Privacy Policy

Effective Date: January 1, 2025

Xinfer.AI ("we," "our," or "us") respects your privacy. This Privacy Policy explains how we collect, use, and protect information when you use our platform to deploy domain-expert AI assistants.

This policy applies to two groups:

Customers: Businesses that use our platform to deploy AI assistants
End Users: Individuals who interact with AI assistants powered by our platform

1. Information We Collect

1.1 From Customers

Account Information:

Name, email address, phone number
Company name and billing address
Payment information (processed by third-party providers)

Platform Configuration:

Domain settings and branding preferences
AI assistant configurations and prompts
Category mappings and keyword settings

Website Content (with your authorization):

Publicly available pages we crawl on your behalf
Product catalogs and data you provide
FAQs, guides, policies, and other content you designate

1.2 From End Users

Conversation Data:

Chat messages and queries submitted to AI assistants
Conversation history and context
Voice transcripts (if voice features are enabled)

Technical Data:

IP address and approximate location
Browser type and device information
Session duration and interaction patterns

1.3 Automatically Collected

Usage Analytics:

Platform feature usage and performance metrics
Error logs and diagnostic information
API call volumes and response times

Cookies and Tracking:

Essential cookies for platform functionality
Analytics cookies to improve our service
See Section 7 for cookie details

1.4 Social Login Data

When you sign in using a third-party provider (Facebook, Google, or GitHub), we receive:

From Facebook:

Your email address
Your name
Your profile picture URL
Your Facebook account identifier

From Google:

Your email address (must be verified with Google)
Your name
Your profile picture URL
Your Google account identifier

From GitHub:

Your primary verified email address
Your name or username
Your avatar URL
Your GitHub account identifier

What We Do NOT Receive:

Your social media posts or content
Your friends or contacts list
Your private messages
Access to post on your behalf
Your password from the provider

2. How We Use Information

2.1 Customer Data

We use customer information to:

Provide and maintain your AI assistant deployment
Crawl and index your designated website content
Process payments and manage your subscription
Communicate service updates and support
Improve platform features and performance
Comply with legal obligations

2.2 End User Data

We use end user information to:

Power AI assistant responses with relevant context
Maintain conversation continuity across sessions
Analyze usage patterns to improve response quality
Detect and prevent abuse or misuse
Generate anonymized analytics for customers

2.3 Social Login Data

When you sign in using Facebook, Google, or GitHub, you consent to:

Creation of an account using the email and name from that provider
Storage of your provider account identifier to enable future sign-ins
Association of your conversations and activity with your account

We use social login data solely for authentication and account management. We do not:

Use your social login data for advertising or profiling
Share your social login data with third parties (except as required for authentication)
Access any additional information from your social media accounts

2.4 What We Do NOT Do

We do not sell personal data to third parties
We do not use your content to train AI models for other customers
We do not share your proprietary data with competitors
We do not serve targeted advertising based on conversation content

3. Data Isolation and Security

3.1 Customer Data Isolation

Your data is logically separated from other customers:

Your website content powers only your AI assistant
Your product catalog is not accessible to other customers
Your conversation data is not shared across deployments

3.2 AI Model Training

Your content is not used to train general AI models.

We use third-party AI providers (OpenAI, Anthropic, Google) for inference
Your content is sent to these providers only to generate responses
We do not contribute your data to their training datasets
Review our AI providers' privacy policies for their data practices

3.3 Security Measures

We protect your data with:

Encryption in transit (TLS 1.3) and at rest (AES-256)
Regular security audits and penetration testing
Role-based access controls
Secure cloud infrastructure with SOC 2 compliance
Employee training on data protection

4. Data Sharing

We share information only in these circumstances:

4.1 Service Providers

We use trusted partners to operate our platform:

Cloud hosting providers (infrastructure)
Payment processors (billing)
AI inference providers (response generation)
Analytics services (platform improvement)

These providers are contractually bound to protect your data.

4.2 Legal Requirements

We may disclose information when required by:

Valid legal process (subpoena, court order)
Government requests with proper authority
Protection of our legal rights
Prevention of fraud or security threats

4.3 Business Transfers

In the event of a merger, acquisition, or sale, your data may transfer to the successor entity with equivalent privacy protections.

4.4 With Your Consent

We may share data when you explicitly authorize us to do so.

5. Data Retention

5.1 Customer Data

Account information: Retained while your account is active, plus 30 days after termination
Website content and catalogs: Retained while your subscription is active, deleted within 30 days of termination
Platform configurations: Exportable upon request, deleted within 30 days of termination

5.2 End User Data

Conversation history: Retained according to customer configuration (default: 90 days)
Technical logs: Retained for 30 days for debugging purposes
Anonymized analytics: May be retained indefinitely in aggregate form

5.3 Deletion Requests

You may request deletion of your data at any time. We will process requests within 30 days, subject to legal retention requirements.

6. Your Rights

6.1 Customer Rights

You have the right to:

Access: Request a copy of your stored data
Correction: Update inaccurate information
Deletion: Request removal of your data
Export: Receive your configurations in machine-readable format
Restriction: Limit how we process your data
Objection: Opt out of certain processing activities

6.2 End User Rights

End users may exercise their rights by:

Contacting the business that deployed the AI assistant
Requesting the business to relay requests to us
Contacting us directly at privacy@xinfer.ai

6.3 Social Login Rights

If you signed in using a social login provider (Facebook, Google, or GitHub), you have additional rights:

Revoking Access: You can revoke our access to your social login data at any time by:

Removing our app from your Facebook settings: facebook.com/settings/?tab=applications
Removing our app from your Google account: myaccount.google.com/permissions
Revoking access from your GitHub settings: github.com/settings/applications

Data Deletion: When you remove our app from a social login provider:

We automatically receive a data deletion request (for Facebook)
Your social login data is removed from our systems
Your account remains accessible via email/password or other connected providers

Disconnecting Providers: You may disconnect a social login provider while keeping your account by contacting us at privacy@xinfer.ai.

6.4 Exercising Your Rights

To exercise any right, contact us at privacy@xinfer.ai with:

Your name and contact information
Specific request details
Verification of your identity

We respond to requests within 30 days.

7. Cookies and Tracking

7.1 Types of Cookies

Type	Purpose	Duration
Essential	Platform functionality, authentication	Session
Analytics	Usage patterns, performance metrics	1 year
Preferences	Language, theme settings	1 year

7.2 Managing Cookies

You can control cookies through:

Browser settings to block or delete cookies
Our cookie preference center (where available)
Opt-out links for analytics providers

Disabling essential cookies may prevent platform functionality.

7.3 Do Not Track

We respect Do Not Track browser signals and limit tracking accordingly.

8. International Data Transfers

8.1 Data Location

Our primary infrastructure is located in the United States. Data may be processed in other regions where our service providers operate.

8.2 Transfer Safeguards

For transfers from the EU/EEA/UK, we rely on:

Standard Contractual Clauses approved by the European Commission
Adequacy decisions where applicable
Your explicit consent when required

9. Children's Privacy

Our platform is designed for business use and is not directed at children under 16. We do not knowingly collect data from children. If you believe a child has provided us with personal information, contact us for removal.

10. Customer Responsibilities

As a customer deploying AI assistants, you are responsible for:

Providing appropriate privacy notices to your end users
Obtaining necessary consents for data collection
Configuring data retention according to your legal requirements
Responding to end user privacy requests
Compliance with privacy laws applicable to your business

11. Changes to This Policy

We may update this Privacy Policy periodically. Material changes will be communicated via:

Email notification to registered customers
Platform notification at least 30 days before taking effect
Updated "Effective Date" at the top of this policy

Continued use after changes constitutes acceptance.

12. Contact Us

For privacy questions or to exercise your rights:

Email: privacy@xinfer.ai General Inquiries: info@xinfer.ai Website: xinfer.ai

For EU residents, you may also lodge a complaint with your local data protection authority.

Last updated: December 24, 2025