• This policy outlines xVal Technologies Ltd.'s commitment to protecting the privacy and security of personal and financial data. It aligns with our legal obligations and operational practices, ensuring compliance with GDPR, CCPA, and other relevant data protection laws.

• Clients provide personal and financial data through account creation and software integration. We collect data responsibly and transparently, ensuring clients understand what data is collected and how it is used.

• Data collected is used solely for fulfilling the reporting needs of our clients. We do not use this data for any internal purposes outside of these specified services.

• Data is securely stored in AWS and MongoDB, adhering to their comprehensive security standards.
• Encryption: AWS and MongoDB employ strong encryption methods for data at rest and in transit. This includes the use of industry-standard encryption protocols.
• Access Control: Both platforms implement robust access control measures. This includes role-based access control (RBAC) to ensure only authorized personnel have access to specific data sets.
• Network Security: AWS and MongoDB offer advanced network security features, including firewalls, DDoS mitigation, and regular security audits.
• Data Backup and Recovery: Regular data backups are performed to prevent data loss. Recovery procedures are in place to restore data in case of system failures.
• Compliance Certifications: Both AWS and MongoDB comply with a range of global and industry-specific security standards and certifications.
• Regular Security Updates: Continuous monitoring and regular updates are performed to ensure the security measures are up to date against emerging threats.

• Data is retained for the duration of an active account. Post-account deletion, data is kept for an additional 90 days before being securely deleted or anonymized.

• We do not share data with third parties, except upon explicit request by clients for specific API integrations, in which case the utmost care is taken to ensure data security and confidentiality.

• Data subjects have the right to access, rectify, erase, and restrict processing of their personal data. Requests for exercising these rights can be made through an email to hello@crossval.com, and will be addressed promptly.

• In the event of a data breach, we have established protocols for internal response and notification to relevant stakeholders, including regulatory authorities and affected individuals.

• This policy is subject to periodic review and amendments to stay aligned with legal requirements and best practices in data protection.

Non-compliance with the Data Protection Policy of xVal Technologies Ltd. is considered a serious breach of professional duties. To maintain the integrity of our data protection practices, the following disciplinary measures will be enforced:

• Initial Violation: In cases of a first-time, non-intentional violation, the employee will receive a formal written warning. They will also be required to undergo additional data protection training.
• Repeated or Serious Violation: Repeated non-compliance or serious breaches, such as unauthorized disclosure of sensitive data, will result in more severe disciplinary actions. This may include suspension, demotion, or in extreme cases, termination of employment.
• Legal Ramifications: If the violation leads to legal issues or breaches of data protection laws, the employee may face additional legal consequences.
• Reporting Mechanism: Employees are encouraged to report any suspected violations. Confidentiality will be maintained to the extent possible.