10XAIBack home

Legal Last updated 2026-04-30

Privacy Policy

10XAI ("we", "us", "our") is an AI agency operated by Bernardo Medrado, headquartered in Apex / Raleigh, North Carolina, United States. This Privacy Policy explains how we collect, use, store, share, and protect your personal data across 10xai.us and any related services.

We are committed to compliance with the EU General Data Protection Regulation (GDPR), the Brazilian Lei Geral de Proteo de Dados (LGPD), and the California Consumer Privacy Act (CCPA), in addition to applicable U.S. federal and state laws.

1. Data we collect

We collect three categories of data:

1.1 Information you provide

  • Contact information you submit through forms (name, email, phone, company, role).
  • Conversation content you send to Bernie, our AI concierge, including the messages you type and any business URLs you paste.
  • Booking details when you schedule a call, including calendar availability via our booking provider.

1.2 Information collected automatically

  • Standard server logs (IP address, user agent, timestamps, referrer).
  • Anonymized analytics events (page views, clicks, scroll depth) for product improvement.
  • Cookies strictly necessary for the site to function, plus optional analytics cookies you can refuse.

1.3 Information from third parties

  • If you book through our calendar provider, that provider shares your email and timezone with us.
  • If you authorize us to enrich a Lighthouse lead, we may pull publicly-available business information from Google Business Profile, LinkedIn, and similar public sources.

2. How we use your data

We use personal data only for the following purposes:

  • Responding to your inquiries and delivering the services you request.
  • Sending the AI agents we build for you the data they need to do their job (always under your direction, never to third parties beyond our processors).
  • Improving the site, the Bernie concierge, and our service quality.
  • Compliance with legal obligations and protection against fraud or abuse.

3. Legal basis (GDPR / LGPD)

We rely on the following legal bases:

  • Consent for optional analytics cookies, marketing communications, and AI training of bespoke client agents.
  • Contract to deliver services you have engaged us for.
  • Legitimate interest for security, anti-fraud, and B2B business-development outreach where allowed by law.
  • Legal obligation for record-keeping and regulatory requirements.

4. Sub-processors and AI providers

We use carefully selected sub-processors to deliver the service. The principal ones include:

  • Anthropic large-language-model provider powering Bernie. Conversations are processed in accordance with Anthropic's privacy policy. Anthropic does not train on API data by default.
  • Vercel hosting and edge delivery.
  • Supabase database and authentication (planned).
  • Cal.com call booking.
  • Resend transactional email.

We do not sell your personal data. We do not share it for advertising purposes.

5. Data retention

We retain personal data only as long as necessary for the purposes for which it was collected. Conversation logs from Bernie are retained for up to 90 days for quality and abuse-prevention review, then deleted unless you have an active engagement requiring longer retention. Booking records are retained for the duration of the customer relationship plus seven years for tax/audit compliance.

6. International transfers

Because we operate across the United States, Brazil, and Latin America, your data may be transferred internationally. Where required, we implement Standard Contractual Clauses or rely on adequacy decisions to safeguard transfers.

7. Your rights

Depending on your jurisdiction, you have rights including:

  • Access to the personal data we hold about you.
  • Correction of inaccurate data.
  • Deletion of your data (subject to legal-retention exceptions).
  • Restriction or objection to processing.
  • Data portability in a machine-readable format.
  • Withdrawal of consent at any time without affecting prior lawful processing.
  • The right to lodge a complaint with your data-protection authority.

To exercise any right, email contato10xai@gmail.com. We respond within 30 days (15 days for LGPD requests).

8. Security

We implement technical and organizational measures appropriate to the risk: encryption in transit, encryption at rest where applicable, role-based access controls, audit logging, and regular review of our sub-processors. No system is perfectly secure; if we discover a breach affecting your data, we notify affected users and the relevant authority within 72 hours where required by law.

9. Children

10XAI is a B2B service. We do not knowingly collect personal data from anyone under 16. If you believe we have collected such data, contact us and we will delete it.

10. Changes to this policy

We may update this policy from time to time. The "last updated" date at the top reflects the most recent revision. Material changes are announced on the site for 30 days before taking effect.

11. Contact

10XAI Apex / Raleigh, NC, United States.
Email: contato10xai@gmail.com
For data-protection requests, please put "Privacy Request" in the subject line.