top of page

Privacy Policy

Privacy is XPOZ’s code: XPOZ has built our global privacy program based on our Binding Corporate Rules (BCRs), which serve as our code of conduct that governs our global processing of personal data. No matter where you are in the world, where you reside, where your citizenship lies, or where your data comes from, we offer the same high standards of privacy protection to all our customers. More specifically, “No Shenanigans” is one of our company values, and we intend to exemplify that with our Privacy Notice, which we hope will provide clear, detailed, and easy-to-read information about XPOZ’s privacy practices and how we process personal data.

 

In addition, we provide in-time and in-context information about how you can control the data you collect and retain in our API documentation. Because we offer many different products — and our customers can configure them in many different ways — we provide privacy-specific information in our documentation to enable our customers to make choices when using our products. Please check the documentation for the product you’re using to learn more about the data elements it collects and how you can make decisions about that information.

 

When we refer to XPOZ, we mean the XPOZ entity with which you have contracted. For ease of reference throughout this Privacy Notice, “XPOZ” also refers to the companies that are members of the XPOZ Group (the “XPOZ Group Members”) listed in our Binding Corporate Rules. If there are any capitalized terms in this Privacy Notice that are not defined, then those terms will have the meaning defined in your agreement with us.

 

Contents of this Notice

 

- How XPOZ processes your personal data

- Data about our customers

- Data about our customers’ end users

- How XPOZ shares personal data

- How to make choices about your data

- Cookies and tracking technology

- Global privacy compliance at XPOZ

- International data transfers

- XPOZ product privacy

- Security information

- Handling disputes

- Other information you may find useful

 

How XPOZ Processes Your Personal Data

 

When we talk about “personal data,” we’re talking about a broad range of information. Data protection laws around the world define this concept in different ways, but in general, we mean any information that relates to an identifiable, living individual person. In other words, a person’s phone number is personal data, while a business’s phone number is not.

 

In addition, some data protection laws and privacy laws in certain jurisdictions differentiate between “controllers” and “processors” of personal data. A controller decides why and how to process personal data. A processor does not make decisions about personal data; it only processes personal data on behalf of a controller based on the controller’s instructions.

 

With this background, let’s take a high-level look at the personal data XPOZ collects and how we process it.

 

If you are a customer of ours, XPOZ processes personal data in different ways when you use our products and services.

 

- We process your personal data as a customer (or potential customer) of XPOZ’s services — information that we refer to as Customer Account Data (e.g., your contact information) — when you visit an XPOZ public-facing website like xpoz.ai; sign up for an XPOZ event; reach out to our Sales team; or sign up for an XPOZ account and use our products and services.

- We process the personal data of your end users who use or interact with your application that you’ve built on XPOZ’s platform, like the people you communicate with by way of that application. This includes information we use to route messages and metadata about messages — we refer to this information as Customer Usage Data — and it also includes the contents of communications, which we refer to as your Customer Content. You can see a more detailed definition of “Customer Content” in our Data Protection Addendum, which is part of our agreement with you.

- XPOZ processes these categories of personal data differently because the direct relationship we have with you, our customer, is different from the indirect relationship we have with your end users.

- When XPOZ processes your Customer Account Data and your Customer Usage Data, XPOZ is acting as a controller. We are also a controller for our employees’ personal data. When XPOZ processes your Customer Content, we are acting as a processor.

 

If you are a visitor to our website (by which we mean any website that links back to this Privacy Notice in its footer, such as to xpoz.ai), or if you are not an XPOZ user and you are attending one of our events, we collect a minimal amount of data about you (depending on how much you’ve chosen to share with us). This might be as little as an IP address or a cookie, and it might be your contact information. We also consider this Customer Account Data. You can read below about how we process visitors’ Customer Account Data.

 

If you are an applicant to a job at XPOZ you can read below about how we process applicant data here.

 

If you are an end user of an XPOZ customer, this Privacy Notice does not apply to the services that our customers provide to their end users. Our customers have their own policies regarding the collection, use, and disclosure of the personal data of their end users. If you are an end user of one of our customers and want to learn about how that customer handles your personal data, we encourage you to read the customer’s privacy policy. Only the customer can assist you with requests for access or deletion.

 

Data about our customers

In short, XPOZ requires the minimal amount of data necessary to provide services to you, and the amount or type of data we collect depends on the product or service you choose or how you use it. If you choose to share additional information with us so that we can better customize your account and our services, we’ll process that with the same care and respect. We do not sell your personal data and we do not share your information with third parties for those third parties’ own business interests. This Privacy Notice describes the data we collect from our customers at a high level, but you can always learn more by reading our API documentation.

 

We use the information we collect and share it with our service providers primarily to provide the services you’ve requested from us, and as needed for our operational purposes (e.g., to do the things we need to do to function as a business, such as to collect payment). In addition, we may use data about our customers to detect, prevent, or investigate security incidents, fraud, or abuse and misuse of our platform and services.

 

Data we process during account creation and account usage

When you sign up for an account with us, we ask for certain information like your contact details and billing information to facilitate payment and communication. We also collect some information automatically, like your IP address, when you log in to your account or when your software application built on XPOZ makes requests to our APIs. We use this to understand who is using our services and how, and to detect, prevent and investigate fraud, abuse, or security incidents.

 

Information You Share Directly:

- Name and contact information: When you sign up for an XPOZ account with us, we will ask you to give us your name, email address, and optionally, your company name, and to create a password. You can also name your account (or accounts, if you have more than one). We collect this information so we know who you are — this helps us communicate with you by email, text or voice call about your account(s), service-related information, recognize you when you communicate with us through the account portal or otherwise, bill you correctly, and provide other services.

- Telephone number: When you first sign up for an account, we may also ask you for a telephone number (where it’s relevant to the service you’re using) so we can communicate a verification code to that telephone number and have you enter the code into our website. This helps us verify that you’re actually a human being. An XPOZ team member may also contact you at this number to help you with onboarding unless you choose not to be contacted.

- Payment information: When you upgrade your trial account, we’ll ask you to provide our payment processor with your payment method information like a credit card or your Paypal account and your billing address. Our payment processor, acting on our behalf, gathers this so we can bill you for your use of our products and services. Our payment processor will share your billing address with XPOZ. We’ll also use your billing address for tax calculation and audit purposes.

- Subscriber records: For some products, we may also obtain proof of identity from you that includes a proof of address, name, physical address, or other identification information. For example, to use our services or to obtain a phone number in certain countries, local law may require us to have a physical service address on file for the individual who will be using that XPOZ number, whether that’s you or your end user. We may also need proof of identity and physical service address. We call these “subscriber records.” We may have to share subscriber records with local government authorities or with the local telecommunications carrier that provides connectivity services. We may also use this physical service address for tax purposes. However, we don’t share subscriber records for purposes other than this, and we treat these records with our highest confidentiality.

- Personalization details: Some of our products, such as our short code service, may require you to complete an application form by providing details about your company and your intended use of the product. We’ll use this information for the purpose of determining eligibility for these products. We may also use it in connection with improving our own internal processes and services or to train our team members.

 

Information We Generate or Collect Automatically:

- SIDs: When you sign up for an account with XPOZ, we’ll automatically assign you and each of your accounts a unique ID — a SID — and we’ll automatically generate an API token for each of your accounts. These are used like a username and password to make API requests. Instead of using these API tokens, you can provision API Keys and use your API key for authentication when making requests to our APIs. We keep a record of these credentials so we know it is you making the requests when your application makes requests to our API using these credentials.

- Customer Proprietary Network Information: When you use certain voice-based communications services, XPOZ collects information associated with your usage of the services. This includes information such as number of phone calls, call destinations, call locations, type, and service configuration, and is known as Customer Proprietary Network Information (CPNI). CPNI does not include information such as your name, address, phone number, or the content of phone calls. We use this information to market related XPOZ products or services to which you are not already subscribed unless you have exercised your right to opt out.

- Device information and IP addresses: When you use our account portal, we collect your IP address and other data through tracking technologies like cookies, web beacons, and similar technologies. We also collect IP addresses when you make requests to our APIs and in our server logs. We use this information to understand how customers are using our platform, who those customers are (if they are a company and the IP address is associated with that company), what country they are logging in from (for analytics and export control purposes), and to help improve the navigation experience. You can learn more about cookies in the section titled “Cookies and Tracking Technologies” below. When you use our account portal, we also collect information about your device, such as your computer or mobile device operating system type and version number, manufacturer and model, browser type, screen resolution, unique identifiers, and general location information such as city or town. We do not collect precise geographical information.

 

Data we process from our website, events, and interactions

When you visit our website, sign up for an XPOZ event or request more information about XPOZ, we collect information automatically using tracking technologies, like cookies, and through web forms where you type in your information. We collect this information to provide you with what you request through the web form, to learn more about who is interested in our products and services, and to improve navigation experience on our pages. You can learn more about cookies in the section titled “Cookies and Tracking Technologies” below.

 

Information You Share Directly:

- Web Forms: In some places on XPOZ’s public-facing websites, you can fill out web forms to ask to be contacted by our Sales Team, sign up for a newsletter, register for an XPOZ event, or take a survey. The specific personal data requested on these forms will vary based on the purpose of the form. We will ask you for information necessary for us to provide you with what you request through the form (for example, we will ask you for your email address if you want to sign up for an email newsletter and for your phone number if you want a member of our Sales Team to call you). We may also ask you for additional information to help us understand you better as a customer, such as your XPOZ use case, your company name, or your role at your company. If you sign up to receive ongoing marketing communications from XPOZ, like a newsletter, you can always choose to opt out of further communications through a preferences page which will be linked from any marketing email you receive from XPOZ. You can also contact our Customer Support Team to communicate your choice to opt out.

- Sales or Customer Support Teams: If you contact our Sales or Customer Support Teams, those teams keep a record of that communication, including your contact details and other information you share during the course of the communication. We store this information to help us keep track of the inquiries we receive from you and from customers generally so we can improve our products and services and provide training to team members. This information also helps our teams manage our ongoing relationships with our customers. Because we store a record of these communications, please be thoughtful about what information you share with our Sales and Customer Support Teams. While we will take appropriate measures to protect any sensitive information you share with us, it is best to avoid sharing any personal or other sensitive information in these communications not necessary for these teams to assist you.

 

Information We Collect Automatically:

When you visit XPOZ websites, including our web forms, we and our service providers acting on our behalf automatically collect certain information using tracking technologies like cookies, web beacons, and similar technologies. We use this information to understand how visitors to our websites are using them and which pages and features of the websites are most popular. This helps us understand how we can improve our websites and track performance of our advertisements. In addition, we use tracking technologies to help improve the navigation experience on XPOZ websites. We don’t sell this information to third parties. For more details on our use of cookies and other tracking technologies, please read the below section titled “Cookies and Tracking Technologies.”

 

Marketing information

We use your email address to send you information about other XPOZ products, services or events in which we think you may be interested. You can opt out of receiving marketing communications from us at any time through your marketing preferences page by clicking the “unsubscribe” link at the bottom of any marketing email you receive from XPOZ. You can also update your communication preferences using our online form or contact our Customer Support Team to communicate your choice to opt out. Please note that it may take up to three days to remove your contact information from our marketing communications lists, so you may receive correspondence from us for a short time after you make your request. You will not be able to opt out of service emails from us, such as password reset emails, billing emails, or notifications of updates to our terms, unless you deactivate your account.

 

We may also use publicly-available information about you that we have gathered through services like LinkedIn, or we may obtain information about you or your company from third party providers. We use this information to help us understand our customer base better, such as your industry, the size of your company, and your company’s website URL. We also use this information to reach out to potential candidates for roles at XPOZ.

 

When you visit an XPOZ website, we process your information to market our services to you on other websites. You are able to opt out of targeted advertisements by using the cookie consent management tool on Wix. To learn more about how we process this information and how to make choices about what is collected, please see the “Cookies and Tracking Technologies” Section below.

 

How Long We Store Your Customer Account Data

XPOZ will store your Customer Account Data as long as needed to provide you with our services and to operate our business. If you ask XPOZ to delete specific personal data from your Customer Account Data (see ‘Choices About Your Customer Account Data’ below), we will honor this request unless deleting that information prevents us from carrying out necessary business functions, such as billing for our services, calculating taxes, or conducting required audits.

 

More specifically, within 60 days following closure of your account, we will either delete other Customer Account Data or transform it such that it can no longer be used to identify you, with the following exceptions, depending on and in accordance with applicable law:

 

- Customer Account Data is stored for up to seven years following closure of your account. However, we may retain invoice records, including their digital equivalent, for longer periods for accounting, tax, and audit purposes.

- Where we collect subscriber records, we will retain this data for such time as needed for legal, security and anti-fraud purposes.

- We may retain your communications with XPOZ’s Customer Support Teams for up to three years after your account is closed.

- We may need to retain data due to special circumstances (such as due to an open investigation, audit, or other legal matter).

 

Please read our support page on data retention for more detailed information about our retention and deletion practices.

 

Data about our customers’ end users

What Customer Usage Data and Customer Content XPOZ Processes and Why

We use Customer Usage Data and Customer Content to provide services to you and to carry out necessary functions of our business as a communications service provider. We do not sell your end users’ personal data and we do not share your end users’ information with third parties for those third parties’ own business interests or cross-context behavioral advertising.

 

The particular end user personal data XPOZ processes when you, our customer, use our products and services, and the reasons XPOZ processes end user personal data, depends on how you use our products and services and which XPOZ products and services you use. For that reason, our API docs for each of our products and services are the best place to find information about our processing of personal data when you use that XPOZ product and service. In many cases, you can opt to store records of your communications or other activities in your XPOZ account, and these records may include your end users’ personal data. You may also have the option to use additional features or tools within XPOZ’s products or services that allow you to do things such as analyze the records, including end user personal data, in your XPOZ account. In those cases, XPOZ will process this information to provide you with the service you request.

 

For XPOZ’s customers, our Data Protection Addendum describes more about how we process Customer Content in accordance with your instructions. That Data Protection Addendum is a part of your agreement with us by default.

 

How Long We Store Customer Usage Data and Customer Content

Details regarding how long your end user personal data may be stored on XPOZ systems will depend on which XPOZ products and services you are using and how you are using them.

For that reason, our API docs for each of our products and services, along with Wix’s documentation, are the best place to find more detailed information about managing end user data collected and stored in connection with your use of our products and services. We also provide an overview of our retention periods in our support documentation.

 

As an XPOZ customer, if the XPOZ product or service you use enables you to store records of your usage on XPOZ, including personal data contained within those records, and you choose to do so, then XPOZ will retain these records for as long as you instruct, up until termination of your account. In some cases, use of extended storage may cost more. If you later instruct us to delete those records (please see below for information on how to delete your records), we will do so. Please note that it may take up to 30 days for the data to be completely removed from all systems.

 

How XPOZ shares personal data

We do not sell your personal data or the personal data of your end users. We also do not allow any personal data to be used by third parties for their own marketing purposes (except in cases where you explicitly request or provide consent for us to do so, such as at a conference when you direct us to share your information with a sponsor) or share personal data for cross-context behavioral advertising. However, we do need to share personal data in order to provide our products and services to you, such as to route a call you send through us or to store data you ask us to store. Below are the different scenarios under which we may share your data with third parties.

 

- Telephony operators as necessary for proper routing and connectivity: XPOZ provides an easier way for developers to build applications that make use of the publicly switched telephone network (PSTN) to send communications. Therefore, communications-related data is shared with and received from telephony operators as necessary to route and connect those communications from the sender to the intended recipient. How those telephony operators handle this data is generally determined by those operators’ own policies and local regulations.

- Other communications service providers for proper routing and connectivity: XPOZ also enables sending or receiving communications through communications service providers that do not use the PSTN, such as WhatsApp and Facebook Messenger (referred to as Over-the-Top (OTT) communications service providers). If you choose to use XPOZ to send or receive communications by way of these providers, XPOZ will share communications data with these providers as necessary to route and connect those communications from the sender to the intended recipient. How those OTT communications service providers handle this data is determined by their own policies.

- Third-party service providers or consultants: XPOZ engages certain third-party vendors and service providers to carry out certain data processing functions on our behalf. These providers are limited to only accessing or using this data to provide services to us and must provide reasonable assurances they will appropriately safeguard the data.

- Sub-processors: A sub-processor is a vendor that is permitted to process data for which we are a processor — in other words, Customer Content. We share Customer Content with sub-processors who assist in providing the XPOZ services, like our infrastructure provider, or as necessary to provide optional functionality like transcriptions. An up-to-date list of XPOZ sub-processors is located here.

- Add-on Partners: Add-ons are additional features, functionality or services offered by XPOZ’s Add-on partners (who are third parties not affiliated with XPOZ). XPOZ may make Add-ons available through the XPOZ Marketplace. Some Add-ons may need to access or collect some of your information, including personal data. If you choose to use an Add-on, XPOZ will share your information with the Add-on partner so you can use the Add-on. XPOZ does not control Add-on partners’ use of your information and their use of your information will be in accordance with their own policies. If you do not want your information to be shared with an Add-on partner, then you should not use the Add-on.

- Compliance with Legal Obligations: We may disclose your or your end users’ personal data to a third party if (i) we reasonably believe that disclosure is compelled by applicable law, regulation, legal process, or a government request (including to meet national security, emergency services, or law enforcement requirements), (ii) to enforce our agreements and policies, (iii) to protect the security or integrity of our services and products, (iv) to protect ourselves, our other customers, or the public from harm or illegal activities, or (v) to respond to an emergency which we believe in good faith requires us to disclose data to assist in preventing a death or serious bodily injury. For more details, please see the procedure laid out in our Binding Corporate Rules.

- If XPOZ is required by law to disclose any personal data of you or your end user, we will notify you of the disclosure requirement, unless we are prohibited by law. Further, we object to requests we do not believe were issued properly.

- XPOZ Group Members: We may share your personal data or your end users’ personal data among XPOZ Group Members. XPOZ Group Members will only use the information as described in this notice. You may see who XPOZ Group Members are by looking in our Binding Corporate Rules.

- Business transfers: If we go through a corporate sale, merger, reorganization, dissolution or similar event, data we gather from you may be part of the assets transferred or shared in connection with the due diligence for any such transaction. In that situation, and that situation only, we might transfer your data in a way that constitutes a sale under applicable law. If we do, we’ll let you know ahead of time, and we will require any acquirer or successor of XPOZ to continue to process data consistent with this Privacy Notice.

- Aggregated or de-identified data: We might also share data about our customers with third parties if the data has been de-identified or aggregated in a way so it cannot be used to identify you or your end users.

 

How to make choices about your data

Choices About Your Customer Account Data

- Accessing and Controlling Account Data: As part of the services we provide to our customers, we provide you with a number of self-service features at no additional cost within the XPOZ console itself, including the ability to access your data, update any incorrect data, download a copy of your data, delete your data, or restrict the use of your data. You can make various choices about your Customer Account Data through the account portal when you log into your XPOZ account or through the marketing preferences center. Any other requests about your data you cannot make through these self-service tools, you can contact Customer Support.

- Closing Your Account and Deletion: To request closure or deletion of your XPOZ account, you can contact Customer Support. Please be aware that closure or deletion of your XPOZ account will result in you permanently losing access to your account and the data in the account. After closure of your account, certain information associated with your account may remain on XPOZ’s servers in an aggregated form that does not identify you or your end users. Similarly, after you close your account, we will retain data — including personal data — associated with your account that we are required to maintain for legal purposes or for necessary business operations (see “How Long We Store Your Customer Account Data” section above) until it’s no longer needed.

- Our Support portal provides documentation regarding how to delete the data you control and how long we retain it.

- Customer Proprietary Network Information (CPNI): As an individual XPOZ account owner or as an authorized representative of an XPOZ customer, you have the right to restrict XPOZ’s use of CPNI. To opt-out of the use of CPNI data related to your XPOZ account to market other XPOZ products and services based on your usage of our products, click here. Please note that, if you have subscribed for the services on behalf of an organization, the CPNI relates to the service usage by that organization and not you individually. Opting-out of the use of CPNI for marketing will not unsubscribe you from other types of marketing contacts from XPOZ and will not affect the status of the services you currently have with us. Your approval or opt-out of the use of your CPNI outside of the services to which you are already subscribed is valid until you affirmatively revoke or limit such approval.

- Other Choices About Your Customer Account Data: In addition, you can express other choices about your Customer Account Data (e.g., accessing it, deleting it, restricting its use, porting it, or withdrawing consent for its use) by contacting Customer Support.

 

Choices About Your End Users’ Data

We also offer you the ability to delete, access, or exercise other choices about end user data, namely Customer Usage Data and Customer Content. Your ability to make choices about this data depends on the XPOZ product or service you use and how you use the product or service. For that reason, our API docs for each of our products and services, along with Wix’s documentation, are the best place to find more detailed information about managing end user data collected and stored in connection with your use of our products and services.

 

In some cases, we may retain a copy of your usage records, including the personal data contained in them, to carry out necessary functions like billing, invoice reconciliation, troubleshooting, along with detecting, preventing, and investigating spam, fraudulent activity, and network exploits and abuse. Sometimes legal matters arise that also require us to preserve records, including those containing personal data. These matters include litigation, law enforcement requests, or government investigations. If we have to do this, we will delete the impacted records when we are no longer legally obligated to retain them. We may, however, retain or use records after they have been anonymized, if the law allows.

 

Cookies and Tracking Technologies

XPOZ uses common information-gathering tools such as cookies, web beacons, pixels and other similar tracking technologies to automatically collect information as you navigate our websites, your account or when you interact with emails we sent to you.

 

Cookies

A cookie is a piece of data contained in a very small text file that is stored in your browser or elsewhere on your hard drive. Cookies allow XPOZ to identify your device as you navigate our websites or your account. This makes navigating and interacting with our websites or your account more efficient, easy and meaningful for you.

 

By themselves, cookies do not identify you specifically. Rather, they recognize your web browser. So, unless you identify yourself specifically to XPOZ, like signing into your account, we don’t know who you are just because you visited our website.

 

XPOZ uses both session and persistent cookies. Session cookies are cookies that disappear from your computer or browser when you turn off your computer. Persistent cookies stay on your computer even after you’ve turned it off. Additionally, the cookies on our websites fall into three categories: (1) Required Cookies, (2) Functional Cookies, and (3) Advertising Cookies. To learn more about each category of cookie, you can visit our cookie consent tool by clicking on the “Cookie Preferences” link on the bottom right of the XPOZ website you are visiting.

 

How to Control & Delete Cookies

- Wix Consent Tool: XPOZ uses Wix as our cookie consent tool, which you can utilize to customize your cookie preferences. When you visit our website for the first time, a cookie consent banner will pop up and ask you to customize your cookie preferences. If you decide to change your preferences at a later date, you can easily do so by clicking on the “Cookie Preferences” link on the bottom right of the XPOZ website you are visiting. Please note that Required Cookies cannot be disabled and if you decide to opt-out of Functional Cookies, certain functionality of our websites or your account may be impacted.

- Using Your Browser: In addition to using our Wix Cookie Consent tool, you can use your browser settings to opt out of Functional Cookies and Advertising Cookies. For more information on how to do that, click here. To manage privacy and storage settings for cookies, click here.

- Do Not Track: Some browsers allow a “do not track” (DNT) setting that requests that a web application disable its tracking of an individual user. When you choose to turn on the DNT setting in your browser, your browser will send a special signal to websites, analytics companies, ad networks, plug-in providers, and other web services you encounter while browsing and stop tracking your activity. To set up DNT, you can visit the All About DNT page. If you do choose to set up DNT, we will automatically turn off all non-required cookies on XPOZ’s websites for you. Please note that this may impact the functionality of our websites or your account.

- Global Privacy Control: Global Privacy Control (GPC) is a technical specification that you can use to inform websites of your privacy preferences in regard to ad trackers. To set up GPC, you can visit the Global Privacy Control page. If you do choose to set up GPC, we will automatically turn off all non-required cookies on XPOZ’s websites for you. Please note that this may impact the functionality of our websites or your account.

- Opting out of Advertising Cookies: To learn more about how to opt out of targeting and advertising cookies, you can go to the Your Online Choices page, the Network Advertising Initiative page, and the Digital Advertising Alliance’s Consumer Choice page. These opt-out tools are provided by third parties, not XPOZ. We do not control or operate these tools or the choices that advertisers and others provide through these tools.

 

Web Beacons

XPOZ also uses web beacons to gather data about your use of our websites, your account, and how you interact with emails we have sent to you. Web beacons are clear electronic images that can recognize certain types of data on your computer, like when you view a particular website tied to the web beacon, and a description of a website tied to the web beacon. Additionally, we may put web beacons in marketing emails that notify us when you click on a link in the email that directs you to an XPOZ website. We use web beacons to operate and improve our websites and email communications to you.

 

Global Privacy Compliance at XPOZ

XPOZ is a global company with customers and offices all around the world. As such, our approach to privacy compliance is a global one. No matter where you are located, whether in the United States, the European Economic Area (EEA), the United Kingdom (UK), Latin America, or the Asia-Pacific region, we remain committed to abiding by all applicable data protection laws.

 

Regions Requiring a Legal Basis for Processing Personal Data

If you are from a region that requires a legal basis for processing personal data (such as the EEA or the UK), our legal basis for collecting and using the personal data described above will depend on the personal data concerned and the specific context in which we collect it.

 

However, we will normally collect personal data from you only where we need the personal data to perform a contract with you, or where the processing is in our legitimate interests and not overridden by your data protection interests or fundamental rights and freedoms, or where we have your consent to do so. In some cases, we may also have a legal obligation to collect personal data from you or may otherwise need the personal data to protect your vital interests or those of another person, such as in the case where we request personal data from you in the context of a government audit or in response to a request from law enforcement.

 

If you have questions about or need further information concerning the legal basis on which we collect and use your personal data, please contact us using the contact information provided below.

 

Broadly speaking, we use Customer Account Data to further our legitimate interests to:

 

- understand who our customers and potential customers are and their interests in XPOZ’s product and services;

- manage our relationship with you and other customers;

- carry out core business operations such as accounting, filing taxes, and fulfilling regulatory obligations; and

- help detect, prevent, or investigate security incidents, fraud and other abuse or misuse of our products and services.

 

United States

State Consumer Access and Deletion Rights

For those customers that would like more information about our use of Customer Account Data or Customer Usage Data, you have the ability to request:

 

- that we provide details about the categories of personal data that we collect about you, including how we collect and share it;

- that we provide you access to, and a copy of, the personal data we collect about you;

- that we update or correct any inaccurate personal data we have about you; and

- that we delete the personal data we have about you.

 

Please scroll up to our section above on How to make choices about your data for more information about how to make a request.

 

Please be aware that when you ask us for these things, we will take steps to verify that you are authorized to make the request. You do not have to be from any specific state, such as California, Colorado, Utah, or Virginia, to make this request. We won’t discriminate against you or change the price of our services if you make a request, but if you ask us to delete your data, it may affect your ability to use our service.

 

If you’re a Californian interested in what personal data we have shared lately for our business purposes, here’s a list:

 

- Identifiers

- Commercial information

- Financial information

- Internet or other electronic activity information

- Geolocation information

- Professional or employment information

 

By “our business purposes,” we mean that we only share personal data as we describe in the section above (in other words, with telephony operators, communications providers, and so on).

 

Other regions

If you are in a region other than the EEA, the UK, or the United States, we aren’t forgetting you! There are just some specific requirements those regions ask us to put in our Privacy Notice. Some countries, like Brazil, also have specific privacy notice requirements, and we address those requirements in our general privacy sections above. If there are specific changes we need to make to our legal language to comply with a country’s privacy or data protection laws, you can find those changes in our Data Protection Addendum.

 

Privacy Compliance for Specific Individuals

- Employee Applicant and Employee Data: Whether you are applying for a position at XPOZ or are a current or former employee, we remain committed to practicing a “no shenanigans” approach to your personal data. For up-to-date information on the types of data we process about you as an applicant and how we protect it, please see our Applicant Privacy Notice.

- Information from Children: We do not knowingly permit children (under the age of 13 in the US and UK or 16, if you live in the EEA) to sign up for an XPOZ account. If we discover someone who is underage has signed up for an XPOZ account, we will take reasonable steps to promptly remove that person’s personal data from our records. If you believe a person who is underage has signed up for an XPOZ account, please contact us at legal@xpoz.ai.

bottom of page