Introduction and Purpose

This Privacy Policy describes how Intsurfing LLC processes Personal Data in connection with the provision of its API services, the operation of its user platform available at https://www.platform.api.intsurfing.com/login, and the limited operation of its informational website available at https://www.api.intsurfing.com/.

The primary purpose of this Privacy Policy is to ensure transparency regarding the categories of Personal Data processed by the Company, the sources and purposes of such processing, the applicable legal bases, a[^1]nd the safeguards implemented to protect Personal Data in the context of the Company’s API-based data services.

The Company provides B2B API services that enable authorized clients to access datasets derived from publicly available records, as well as data processing services. Personal Data processed in connection with the API services is handled for lawful business purposes, including compliance, risk assessment, and other legitimate professional use cases, based on the Company’s legitimate interest pursuant to Article 6(1)(f) of Regulation (EU) 2016/679 (GDPR), as well as applicable laws of the United States and Ukraine.

User registration, account management, and access to the Company’s API services are carried out through the Company’s platform available at https://www.platform.api.intsurfing.com/login. In this context, the Company processes Personal Data of registered platform users, including identification and contact information, for the purposes of account administration, access control, usage monitoring, and the performance of contractual obligations owed to API clients.

The Company’s website https://www.api.intsurfing.com is used solely for informational and business communication purposes. The Website does not provide direct access to the API services or datasets and does not require user registration. Personal Data processed through the Website is limited to information voluntarily submitted by users via contact forms, as well as technical data necessary to ensure the security and proper functioning of the Website.

This Privacy Policy applies to the processing of Personal Data in connection with the Company’s API services, user Platform, and Website, unless separate contractual documents, data processing agreements, or dedicated privacy notices applicable to API clients expressly govern specific processing activities.

DEFINITIONS

For the purposes of this Privacy Policy, the terms defined below are used with the meanings set out in this section. These definitions are provided to ensure consistent interpretation of this Privacy Policy and its application in the context of applicable data protection and privacy regulations.

1. “Personal Data” refers to any information that relates to a natural person who can be identified, either directly or indirectly, by reference to such information. Such information may include, for example, contact details, professional identifiers, technical identifiers (such as IP addresses), or other data elements that, on their own or in combination, make it possible to identify a person.

2. “Data Subject” means an individual to whom Personal Data relates and whose information is processed by the Company in connection with interactions with the Website.

3. “Processing” encompasses any form of handling or use of Personal Data, whether carried out by automated means or otherwise. This includes, among other actions, the collection, recording, organization, storage, modification, consultation, transmission, restriction, deletion, or destruction of such data.

4. “Applicable Data Protection Laws” means all statutes, regulations, and legally binding requirements governing the protection of Personal Data that are relevant to the Company’s activities. Depending on the geographic location of the User or the nature of the interaction, this may include Regulation (EU) 2016/679 (GDPR), the California Consumer Privacy Act and California Privacy Rights Act (CCPA/CPRA), the Children’s Online Privacy Protection Act (COPPA), and the Law of Ukraine “On Personal Data Protection”.

5. “User” refers to any person who accesses, browses, or communicates with the Company through the Website. Users may act in their own capacity or as authorized representatives of legal entities, corporate clients, or other organizations.

6. “Website” means the online resource operated by the Company and available at https://www.api.intsurfing.com, together with its subdomains, pages, and technical features provided within this domain.

7. “Platform” means the Company’s online environment available at https://www.platform.api.intsurfing.com/login through which registered users create accounts, manage billing information, and access the Company’s API services.

8. “Cookies” are small data files placed on a User’s device by the Website for purposes such as maintaining functionality, recognizing repeat visits, or collecting aggregated usage information. Cookie behavior and availability may vary depending on the User’s browser or device settings.

9. “Third-Party Services” means external services, platforms, or technical solutions that are integrated into the operation of the Website or support its functionality. Such services may include analytics tools, hosting providers, communication systems, or email infrastructure, each operating under its own applicable terms and privacy policies.

10. “Controller” denotes the entity that determines the purposes and essential means of Processing Personal Data under this Policy, namely Intsurfing LLC.

11. “Data Protection Officer (DPO)” means the individual appointed, formally or by functional designation, to oversee compliance with Applicable Data Protection Laws, to coordinate responses to Data Subject requests, and to act as a contact point for competent supervisory authorities.

CATEGORIES OF PERSONAL DATA WE PROCESS

1. General Principle of Data Minimization. The Company limits the processing of Personal Data to what is objectively necessary for the operation of the Website and the Platform, the provision of API services, and the handling of inquiries or communications initiated by Users. The scope and nature of the data processed depend on how a User interacts with the Website, the Platform, or the API services.

2. Information Voluntarily Provided by Users. When a User chooses to contact the Company through the Website, including by submitting an inquiry or request for information, the User may voluntarily provide certain Personal Data. This may include identification and contact details (such as name, email address, and telephone number), professional or organizational information (for example, job title or the name of the organization represented), as well as the substantive content of the inquiry itself.

3. Optional Nature of User Submissions. The provision of such information is voluntary. However, without the relevant information, the Company may be unable to properly review the inquiry or provide a meaningful response. Any Personal Data submitted by Users is processed solely for the purpose for which it was provided and is not repurposed for unrelated activities.

4. Technical and Usage-Related Information. When the Website is accessed, certain technical information may be generated automatically through standard web technologies or through integrated Third-Party Services. This information may include IP addresses, browser and device characteristics, operating system data, timestamps of access, referral information, and session-related identifiers. Such information is processed in aggregated or technical form and is not intended to identify individual Users on its own.

5. Account and Registration Information. When a User creates an account on the Platform, the Company processes Personal Data necessary for account administration and service provision. This may include name, email address, billing address, optional telephone number, and account credentials.

6. Public Records and Dataset Information. Through its API services, the Company processes Personal Data contained in publicly available sources in the United States. Such data may include names, dates of birth, offense-related information, case identifiers, and other information lawfully disclosed under applicable public records laws. The Company does not collect data from private, restricted, or unlawfully obtained sources.

7. Client-Submitted Data for Processing. In connection with its data processing API services, the Company may process Personal Data submitted by clients for the purpose of data parsing, standardization, validation, or related transformation activities. The Company acts as a service provider and processes such data solely on documented instructions from the client and does not use it for independent purposes.

8. Data Categories Not Processed. The Company does not seek to collect or intentionally process special categories of personal data as defined under applicable data protection laws, including data relating to racial or ethnic origin, political or religious beliefs, health or medical conditions, biometric or genetic data, sexual orientation, or trade union membership. If such information is submitted without request or necessity, it is not used and is deleted or anonymized in accordance with internal data handling procedures.

PURPOSE OF PROCESSING PERSONAL DATA

1. The Company processes Personal Data in connection with the operation of the Website and the Platform, the provision of API services, and interactions initiated by Users. All processing activities are aligned with the functional role of the Website as an informational interface and the Platform as a secure service environment.

2. Account Administration and Service Provision. Personal Data provided during account registration and use of the Platform is processed for the purpose of creating and maintaining user accounts, authenticating Users, managing billing and subscription status, enabling access to API services, and providing customer support.

3. User Communications. Personal Data provided by Users in the course of submitting inquiries or other communications through the Website, Platform, or related contact channels is processed exclusively for the purpose of reviewing, responding to, and handling the specific request. Such data is not used for unrelated purposes and is retained only for the period reasonably necessary to address the relevant communication.

4. Website and Platform Operation, Stability, and Security. Certain technical and usage-related information is processed to ensure the proper operation, security, and stability of the Website and Platform. This includes processing activities related to system administration, performance monitoring, troubleshooting, and the prevention of unauthorized access, misuse, or interference with the Website’s or Platform's technical infrastructure.

5. Aggregated Analytics and Performance Assessment. The Company may process aggregated and de-identified information to assess how the Website is accessed and used. Such information is used exclusively to maintain, secure, and improve the technical performance and reliability of the Website and does not enable the identification of individual Users.

6. Legal Compliance and Legitimate Interests. In limited circumstances, Personal Data may be processed where this is necessary to comply with applicable legal obligations or to respond to lawful requests from competent authorities. Where permitted by law, Personal Data may also be processed to protect the Company’s legitimate interests, including safeguarding its systems, ensuring service integrity, and preventing misuse of the Website or Platform. The Company does not process Personal Data for advertising, marketing, profiling, or cross-context behavioral tracking purposes and does not engage in automated decision-making that produces legal or similarly significant effects for Users.

7. Data Retention and Storage Limitation. Personal Data is retained for periods aligned with the purposes for which it was collected, including responding to communications, maintaining technical security, or meeting applicable legal obligations. Where Personal Data is no longer required for these purposes, it is deleted or anonymized in accordance with the Company’s internal data handling procedures. Retention periods may vary depending on the nature of the data involved and applicable legal requirements.

LEGAL BASIS FOR PROCESSING PERSONAL DATA

1. The processing of Personal Data by the Company is carried out on a lawful ground recognized under applicable data protection and privacy legislation. The legal ground relied upon is determined by the manner in which a User interacts with the Website or Platform, the type of information involved, and the regulatory framework relevant to the User’s jurisdiction.

2. In structuring its data processing activities, the Company takes into account the requirements of Regulation (EU) 2016/679 (General Data Protection Regulation (GDPR) for Users located in the European Economic Area, applicable privacy laws of the United States, including the California Consumer Privacy Act and the California Privacy Rights Act (CCPA/CPRA), as well as the Law of Ukraine “On Personal Data Protection”, where such legal frameworks are relevant to the processing in question.

3. Legal basis. The main legal basis for processing personal data contained in public registers and datasets is the Company's legitimate interest in accordance with Article 6(1)(f) of the GDPR, in particular for the purpose of providing legitimate data access services, supporting compliance and analysing risks for API Clients.

4. User Consent. When a User chooses to submit information through contact forms or other communication channels available on the Website, the processing of such information is based on the User’s deliberate act of providing it. This ground applies in connection with the specific inquiry or communication submitted and does not extend beyond it. A User may revoke consent at any time in accordance with applicable legal requirements.

5. Legitimate Interests. Technical and usage-related information may be processed in connection with the Company’s operational interests, such as maintaining the functionality and security of the Website and Platform, protecting its technical environment, and addressing attempts at misuse or unauthorized access. In these cases, the Company evaluates the context of processing, the nature of the information involved, and the interests of Users, and implements measures intended to ensure that individual rights are not adversely affected.

6. Legal Obligations. Certain processing activities may arise from duties imposed by law. This includes situations where information must be retained, disclosed, or otherwise handled in response to binding requests from public authorities or to meet statutory compliance and record-keeping requirements.

7. United States Privacy Considerations. With respect to Users subject to United States privacy regimes, including residents of California, the Company does not transfer Personal Data for consideration and does not operate practices associated with cross-context behavioral advertising. Information is handled in connection with technical operation, communications initiated by the User, and related administrative functions, in line with applicable U.S. privacy standards.

8. Sensitive Data and Automated Processing. The Company does not seek to handle sensitive categories of personal data and does not apply automated decision-making or profiling mechanisms that would produce legal or comparable effects for Users. Where information of this nature is submitted unintentionally or without relevance, it is excluded from further use and addressed through the Company’s internal data protection procedures.\

COOKIES AND TRACKING TECHNOLOGIES

1. The Company does not use cookies, tracking pixels, web beacons, analytics tools, or similar tracking technologies on the Website and Platform. The Website and Platform do not deploy any functional, analytical, or advertising cookies, does not collect behavioral or usage data, and does not track Users across browsing sessions or third-party resources.

2. The Company may integrate third-party analytics or monitoring services, including Google Analytics, Serpstat, or similar tools, in connection with the operation of the Website. Any limited technical information that may be automatically processed at the infrastructure level, such as server logs, is used solely to ensure security, operational stability, and error prevention and is not intended to identify Users or analyze their behavior.

3. If cookies or tracking technologies are introduced on the Website or Platform in the future, this Privacy Policy will be updated accordingly, and Users will be informed in advance where required by applicable law.

DISCLOSURE OF PERSONAL DATA TO THIRD PARTIES

1. General Approach. The Company’s handling of Personal Data does not include its commercialization or distribution for third-party exploitation. Information is shared externally only in connection with the technical operation of the Website, Platform, or where disclosure is required under applicable law.

   Any transfer of Personal Data is carried out in a controlled manner and is confined to what is relevant for the specific purpose involved. Measures are taken to preserve confidentiality, integrity, and security throughout the period during which the data remains accessible to a recipient.

   Personal Data contained in public datasets is retained in accordance with the availability of the underlying public records, contractual requirements, and applicable legal obligations, and is not retained longer than necessary for the purposes of the API services.

2. Recipients Involved in Website Operations. To maintain and support the Website, the Company works with selected external service providers responsible for hosting, analytics, security, and communication infrastructure. This may involve making limited categories of Personal Data available to providers such as analytics services (including Google Analytics and Serpstat), hosting environments, or email and security solution providers.

   These parties act on the Company’s behalf and operate under contractual terms that address data protection, confidentiality, and information security requirements. Where applicable, such arrangements are documented through data processing agreements consistent with recognized regulatory frameworks.

3. Public Authorities and Legal Requests. Disclosure of Personal Data may occur where the Company is required to do so by law or in response to binding requests issued by courts, regulators, or law enforcement bodies. In such situations, the scope of disclosure is determined by the legal obligation at hand and is limited to the information that must be provided.

4. Corporate Changes and Transactions. In the context of corporate developments such as a reorganization, acquisition, merger, or transfer of assets Personal Data may form part of the information transferred. Where this occurs, the recipient is expected to adhere to data protection standards aligned with those reflected in this Privacy Policy and to implement safeguards offering comparable protection.

5. Safeguards and Ongoing Control. The Company applies data minimization principles to all external disclosures and limits access to Personal Data based on functional necessity. Before sharing information, the Company reviews the recipient’s data handling practices and confirms that appropriate contractual, technical, and organizational measures are in place.

   Responsibility for determining the purposes and core parameters of processing remains with the Company, and recipients are not authorized to use Personal Data for activities unrelated to the services they provide.

CROSS-BORDER TRANSFERS OF PERSONAL DATA

1. The Company’s technical setup and operational structure may require Personal Data to be accessed or handled outside the country in which it was originally collected. This may occur, for example, in connection with hosting environments, security services, administrative support, or other functions related to the operation and protection of the Website or Platform.

2. When information is handled across national borders, the Company takes steps to ensure that the level of protection applied to such data remains consistent with applicable data protection requirements. International data flows are not part of the Company’s routine activities and occur only in connection with clearly identified operational or legal needs.

3. For data originating from the European Economic Area, transfers are carried out using mechanisms recognized under Regulation (EU) 2016/679 (GDPR). Depending on the circumstances, this may involve the use of Standard Contractual Clauses adopted by the European Commission or other transfer tools permitted under Articles 44 - 49 of the GDPR.

4. In situations where Personal Data is accessed or processed in jurisdictions governed by United States law, the Company organizes such access in line with relevant state and federal privacy requirements. Measures are taken to address potential risks associated with cross-border access, taking into account the nature of the information involved and the purpose for which access is required.

5. Any cross-border handling of Personal Data is limited to what is relevant for the specific activity involved and is supported by contractual arrangements, technical safeguards, and internal controls. Parties located outside the original jurisdiction are expected to observe data protection standards compatible with applicable law and with the principles reflected in this Privacy Policy.

USER RIGHTS

1. Individuals whose Personal Data is handled by the Company may exercise certain rights granted under applicable data protection and privacy legislation. The availability and scope of these rights depend on the User’s place of residence and the legal framework governing the relevant processing activities.

2. Rights of Users in the European Economic Area. Users located in the European Economic Area are entitled to the rights provided under Regulation (EU) 2016/679 (General Data Protection Regulation). These include the ability to confirm whether Personal Data relating to them is being processed and to obtain access to such information, to request correction of inaccurate or incomplete data, and to seek deletion of Personal Data in situations provided by law.

   Depending on the circumstances, Users may also request restrictions on how their information is handled, receive certain categories of data in a portable format, or object to processing based on legitimate interests. Where processing relies on consent, consent may be withdrawn at any time without affecting prior lawful use. Users also retain the right to raise concerns with a competent supervisory authority.

3. Rights under United States Privacy Laws. For Users subject to United States privacy regimes, including residents of California, the Company observes the rights set out in the California Consumer Privacy Act and the California Privacy Rights Act. These rights allow Users to obtain information about the categories of Personal Data collected and the purposes for which it is used, to request access to or deletion of Personal Data held by the Company, and to seek correction of inaccurate information.

   Where applicable, Users may also exercise the right to opt out of the sale or sharing of Personal Data. The Company does not sell Personal Data and does not share it for cross-context behavioral advertising within the meaning of the CCPA/CPRA.

4. Rights under the Law of Ukraine “On Personal Data Protection”. Users whose Personal Data is processed under the jurisdiction of Ukraine are entitled to the protections afforded by the Law of Ukraine “On Personal Data Protection”. These include the ability to obtain information about the sources, location, and purpose of processing, to access Personal Data held by the Company, to request correction or deletion of data processed unlawfully or inaccurately, and to object to processing in cases предусмотренных законом, along with other rights provided under Article 8 of the Law.

5. Exercising User Rights. Requests relating to the exercise of data protection rights may be submitted using the contact details provided in this Privacy Policy. To prevent unauthorized disclosure and protect Personal Data, the Company may request information reasonably necessary to confirm the identity of the requester.

   Requests are reviewed and addressed within the time periods established by applicable law. Where a request cannot be fully satisfied due to legal, regulatory, or technical constraints, the Company will provide an explanation consistent with statutory requirements.

EXERCISING DATA SUBJECT RIGHTS AND CONTACT DETAILS

1. Requests relating to the exercise of rights described in this Privacy Policy or under applicable data protection laws may be submitted by contacting the Company through the communication details set out below.

2. Responsibility for handling data protection matters within the Company is assigned to a designated data protection contact. This role is responsible for coordinating responses to data subject requests, ensuring internal consistency in the handling of such matters, and serving as a point of contact with supervisory authorities where required under applicable law.

   The Company has not appointed a Data Protection Officer within the meaning of Article 37 of Regulation (EU) 2016/679, as such appointment is not mandatory in light of the nature and scope of the Company’s data processing activities.

3. In order to protect Personal Data from unauthorized disclosure, the Company may ask for information necessary to confirm the identity of the person submitting a request. Any such verification is limited in scope and applied only to the extent required to ensure that information is disclosed to the appropriate individual.

4. Requests are assessed and addressed in accordance with statutory response periods. As a general rule, responses are provided within thirty (30) calendar days from receipt. Where a request involves multiple records or requires additional review, the response period may be extended in line with legal requirements, and the requester will be informed accordingly.

5. Questions, requests, or complaints concerning the processing of Personal Data may be directed to the Company’s data protection contact using the following details:

   Data Protection Contact:
   Email: contact@intsurfing.com

DATA SECURITY MEASURES

1. The Company applies technical and organizational measures intended to protect Personal Data from unauthorized access, loss, alteration, or disclosure. Information security is treated as part of the Company’s day-to-day operations and is shaped by the characteristics of the Website, Platform, and the limited categories of data processed through it.

2. Personal Data is handled within controlled technical environments where access is restricted based on functional necessity. Only personnel whose responsibilities require such access are permitted to handle Personal Data, and they remain bound by confidentiality and data protection obligations.

3. Information transmitted via the Website and Platform is protected through encryption methods aligned with commonly accepted security practices, including the use of Transport Layer Security (TLS). In addition, the Company relies on a combination of operational safeguards such as access logging, network supervision, firewall controls, and vulnerability management to reduce exposure to unauthorized activity or technical disruption.

4. Security practices and internal procedures are revisited as part of the Company’s ongoing operational oversight. Adjustments may be introduced to reflect changes in technical infrastructure, regulatory expectations, or identified risk factors, with attention given to the nature of the information involved and the potential consequences of a security incident.

5. Where an incident involving Personal Data occurs and presents a material risk to individuals, the Company undertakes an assessment and responds with appropriate remedial measures. Notifications to affected individuals or supervisory authorities are made where required under applicable data protection laws and in line with statutory obligations.

AUTOMATED DECISION-MAKING AND PROFILING

1. The Company’s use of Personal Data does not involve automated decision-making processes that determine outcomes producing legal or comparable effects for Users. Information handled through the Website and related technical interfaces is not applied to automated scoring, predictive analysis, behavioral classification, or similar evaluative models.

2. Communications submitted through the Website and requests received via its contact channels are reviewed and addressed by Company personnel. While automated tools may be used to support technical operations, administrative workflows, or security monitoring, they do not determine responses or outcomes that affect Users without human involvement.

3. The Company does not rely on algorithmic systems to assess individuals, draw conclusions about their behavior, or generate decisions that would materially impact their rights or interests. Automated functionality, where present, serves an auxiliary role and does not substitute human judgment in interactions with Users.

4. Should the Company at any point introduce processing activities that involve automated decision-making or profiling, such activities would be implemented in line with applicable data protection requirements. This would include providing clear notice, maintaining transparency around the processing logic, applying appropriate safeguards, and ensuring human oversight where required by law.

CHILDREN’S DATA POLICY

1. The Company takes into account the enhanced legal protections applicable to Personal Data relating to children and structures its data handling practices accordingly. Relevant requirements include, where applicable, the Children’s Online Privacy Protection Act (COPPA) in the United States, Article 8 of Regulation (EU) 2016/679 (GDPR), and the Law of Ukraine “On Personal Data Protection”.

2. The Website and Platform are intended for general informational and technical use. They are not structured or presented as services aimed at children and are not intended to attract or engage individuals below the minimum age established by applicable law. The Company’s services are designed for use by adults and professional users.

3. The Company does not intentionally seek to collect or process Personal Data relating to children. Its technical architecture is not designed to solicit, encourage, or facilitate the submission of information relating to minors, nor to identify, monitor, or profile individuals below the applicable age threshold.

4. Where the Company becomes aware that Personal Data relating to a child has been provided without appropriate and verifiable consent from a parent or legal guardian, such information is addressed in accordance with internal data handling procedures. This may include deletion or anonymization, taking into account the nature of the data and applicable legal requirements.

5. Users are expected to refrain from submitting Personal Data relating to third parties, including minors, through the Website, API, or related communication channels. Where such information is provided, responsibility for ensuring the existence of all required legal grounds and consents rests with the individual submitting the data.

GOVERNING LAW, JURISDICTION, AND DISPUTE RESOLUTION

1. This Privacy Policy is interpreted in accordance with the laws of Ukraine, reflecting the jurisdiction in which the Company is established and conducts its primary operations.

2. At the same time, the application of Ukrainian law does not override mandatory data protection or consumer protection rules that may apply based on a User’s place of residence. Nothing in this Privacy Policy is intended to limit or interfere with rights granted under applicable data protection frameworks, including Regulation (EU) 2016/679 (GDPR), relevant United States privacy legislation, or other mandatory statutory protections where they apply by operation of law.

3. Amicable Resolution. The Company encourages Users to raise questions or concerns relating to this Privacy Policy or the handling of Personal Data through direct communication. An attempt to resolve matters through dialogue may be made by contacting the Company using the data protection contact details provided in this Policy.

4. Jurisdiction and Formal Proceedings. Where a matter cannot be resolved through communication within a reasonable period, the handling of disputes follows the principles outlined below:

   1. for Users located in Ukraine, disputes may be brought before the competent courts of Ukraine in accordance with applicable procedural rules;

   2. for Users located in the European Union or the United States, jurisdiction and venue are determined by mandatory legal provisions applicable in the User’s jurisdiction, including rules governing access to courts and regulatory authorities;

   3. where permitted by law and agreed by the parties, alternative means of dispute resolution such as mediation or arbitration administered by a recognized institution, may be used.

5. This section does not affect the right of any individual to lodge a complaint with a competent data protection supervisory authority or other regulatory body where such right is provided by law.

FORCE MAJEURE

1. Circumstances may arise that disrupt the Company’s ability to carry out certain operational or procedural aspects of this Privacy Policy. Such situations can result from events outside the Company’s control, including armed conflict, natural disasters, widespread disruptions of telecommunications or internet infrastructure, significant cybersecurity incidents, governmental actions, or other extraordinary conditions affecting the operation of the Website or related technical systems.

2. Where such events occur, the handling of affected processes may be delayed or adjusted for the period during which normal operations are materially impacted. This section does not affect obligations that continue to apply under mandatory data protection laws, nor does it limit the rights of individuals where such rights remain enforceable under applicable legislation.

AMENDMENTS TO THIS PRIVACY POLICY

1. The Company may revise this Privacy Policy to reflect developments in applicable law, regulatory practice, technical arrangements, or internal processes relevant to the handling of Personal Data. An updated version of the Policy will be made available on the Website together with the date from which the revised text applies.

2. The version of the Privacy Policy published on the Website and Platform represents the current description of how Personal Data is handled in connection with the Company’s services. Users may review this information at any time to remain informed about applicable practices.

3. Where changes introduce a material impact on the rights of Users or significantly alter the way Personal Data is processed, the Company will provide additional notice appropriate to the nature of the update. Such notice may take the form of a clearly visible announcement on the Website and Platform or other communication measures intended to ensure transparency, where required under applicable law.

LEGAL DISCLAIMERS

1. This Privacy Policy is provided to explain how the Company approaches the handling of Personal Data in connection with the operation of the Website and related technical services. Its purpose is informational and transparency-oriented. Obligations arising under applicable data protection laws remain unaffected, while this Policy does not establish contractual, fiduciary, advisory, or professional duties between the Company and Users beyond those mandated by law.

2. In operating its services, the Company functions as a technical intermediary facilitating access to information that has been lawfully made available through public or authoritative sources. The Company does not create such information and does not assume responsibility for its accuracy, completeness, or ongoing relevance.

3. Information accessed through the Website or Platform is provided without evaluation of its legal significance or suitability for any particular use. The Company does not offer legal, financial, compliance, investigative, or similar professional services, and does not provide guidance or recommendations based on the information made available through its technical infrastructure.

4. Decisions regarding how information is interpreted or used, including any subsequent processing that may affect third parties, are made independently by Users. Responsibility for ensuring that such use complies with applicable laws, including data protection, privacy, employment, consumer protection, and anti-discrimination requirements, rests with the User.

5. Where the Website or Platform references or integrates third-party platforms, services, or data sources, such references are provided for technical or informational purposes. The Company does not direct or oversee the practices of those third parties and is not responsible for their content, availability, security measures, or data handling practices, except where responsibility arises under mandatory law or is expressly assumed through a binding agreement.

6. Nothing in this Privacy Policy is intended to limit rights that Users may hold under mandatory data protection or privacy legislation. If any provision of this Policy is found to be invalid or unenforceable by a competent authority, the remaining provisions continue to apply to the fullest extent permitted by law.

SCOPE AND APPLICABILITY OF THIS PRIVACY POLICY

1. This Privacy Policy applies to the processing of Personal Data in connection with the operation of the Website, related communication channels, and interactions initiated by Users through the Company’s services. It covers Personal Data provided directly by Users, collected through technical means associated with the functioning of the Website and Platform, or otherwise submitted in the course of communications initiated via the Website or its associated contact mechanisms.

2. This Privacy Policy does not apply to websites, platforms, or services operated by third parties that may be referenced or linked through the Website or Platform. The handling of Personal Data by such third parties is governed by their respective privacy policies and practices.

CONTACT INFORMATION

1. Users may contact the Company with questions, requests, or concerns relating to this Privacy Policy, the handling of Personal Data, or the exercise of data protection rights using the following details:

   Intsurfing LLC
   Website: https://www.api.intsurfing.com
   Privacy contact email: contact@intsurfing.com

2. To protect Personal Data and prevent unauthorized disclosure, the Company may request information necessary to confirm the identity of the individual submitting a request. Any such verification is limited to what is required for that purpose and applied in a proportionate manner.