Privacy Policy

Sold by XenoStep AI LLC. Privacy contact: privacy@xenostep.ai.

1. Data Controller

1.1 Controller Identity

1.1.1 XenoStep AI LLC is the US entity responsible for personal information processed for customer accounts, purchases, billing, refunds, subscriptions, and customer support connected to purchases it sells.

1.1.2 Supplier-specific product use may involve separate privacy terms from the Supplier when the Supplier independently controls product data.

2. Data We Collect

2.1 Account Information

2.1.1 We collect account information such as name, email address, organization name, billing address, tax information, support messages, and login identifiers.

2.2 Payment Information

2.2.1 Stripe collects and processes payment method details for XenoStep AI LLC.

2.2.2 XenoStep AI LLC receives payment records such as payment status, last four digits, card brand, billing country, tax calculation details, invoice records, refund records, dispute records, and Stripe customer identifiers.

2.3 Usage Data

2.3.1 We collect usage data such as purchased products, subscription plan, access status, order history, renewal status, cancellation status, support activity, and customer portal activity.

2.4 Device Information

2.4.1 We collect device and technical information such as IP address, browser type, operating system, referring pages, timestamps, session identifiers, security logs, and cookie identifiers.

3. How We Use Data

3.1 Service Delivery

3.1.1 We use personal information to create accounts, deliver purchased access, manage subscriptions, provide support, send service messages, and maintain customer records.

3.2 Billing

3.2.1 We use personal information to process payments, calculate taxes, issue invoices, handle refunds, manage chargebacks, update payment methods, and send billing notices.

3.3 Fraud Prevention and Security

3.3.1 We use personal information to detect fraud, enforce purchase limits, investigate disputes, protect accounts, prevent abuse, and secure our systems.

3.4 Legal Compliance

3.4.1 We use personal information to meet tax, accounting, sanctions, consumer protection, payment network, dispute, and legal recordkeeping obligations.

4. Data Processors and Sub-Processors

4.1 Stripe

4.1.1 Stripe provides payment processing, subscription billing, invoices, tax calculation, fraud controls, customer portal tools, and dispute workflows.

4.1.2 Stripe information is available at https://stripe.com/privacy.

4.2 Supabase

4.2.1 Supabase provides database, authentication, and related backend infrastructure.

4.2.2 Supabase information is available at https://supabase.com/privacy.

4.3 Resend

4.3.1 Resend provides transactional email services for account, billing, renewal, refund, and support messages.

4.3.2 Resend information is available at https://resend.com/legal/privacy-policy.

4.4 Vercel

4.4.1 Vercel provides hosting, deployment, and web infrastructure services.

4.4.2 Vercel information is available at https://vercel.com/legal/privacy-policy.

5. International Transfers

5.1 Processing in the United States

5.1.1 Personal information may be processed in the United States.

5.1.2 Customers outside the United States understand that their information may be transferred to, stored in, and processed in the United States and other locations where our processors operate.

6. Data Retention

6.1 Account Data

6.1.1 We keep account data while the account remains active or as needed to provide the Product or Service.

6.1.2 After account deletion, we delete or de-identify account data unless retention is needed for billing, security, dispute, legal, tax, or accounting reasons.

6.2 Financial Records

6.2.1 We keep invoices, payments, refunds, tax records, chargeback records, and related financial records for seven years unless a longer period is required by law.

7. Your Rights

7.1 Access

7.1.1 Customers may request a copy of personal information associated with their account.

7.2 Correction

7.2.1 Customers may request correction of inaccurate account or billing information.

7.3 Deletion

7.3.1 Customers may request deletion of personal information, subject to retention needed for billing, tax, accounting, security, dispute, and legal reasons.

7.4 Portability

7.4.1 Customers may request a portable copy of account or billing information when available and technically feasible.

7.5 How to Make a Request

7.5.1 Requests may be sent to privacy@xenostep.ai.

7.5.2 We may need to verify the requester's identity and account relationship before completing a request.

8. California Residents

8.1 Categories Collected

8.1.1 During the last 12 months, we may have collected identifiers, customer records, commercial information, internet or network activity, geolocation derived from IP address, and inferences related to fraud prevention or support activity.

8.2 Sources

8.2.1 We collect personal information from Customers, payment processors, customer devices, service providers, and product or support interactions.

8.3 Business Purposes

8.3.1 We use these categories for service delivery, billing, tax calculation, fraud prevention, customer support, legal compliance, security, analytics, and dispute handling.

8.4 No Sale of Personal Information

8.4.1 XenoStep AI LLC does not sell personal information.

8.4.2 XenoStep AI LLC does not share personal information for cross-context behavioral advertising in the customer purchase flow described by this draft unless a later deployed version states otherwise and provides required choices.

8.5 California Requests

8.5.1 California residents may contact privacy@xenostep.ai to request access, correction, deletion, or information about personal information practices.

9. Children

9.1 Age Limit

9.1.1 The Product or Service is not offered to anyone under 18.

9.1.2 XenoStep AI LLC does not knowingly collect personal information from anyone under 18.

10. Contact

10.1 Privacy Contact

10.1.1 Privacy questions and requests should be sent to privacy@xenostep.ai.

10.1.2 Customers should include the account email and enough detail for XenoStep AI LLC to review the request.