Legal

Privacy Policy Summary

This Privacy Policy describes how xnoll collects, uses, stores, and protects personal and business data across our website, SaaS applications, APIs, and support channels.

Effective date: February 23, 2026

Quick overview

  • You own your business data; xnoll processes it to provide service features.
  • We do not sell your personal data to third-party advertisers.
  • We collect only the data needed for product operation, billing, support, and security.
  • You can request access, correction, export, or deletion of eligible data.

1. Scope of this policy

This policy applies to xnoll-owned products and services, including account creation, organization management, invoicing workflows, billing operations, support interactions, and related marketing pages. It does not cover external third-party websites linked from our platform.

2. Data we collect

  • Identity data: name, email, phone, role, profile details.
  • Organization data: workspace names, teams, member permissions.
  • Transactional data: invoices, customers, products, tax metadata.
  • Billing data: plan, payment status, invoice history, tax records.
  • Technical data: IP, browser type, device logs, session metadata.

3. Why we process data

  • To authenticate users and secure access to accounts.
  • To deliver requested product features and subscription services.
  • To process payments and manage renewals, upgrades, and invoices.
  • To detect abuse, fraud, unauthorized access, and service misuse.
  • To provide support, incident response, and product improvements.

4. Legal basis for processing

  • Performance of contract when we deliver subscribed services.
  • Legitimate interests such as reliability, analytics, and abuse prevention.
  • Compliance with legal obligations such as accounting and tax rules.
  • Consent, where required, for specific optional communications.

5. Cookies and similar technologies

xnoll uses cookies, local storage, and similar technologies for session continuity, authentication state, language preferences, performance monitoring, and user experience improvements.

  • Essential cookies: required for login/session security and core functionality.
  • Preference cookies: remember selected language, layout, and UI preferences.
  • Analytics cookies: help measure usage trends and improve product performance.

6. Data sharing and subprocessors

We share data only with trusted service providers needed to operate xnoll, such as hosting, communication, analytics, identity, and payment infrastructure providers.

  • Service providers process data under contractual confidentiality obligations.
  • Access is limited to the minimum required for the stated purpose.
  • We may disclose data if required by valid legal process or regulatory requests.
  • We do not sell or rent personal data to third-party marketing networks.

7. Data retention

We retain data only as long as needed for service delivery, legal compliance, dispute resolution, and enforcement of agreements.

  • Active account data is retained during your subscription lifecycle.
  • Financial and tax records are retained per statutory requirements.
  • Operational logs are retained based on security and troubleshooting windows.

8. Security controls

  • Role-based access controls and organizational permission boundaries.
  • Monitoring, auditing, and incident detection processes.
  • Encrypted transport channels and hardened infrastructure standards.
  • Regular patching and defensive security updates.

9. International data transfers

Where data transfer across regions is required to provide service, xnoll applies contractual and organizational safeguards designed to maintain a level of protection consistent with applicable data protection laws.

10. Your privacy rights

Depending on your jurisdiction, you may have rights to:

  • Access personal data we hold about you.
  • Correct inaccurate or incomplete information.
  • Request deletion of data subject to legal/contractual exceptions.
  • Request data portability for eligible datasets.
  • Object to or restrict certain processing activities.

11. Children’s privacy

xnoll services are designed for business users and are not intended for children. We do not knowingly collect personal data from children in violation of applicable law.

12. Policy updates

We may update this policy when legal, product, or operational requirements change. The revised version is effective when published on this page.

13. Contact for privacy requests

For access requests, data correction, deletion requests, or privacy clarifications, contact:

Email: support@xnoll.com

Subject line: Privacy Request - xnoll Account