← Back to Home

Privacy Policy

Last updated: March 26, 2026

1. Information We Collect

We collect information you provide directly when using XOO ERP:

Account information: name, email address, company name, phone number
Business data: employee records, project data, financial records, documents, and other information you enter into the system
Usage data: login times, pages visited, features used (collected automatically for service improvement)
Technical data: IP address, browser type, device information (collected automatically)

2. How We Use Your Information

We use your information solely to:

Provide, maintain, and improve the Service
Process your transactions and manage your account
Send service-related communications (billing, maintenance, security alerts)
Respond to your support requests
Detect and prevent fraud or security incidents
Comply with legal obligations

We do not use your business data for advertising, profiling, or any purpose other than providing the Service.

3. Data Storage & Isolation

Each customer's data is stored in a dedicated, isolated database. Your data is never commingled with other customers' data. Databases are hosted on secure servers with encrypted storage and regular automated backups.

4. Data Sharing

We do not sell, rent, or trade your personal information or business data. We may share data only in these limited circumstances:

Service providers: we use third-party services for hosting, email delivery, and payment processing. These providers are bound by data processing agreements and only access data necessary to perform their function.
Legal requirements: we may disclose data if required by law, court order, or governmental regulation.
Business transfer: in the event of a merger, acquisition, or sale of assets, your data may be transferred as part of the transaction. We will notify you in advance.

5. Cookies & Tracking

We use only essential session cookies required for authentication and security (CSRF protection). We do not use advertising cookies, tracking pixels, or third-party analytics services. No data is shared with advertising networks.

6. Data Retention

We retain your data for the duration of your account subscription. Upon account cancellation or termination:

Your data remains accessible for 30 days for export
After 30 days, your data and database are permanently deleted
Backup copies are purged within 90 days of deletion

We may retain anonymized, aggregated usage statistics that cannot be linked to any individual or organization.

7. Data Security

We implement comprehensive security measures including:

TLS/SSL encryption for all data in transit
Encrypted database connections
Passwords hashed with bcrypt (cost factor 12)
Optional two-factor authentication (TOTP)
Role-based access control with fine-grained permissions
Content Security Policy (CSP) headers
Rate limiting on authentication endpoints
Regular security audits

8. Your Rights

You have the right to:

Access: view all data stored in your account at any time
Export: download your data in SQL or CSV format via Settings → Data Export
Correction: update or correct any information in your account
Deletion: request complete deletion of your account and data by contacting us
Portability: receive your data in a structured, machine-readable format

9. Children's Privacy

The Service is not directed at individuals under 18 years of age. We do not knowingly collect personal information from children.

10. International Data

Your data is stored on servers located in the region selected during provisioning. If you access the Service from outside this region, your data may cross international borders during transmission. By using the Service, you consent to this transfer.

11. Changes to This Policy

We may update this privacy policy from time to time. Material changes will be communicated via email or in-app notification at least 14 days before taking effect. The "Last updated" date at the top of this page indicates when the policy was last revised.

12. Contact

For privacy-related inquiries, data access requests, or concerns, contact us at: privacy@xoo.link