Privacy Policy

Last Updated: October 3, 2025

Document Purpose: This policy explains what personal information we collect, why we collect it, how we use and protect it, and how you can exercise your privacy rights. Transparency is a core commitment.

1. Introduction & Data Roles

XAVVI HOLDINGS ("we", "us") is committed to protecting your privacy. This policy details our data practices for our Service. Under GDPR, we act as a data controller for your direct account information and as a data processor (or service provider under CPRA/CCPA) for the Third-Party Platform content you manage through our Service.

2. Information We Collect and Why

We only collect information essential for providing and improving our Service.

2.1. Information You Provide Directly

Account Information: Name, email, password (hashed). Purpose: To create and secure your account.
Billing Information: Collected by our third-party payment processor. Purpose: To process payments for subscriptions.

2.2. Information from Linked Third-Party Platforms

When you connect an account, we collect data via official APIs for specific functions:

Identifiers (Account IDs, tokens): Purpose: To securely authenticate and maintain the connection to your account.
Content (Media, text, comments, messages): Purpose: To enable you to publish, schedule, and respond to content as directed by you.
Metrics (Analytics, ad performance): Purpose: To display performance insights and reports to you within the Service.

2.3. Information We Collect Automatically

Usage Data: Feature interaction logs. Purpose: To improve our Service and identify popular features.
Device Information (IP address, browser): Purpose: For security monitoring and to prevent fraud.

Google API Services Limited Use Disclosure

Our application's use and transfer of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements. We only use this data to provide and improve user-facing features, and will not use it for advertising or transfer it to third parties except as necessary for security or legal compliance. For full details and revocation instructions, please see our Google API Disclosure.

4. Your Data Protection Rights & Controls

You have full control over your data. We provide all users, regardless of location, with the following rights:

Right to Access: Request a copy of your personal data.
Right to Rectify: Correct any inaccurate data.
Right to Erasure (Deletion): Request the deletion of your account and data.
Right to Data Portability: Receive your data in a machine-readable format.

You can exercise these rights through your account settings or by contacting privacy@xavvi.com. Our clear, step-by-step deletion process is documented on our Data Deletion Process page.

5. Data Security and Retention

We use industry-standard technical and organizational measures to protect your data, including encryption at rest and in transit, and strict access controls. Data is retained only as long as necessary, per the configurable defaults in your account settings (e.g., media for 180 days, logs for 12 months).

6. International Data Transfers

As a U.S. company, we use approved legal mechanisms for data transfers from the EU/UK, such as the EU-U.S. Data Privacy Framework and Standard Contractual Clauses, ensuring your data is protected to a standard equivalent to the GDPR.