1. Introduction
XPathLabs, Inc. ("XPathLabs", "we", "us", or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered marketing performance platform ("Service").
By using the Service, you consent to the data practices described in this policy. If you do not agree with these practices, please do not use the Service.
2. Information We Collect
2.1 Information You Provide
- Account Information: Name, email address, password, company name, and role
- Profile Information: Profile picture, job title, and contact preferences
- Payment Information: Billing address and payment method details (processed securely by our payment providers)
- Communications: Messages you send to us, feedback, and support requests
2.2 Information from Third-Party Integrations
When you connect your advertising accounts, we collect:
- Meta (Facebook/Instagram): Ad account data, campaign performance metrics, ad creatives, audience information, and billing data
- Google Ads: Campaign data, performance metrics, keyword data, and account settings
We only access the data necessary to provide our Service and in accordance with each platform's API policies.
2.3 Automatically Collected Information
- Usage Data: Pages visited, features used, actions taken, and time spent
- Device Information: Browser type, operating system, device type, and IP address
- Cookies: Session cookies for authentication and preferences
3. How We Use Your Information
We use the collected information to:
| Purpose | Legal Basis |
|---|---|
| Provide and maintain the Service | Contract performance |
| Process payments and subscriptions | Contract performance |
| Generate AI-powered recommendations | Contract performance |
| Send service-related communications | Legitimate interest |
| Improve and optimize the Service | Legitimate interest |
| Respond to support requests | Contract performance |
| Ensure security and prevent fraud | Legitimate interest |
| Comply with legal obligations | Legal compliance |
4. AI and Machine Learning
Our Service uses artificial intelligence to:
- Analyze campaign performance and identify trends
- Generate optimization recommendations
- Create ad copy and creative suggestions
- Predict performance outcomes
Your data may be used to improve our AI models, but we do not use your data to train models that would be shared with other customers. Each customer's data remains isolated.
5. Data Sharing and Disclosure
We may share your information with:
5.1 Service Providers
- Cloud Infrastructure: MongoDB Atlas, Render (hosting)
- AI Services: OpenAI, Anthropic, Google Cloud (for AI features)
- Authentication: Firebase (Google)
- Payment Processing: Stripe
- Email Services: SendGrid
5.2 Other Disclosures
We may also disclose information:
- To comply with legal obligations or valid legal processes
- To protect our rights, privacy, safety, or property
- In connection with a merger, acquisition, or sale of assets
- With your consent or at your direction
6. Data Retention
We retain your data for as long as your account is active or as needed to provide the Service. After account deletion:
- Account data is deleted within 30 days
- Backup data is purged within 90 days
- Some data may be retained for legal compliance
7. Data Security
We implement appropriate security measures including:
- Encryption of data in transit (TLS/SSL) and at rest
- Secure authentication with Firebase
- Regular security assessments
- Access controls and audit logging
- Secure OAuth token handling for third-party integrations
However, no method of transmission over the Internet is 100% secure. We cannot guarantee absolute security.
8. Your Rights and Choices
Depending on your location, you may have the right to:
- Access: Request a copy of your personal data
- Correction: Update inaccurate or incomplete data
- Deletion: Request deletion of your data
- Portability: Receive your data in a portable format
- Objection: Object to certain processing activities
- Restriction: Request limited processing of your data
To exercise these rights, contact us at contact@xpathlabs.ai.
9. Third-Party Links
Our Service may contain links to third-party websites (e.g., Meta Business Suite, Google Ads). We are not responsible for the privacy practices of these external sites. We encourage you to review their privacy policies.
10. Children's Privacy
The Service is not intended for users under 18 years of age. We do not knowingly collect personal information from children. If we become aware of such collection, we will delete the data promptly.
11. International Data Transfers
Your information may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place for such transfers, including standard contractual clauses where required.
12. California Privacy Rights (CCPA)
California residents have additional rights under the CCPA:
- Right to know what personal information is collected
- Right to know if personal information is sold or disclosed
- Right to opt-out of the sale of personal information
- Right to non-discrimination for exercising privacy rights
We do not sell personal information to third parties.
13. European Privacy Rights (GDPR)
If you are in the European Economic Area, you have rights under the GDPR including those listed in Section 8. Our legal bases for processing are contract performance, legitimate interests, and consent where applicable.
14. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by:
- Posting the new policy on this page
- Updating the "Last updated" date
- Sending an email notification for significant changes
15. Contact Us
If you have questions about this Privacy Policy or our data practices, please contact us:
XPathLabs, Inc.
Email: contact@xpathlabs.ai
Support: contact@xpathlabs.ai