend reviewing privacy policies before providing information LinkedIn Integration: • LinkedIn has its own privacy policy and terms • We encourage you to review LinkedIn's privacy practices • Our privacy policy applies only to data we collect • LinkedIn's policies govern their data collection and use Service Provider Privacy: • Stripe's privacy policy governs payment processing • Email service providers have their own policies • Cloud hosting providers maintain separate privacy practices • We select providers with strong privacy commitments Social Media Integration: • Links to our social media profiles • Social platforms have independent privacy policies • Information shared on social media governed by their terms • We may respond to public mentions and comments No Endorsement: • Links do not imply endorsement of third-party practices • Third-party content is not under our control • We disclaim responsibility for third-party privacy practices • Users should exercise caution when sharing personal information

Notification Process: • Material changes will be communicated via email • Notice provided at least 30 days before changes take effect • Updated policy posted on our website • Previous versions archived for reference Types of Changes: • Legal requirement changes • Service enhancement updates • Security improvement modifications • Business practice adjustments Your Options: • Continue using services (constitutes acceptance) • Cancel your subscription if you disagree with changes • Contact us with questions or concerns • Exercise your data rights under new policy Version Control: • Each policy version clearly dated • Material changes highlighted in update notifications • Change log maintained for transparency • Legal review of all policy modifications Effective Date: • Changes effective on the date specified in the notice • No retroactive application of new terms • Grace period provided for adjustment to changes • Customer service available to answer questions

Privacy Officer: Email: privacy@nexxence.com Response Time: 5-7 business days Available: Monday through Friday, 9 AM - 5 PM MT Data Protection Officer (GDPR): Email: dpo@nexxence.com Response Time: 30 days maximum Specialized in GDPR compliance and EU data rights Mailing Address: Nexxence LLC Attn: Privacy Department [Wyoming Registered Agent Address - To be provided] Wyoming, United States California Privacy Requests: Email: ccpa@nexxence.com Toll-free: [Number to be provided] Online form: Available in account dashboard General Privacy Questions: • Email privacy@nexxence.com for general questions • Support@nexxence.com for account-related privacy issues • Legal@nexxence.com for legal aspects of privacy • Security@nexxence.com for security-related concerns

GDPR Compliance: Our Data Protection Officer (DPO) is available for all GDPR-related inquiries, including: • Exercise of individual data rights • Questions about data processing activities • Concerns about privacy compliance • Complaints about data handling DPO Responsibilities: • Monitor compliance with GDPR and data protection laws • Conduct privacy impact assessments • Serve as contact point for supervisory authorities • Provide data protection training and guidance Contact Information: Email: dpo@nexxence.com Direct phone: [Number available upon request] Mailing address: Same as company address Response time: 30 days maximum, typically within 5-7 business days Supervisory Authority: If you are not satisfied with our response to your privacy concerns, you may lodge a complaint with your local supervisory authority: • EU residents: Contact your national data protection authority • UK residents: Contact the Information Commissioner's Office (ICO) • Other jurisdictions: Contact your local privacy regulator Independence: Our DPO operates independently and reports directly to senior management to ensure unbiased privacy oversight and compliance. Last Updated: August 24, 2025