Privacy Policy for Keppy

Effective Date: June 4, 2026

Operating Entity: 10X Immersive Inc.

​

1. Corporate Scope and Introduction

10X Immersive Inc. ("the Company," "we," "our," or "us") operates the Keppy suite of Android software applications, which serve as integrated client-access portals for the enterprise Keppy system. While our software is deployed within enterprise and clinical settings, individual authorized users access the system directly via their personal or organization-issued devices.

​

This Privacy Policy serves as our formal, unified declaration regarding the regulatory protocols, data collection parameters, utilization methodologies, communication practices, and secure disclosure standards governing all personal data processed through our software and related enterprise services.

​

By downloading, installing, accessing, or utilizing any Keppy application, you acknowledge and consent to the data practices described in this policy. We do not sell, lease, or distribute your personal data to unauthorized third parties.

​

2. Information We Collect

2a.

Account and Identity Information

User accounts are provisioned through enterprise administrators or directly upon verified registration. To maintain secure connection sessions and administrative auditing, we may collect:

• First and Last Name

• Professional or organizational email address

• Phone number (if provided for verified communications)

• Job title and organizational affiliation

• Enterprise authentication tokens and session identifiers

2b.

Log Data and Diagnostic Metrics

In the event of an application error, crash, or performance anomaly, the software automatically transmits technical diagnostic data ("Log Data") to optimize stability. This technical information may include:

• Internet Protocol (IP) address

• Device manufacturer, model, and hardware specifications

• Operating system architecture, version, and configuration

• Application state and configuration parameters at the time of the anomaly

• Timestamps, session durations, and performance statistics

2c.

Usage Data

We may collect non-identifiable information regarding how you interact with Keppy applications, including feature usage frequency, session lengths, and interaction patterns. This data is processed strictly in an anonymized, aggregated form to improve the overall application experience.

 

3. Direct Communication and SMS Consent

3a.

Consent to Receive Communications

When you provide your mobile phone number within a Keppy application or during account registration, and you affirmatively opt in to communications, 10X Immersive Inc. may send you text messages to that verified number. These communications may encompass:

• Service Notifications: Account updates, system status alerts, and feature notifications.

• Transactional Messages: Account activity confirmations and critical security alerts.

• Product Updates: System updates and important service changes.

Message frequency varies based on system utilization. Standard message and data rates from your mobile carrier may apply.

3b.

Opt-In and Opt-Out Protocols

Consent to receive communications is obtained through a clear, affirmative opt-in mechanism and is not a prerequisite for utilizing Keppy software. You may withdraw your consent and opt out of text communications at any target time by:

• Replying STOP to any text message received from us.

• Adjusting notification preferences within your account settings.

• Contacting us directly at support@10ximmersive.com.

After opting out, you will receive a single confirmation message. No further communications will be transmitted unless you explicitly re-consent. Phone numbers collected for verification or communication purposes are stored securely and are never sold or shared with third parties for independent marketing objectives.

 

4. Technical Identifiers and Device Storage

Keppy applications do not utilize persistent, browser-style tracking cookies. However, our software may utilize anonymous unique device identifiers through integrated core libraries and software development kits (SDKs) to optimize data streaming performance and evaluate system latency.

Users retain the capability to manage device-level permissions and restrict tracking identifiers via their host operating system's privacy settings. Restricting these technical identifiers may limit certain optimized segments or features of the enterprise service.

 

5. Third-Party Service Providers and Data Processors

The Company engages vetted third-party service providers and technical infrastructure partners to support the delivery, security, and reliability of our enterprise services. These providers process limited data metrics on our behalf strictly for the following mandates:

• Cloud infrastructure hosting, data transmission, and secure storage

• Application stability monitoring and automated crash diagnostics

• Automated infrastructure communication delivery services

• System telemetry and system performance analytics

All third-party data processors operate under comprehensive data processing agreements (DPAs) and are legally and contractually prohibited from disclosing, repurposing, or utilizing your data for any objective beyond their explicitly contracted service. Current infrastructure operations are hosted within the United States. A formal list of sub-processors is available upon request by contacting support@10ximmersive.com.

 

6. Data Retention, Storage Location, and Deletion

6a.

Data Retention Matrix

The Company retains personal data and technical metrics only for the duration necessary to satisfy active enterprise contractual commitments, ensure network security, or comply with statutory legal frameworks. Our standard data retention schedules are defined as follows:

Data TypeRetention Period

 

• Account Identity Data (Name, corporate email address), Active enterprise account lifecycle + 12 months post-termination

• Communication Identifiers (Verified phone numbers), until an explicit opt-out request is fulfilled + 90 days, or account deletion

• Log and Diagnostic Data (Error logs, crash reports),90 days from the initial data collection timestamp

• Usage & Session Analytics (Aggregated software metrics), 24 months stored exclusively in an anonymized, aggregated form

• Security & Authentication Logs (Access tokens, audit logs), 12 months, or as dictated by governing statutory mandates

6b.

Storage and Security Safeguards

All data processed within the Keppy system is stored on secure cloud servers located within the United States. We utilize industry-standard infrastructure equipped with strict physical, administrative, and technical safeguards, including comprehensive data encryption at rest and in transit.

6c.

Data Erasure Protocol

All authorized users—whether individual practitioners, staff, or enterprise system administrators—possess the absolute right to request the permanent deletion of their personal data from our active databases.

Because Keppy applications operate through secure enterprise provisioning, individual users seeking data deletion must initiate a request via a formal email channel.

•  

  How to Submit a Deletion Request: Email your formal request to support@10ximmersive.com with the subject line format: “Data Deletion Request - [Your Name / Your Organization]”. Alternatively, you may submit your request through your organization's internal enterprise system administrator.

•  

  Fulfillment Timeline: 1. Acknowledgment: We will acknowledge receipt of your email request within five (5) business days. 2. Verification: Identity verification protocols will be executed within seven (7) business days to protect against unauthorized account modifications. 3. Purging: All requested personal data will be permanently purged or irreversibly anonymized within thirty (30) calendar days of successful identity verification. 4. Confirmation: Written confirmation of the successful data erasure will be sent directly to your contact email address.

 

Exceptions: Specific data fields may be retained beyond standard deletion windows if mandated by active legal proceedings, statutory regulations, fraud prevention protocols, or unresolved contractual obligations with your underlying enterprise organization.

 

7. Information Security

We implement commercially reasonable, industry-standard cryptographic and technical security measures designed to preserve data integrity, including AES-256 encryption protocols for data at rest and TLS 1.2+ protocols for data in transit. Access controls are restricted based on least-privilege principles.

However, because no method of digital transmission or electronic cloud storage is entirely impenetrable, the Company cannot guarantee absolute, infallible security. In the event of a verified data breach affecting your personal data, we will issue notifications to affected parties in complete accordance with applicable laws without undue delay.

 

8. Third-Party Infrastructure Links

Keppy application interfaces may contain links to external web portals, clinical reference systems, or technical documentation platforms. Accessing an external link directs you outside the Company's controlled application environment.

External platforms operate completely independently and fall entirely outside the jurisdiction of this Privacy Policy. The Company maintains no control over, and assumes no legal liability for, the content, privacy protocols, or operational compliance of third-party environments.

 

9. Jurisdictional Age Safeguards

The Keppy ecosystem is engineered exclusively for adult professional deployment within commercial enterprises and clinical healthcare environments. We do not knowingly harvest, process, or store personally identifiable data from individuals under the age of 18.

If there is reasonable cause to believe that a minor has bypassed access controls and transmitted personal details, please notify us immediately at support@10ximmersive.com so that swift database purging can be executed.

​​

10. Amendments to This Privacy Policy

The Company reserves the right to modify or revise this Privacy Policy periodically to maintain alignment with international regulatory developments, platform upgrades, or operational changes.

Material adjustments will be communicated by publishing the updated document text directly to this policy page with a revised effective date parameter, supplemented by an in-app notice or email communication where changes materially affect user protections.

​

11. Contact and Compliance Inquiries

For all privacy disclosures, legal inquiries, sub-processor requests, or to execute data deletion mandates, all communications must be directed to our central support address:

• Corporate Entity: 10X Immersive Inc.

• Dedicated Contact Email: support@10ximmersive.com

• Corporate Web Domain: www.10Ximmersive.com

​

To formally execute any of your CCPA privacy protections, please contact our compliance desk directly at support@10ximmersive.com.