Purpose

LEADx is committed to protecting the confidentiality, integrity, and availability of customer information. This Data Security Policy describes the administrative, technical, and operational safeguards used to protect information entrusted to LEADx.

This policy applies to LEADx products and services, including the LEADx Cloud platform and LEADx EQ assessments.

LEADx collects only the information necessary to provide services to customers and users.

LEADx Cloud Platform

For customers using the LEADx Cloud platform, information may include:

• Employee name and email address
• User profile information
• Assessment scores and results
• Learning activity and completion history
• Coaching interactions and chatbot conversations
• Development goals and action plans
• Survey responses and feedback
• User-generated comments and notes
• Platform usage and engagement data

This information is used solely to provide leadership development, coaching, learning, reporting, and related services.

LEADx EQ Assessments

For customers using LEADx EQ assessments, LEADx generally collects and stores only:

• Name
• Email address
• Assessment scores and results

LEADx limits data collection to information necessary to provide contracted services.

LEADx maintains administrative, technical, and physical safeguards designed to protect customer information from unauthorized access, disclosure, alteration, or destruction.

Security measures include:

• Encryption of data transmitted over public networks
• Secure cloud hosting infrastructure
• Role-based access controls
• Authentication and authorization controls
• Principle-of-least-privilege access management
• Activity logging and monitoring
• Security patching and software maintenance
• Vendor security reviews
• Incident response procedures

These safeguards are reviewed periodically and updated as appropriate to address evolving threats and business requirements.

Access to customer information is restricted to authorized personnel who require access to perform their job responsibilities.

LEADx follows the principle of least privilege, granting employees and contractors only the minimum access necessary to perform their assigned duties.

Individuals with access to customer information are expected to:

• Protect confidential information
• Follow security policies and procedures
• Use secure authentication practices
• Report suspected security incidents promptly

Access privileges are reviewed and adjusted as roles and responsibilities change.

LEADx utilizes trusted third-party providers to support the operation of its services.

Current providers include:

These providers are selected based on business, operational, and security considerations and are expected to maintain appropriate safeguards for protecting customer information.

LEADx may use artificial intelligence technologies to enhance leadership development, coaching, and learning experiences.

Customer information is used only to provide services requested by customers.

LEADx does not use customer data to train third-party AI models.

Any use of artificial intelligence technologies is subject to LEADx privacy, security, and confidentiality requirements.

LEADx retains customer information only for as long as necessary to:

• Provide services to customers
• Fulfill contractual obligations
• Maintain business records
• Comply with applicable legal requirements
• Resolve disputes and enforce agreements

When a user account is deleted, associated data may be retained for up to thirty (30) days to support recovery requests, operational continuity, and system integrity.

Following this retention period, data is deleted or anonymized in accordance with LEADx data management practices.

LEADx maintains procedures for identifying, investigating, containing, and responding to security incidents.

If LEADx determines that a security incident has affected customer information, affected customers will be notified as required by applicable law and contractual obligations.

Customers play an important role in protecting information within their organizations.

Customers are responsible for:

• Maintaining the confidentiality of account credentials
• Managing user access appropriately
• Promptly notifying LEADx of unauthorized access or suspected security issues
• Complying with applicable laws and regulations regarding their use of the platform

LEADx may update this Data Security Policy from time to time to reflect changes in technology, business operations, legal requirements, or security practices.

Material changes will be reflected by updating the “Last Updated” date at the top of this policy.

Additional information regarding LEADx privacy and legal practices can be found in the following documents:

• Privacy Policy
• Terms of Service
• Access Control Policy

Questions regarding security, privacy, or data protection may be directed to:

support@leadx.org

LEADx, Inc.