Privacy Policy — Last Updated: October 8, 2025. This Privacy Policy (“Policy”) explains how Xkript (“Company,” “we,” “our,” or “us”) collects, uses, discloses, and safeguards personal information obtained through the website www.xkript.com (“Website”). By accessing or using the Website, you acknowledge that you have read, understood, and agreed to the terms of this Policy. We collect personal data voluntarily provided by users, including but not limited to names, email addresses, telephone numbers, billing and shipping details, payment information (processed securely by authorized third-party payment processors), and marketing preferences when consented. We may automatically collect technical data such as IP addresses, browser types, device identifiers, operating systems, referring URLs, access times, and browsing activities using cookies, analytics tools, and similar technologies. We may also obtain limited data from third-party partners, including analytics services (e.g., Google Analytics), advertising networks, payment processors, and logistics providers. The Company processes this information for lawful purposes, including to fulfill orders, manage payments, provide customer service, improve website performance, prevent fraud, conduct marketing communications where consent has been obtained, comply with legal obligations, and pursue legitimate business interests. We do not sell or rent personal data; however, we may share it with carefully selected service providers who perform functions on our behalf under strict confidentiality and data protection obligations, including shipping carriers, IT service providers, analytics platforms, and marketing partners. For users in the European Union (EU) and European Economic Area (EEA), we process personal data in accordance with the General Data Protection Regulation (EU) 2016/679 (“GDPR”) on the legal bases of contractual necessity, legitimate interests, consent, and legal compliance. For users in the United Kingdom, data is processed under the UK GDPR and the Data Protection Act 2018. For users in the United States, including California residents, we comply with the California Consumer Privacy Act (“CCPA”) as amended by the California Privacy Rights Act (“CPRA”), providing the right to know, delete, correct, and opt out of the sale or sharing of personal information, as well as the right to non-discrimination. International data transfers may occur to jurisdictions outside your country of residence, and in such cases, we implement appropriate safeguards, such as Standard Contractual Clauses approved by the European Commission or other equivalent mechanisms. We retain personal data only as long as necessary to fulfill the purposes described herein, comply with legal obligations, and enforce our agreements. You have the right, where applicable, to access, rectify, erase, restrict, or object to processing of your data, to request data portability, and to withdraw consent at any time without affecting the lawfulness of prior processing. To exercise these rights or submit a privacy-related inquiry, contact us at privacy@xkript.com. EU and UK residents may lodge complaints with their respective data protection authorities. We employ reasonable administrative, technical, and physical measures designed to protect personal data from unauthorized access, disclosure, alteration, or destruction, though no online transmission or storage system is entirely secure. Our Website is not directed to individuals under sixteen (16) years of age, and we do not knowingly collect data from minors. We reserve the right to amend or update this Policy at any time without prior notice, and changes will become effective upon posting with a revised “Last Updated” date. Your continued use of the Website following any updates constitutes acceptance of the revised Policy. For questions, concerns, or requests regarding this Privacy Policy or our data protection practices, please contact: X-KRIPT — Email: info@xkript.com — Website: www.xkript.com.