Privacy Policy

Updated August 4th, 2020


xDemic and its agents (“xDemic”) are committed to data security and the fair and transparent processing of personal data. This privacy policy describes how xDemic treats the information you provide to us or that we otherwise collect. This Privacy Policy also describes your choices regarding use, access and correction of your personal information. “You” refers to the person or entity using the Service. The “Service” is the digital credentialing and certification functionality, associated insights and connection to relevant career, education and training opportunities provided through any website or application offered by xDemic. “Personal Information” includes the information we collect directly from you as well as personal information from Issuers (defined below) and Third-Party Services (defined below). This Privacy Policy sets out how we will treat the personal data which you provide to us in compliance with applicable data protection laws, including the General Data Protection Regulation (EU) 2016/679 (GDPR). xDemic owns and operates and This Policy, together with our website terms of use and any other documents referred to in them, sets out the basis on which xDemic processes Personal Data.

Please read this Policy carefully as it contains important information on who we are, how and why we collect, store, use and share personal data, your rights in relation to your personal data, how to contact us and supervisory authorities in the event that you would like to report a concern about the way in which we process your data.

This Privacy Policy describes our broadest potential use of your Personal Information, although we may actually make far less use. The basis for our processing of your Personal Information is your consent. No law requires you to provide us with your Personal Information. You may withdraw your consent for us to process your Personal Information at any time, but that may preclude you thereafter from using the Website and the Service. We will delete your Personal Information following the withdrawal of your consent, however, such withdrawal will not affect the lawfulness of processing prior to withdrawal.

xDemic collects Personal Information when you choose to submit it through e-mail, an online form, or other method. We also collect information through cookies (see “xDemic Use of ‘Cookies’” section below for detail).

xDemic also maintains a log of certain information concerning visitors to our websites, including but not limited to, internet protocol (“IP”) address (a computer’s numerical Internet address), third party websites from which visitors access our website, type of web browsers used, and pages viewed. Such information may be treated as Personal Information.

By your use of the Service you consent to our use and disclosure of your Personal Information in accordance with this Privacy Policy.

Who are we?

xDemic is a Delaware corporation with offices in New York City. Our registered address is 1250 Broadway, 36th Floor, New York, NY 10001.

The xDemic Service is an internet-based, hosted platform designed to enable subscribers to the Service (“Issuers”) to issue digital badges and credentials (“Credentials”) to individuals who meet prescribed requirements (“Earners”), and for those Earners to display the Credentials online on the Service or on third party sites, as elected by Earners.

We may provide your information to trusted partners who work on behalf of, or with, xDemic under confidentiality agreements to help xDemic provide the Service. They may also assist xDemic in communicating with you about the Service and about offers from xDemic and our partners, where you have given us appropriate permissions.

For the purposes of the GDPR, xDemic is the ‘processor’ of certain types of Personally Identifiable Data provided by Issuers and the ‘controller’ of other types of Personally Identifiable Data provided directly to us by Earners. xDemic offers a Data Protection Addendum (DPA) for qualifying organizations available upon request by emailing

You may contact our Primary Point of Contact for data privacy and security with any questions, comments or concerns about this policy by sending an email to

Privacy Shield Compliance

xDemic participates in and has certified its compliance with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework. We are committed to subjecting all personal data received from European Union (EU) member countries and Switzerland, respectively, in reliance on each Privacy Shield Framework, to the Framework’s applicable Principles. xDemic is committed to the Privacy Shield Principles of (1) notice, (2) consent, (3) accountability for onward transfer, (4) security, (5) data integrity and purpose limitation, (6) access and (7) recourse, enforcement and liability with respect to all Personal Data received from within the EU in reliance on the Privacy Shield. The Privacy Shield Principles require that we remain potentially liable if any third party processing Personal Data on our behalf fails to comply with these Privacy Shield Principles (except to the extent we are not responsible for the event giving rise to any alleged damage). To learn more about the Privacy Shield Frameworks, and to view our certification, visit the U.S. Department of Commerce’s Privacy Shield List at

xDemic is responsible for the processing of personal data it receives, under each Privacy Shield Framework, and subsequently transfers to a third party acting as an agent on its behalf. xDemic complies with the Privacy Shield Principles for all onward transfers of personal data from the EU and Switzerland, including the onward transfer liability provisions.

xDemic is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission (FTC). In certain situations, we may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third party dispute resolution provider (free of charge) at

Under certain conditions, more fully described on the Privacy Shield website at, you may be entitled to invoke binding arbitration when other dispute resolution procedures have been exhausted.

APEC Cross Border Privacy Rules System

xDemic’s privacy practices, described in this Privacy Policy, comply with the APEC Cross Border Privacy Rules System. The APEC CBPR system provides a framework for organizations to ensure protection of personal information transferred among participating APEC economies. More information about the APEC framework can be found through this website.


When registering for or using the Service, you may be prompted to give us information about yourself such as your name and email address. When you configure your account settings, you may enter additional information about yourself. You may also select user configuration settings that determine how the Service looks and functions. You may, at times, also send us an e-mail which may contain not only your e-mail address, but other information about you, including home or business addresses, telephone numbers, or account details. The information you give us may also include statements you make on the Service such as testimonials, services reviews, or other statements that may identify you personally.

We will provide you with a user ID (an e-mail address) and account activation e-mail for you to access the Service and create a user “profile” for use as described below. When you first sign onto the Service, you will be presented with your profile, which contains the information supplied to us. In addition to the required information, including name, email, password and country, you may provide some or all of the following information, including but not limited to, a photograph of yourself, a short “bio,” your zip code, current employer, current job title, birth year, your phone number, and your time zone. You will be able to update or correct any of the contact information in your profile. You may receive certain e-mails relating to your use of the Service. Your contact information is also added to xDemic’s directory of current and former users of the Service. If you receive another Credential from other Issuers, your user ID will be authorized to access the Service, and your contact information will be added to the participant list for that Issuer.

If you have consented or opted in to receiving news and updates from xDemic on professional growth or further education opportunities, you have the right at any time to prevent us from further contacting you by following the unsubscribe or opt-out instructions included in the relevant email or through the privacy tools provided to you through the Service.

We may use your Personal Information to contact you regarding your use of the Service, for customer support purposes, and to inform you of updates, modifications and other matters relating to the Service, and information about others services that we offer in accordance with your subscription preferences. You may decline to receive mail or e-mail from us that does not relate directly to your access to or use of the Service by selecting the opt-out link contained in any such e-mail or by contacting us at


You may request that xDemic provide third-parties access to your publicly accessible personal information. xDemic will not provide your personal information to a third-party without your consent.


xDemic also will maintain a history of your access to the Service, and certain actions taken by you while accessing the Service, a log of users’ IP addresses, the third-party Website from which users access the Service, the type of web browsers used to access the Service and the browser’s settings that may affect Service performance (collectively, “Usage Log Information”). For purposes of maintaining and enhancing Service performance and security, xDemic may use Usage Log Information, information about your browser, and other local computer settings. We also may use Usage Log Information to tailor our communications to you about the Service, and contact you in relation to providing support. We also may aggregate Usage Log Information to create or publish statistical analyses and reports about Service usage. We will not authorize the publication of Personal Information about any user without the prior written consent of such person.


Issuers provide Personal Information to us, including Credential requirements, and information about you to confirm that you have earned the applicable Credential. The use of information collected from Issuers shall be limited to the purpose of providing the service for which these Organizations have engaged xDemic.

If you are an Issuer, by using the Website or Services, you confirm that you have obtained prior, specific, and informed consent to provide Personal Information to us. We may request a copy or evidence of such consent.

xDemic collects information under the direction of the Issuer, or as provided directly to xDemic by the Earner. If you are a customer of one of the Issuers and would no longer like to be contacted by one of the Issuers that use our service, please contact the Issuer that you interact with directly.

An individual who seeks access, or who seeks to correct or amend inaccurate Credentials should direct their query to the Issuer. We retain Personal Information we process on behalf of the Issuers for as long as needed to provide services to the Issuers and the Earners. xDemic shall continue to make the Service available to Earners, including in cases where the Issuer terminates its use of the Service. Individual Credentials and an Earner’s entire account may be deleted by the Earner at any time directly through the Service. xDemic will retain this Personal Information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.


When you download and use the Service via our mobile application, we automatically collect information on the type of device you use, operating system version, user identification, and device identifier.

We may send you push notifications. You may turn off push notifications at the device level.

We use mobile analytics software to allow us to better understand the functionality of our mobile software on your phone. This software may record information such as how often you use the application, the events that occur within the application, aggregated usage, performance data, and where the application was downloaded from. We do not link the information we store within the analytics software to any Personal Information you submit within the mobile application.


We may statistically aggregate in non-person-specific form information collected to improve our websites, our quality controls, operations management, security processes, future marketing and promotional efforts, and the overall Service in attempt to better understand our users’ interests and preferences. In some cases, we may transfer this information to our third-party service providers. By using this Site, you consent to this non-person specific data aggregation and the use and transmission of this aggregated statistical data as outlined above.


If you provide information to us about any person other than yourself, such as your relatives, next of kin, your advisers, your suppliers, or your Earners, you must ensure that they understand how their information will be used, and that they have given their permission for you to disclose it to us and for you to allow us, and our outsourced service providers, to use it.

How do we use your personal data?


In addition to the uses described above of the information received in connection with your use of the Service, xDemic uses and, where specified, shares your information:

  • To display Credentials. xDemic may use your information to display Credentials that you receive through the Service or through Third-Party Services, embeds that you make on the Service or third parties’ Website, or on social network services you link to your account.
  • To provide support or other services that you have requested, and to respond to your inquiries.
  • To engage in transactions with you, including contacting you about your account or transactions.
  • To process transactions, xDemic may use financial, credit card and payment information that you provide. xDemic may need to share some of this information with suppliers, delivery services, credit card clearing houses and other third parties to complete the transactions.
  • To notify you of relevant opportunities such as new product releases and service developments, related facts or programming that may be relevant to you.
  • To provide online forums and social networks. The Service allows users the option to participate in interactive discussions and post comments and other content. Note that any information you share may become publicly accessible.
  • To improve quality and facilitate use of the Service.
  • To operate the Service through the assistance of third parties. xDemic may use services from third-party service providers, such as hosting services and software developers, in support of its operation of the Service. When doing so, we will take steps to ensure that such service providers implement appropriate privacy and security measures consistent with this Privacy Policy to safeguard against the unauthorized use or disclosure of your information. These companies are authorized to use your personal information only as necessary to provide these services to us.
  • To comply with legal requirements. In addition, we may also disclose information about you as required by law, such as to comply with a subpoena or other legal process, when we believe in good faith that disclosure is reasonably necessary to enforce our rights or protect our operations or users or others investigate fraud, or in response to legal processes or governmental investigations in accordance with our internal policy on access by governmental authorities, or under exigent circumstances in response to a perceived significant threat to a person’s health or property.

Location-Based Services

The device you use to access the Website or Service may provide your location to us. This information may be shared with Issuers in connection with the issuance of Credentials, where location is relevant to completion of the achievement recognized by the Credential. If you no longer wish to share your location you may contact us at the information below or if you no longer wish have your location collected and used, you may turn this off at any time by going into your device settings.

Privacy Preferences

The Service allows you to customize the information about yourself that is made accessible to others. When you establish an account, the Service applies default settings. Default settings also apply to new features introduced on the Service. Credentials issued to you will default to the “public” setting. You may activate a “private” setting such that the Credential will no longer be publicly accessed at any time, on a Credential-by-Credential basis. Until you terminate your use of the Service, the fact that you are a user, as indicated by the public display of your full name and avatar, is available to others on the Service. Review your privacy settings regularly to ensure that they match your preferences.


xDemic takes appropriate and reasonable precautions to implement appropriate administrative and technical procedures to protect the security of Personal Information provided or generated through the Service. We permit persons working for us to access and use your information only in a manner consistent with this Privacy Policy.

We protect the security of your information during transmission by using Transport Layer Security (TLS) and Secure Sockets Layer (SSL) software or other encryption technology, which encrypts information you input. Wherever appropriate, we obfuscate and/or encrypt information in our systems and/or during information transfer. xDemic regularly reviews the cryptographic protocols it uses to protect the privacy and security of your Personal Information.

Because of the nature of internet and for other reasons, we cannot guarantee the security of your Personal Information, so you should take precautions to protect it when you are on the internet, such as changing passwords often, using a combination of letters and numbers when creating passwords, using a secure browser and being sure to log off the Service when finished using a shared computer.

Third-Party Sites

The Service may include hyperlinks to third-parties neither owned nor managed by us, and, as described above, you may use certain Third-Party Services in connection with the Credentials issued through the Service. xDemic has no control over these Third-Party Services and your interactions with those third parties are subject to their privacy policies and terms of use.

Information collected by Electronic Communications Protocols and Web Beacons

We may collect information about you and your use of the Service through electronic communications protocols, web beacons, cookies, embedded URLs, pixel tags and related devices or technologies.

As is true when you visit most websites, certain information is automatically generated and stored about your visits. Such information may include: network routing information (for example, where you came from); equipment information (for example, device type, operating system, browser type); IP address, and dates and times of your visits.

We may use your Personal Information to inform you about other xDemic services that might interest you and to gather feedback from you.

Sensitive Information

Do not send us any sensitive Personal Information (e.g., social security numbers or other national identifiers, or information related to racial or ethnic origin, political opinions, religious or philosophical beliefs, health, sex life or sexual orientation, genetic or biometric information, criminal background, or trade union membership).

xDemic Use of “cookies”

A cookie is a small piece of information, sent by a web server to a web browser, that is stored on your computer so that it can later be read, allowing the server to uniquely identify the browser. Some cookies may remain on a user’s computer after the user leaves the Website. Most browsers provide you with information on and control over cookies, including a feature to opt-out of the use of cookies. You can set your browser to alert you when a cookie is being used, and accept or reject it. You can also set your browser to refuse all cookies or accept only cookies returned to the originating servers. However, you may not be able to use some features of the Service if you disable cookies. For more information on managing cookies, please go to, or visit which has further information about behavioral advertising and online privacy.

Our Website uses cookies or similar technologies to distinguish you from other users and to collect information about your online preferences and to analyze trends, administer the website, track users’ movements around the website, and to gather demographic information about our user base as a whole. This helps us provide you with a good experience when you browse our websites and allows us to improve our websites. Our main purpose in using cookies is to facilitate and enhance communications and interactions between you and our websites, but cookies can be used for other purposes. Cookies for the Service may collect a unique identifier, user configuration settings and profile information. xDemic also uses cookies to collect general usage and volume statistical information that does not include personally identifiable information.

By continuing to browse the Website, you consent to our use of cookies.

We use the following cookies:

  • Strictly necessary cookies required for the operation of our Website. They include, for example, cookies that enable you to log into secure areas of our Website.
  • Analytical/performance cookies that collect information about how you use our Website. They allow us to recognize and count the number of visitors and to see how visitors move around our Website. This helps us to improve the way our Website work. These cookies are sometimes placed by third party providers of web traffic analysis services, such as Google Analytics.
  • Functionality cookies that remember choices you make and recognize you when you return. This enables us to personalize our content, greet you by name and remember your preferences (for example, your choice of language or region).
  • Targeting cookies that collect information about your browsing habits such as the pages you have visited and the links you have followed. We use this information to make our Website more relevant to your interests, and, if we enable advertising, to make advertising more relevant to you, as well as to limit the number of times you see an ad. These cookies are usually placed by third-party advertising networks. They remember the other Website that you visit and this information is shared with third-party organizations, for example advertisers.

We use Google Analytics. For information on how Google processes and collects your information regarding this product and how you can opt-out, please see .

xDemic and its service providers, vendors and partners, may use cross-device/cross-context tracking. For example, you might use multiple browsers on a single device, or use various devices (such as desktops, smartphones, and tablets), which can result in your having multiple accounts or profiles across these various contexts and devices. Cross-device/cross-context technology may be used to connect these various accounts or profiles and the corresponding data from the different contexts and devices.

Third-Party Cookies and Functions

Certain Third-Party tools are available for your use through the Service – such as Facebook, Twitter and LinkedIn – and these Third Parties may use cookies, pixel tags and other technologies to, among other things, record your use of these tools and which pages you were viewing when doing so. Information so collected is subject to the privacy policies of those third parties (please see the Third-Party Sites Section above). If you wish to opt out of any interest-based advertising, which would include the use of the above-mentioned Third-Party tools, click here, or if located in the European Union click here.

How long will you keep your personal data?


Upon request xDemic will provide you with information about whether we hold any of your personal information. You may access, correct, or request deletion of your personal information by logging into your account or contacting us at  We will respond to your request within a reasonable timeframe.

xDemic may retain your Personal Information for as long as your account is active and so long as retention is required or permitted in accordance with this Privacy Policy, or otherwise by law. When xDemic deletes your Personal Information, xDemic will do so in a manner designed to ensure that it cannot be reconstructed.


For the purpose of providing the Service and associated support including answering any questions you may have, xDemic may view and process your Personal Information from nations outside the EEA that are deemed by the EU to have non-adequate data protection laws, including the United States.


We take reasonable steps to protect your personal data from loss or destruction.

We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.

Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your personal data transmitted to our site; any transmission is at your own risk. Once we have received your personal data, we will use procedures and security features consistent with industry practices to try to prevent unauthorized access.

Your California Privacy Rights

If you reside in California, under California Civil Code Section 1798.83, a California resident with a business relationship with xDemic that is primarily for personal, family or household purposes, may request certain data regarding xDemic’s disclosure, if any, of Personal Information to third parties for the third parties’ direct marketing. To make such a request, please send an e-mail to with “Request for California Privacy Information” in the subject line. You may make such a request once per calendar year. If applicable, we will provide you a list of the categories of Personal Information disclosed to third parties for their direct marketing during the immediately preceding calendar year, along with the third parties’ names and addresses. Not all Personal Information sharing is covered by Section 1798.83.

Your European Data Protection Rights

If you reside in the United Kingdom (UK) or a country within the European Union, or your Personal Information is processed in the UK or a country in the European Union, subject to certain exceptions, you have the following rights:

  • Right to Access: Learn whether we are processing your Personal Information and, if so, to gain access to it and certain information about it.
  • Right to Rectification:  Have inaccurate Personal Information corrected or removed, and have incomplete Personal Information completed.
  • Right to Erasure: Have your Personal Information erased when:
    • It is no longer necessary for the purposes collected;
    • You withdraw consent to process it;
    • We have processed it unlawfully; or
    • EU or Member State law to which we are subject requires erasure.
  • Right to Restrict Processing: Restrict our processing of your Personal Information when:
    • You contest its accuracy (for a period necessary to verify it);
    • The processing is unlawful and you prefer restriction of use to erasure; or
    • We no longer need the data, but you need it in connection with legal claims.
  • Right to Data Portability: Obtain in usable form the Personal Information you gave us and, if technically feasible, require its transmittal directly to another controller that you designate.
  • Right to Object: In certain circumstances, you have the right to object to the processing of your Personal Information. If you would like to object to the processing of your Personal Information, please contact us using the contact details provided below.

You also have the right to lodge a complaint with an EU member state data protection supervisory authority.

To exercise these rights, you may communicate with our Primary Point of Contact for Privacy, using the contact information at the end of this Privacy Policy.

If you reside in the UK or a country within the European Union, or your Personal Information is processed in the UK or a country in the European Union, xDemic will, and will ensure that its data processors will, process your Personal Information in accordance with all applicable data protection legislation, including the GDPR.

Use by Minors

These policies and guidelines are applicable to the Children’s Personal Information only to the extent we operate or maintain such Children’s Personal Information on behalf of Issuers and collect, host or store any Personal Information of their users. Each of our Issuers who collect Children’s Personal Information may have their own data collection and use practices and policies, including those applicable to children under 13 years of age. In addition to our privacy policy, Issuers may have their own privacy requirements for which they are responsible regarding the collection and use of information from children under the age of 13.

Parents may have the right to consent to the collection and use of personal information collected by our Issuers through our Services; parents should contact our Issuers with questions about consent requirements. Please note that we process Personal Information on behalf of our Issuers as part of providing our Services; therefore, if you do not consent to the collection and use of personal information for certain Services, you may not be able to use such Services.

xDemic seeks to comply with all applicable laws, including the Children’s Online Privacy Protection Act (“COPPA”). COPPA requires that online service providers obtain parental consent before they collect personally identifiable information online from children who are under 13. If you are an individual under 13, please do not send any personal information about yourself to us if you are not sure that your parent or guardian has provided consent to the Issuer of your Credential, and please do not send any personal information other than what we request from you in connection with the Services. If we learn we have collected personal information from an individual under 13 without parental consent being obtained or if we learn an individual under 13 has provided personal information beyond what we request from him or her, we will delete that information as quickly as possible. If you believe that an individual under 13 may have provided us personal information in violation of this paragraph, please contact us at with “Notice of Underage Person” in the subject line.

If you are an Issuer, you represent and warrant that you are responsible for complying with COPPA, meaning that you must obtain advance written consent from all parents or guardians whose children under 13 will be accessing the Services. When obtaining consent, you must provide parents and guardians with our Privacy Policy. You must keep a record of all consents on file and provide them to us if we request them. If you are a teacher, you represent and warrant that you have permission and authorization from your school or district to use the Services as part of your curriculum, and for purposes of COPPA compliance, you represent and warrant that you are entering into these Terms on behalf of your school and/or district. You can read more about COPPA through the website of the U.S. Federal Trade Commission, available here.

Corporate Matters

xDemic may provide our investors, partners, and others with aggregated information (i.e., information that does not identify users personally) concerning users of the Service. In addition, xDemic may disclose your Personal Information to a successor or acquiring entity as part of a merger, acquisition, reorganization, or other transaction involving all or substantially all of xDemic’s assets or shares, or the business to which the Service relates. If xDemic were sold to or merged with another company, that company will agree to abide by the terms of this Privacy Policy.

You will be notified via email or a prominent notice on our website, of any change in ownership, uses of your personal information, and choices you may have regarding your personal information. You have the right to request that your Personal Information be removed from our records at any time.

Policy Updates

We may update this Privacy Policy from time to time, and the updated version will be effective upon posting as to our treatment of subsequently acquired Personal Information. If we make any material changes we will notify you by email (sent to the e-mail address specified in your account) or by means of a notice on this website prior to the change becoming effective. Please check the revision date at the beginning of this Privacy Policy periodically to check for revisions. By continuing to use the Service, including the Website, after a revised version has been posted, you agree to be bound by the revised Privacy Policy as to subsequently acquired Personal Information.

If you have questions about this Privacy Policy and our information practices, please contact our Primary Point of Contact by e-mail at or at the following address:

xDemic, Inc.

1250 Broadway, 36th Floor

New York, NY 10001

If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third party dispute resolution provider (free of charge) at


Close Bitnami banner