Privacy Policy

1. Introduction

This Privacy Policy ("Policy") applies to the XerpaAI website and the XerpaAI Growth Automation Platform (collectively, the "Services").

In this Policy, "Personal Data" refers to any information that directly or indirectly relates to, describes, or can be used to identify an individual.

Applicability: This Policy applies to Personal Data collected, used, and disclosed by XerpaAI, including but not limited to: (i) data collected through the Services, (ii) data collected during the training of XerpaAI’s machine learning algorithms, (iii) data collected through the XerpaAI.com website, and (iv) data collected from third-party sources. Third-party sources may include, but are not limited to, public databases, commercial data sources, and the public internet.

The Services are provided and controlled by XerpaAI. If you do not agree with this Policy, you should not use the Services.

2. Information We Collect

We may collect the following information from and about you, including information you provide, information collected automatically, and information from other sources.

Information You Provide

For certain activities, such as when you register, use our Services, or contact us directly, you may provide some or all of the following information:

• Authentication Data: Such as registration information, including age, username and password, public profile, language settings, and email address used for verification purposes.
• User Content: We may collect content you create, upload, generate, or access through the Services, including profile information such as nicknames, avatars, and user-generated content, as well as analytics reports and marketing strategies you create and/or share with the Services.
• Payment Information: When you make a purchase, we use third-party payment processors to collect credit card or other financial information. XerpaAI does not store the credit card or payment information you provide, only the payment confirmation.
• Communications: Information contained in communications you send to us.

Information Collected Automatically

When you use the Services, we automatically collect certain information about you, including when you use the web without an account. This information includes:

• Identifiers and Device Information: We collect information about the devices you use to access the Services, such as your device model, operating system, device ID, browser fingerprint, IP address, screen resolution, and operating system. When you log in from multiple devices, we may use your profile information to identify your activity across devices.
• Usage Data: We automatically record your activity on the Services, including the content you view, the time you view such content, access times, the URL of the website you visited before ours, and other details about your use of the Services and actions taken on them.
• Geolocation Data: Depending on your device and network settings, we collect geolocation data when you use the Services.
• Behavioral Data: Event logs collected via SDK, including timestamps, action types, and session duration.
• Third-Party Data Sources: Including but not limited to compliant public databases, integrated only from data providers certified as compliant with applicable regulations (e.g., GDPR/CCPA). We require third-party providers to minimize data transfers, comply with relevant regulations (e.g., GDPR/CCPA), and manage data repatriation.
• Cookies and Similar Technologies: We use cookies, mobile IDs, and other similar technologies to operate the Services, enable certain features, and enhance your experience with the Services.

Information from Other Sources

When you register or log in to the Services using another service, we may collect login information from that service.

3. How We Use Your Information

• Ensure you are of sufficient age to use the Services (including legally required restrictions).
• Provide, improve, and develop our Services and conduct product development.
• Use user content as part of our marketing campaigns to promote the Services.
• Train and improve our technologies, such as our machine learning models and algorithms.
• Understand how you use the Services, including across devices.
• Infer additional information about you, such as your age, general geolocation (e.g., country), and interests, to generate insights about your likely preferences or other characteristics.
• Detect abuse, fraud, and illegal activities on the Services, including scanning, analyzing, and reviewing user content and related metadata to identify violations of our terms, conditions, and policies.
• Provide customer support and respond to your questions, requests, complaints, and feedback.
• Communicate with you, including notifying you of changes to our Services.
• Enforce our terms, conditions, and policies, and fulfill our legal obligations.
• Provide location-based services, such as advertising and other personalized content, based on your permissions.
• Combine all information we collect or receive about you for any of the purposes described above.
• Use your information for any other purpose disclosed to you at the time we collect it or with your consent, or as permitted by applicable law.

4. How We Share Your Information

Our Corporate Group

We may share your information with any member of our corporate group, including our subsidiaries, ultimate holding company and its subsidiaries, or companies we control, are controlled by, or are under common control with, as well as our service providers and strategic business partners, whether in your country or abroad, for the purposes outlined in this Policy, as permitted by applicable law, to assist in improving and optimizing the Services or for our internal business purposes.

Law Enforcement

We may share your information with law enforcement agencies, public authorities, or other entities if required by law or if we believe in good faith that such sharing is reasonably necessary to:

• Comply with legal obligations, processes, or requests.
• Enforce our Terms of Service and other agreements, policies, and standards, including investigating potential violations.
• Exercise or defend any legal claims.
• Detect, prevent, or otherwise address security, fraud, or technical issues.
• Protect the rights, property, or safety of us, our users, third parties, or the public, as required or permitted by law (including exchanging information with other companies and organizations for fraud protection and credit risk reduction).

Sale or Merger

We may disclose your information to third parties:

• If we sell any business or assets, in which case we may disclose your information to the prospective buyer of such business or assets.
• If we sell, buy, merge with, are acquired by, or partner with other companies or businesses, or sell some or all of our assets. In such transactions, your user information may be among the transferred assets.
• We may share all information we collect in connection with a significant corporate transaction, such as the sale of a website, merger, consolidation, asset sale, or in the unlikely event of bankruptcy.

With Your Consent

Finally, we may share information with third parties with your consent or at your direction.

5. International Data Transfers

The information we collect from you may be transferred to and stored at a destination outside your country. It may also be processed by staff operating outside your country who work for us, one of our suppliers, or one of our business partners. By submitting your information, you agree to this transfer, storage, or processing. We will take all reasonably necessary steps to ensure your information is treated securely and in accordance with this Policy and applicable law.

If we transfer your information from the European Economic Area (EEA) or Switzerland to other countries, some of which have not been determined by the European Commission to have an adequate level of data protection, we use various legal mechanisms, including contracts, to help ensure your rights and protections are maintained.

6. Your Rights and Choices

You can access and edit most of your profile information by logging into your account. We also provide many tools in the settings that allow you to control your information. If you choose, you can delete your entire account by contacting us at contact@xerpaai.com.

Depending on where you reside, you may have certain rights regarding your personal information, including:

• The right to request confirmation, free of charge, as to whether we process your personal data.
• The right to access a copy of the personal data we hold about you.
• The right to request correction or deletion of your personal data or to restrict the processing of your personal data.
• The right to receive your personal data in a structured, commonly used, and machine-readable format (data portability).
• The right to withdraw your consent to our collection, use, and disclosure of your personal information.
• The right to opt out of the sale of your personal information and the use or disclosure of your personal information for advertising purposes.
• The right to lodge a complaint with your local data protection authority.

If you have any questions about how to use these tools or about any rights you may have in your country of residence, please contact us at contact@xerpaai.com.

7. Data Security

We take reasonable and appropriate technical and organizational measures to help protect personal data from unauthorized access, use, disclosure, alteration, and destruction.

Unfortunately, the transmission of information over the internet is not completely secure, and we cannot guarantee the security of information transmitted through the Services; any transmission is at your own risk.

To help us protect personal data, we request that you use a strong password, do not share your password with anyone, and do not use the same password on other websites or accounts.

8. Data Retention

We generally retain your information for as long as necessary to provide the Services for the purposes for which the information was collected, including to provide you with the Services. However, in some cases, we may retain this information longer to comply with our legal obligations or where necessary to establish, exercise, or defend legal claims.

After you terminate your use of our Services, we may store your information in an aggregated and anonymized format. Notwithstanding the above, we may also retain any information as reasonably necessary to comply with our legal obligations, allow us to resolve and address disputes, and enforce our agreements.

9. Information About Minors

The Services are not directed to children under 13 years of age (or the equivalent minimum age in the relevant jurisdiction). If you believe we have or have collected personal data from a child under the relevant age, please contact us at contact@xerpaai.com.

10. Privacy Policy Updates

We will generally notify all users of any material changes to this Policy through notices provided via the Services. However, you should periodically review this Policy to check for any changes. We will also update the "Last Updated" date at the top of this Policy, which reflects the effective date of such changes. Your continued access to or use of the Services after the updated Policy date constitutes your acceptance of the updated Policy. If you do not agree with the updated Policy, you must stop accessing or using the Services.

11. Contact Us

Questions, comments, and requests regarding this Policy should be sent to contact@xerpaai.com.

If you wish to file a complaint about how we handle your personal data, please contact us first, and we will endeavor to address your request as soon as possible. This does not affect your right to lodge a complaint with a data protection authority or follow the dispute resolution procedures provided in the Terms of Service.

12. Supplemental Terms - Specific Jurisdictions

United States

If you use the Services in the United States, the following additional terms apply:

Your Rights and Choices

• Know what personal information we have collected about you.
• Request a copy of the personal information we have collected about you.
• Request the deletion of information collected from or about you.
• Correct inaccurate information we maintain about you.
• Opt out of the sale of your personal information and the use or disclosure of your personal information for targeted advertising purposes.

While XerpaAI does not sell your personal information for monetary gain, we do process and disclose your personal information collected in the XerpaAI application to third parties for cross-context behavioral or targeted advertising purposes. You can opt out of the use and disclosure of your personal information for these advertising purposes by navigating to "Your Privacy Choices" in the settings.

European Economic Area ("EEA"), Switzerland, and the United Kingdom

If you use the Services in the EEA, Switzerland, or the United Kingdom, we process your personal data based on the following legal bases:

• To perform a contract when we provide you with the Services.
• To comply with legal obligations.
• Our legitimate interests, such as improving our Services, detecting security incidents, and preventing malicious or illegal activities.
• With your consent, where applicable.

Age Restrictions

By accessing and/or using the Services, you represent that you are at least 13 years old or not under guardianship. If you are under 13 years old or under guardianship:

• You must obtain approval from your parent or legal guardian.
• Your parent or legal guardian is responsible for your compliance with this Policy.

If you have not obtained the consent of your parent or legal guardian, you must stop accessing the Services.