PRIVACY NOTICE

IDONIA TECHNOLOGIES

I. IDENTITY AND ADDRESS OF THE DATA CONTROLLER

In compliance with the provisions of the Federal Law on the Protection of Personal Data Held by Private Parties (hereinafter, "the Law"), its Regulations and the Guidelines of the Privacy Notice, IDONIA Technologies (hereinafter, "IDONIA" or "the Controller"), with domicile in Guadalajara, Jalisco, Mexico, informs that it is the controller of the processing, use and protection of your personal data.

II. NATURE OF OUR SERVICES AND DATA MINIMIZATION POLICY

IDONIA is a technological consulting, systems architecture and automation agency. Our strict policy is the minimum collection of data.

The business relationship is governed by the provisions of our "Terms and Conditions of Use". According to said policy, we DO NOT collect sensitive personal data.

Reservation of Receipt of Information: IDONIA reserves the absolute right not to accept, process or store additional unsolicited information. Any personal data sent to IDONIA that exceeds what is strictly necessary will be immediately deleted from our systems. IDONIA will only require additional information if it is technically or legally essential for the execution of a project, which must be documented solely and exclusively through a formal request from an official email address under the domain shown below:

@idonia.tech

(Character “at sign” , Letter “i” lowercase Latin i, letter “d” lowercase “d”, letter “o” lowercase o, letter “n” lowercase “n”, letter “i” lowercase Latin i, letter “a” lowercase a, “dot”, letter “t” lowercase t, letter “e” lowercase e, letter “c” lowercase c and letter “h” lowercase h).

III. PERSONAL DATA SUBJECT TO PROCESSING

To carry out the purposes described in this notice, we will collect directly or through our forms (Contact Form or Web Discovery Form) only the following data:

Identification Data: Name of the Natural Person or name/legal name of the Legal Entity, and name of the legal representative.

Contact Data: Corporate email address and/or telephone number.

Billing Data: Tax Federal Registry (RFC), tax domicile, tax regime and banking data (only in case of formalizing the contract).

Project Operating Data: Information about your technological needs and current platforms (provided voluntarily by you in the Web Discovery).

IV. PURPOSES OF DATA PROCESSING

The personal data collected will be used for the following primary purposes (necessary for the service):

To address doubts, comments and quotes entered through our forms.

Perform the diagnosis and feasibility of your technological project.

Formalize the provision of consulting and implementation services.

Billing, collection and compliance with applicable tax obligations.

V. LIMITATION OF LIABILITY REGARDING THIRD-PARTY PLATFORMS

IDONIA provides consulting services, digital architecture design and configuration of technological tools developed and hosted by third parties. Absolute Disclaimer: IDONIA DOES NOT store the operational databases of its clients. The client acknowledges and accepts that, when implementing solutions suggested by IDONIA, the information will be processed in third-party infrastructures, including but not limited to: Google, Microsoft, Amazon Web Services (AWS), OpenAI, Anthropic, Hostinger, Vercel, Make, Zapier, among others and/or similar ones.

Therefore, IDONIA disclaims any legal, civil or criminal liability arising from server failures, cybersecurity breaches, information leaks, service interruptions or modifications in privacy policies attributable directly or indirectly to such third-party software providers. The client is responsible for reviewing and accepting the privacy policies of the providers they decide to hire.

VI. SECURITY ALERT: FRAUD AND PHISHING PREVENTION

IDONIA implements strict corporate security measures. To protect our clients, we disclaim any scam, fraud or identity theft (phishing) perpetrated by third parties. Best Practices and Communication Policies of IDONIA:

IDONIA will never request passwords to your systems, bank accounts, or PINs by email, phone or WhatsApp.

All official communication, sending of contracts and banking data for transfers from IDONIA will come exclusively from emails with the official termination: @idonia.tech.

The only thing in our scope is to make suggestions to prevent identity theft (phishing), we warn you that if you receive a suspicious email or WhatsApp message (especially those requesting urgent payments, passwords or sensitive information) in the name of IDONIA, you should ignore it and report it immediately to our official channels.

IDONIA will NOT be responsible for payments made to third-party accounts or information delivered to impostors. Be extremely careful and always verify that the communication comes exclusively from our official domain: @idonia.tech (as detailed in the section above in Section II). Examples of fraudulent and similar domains to reject include: @idonia-tech.com, @idonia.net, @id0nia.tech (with a zero), @idoniasoporte.com, @idoniatransferencias.net, @idoniatech.cloud or any variant with spelling errors, public use domains (such as @gmail.com) or unofficial subdomains, among others.

VII. USE OF TRACKING TECHNOLOGIES (COOKIES)

We inform you that on our website idonia.tech we maintain a privacy by design stance. Currently we DO NOT use advanced tracking cookies, advertising tracking pixels or invasive user behavior analysis tools. In the event that technologies are implemented in the future to improve the user experience, this notice will be updated and your prior consent will be requested through a cookie banner on the website.

VIII. EXERCISE OF ARCO RIGHTS AND REVOCATION OF CONSENT

You always have the inalienable right to access your personal data; rectify them if they are inaccurate; request the cancellation (deletion) of your information in our databases; or, oppose the processing of the same for specific purposes (ARCO Rights).

To exercise these rights, or to revoke your consent, you must send a written request to the email address: [EMAIL_ADDRESS]

The request must contain: (I) Full name of the holder and email address to communicate the response; (II) Copy of official identification (or power of attorney of the legal representative); (III) Clear and precise description of the data on which the right is sought to be exercised, and (IV) Any other element that facilitates the location of your data. We will give you an official response within a maximum period of 20 business days.

IX. DATA TRANSFER

IDONIA does not transfer, sell or rent your personal data to third parties, national or foreign, except for those that are strictly necessary for the fulfillment of legal, tax (SAT) obligations or that are expressly authorized by Law without the need for consent.

X. MODIFICATIONS TO THE PRIVACY NOTICE

This Privacy Notice may undergo modifications derived from new legal requirements, changes in our business model or new internal policies. We are committed to keeping you informed of such updates by publishing the most recent version, with the corresponding update date, permanently on our website: https://idonia.tech/en/privacy.

Last updated: May 13, 2026