HMX Zone is operated by Haroon Mohamed, an independent AI automation and lead generation consultant. This policy applies to the website hmxzone.com and any services delivered through it. Contact: For privacy-related enquiries, use the contact form at /contact or reach us via the direct channels listed there.

When you submit an enquiry through our contact form, we collect: • Full name • Email address • Phone number • Company name • Website URL (optional) • Business type • Description of your needs • Current tools you use • Budget range • Project timeline • Any additional message you include We also collect technical data automatically when you visit the site, including IP addresses (for rate limiting and fraud prevention), browser type, referring URL, and pages visited. This is processed by Vercel Analytics and is anonymised where possible.

We use enquiry data solely to: • Review and respond to your project enquiry • Send you an automated confirmation that your message was received • Follow up if your project is a potential fit • Improve the quality of our service screening We do not use your data for any advertising, third-party marketing, or profiling purposes. We do not sell or share your personal data with any third party for their own marketing.

Enquiry data is stored in Supabase, a cloud database service (Supabase, Inc.). Data may be stored on servers in the EU or US depending on the Supabase region configuration. Email notifications triggered by form submissions are sent via Resend (Resend Inc.), a transactional email service. Resend processes your name and email address to deliver confirmation emails. Vercel Analytics processes anonymised usage data. No personally identifiable information is shared with Vercel beyond what is described in their privacy policy.

Enquiry records are retained for up to 24 months from the date of submission. This allows us to reference past conversations and track project histories. If no project engagement follows an enquiry within 12 months, the record may be deleted earlier at our discretion. You can request deletion of your data at any time (see "Your Rights" below).

We do not use advertising cookies or third-party tracking pixels. Vercel Analytics uses a privacy-first approach with no persistent cookies on by default. Speed Insights uses anonymous performance metrics only. No cookie consent banner is required under our current tracking setup because we do not use cookies that require consent under GDPR. If this changes, we will update this policy and add appropriate consent mechanisms.

If you are located in the European Economic Area (EEA), you have the following rights: • Right to access — request a copy of the personal data we hold about you • Right to rectification — ask us to correct inaccurate data • Right to erasure — request deletion of your data ("right to be forgotten") • Right to restrict processing — ask us to limit how we use your data • Right to data portability — receive your data in a structured, machine-readable format • Right to object — object to processing based on legitimate interests To exercise any of these rights, contact us via the form at /contact. We will respond within 30 days.

We take reasonable technical measures to protect your data, including: • Supabase row-level security policies • Cloudflare Turnstile CAPTCHA on all forms • Rate limiting on form submissions • HTTPS encryption in transit No system is 100% secure. If you have reason to believe your data has been compromised, please contact us immediately.

Our services are intended for business professionals and are not directed at children under 16. We do not knowingly collect personal data from anyone under 16. If you believe a minor has submitted data through our site, please contact us and we will delete it promptly.

We may update this policy from time to time. Material changes will be noted at the top of this page with a "last updated" date. Continued use of the site after changes constitute acceptance of the updated policy.