Privacy Policy
1. Introduction
Experience XI, Inc. a company incorporated in Delaware with principal offices in Georgia, USA, provides premium international soccer experiences. We are committed to protecting your privacy and providing transparency about how we collect, use, and protect personal information. This Privacy Policy describes the types of personal information we collect, how we use and protect that information, and the choices available to you.
We recognize the importance of privacy, particularly when our services may involve families with minor children. This policy is designed to comply with applicable United States federal and state privacy laws, including the Children's Online Privacy Protection Act (COPPA), the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA), and applicable requirements under the General Data Protection Regulation (GDPR) and UK Data Protection Act 2018 (UK DPA) for individuals in the European Union and United Kingdom.
ExperienceXI reserves the right to update this policy to reflect changes in our practices, technology, legal requirements, or other factors.
2. Scope of This Policy
This Privacy Policy applies to personal information collected through:
Our website and web applications (collectively, 'Services')
Lead capture forms and contact mechanisms
Registration and enrollment for soccer travel programs and experiences
Email communications, newsletters, and marketing materials
Payment processing and transaction-related communications
Customer support interactions
Optional photos, videos, and other media collected during or for program purposes
This policy does not apply to third-party websites, applications, or services that may be linked from our Services or co-branded partnerships (though we provide guidance below regarding third-party data handling). Please review the privacy policies of those third parties separately.
Our marketing model is adult-first: ExperienceXI markets directly to parents, coaches, club directors, and school administrators—not to children. However, because our services are for soccer travel, minors' data may be indirectly collected (e.g., through parent registration). This policy addresses both our general audience practices and our enhanced protections for minors.
3. Information We Collect
3.1 Information You Provide Directly
We collect personal information that you voluntarily provide to us, including:
Contact Information: name, email address, telephone number, mailing address
Role Information: affiliation with soccer (parent, coach, club director, school administrator, athlete)
Age Confirmation: Self-attestation checkbox confirming age 16 or older is the primary age gate for form submissions. This threshold aligns with GDPR Article 8 default age of digital consent and is industry standard for lead capture forms.
Program Registration: information necessary to enroll in soccer travel experiences, including athlete names, ages, medical information, emergency contacts, parental consent confirmations
Payment Information: processed through third-party payment processors (see Section 6); we do not directly store full credit card numbers
Communication Preferences: opt-in/opt-out selections for marketing communications, event notifications, and newsletters
Athlete Information: names, dates of birth, player ID numbers, team affiliations (provided by parents/coaches during program enrollment)
Media Consent: explicit consent for photography, videography, and use of images in promotional materials
In certain circumstances, parents or guardians may provide information about minor children during registration. This collection is limited to information necessary for program enrollment and safeguarding (emergency contacts, medical needs).
3.2 Information Collected Automatically
When you interact with our Services, we automatically collect certain information, including:
Device Information: type of device, operating system, browser type, unique device identifiers
Usage Data: pages viewed, features accessed, time spent on our Services, referral sources, clicks, search queries
IP Address: your internet protocol address (may be used for geolocation and analytics)
Cookies and Tracking: information collected through cookies, pixel tags, web beacons, and similar technologies (see Section 7)
Analytics Data: aggregated insights into how users interact with our Services (provided by third-party analytics services)
3.3 Information from Third Parties
We may receive information about you from third parties, including:
Service Providers: payment processors, email service providers, analytics platforms
Nike Co-Brand Partner: as part of our Nike co-brand relationship, Nike may provide marketing data, co-marketing insights, or jointly-marketed program information (see Section 6.2)
Soccer Governing Bodies: U.S. Soccer Federation, state/regional soccer associations may provide athlete registration data for tournament administration
Partners and Referrers: other soccer organizations, travel partners, or referring entities that direct participants to our programs
Publicly Available Sources: information aggregated from public sources for verification or fraud prevention purposes
4. How We Collect Information
4.1 Direct Collection
We collect information directly from you when you:
Complete our lead capture form on the website
Register for a soccer travel program or experience
Create an account or profile
Communicate with us via email, phone, or contact forms
Provide payment information or complete a transaction
Provide consent for photos, videos, or media
Subscribe to our newsletter or marketing communications
4.2 Automated Collection
We collect information automatically through:
Cookies and similar tracking technologies (detailed in Section 7)
Server logs and access logs
Web analytics tools (e.g., Google Analytics)
Pixel tags and web beacons embedded in emails and web pages
4.3 Third-Party Sources
Service providers and partners may provide information to us as part of:
Payment processing (transaction details)
Email delivery and marketing automation (engagement metrics)
Analytics and performance monitoring
Fraud detection and verification services
Co-marketing initiatives with Nike
5. How We Use Your Information
We use the personal information we collect for the following purposes and legal bases:
5.1 Service Delivery and Administration
Purpose:To provide, administer, and improve our soccer travel experiences and Services.
Legal Basis:Performance of contract; legitimate business interest.
Uses include but are not limited to:
Program registration, enrollment, and participation management
Processing payments and managing financial transactions
Providing customer support and responding to inquiries
Communicating program details, schedules, and logistics
Collecting athlete information necessary for program delivery and safeguarding
Managing travel logistics, accommodations, and transportation
Coordinating with soccer governing bodies for tournament administration
Ensuring athlete safety, health, and welfare (emergency contact, medical information)
5.2 Marketing and Business Development
Purpose:To inform you about our programs, services, promotions, and relevant updates.
Legal Basis:Legitimate business interest; consent where required (e.g., opt-in email marketing).
Uses include but are not limited to:
Sending newsletters, promotional offers, and announcements about new programs
Co-marketing initiatives with Nike (consistent with our brand partnership)
Marketing via email and social media
Conducting surveys and gathering feedback about our Services
Personalizing your experience based on your role and interests (parent vs. coach vs. club director)
Note: We obtain explicit opt-in consent for promotional email marketing. You may opt out at any time using the unsubscribe mechanism in any marketing communication.
5.3 Analytics and Performance
Purpose:To understand how our Services are used and to optimize our website and programs.
Legal Basis:Legitimate business interest.
Uses include but are not limited to:
Analyzing website traffic, user behavior, and engagement metrics
Identifying trends and patterns in program interest and participation
Improving website functionality, design, and user experience
Measuring the effectiveness of marketing campaigns
Conducting A/B testing and optimization experiments
Generating aggregated, anonymized analytics reports
5.4 Fraud Prevention and Legal Compliance
Purpose:To detect, prevent, and address fraud, abuse, and security incidents.
Legal Basis: Legal obligation; legitimate business interest; safeguarding vital interests.
Uses include but are not limited to:
Verifying user identity and age (via age confirmation checkbox)
Detecting and investigating fraudulent transactions
Preventing unauthorized access to accounts and Services
Complying with legal obligations and court orders
Responding to subpoenas and law enforcement requests
Maintaining compliance with payment card industry (PCI) standards
Enforcing our Terms of Service and other agreements
5.5 Photos, Videos, and Media
Purpose: To document and promote our soccer travel experiences.
Legal Basis: Explicit consent; legitimate business interest (promotion of programs).
Uses include but are not limited to:
Capturing photos and videos during program activities
Using authorized photos/videos in promotional materials, social media, and marketing
Creating program memories and documentation for participants
Promoting future programs and recruiting participants
Note:We obtain separate, explicit written consent before collecting or using any photographs or videos. Parents/guardians of minors must provide this consent. Consent is specific to each use and can be withdrawn (see Section 8).
6. How We Share Your Information
We may share your personal information in the following circumstances:
6.1 Service Providers and Vendors
We share personal information with third-party service providers who perform services on our behalf, including:
Payment Processors: for processing credit card transactions and managing payments
Email Service Providers: for sending newsletters, promotional communications, and transactional emails (e.g., HubSpot)
Analytics Providers: for analyzing website usage and performance (e.g., Google Analytics)
Hosting and IT Service Providers: for maintaining our website and Services
Customer Support Platforms: for managing inquiries and support tickets
Marketing Partners: for email marketing, audience analytics, and campaign measurement
All service providers are contractually obligated to use your information only as necessary to provide their services and to maintain appropriate data security measures consistent with this policy.
6.2 Nike Co-Brand Partnership
As part of our Nike co-brand relationship (formal trademark license), we may share aggregate or de-identified information with Nike for joint marketing purposes, co-marketed programs, and brand development. This sharing is limited to:
Aggregated participation and engagement data
De-identified marketing and audience insights
Joint promotion of Nike-co-branded programs
Collaborative program development and management
We do not share personally identifiable information with Nike except as necessary for administering jointly-marketed programs and with appropriate data processing agreements in place.
6.3 Soccer Governing Bodies
For soccer travel experiences, we share necessary information with soccer governing bodies and tournament administrators, including:
U.S. Soccer Federation
State and regional soccer associations
International tournament organizers (e.g., for international tournament events)
Information shared typically includes athlete names, ages, team affiliations, and performance records necessary for tournament registration, scheduling, and administration. These organizations have their own privacy policies and practices.
6.4 Legal Requirements and Public Safety
We may disclose your personal information when required by law or in response to legal process, including:
Court orders, subpoenas, or investigative requests from law enforcement
Compliance with federal, state, or local legal requirements
Protection of our legal rights and the rights of others
Prevention of fraud, abuse, or security incidents
Safeguarding the physical safety and security of individuals
We will provide notice of such disclosures as required by applicable law, unless legally prohibited from doing so.
6.5 Business Transfers
If ExperienceXI is acquired, merged, reorganized, or liquidated, personal information may be transferred as part of that transaction. We will provide notice of such changes and ensure that any new entity maintains similar privacy protections.
6.6 Aggregated and De-Identified Information
We may share aggregated, de-identified information that cannot reasonably be used to identify you. This information is not subject to this Privacy Policy and may be used freely for research, marketing, analytics, and other purposes without restriction.
7. Cookies and Tracking Technologies
Our Services use cookies, pixel tags, web beacons, and similar tracking technologies to enhance your experience, analyze usage, and deliver relevant content. A cookie is a small file of letters and numbers stored on your browser or device. Both ExperienceXI and authorized third parties (such as analytics and advertising providers) may set cookies when you visit our website.
7.1 Types of Cookies
Essential Cookies: Required for core functionality (login, security, site navigation); cannot be disabled without impairing Services
Performance Cookies: Measure website performance, load times, and user interactions (e.g., Google Analytics)
Preference Cookies: Remember user preferences, language settings, and customization choices
Marketing Cookies: Enable targeted advertising, audience segmentation, and conversion tracking
Cookie Duration: Essential and preference cookies are session-based or persist for up to 12 months. Performance and marketing cookies typically expire within 2 years. Third-party cookies (including those set by analytics and advertising networks) are governed by those third parties’ own policies and may have different retention periods. ExperienceXI does not control third-party cookie expiration or data practices.
7.2 Cookie Consent and Management
When you first visit our website, you will be presented with a cookie consent banner allowing you to:
Accept all cookies
Decline non-essential cookies
Customize cookie preferences
You may also manage cookies through your browser settings. Most browsers allow you to refuse cookies or alert you when cookies are being sent. However, disabling essential cookies may impair your ability to use our Services.
For detailed information on managing cookies, visit www.allaboutcookies.org or your browser's help documentation.
7.3 Pixel Tags and Web Beacons
We use pixel tags (also called web beacons or tracking pixels) in emails and on web pages to:
Track email open rates and click-through rates
Measure the effectiveness of marketing campaigns
Identify user interests and engagement patterns
Enable audience segmentation for targeted advertising
You can disable pixel tracking in email by configuring your email client to not load external images.
7.4 Do Not Track Signals
Some browsers include a "Do Not Track" (DNT) feature. Currently, there is no industry-wide standard for DNT implementation. Our Services do not currently respond to DNT browser signals, but you may utilize browser controls and cookie management tools to limit tracking.
8. Your Privacy Rights
8.1 General Privacy Rights
Depending on your location and applicable law, you may have the following rights regarding your personal information:
Right to Access: Request a copy of the personal information we hold about you
Right to Correction/Update: Request correction or update of inaccurate information
Right to Deletion: Request deletion of your personal information, subject to certain legal exceptions
Right to Portability: Request transfer of your information in a structured, commonly-used format
Right to Opt-Out: Opt out of certain uses, particularly marketing communications
Right to Object: Object to certain processing activities on grounds of legitimate interest
Right to Withdraw Consent: Withdraw consent for uses based on your prior consent, such as marketing emails
To exercise these rights, please contact us using the information in Section 15 (Contact Information).
We will respond to requests within legally required timeframes (typically 30-45 days) and will verify your identity before fulfilling requests.
8.2 Opting Out of Marketing Communications
You may opt out of promotional emails, newsletters, and marketing communications by:
Clicking the "unsubscribe" link in any marketing email
Updating your communication preferences in your account settings
Contacting us directly using the information in Section 15
We will honor opt-out requests promptly. Please allow 10 business days for processing. Note that even if you opt out of marketing communications, we may continue to send transactional emails (e.g., order confirmations, password resets, program updates).
8.3 Cookies and Tracking Opt-Out
You may control cookies and tracking technologies through:
Cookie consent banner on our website
Browser privacy settings
Opt-out tools provided by third-party services (e.g., Google Analytics opt-out browser extension)
Digital Advertising Alliance (DAA) opt-out: www.aboutads.info
NAI (Network Advertising Initiative) opt-out: www.networkadvertising.org
9. California Privacy Rights (CCPA/CPRA)
If you are a California resident, you have additional privacy rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):
9.1 California Consumer Rights
Right to Know: Receive details about personal information we have collected, used, and shared
Right to Delete: Request deletion of personal information, subject to exceptions
Right to Correct: Request correction of inaccurate personal information
Right to Opt-Out: Opt out of "sales" or "sharing" of personal information (as defined by CPRA)
Right to Limit: Limit use and disclosure of sensitive personal information
Right to Non-Discrimination: Receive equal service and pricing even if you exercise privacy rights
For purposes of CPRA, "sale" includes sharing for cross-context behavioral advertising. If we engage in such sharing through third-party tracking pixels, you may opt out.
Minors under 16 in California have additional protections: we may not use or disclose personal information of minors under 16 without opt-in consent (parental consent for minors under 13).
9.2 Submitting a California Privacy Request
To submit a request to know, delete, or correct your personal information:
Email: marketing@experiencexi.com
Mail: 1957 Lenox Rd NE, Atlanta GA 30306
Phone: 678.861.7634
We will verify your identity and respond within 45 days. You may authorize an agent to submit requests on your behalf (you must provide written authorization).
9.3 Categories of Information Collected
Under CCPA, we collect the following categories of personal information:
Identifiers (name, email, phone, address, IP address, device IDs)
Commercial Information (transaction history, purchase history, payment information)
Biometric Information (as of 2025 COPPA amendments, if any facial recognition or voice data collected for identification)
Internet/Electronic Activity (browsing history, search history, interaction with our Services)
Geolocation Data (general location inferred from IP address)
Professional/Education Information (role in soccer, team affiliation, coaching credentials)
Inferences (preferences, interests, behavioral patterns drawn from usage)
We do not currently collect sensitive personal information (SSN, financial account numbers, health data unrelated to program safety), except as necessary for program enrollment (e.g., emergency medical information for athlete safety).
10. International Data Transfers (EU/UK Residents)
ExperienceXI is a US-based company incorporated in Delaware, headquartered in Georgia. If you are located in the European Union or United Kingdom, additional protections apply to your personal information.
10.1 GDPR and UK DPA Compliance
For individuals in the EU and UK, we process personal information consistent with the General Data Protection Regulation (GDPR) and UK Data Protection Act 2018.
Legal Bases for Processing:
Contract: Processing necessary to provide our Services (e.g., program enrollment)
Legitimate Interest: Marketing, analytics, fraud prevention, and service improvement
Consent: Where you have provided explicit consent (e.g., marketing communications, media use)
Legal Obligation: Compliance with applicable laws (e.g., safeguarding minors)
Vital Interests: Protection of health and safety (e.g., emergency contact information)
Data Controller: ExperienceXI, 1957 Lenox Rd NE, Atlanta, Georgia 30306, USA
If we transfer your data to the US or other locations outside the EU/EEA, we do so under:
EU-U.S. Data Privacy Framework (DPF): For transfers between EU and the United States
Standard Contractual Clauses (SCCs): Where DPF does not apply
Your explicit consent: In certain circumstances
10.2 EU/UK Data Subject Rights
If you are a data subject in the EU or UK, you have the following rights:
Right of Access (GDPR Article 15): Obtain a copy of your personal information
Right to Rectification (GDPR Article 16): Correct inaccurate or incomplete data
Right to Erasure (GDPR Article 17): Request deletion ("right to be forgotten")
Right to Restrict Processing (GDPR Article 18): Limit how we process your data
Right to Data Portability (GDPR Article 20): Receive data in a portable format
Right to Object (GDPR Article 21): Object to processing based on legitimate interest
Right to Lodge a Complaint: File a complaint with your national data protection authority
To exercise these rights, contact us at marketing@experiencexi.com
10.3 Age of Digital Consent
Under GDPR Article 8, the age of digital consent for processing children's personal information is 16 (or lower if a member state sets a minimum age of not less than 13). ExperienceXI uses a 16+ age confirmation checkpoint via self-attestation checkbox.
For individuals under 16 (or the lower age set by your member state), parental/guardian consent is required. We do not intentionally collect information from children under 16 without parental consent, except as permitted by law for safeguarding and vital interests (e.g., emergency contact information provided during program enrollment by parents).
10.4 Data Processing Agreement
If ExperienceXI processes personal information on behalf of another organization or controller (e.g., a school or sports club), we do so under a Data Processing Agreement (DPA) that specifies data processing terms, security obligations, and EU-compliant data handling practices. Such agreements are available upon request.
11. Children's Privacy and COPPA Compliance
This section is critical and addresses our practices regarding minors' personal information. ExperienceXI is classified as a general audience service, not child-directed, based on our adult-first marketing model. However, because our services involve soccer, minors' information may be indirectly collected.
11.1 Classification and Jurisdiction
General Audience Service: ExperienceXI markets directly to parents, coaches, club directors, and school administrators, not to children. Our lead capture form, website content, and promotional materials are directed at adult decision-makers and do not constitute marketing "directed to children" under COPPA.
COPPA Jurisdiction: The Children's Online Privacy Protection Act (COPPA) prohibits collection of personal information from children under 13 without verifiable parental consent. The Federal Trade Commission (FTC) applies an "actual knowledge" standard: we comply with COPPA if we have actual knowledge that information is from a child under 13.
Age Gate:We implement a self-attestation checkbox (age 16+) on our lead capture form. This is consistent with the GDPR age of digital consent and represents the minimum defensible age gate for our services. This gate applies to direct interactions with our website and online forms.
2025 COPPA Amendments: Effective April 22, 2026, COPPA amendments expand the definition of personal information to include biometric identifiers (facial recognition, voice recognition) and additional categories. If ExperienceXI implements any biometric collection (e.g., facial recognition in photos for athlete identification), such collection will require enhanced disclosures and compliance measures.
11.2 Children Under 13 – Parental Consent Model
If a child under 13 uses our Services or if we have actual knowledge that personal information comes from a child under 13, the following protections apply:
Parental Consent:We require verifiable parental consent before collecting personal information from children under 13. Verifiable consent may be obtained through:
Email consent from a verifiable parent email address
Phone consent with verification of parental identity
Signed written consent via mail or fax
Use of a third-party verification service
Parental Rights:Parents/guardians of children under 13 have the right to:
Access and review their child's personal information
Direct us to delete their child's information
Refuse further collection or use of their child's information
Withdraw previous consent at any time
Confidentiality: We limit collection of children under 13's personal information to what is reasonably necessary to participate in our programs. We do not use this information for marketing, analytics, or secondary purposes without additional parental consent.
11.3 Children 13–16 – Enhanced Protections
For individuals ages 13 to 15, ExperienceXI applies GDPR-aligned protections:
Age Confirmation: Self-attestation checkbox confirms age 13+ and under 16
Simplified Consent: We obtain direct consent from the young person (no parental consent required, but parental notice is recommended)
Limited Data Use: Information collected is used for service delivery and program administration only
Reduced Marketing: We limit marketing communications to opt-in preference, not opt-out
Transparency: We provide clear explanations in age-appropriate language about how information is used
If a young person under 16 provides information, we recommend parental involvement. Parents may contact us to review or object to processing.
11.4 Children 16+ – Standard GDPR/General Audience
Individuals 16 and older are treated as general audience users:
No Parental Consent Required: We treat users 16+ as capable of providing their own consent
Marketing Allowed: With opt-in consent, we may send marketing communications
Standard Rights: Full privacy rights as outlined in Section 8 apply
GDPR Age of Consent: Consistent with GDPR Article 8, 16 is the standard age of digital consent in the EU; US law and state laws may differ
11.5 Photos, Videos, and Media – Minors
Photography and videography are common in soccer programs. Our practices regarding minors' images:
Explicit Consent: We obtain separate, written consent from parents/guardians before photographing or filming minors
Specific Use: Consent specifies the intended use (e.g., promotional materials, social media, internal documentation only)
No Commercial Exploitation: Images of minors are not sold or exploited for commercial purposes
Duration: Consent applies for the program year; continued use requires renewed consent
Withdrawal: Parents may withdraw consent in writing; we will cease use of images upon request
Safety: We do not publish minors' names alongside photos without parental consent (to prevent identification)
Any breach of photography consent is reported to parents and corrected immediately.
11.6 Social Media and Third-Party Platforms
When ExperienceXI shares photos, videos, or testimonials on social media or third-party platforms:
Platform Controls: We utilize platform privacy settings (e.g., limiting comments, disabling sharing for photos of minors)
Consent Integration: Consent covers specified third-party platforms (e.g., Instagram, Facebook)
Age-Gated Content: Promotional posts involving minors are marked age-appropriate and use platform safety features
Monitoring: We monitor tags and comments for inappropriate engagement
Parents may request removal of their child's image from any public platform at any time.
11.7 Child Safety and Reporting
ExperienceXI is committed to child safety. If we become aware of:
Child Abuse or Exploitation: We report suspected abuse to the National Center for Missing & Exploited Children (NCMEC), state authorities, and law enforcement as required by law
Unsafe Online Practices: We take corrective action and notify affected families
Privacy Violations: We notify parents of any unauthorized access to minors' data
Parents may report concerns about child safety or privacy practices to:
National Center for Missing & Exploited Children (NCMEC): www.cybertipline.org
Federal Trade Commission (FTC): www.reportfraud.ftc.gov
11.8 Contacting Us About Children's Privacy
For questions about our children's privacy practices, parental consent, or to request deletion of a minor's information:
Email: website@experiencexi.com
Mail: 1957 Lenox Rd NE, Atlanta GA 30306
Phone: +16788617634
We will respond within 10 business days and provide guidance on your parental or child rights.
12. Data Retention and Deletion
We retain personal information for as long as necessary to fulfill the purposes for which it was collected, unless a longer retention period is required by law.
12.1 Typical Retention Periods
Account/Registration Information: Retained while account is active; deleted within 30 days of account closure or upon request
Purchase/Transaction Data: Retained for 7 years (required for tax, accounting, and PCI compliance)
Program Participation Data: Retained for program duration plus 3 years (for program completion verification and dispute resolution)
Medical/Health Information: Retained for program duration plus 5 years (state law requirements for youth program records)
Marketing/Communications: Retained until opt-out or unsubscribe; deleted within 30 days of opt-out
Analytics Data: Aggregated data retained indefinitely; individual-level data retained for 12-24 months
Cookies: Session to 24 months depending on type (see Section 7 for details)
Photos/Videos: Retained for duration of consent; deleted upon withdrawal or end of program season
Dispute/Legal Claims: Retained for applicable statute of limitations (typically 3-6 years)
12.2 Secure Deletion
When personal information is no longer needed, we delete or anonymize it using secure methods including:
Permanent deletion from all systems and backups
Anonymization (removal of identifying information)
Secure destruction of physical records (shredding, incineration)
Deletion may be delayed if required by law or for legal holds related to pending disputes.
12.3 Legal Holds
If ExperienceXI receives a legal hold, court order, or investigative request, we may retain personal information for the duration of the legal matter, even if normal retention periods have expired.
13. Data Security
ExperienceXI implements organizational, technical, and physical safeguards to protect personal information from unauthorized access, disclosure, modification, and destruction.
13.1 Security Measures
Encryption: Personal information is encrypted in transit (SSL/TLS) and at rest (AES-256 or equivalent)
Monitoring: Continuous monitoring and logging of access to sensitive systems
Firewalls and Intrusion Detection: Network-level protections against unauthorized access
Regular Testing: Periodic penetration testing and vulnerability assessments
Vendor Management: Service providers are vetted for adequate security practices and required to maintain data security agreements
Incident Response: Procedures for detecting, investigating, and responding to security incidents
13.2 No Guarantee of Security
While we implement reasonable security measures, no system is completely secure. We cannot guarantee absolute security. You use our Services at your own risk. We encourage you to use strong passwords, enable two-factor authentication where available, and keep your account credentials private.
13.3 Breach Notification
If a security breach involving personal information occurs, ExperienceXI will:
Conduct a prompt investigation
Notify affected individuals without unreasonable delay (as required by applicable law)
Provide details about the breach, information affected, and recommended actions
Report the breach to relevant authorities as required by law
Not blame individuals for the breach or imply any fault on their part
14. Third-Party Links and Co-Branded Services
Our Services may contain links to third-party websites, applications, and services, including:
Partner websites (soccer organizations, travel partners)
Nike co-branded content and services
Payment processors and financial institutions
Analytics and advertising platforms
Social media platforms
We are not responsible for the privacy practices of third-party services. We encourage you to review their privacy policies before providing personal information. This Privacy Policy applies only to ExperienceXI Services.
Nike Co-Brand:Any references to Nike brand, logos, or co-branded programs are governed by a formal trademark license. Nike maintains its own privacy policy. Sharing information with Nike is limited to what is outlined in Section 6.2.
15. Changes to This Privacy Policy
ExperienceXI may update this Privacy Policy to reflect changes in our practices, technology, legal requirements, or other factors. The date of the most recent update is shown at the top of this policy as "Last Updated."
If material changes are made that affect how we use or protect your personal information, we will:
Post the updated policy with a clear notice of changes
Request your consent to material changes where required by law
Notify existing users via email of significant updates
Your continued use of our Services after changes are posted indicates your acceptance of the updated Privacy Policy. If you do not agree with updates, you may discontinue use of our Services.
16. Contact Information
For questions, requests, or concerns about this Privacy Policy or our privacy practices, please contact:
For USA and GDPR/UK DPA Rights:
ExperienceXI, Inc
1957 Lenox Rd NE, Atlanta GA 30306, USA
Email: website@experiencexi.com
Phone: +1.678.861.7634
Website: experiencexi.com
Privacy Officer: P Hill
For California Privacy Rights (CCPA/CPRA):
You may contact us by email or mail as listed above.
For EU/UK Data Subject Rights:
You may contact our Data Protection Officer (if applicable) or privacy team at the address listed above. You also have the right to lodge a complaint with your national data protection authority:
EU: European Data Protection Board (edpb.europa.eu)
UK: Information Commissioner's Office (ico.org.uk)
Response Timeframe:We will respond to all requests within 30-45 days or as required by applicable law.