Privacy Policy

Last updated: February 2026.

KPI99 LLC (“we”, “us”, “our”) respects your privacy and is committed to protecting your personal data. This policy describes how we collect, use, disclose, and protect information when you use our website and services, and sets out your legal rights. It is intended to comply with applicable data protection laws, including the EU/UK General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA) where applicable.

Data controller and contact

The data controller responsible for your personal data is KPI99 LLC, 300 Colonial Center Parkway, #100, Roswell, GA 30076, USA. For any questions about this policy, to exercise your rights, or to report a concern, contact us using the details on our website at kpi99.co or at the address above. We have not appointed a Data Protection Officer as we do not meet the criteria requiring appointment under Article 37 of the GDPR.

Services and tools covered

This Privacy Policy applies to:

• KPI99 website (kpi99.co) — our main site, including contact forms, consultation booking, and service information.
• Infrastructure Cost and Efficiency Analyzer (ICEA) — available at icea.kpi99.co. This tool helps you analyze infrastructure costs and efficiency. Data you enter (e.g. cost inputs, configuration choices) may be processed to generate results and may be stored or used to improve the tool.
• Diagnostic Tool — available at diagnostic.kpi99.co. This tool supports performance and system diagnostics. Information you provide or that the tool collects during use may be processed to deliver diagnostic outputs and to operate and improve the service.

References in this policy to “our website” or “our services” include the above sites and tools unless stated otherwise.

Information we collect

We may collect the following categories of personal data:

• Identity and contact data: name, email address, company or organization name, and any message or content you provide when you contact us or submit forms on kpi99.co.
• Usage and tool data: inputs, settings, or data you enter into the Infrastructure Cost and Efficiency Analyzer or the Diagnostic Tool; and technical or usage data (e.g. IP address, browser type, device information, pages visited) collected via cookies and similar technologies across our sites and tools.

We do not knowingly collect special categories of personal data (e.g. health, race, political opinions) unless you voluntarily provide them in a message; in that case we process them only as necessary to respond to you.

Lawful basis for processing (GDPR)

Where the GDPR applies, we process your personal data on the following lawful bases:

• Contract: to perform our contract with you or to take steps at your request before entering into a contract (e.g. responding to inquiries, delivering services).
• Legitimate interests: to operate and improve our website and tools, ensure security, and conduct analytics, where our interests are not overridden by your rights.
• Consent: where we have asked for your consent (e.g. for certain marketing communications or non-essential cookies). You may withdraw consent at any time without affecting the lawfulness of processing before withdrawal.
• Legal obligation: where we must process data to comply with applicable law.

How we use your information

We use your information to: respond to inquiries and provide customer support; deliver our services (including ICEA and the Diagnostic Tool); generate and improve tool results; operate, secure, and improve our website and offerings; send relevant communications (with your consent where required by law); and comply with legal obligations. We do not use your personal data for automated decision-making or profiling that produces legal or similarly significant effects.

Cookies and analytics

We use cookies and analytics (e.g. Google Analytics, Google Tag Manager) to understand how visitors use our site. You can control cookies through your browser settings.

Sharing and disclosure

We do not sell your personal information. We may share data with service providers that assist our operations (e.g. email delivery, analytics) under confidentiality agreements, or when required by law.

We engage carefully selected third-party partners and service providers who process personal data on our behalf in compliance with GDPR. From time to time, we appoint digital marketing agencies to conduct outreach and marketing activities on our behalf. As part of these activities, personal data may be processed in accordance with applicable data protection laws. Our appointed data processors include:

(i) Prospect Global Ltd (trading as Sopro) Reg. UK Co. 09648733. You can contact Sopro and view their privacy policy here: sopro.io. Sopro is registered with the ICO Reg: ZA346877. Their Data Protection Officer can be emailed at: dpo@sopro.io.

Data retention and security

We retain your personal data only for as long as necessary to fulfil the purposes described in this policy or as required by law (e.g. tax, legal claims). Typically: contact and form data are retained for the duration of our relationship and a reasonable period thereafter; usage and analytics data may be retained in aggregated or anonymized form. We implement appropriate technical and organizational measures to protect your data against unauthorized access, loss, or alteration. Data transmitted over the internet is not guaranteed to be secure; you provide it at your own risk.

International transfers

Your data may be processed in or transferred to countries outside your country of residence (including the United States and the United Kingdom). Where the GDPR applies and the destination country is not considered to provide adequate protection, we ensure appropriate safeguards are in place (e.g. standard contractual clauses approved by the European Commission or UK equivalents, or other mechanisms permitted by law). You may request details of the safeguards we use by contacting us.

Your rights

Depending on your location, you may have the following rights in relation to your personal data:

• Access: to receive a copy of the personal data we hold about you.
• Rectification: to have inaccurate or incomplete data corrected.
• Erasure (“right to be forgotten”): to request deletion of your data in certain circumstances.
• Restriction: to request that we limit how we use your data in certain circumstances.
• Data portability: to receive your data in a structured, machine-readable format where the processing is based on consent or contract.
• Objection: to object to processing based on legitimate interests (including profiling) or to direct marketing.
• Withdraw consent: where processing is based on consent, to withdraw it at any time.

To exercise any of these rights, contact us using the details on our website. We will respond within the time required by applicable law (e.g. one month under GDPR). You also have the right to lodge a complaint with a supervisory authority in your country of residence (e.g. in the UK, the Information Commissioner’s Office (ICO) at ico.org.uk; in the EU, your local data protection authority).

California residents (CCPA/CPRA): We do not sell or share your personal information as defined under the CCPA. You have the right to know what personal information we collect and how it is used, to request deletion, and to non-discrimination for exercising your rights. We do not use or disclose sensitive personal information for purposes beyond those permitted by the CPRA. If our practices change such that we sell or share personal information as defined by the CCPA/CPRA, we will update this policy and provide a clear “Do Not Sell or Share My Personal Information” link and will honor your choices. You may designate an authorized agent to submit requests under the CCPA/CPRA on your behalf; we may verify the agent’s authority and your identity as permitted by law.

Children

Our services are not directed at individuals under 16 (or the applicable age of consent in your jurisdiction). We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us and we will delete it promptly.

Changes and contact

We may update this policy from time to time. The current version will be posted on this page with a revised “Last updated” date. For questions, requests, or to exercise your rights, contact KPI99 using the contact information provided on our website at kpi99.co.