Last Updated: October 1, 2025

• Company: InitiumX
• Headquarters: San Pedro Sula, Honduras
• US Operations: Remote services to US clients
• Registered Agent: Available upon request for contract purposes

• Function: Consumer protection and business practices
• Applicability: Advertising, data security, consumer rights
• Website: www.ftc.gov

• Function: Enforcement of state consumer protection laws
• CCPA Enforcement: California Attorney General
• Data Breach Notification: State-specific requirements

California Residents have enhanced rights under CCPA:

• Right to know what personal information is collected
• Right to know if personal information is sold or disclosed
• Right to say no to the sale of personal information
• Right to access personal information
• Right to equal service and price (non-discrimination)
• Right to deletion of personal information

✅ We commit to:

• Not selling personal information of California residents
• Providing clear privacy notice to California users
• Honoring all CCPA/CPRA rights requests
• Maintaining records of data processing activities

What you can request:

• Categories of personal information collected
• Specific pieces of personal information we have
• Sources of personal information
• Business or commercial purpose for collecting
• Categories of third parties we share with

How to request:

• Email: privacy@initiumx.dev
• Subject: “CCPA Right to Know Request”
• Response time: 45 days (extendable to 90 days)

What can be deleted:

• Personal information collected from you
• Subject to legal exceptions (contracts, legal obligations, etc.)
• Includes data shared with service providers

Exceptions to deletion:

• Complete transaction or provide requested service
• Comply with legal obligations
• Exercise free speech or legal rights
• Engage in research (if deletion would impair research)

Timeline:

• Acknowledgment: 10 days
• Completion: 45 days (extendable to 90 days)

If this changes in the future:

• “Do Not Sell My Personal Information” link will be provided
• Opt-out honored immediately
• No discrimination for opting out

You have the right to:

• Same service and prices whether you exercise CCPA rights or not
• No denial of goods or services for exercising rights
• No different price or quality of service
• No suggestion that you will receive different service

Permitted practices:

• Different prices for loyalty programs (if disclosed)
• Financial incentives consistent with value of data
• Good-faith estimates of value provided

For Right to Know requests:

• Verify via email confirmation
• Match 2-3 data points we have on file
• May require additional documentation for sensitive data

For Deletion requests:

• Enhanced verification required
• May need government-issued ID
• Additional security measures for high-risk deletions

Requirements for authorized agents:

• Signed permission from consumer
• Proof of authorization (power of attorney or written consent)
• Consumer verification still required
• Agent may need business license or registration

Effective: January 1, 2023

Rights for Virginia Residents:

• Right to access personal data
• Right to correct inaccuracies
• Right to delete personal data
• Right to obtain copy of data
• Right to opt-out of targeted advertising and sale

Compliance: Same process as CCPA requests

Effective: July 1, 2023

Rights for Colorado Residents:

• Right to access and portability
• Right to correct inaccuracies
• Right to deletion
• Right to opt-out of sale and targeted advertising
• Right to opt-out of profiling

Compliance: privacy@initiumx.dev

Effective: July 1, 2023

Rights for Connecticut Residents:

• Confirm processing of personal data
• Access personal data
• Correct inaccuracies
• Delete personal data
• Obtain copy of data
• Opt-out of sale and targeted advertising

Effective: December 31, 2023

Rights for Utah Residents:

• Access to personal data
• Deletion of personal data
• Opt-out of sale and targeted advertising
• Data portability

States with pending or enacted privacy laws:

• Montana
• Oregon
• Texas
• Tennessee
• Iowa

Our commitment: Monitor and comply with all state privacy laws as they take effect.

InitiumX operates from Honduras:

• Data may be transferred to Honduras for processing
• Data may be stored on US-based servers (AWS, Google Cloud)
• European servers available for EU/UK data

Safeguards implemented:

• ✅ Standard Contractual Clauses (SCC)
• ✅ Encryption in transit (TLS 1.3)
• ✅ Encryption at rest (AES-256)
• ✅ Access controls and monitoring
• ✅ Regular security audits

All US clients covered by comprehensive DPA:

• Data Processing Agreement
• Includes cross-border transfer provisions
• Details sub-processors and their locations
• Specifies security measures

For clients requiring US data residency:

• AWS US-East (Virginia)
• AWS US-West (California/Oregon)
• Google Cloud US regions
• Premium pricing may apply

Benefits:

• Data remains in United States
• Lower latency for US users
• Compliance with certain regulations

How to request:

• Specify during project planning
• May require infrastructure cost adjustment
• Available for all service levels

Every email must:

• ✅ Include accurate “From” and “To” information
• ✅ Include accurate subject line (no deception)
• ✅ Identify message as an advertisement (if applicable)
• ✅ Include valid physical postal address
• ✅ Provide clear opt-out mechanism
• ✅ Honor opt-out requests within 10 business days

We commit to:

• No purchased email lists
• Only emailing those who consented
• Clear unsubscribe link in every email
• Immediate opt-out processing (within 24 hours)
• Separate lists for different email types

Multiple methods:

• Click “Unsubscribe” link in any email
• Email: unsubscribe@initiumx.dev
• Account settings (for registered users)
• Reply “STOP” to marketing emails

Timeline:

• Opt-out honored within 24 hours
• No further marketing emails
• Transactional emails may continue (order confirmations, service updates)

InitiumX respects copyright:

• Does not host infringing content knowingly
• Responds to valid DMCA takedown notices
• Maintains DMCA safe harbor compliance

If you believe your copyright is infringed:

Send notice to: dmca@initiumx.dev

Must include:

1. Your signature (physical or electronic)
2. Identification of copyrighted work
3. Identification of infringing material and location
4. Your contact information
5. Statement of good faith belief
6. Statement of accuracy under penalty of perjury
7. Statement of authority to act

Response timeline:

• Acknowledgment: 24-48 hours
• Action: 5-7 business days
• Counter-notice period: 10-14 days

If your content was removed:

• Send counter-notice to dmca@initiumx.dev
• Must include identification, contact, good faith statement
• Content may be restored in 10-14 business days
• Unless copyright owner files lawsuit

Trademark considerations:

• InitiumX respects registered US trademarks
• Clients must ensure they have rights to trademarks used
• No development of infringing trademark applications

Disputes:

• Cease and desist process
• Trademark clearance required for sensitive projects
• Legal consultation available

E-SIGN Act (2000) compliance:

• Electronic signatures are legally binding
• Digital contracts have same validity as paper
• Consent to electronic records documented
• Right to paper copies available upon request

US-specific provisions:

• English language controls
• Dollar amounts in USD
• Choice of law and venue clauses
• Arbitration agreements (when applicable)

Protections against:

• Deceptive advertising
• Unfair business practices
• False claims about services
• Bait-and-switch tactics

InitiumX Commitments:

• Transparent pricing
• Accurate service descriptions
• No hidden fees
• Clear terms and conditions

For software as goods:

• Warranties as described in contracts
• Limitation of implied warranties (when permitted)
• Limitation of liability provisions

See also:

• Terms of Service
• Warranties
• Refund Policy

For US clients:

• Credit/Debit cards (Visa, MasterCard, Amex, Discover)
• ACH bank transfers
• Wire transfers
• PayPal
• Check (for amounts > $5,000)

PCI DSS Compliance:

• We do not store credit card information
• Payment processed via Stripe (PCI Level 1)
• Tokenization for recurring payments
• Secure transmission (TLS 1.3)

Current policy:

• InitiumX does not collect US state sales tax
• Services performed internationally
• No physical presence in US states

Client responsibility:

• Clients may owe use tax in their state
• Consult with tax advisor
• InitiumX provides invoices for tax reporting

If nexus is established:

• Will notify affected clients
• Sales tax collection may begin
• 30 days notice before implementation

For US businesses:

• May request W-9 for their records
• InitiumX provides upon request
• International company - EIN not applicable
• Foreign entity classification

US clients’ obligations:

• May need to report payments > $600/year
• Classify as payments to foreign contractor
• Use InitiumX foreign address
• Consult tax advisor for specific requirements

All 50 states have data breach laws:

• Notification requirements vary by state
• InitiumX complies with strictest standards
• California standard typically used as baseline

By state (examples):

• California: Most expedient time possible, no unreasonable delay
• Florida: 30 days of determination
• New York: Most expedient time possible
• Texas: Without unreasonable delay

InitiumX standard:

• Notification within 72 hours of confirmation
• Exceeds most state requirements
• Email and postal mail (when addresses available)

What we disclose:

• Date of breach discovery
• Type of information compromised
• Steps taken to secure data
• Contact information for questions
• Resources for identity protection
• Steps individuals should take

For significant breaches:

• May offer free credit monitoring
• Identity theft protection services
• Dedicated support line
• Regular updates on investigation

Web accessibility standards:

• WCAG 2.1 Level AA target compliance
• Screen reader compatibility
• Keyboard navigation support
• Color contrast requirements
• Alt text for images

For federal contractors:

• Enhanced accessibility requirements
• VPAT (Voluntary Product Accessibility Template) available
• Regular accessibility audits
• Remediation of issues

Standard implementations:

• Semantic HTML structure
• ARIA labels where appropriate
• Focus indicators
• Resizable text
• Alternative text for non-text content

Request accommodations:

• Email: accessibility@initiumx.dev
• Alternative formats provided upon request
• Accessibility statement available

Standard provision:

• Honduras law governs contract interpretation
• US federal law for IP and certain protections
• State law for state-specific requirements

Hierarchy:

1. Negotiation: Good faith attempt (30 days)
2. Mediation: Neutral third party (60 days)
3. Arbitration: Binding arbitration (preferred)
4. Litigation: Honduras courts or mutually agreed US venue

For disputes > $25,000:

• Binding arbitration under AAA rules
• One arbitrator unless parties agree otherwise
• Location: Virtual or mutually agreed
• Language: English
• Costs shared unless otherwise determined

Exceptions to arbitration:

• Small claims court matters
• IP injunctive relief
• Emergency remedies

Individual disputes only:

• No class actions
• No class arbitrations
• No representative actions
• Individual arbitration only

Opt-out rights:

• 30 days to opt-out of arbitration clause
• Written notice to legal@initiumx.dev
• Still bound by other contract terms

If client operates in healthcare:

• Business Associate Agreement (BAA) required
• HIPAA-compliant infrastructure available
• Additional security measures
• Higher service tier pricing
• PHI handling protocols

Contact for HIPAA projects:

• Email: healthcare@initiumx.dev
• Separate BAA execution required
• Compliance audit provided

For educational institutions:

• Student data protection measures
• FERPA compliance protocols
• Limited access to education records
• Parent/student rights respected

For financial institutions:

• Gramm-Leach-Bliley Act compliance
• Safeguards Rule adherence
• Privacy Notice requirements
• Information security program

Available for enterprise clients:

• SOC 2 Type II report (in progress)
• ISO 27001 certification (planned)
• Custom compliance certifications
• Third-party audit facilitation

• Email: usa@initiumx.dev
• Phone: +504 3253-6271 (WhatsApp enabled)
• Hours: Monday-Friday, 7:00 AM - 4:00 PM CST
• Time Zone: Central Standard Time (Honduras = US Central)

• Email: legal@initiumx.dev
• For: Contract questions, disputes, legal compliance

• Email: privacy@initiumx.dev
• For: Privacy rights, CCPA requests, data questions

• Email: dmca@initiumx.dev
• For: Copyright infringement claims only

US clients should review:

• General Terms of Service
• Privacy Policy
• Data Processing Agreement
• Cookie Policy
• Service Agreement

• FTC: www.ftc.gov
• California AG (CCPA): oag.ca.gov/privacy/ccpa
• USPTO: www.uspto.gov
• Copyright Office: www.copyright.gov

• Better Business Bureau: www.bbb.org
• US Chamber of Commerce: www.uschamber.com

Review schedule:

• Quarterly: State law changes
• Annually: Comprehensive review
• As needed: Federal law changes

Notification:

• Email to US clients (30 days advance)
• Website publication
• Opt-out rights for material changes

Last Updated: October 1, 2025 Version: 1.0 Next Review: January 2026

US Client Support: usa@initiumx.dev | +504 3253-6271