Start Free Login Book Demo

Legal

Privacy Policy

Effective date: 1 May 2026 · Last updated: 14 May 2026

1. Who we are

Xynage ("Xynage", "we", "us", "our") operates the Xynage agentic data platform available at xynage.io and app.xynage.io. This policy explains how we collect, use, store, and share personal data when you visit our website or use our services.

Data controller: Xynage · Contact: privacy@xynage.io

2. What we collect

Information you give us

  • Contact and account data: name, work email address, company name, job title — collected when you book a demo, sign up for a trial, or contact us.
  • Communications: content of emails, chat messages, or form submissions you send us.
  • Payment data: Enterprise customers provide billing details; card data is processed directly by our payment processor (Stripe) and never stored on Xynage servers.

Information collected automatically

  • Usage data: pages visited, features used, timestamps, session duration — collected via server logs and our analytics tool (Plausible Analytics, a privacy-respecting, GDPR-compliant tool with no cross-site tracking).
  • Technical data: IP address (anonymised), browser type, operating system, referring URL.
  • Cookies: see Section 7 below.

Data you upload to the platform

When you use the Xynage platform, you may upload or connect source data (ERP extracts, CSV files, API connections). This data is processed solely to deliver the platform service and is not used for any other purpose. Enterprise customers may negotiate specific data processing agreements (DPA) — contact us at privacy@xynage.io.

3. How we use your data

  • Service delivery: to create and manage your account, run the pipeline, and provide support.
  • Communication: to respond to enquiries, send service notifications, and (with your consent) share product updates.
  • Security and fraud prevention: to monitor for abuse, protect our infrastructure, and comply with legal obligations.
  • Product improvement: aggregated, anonymised usage patterns help us improve the platform. No individual profiling.

Legal basis (GDPR Article 6): contract performance (b), legitimate interests (f), and consent (a) where applicable.

4. Sharing your data

We do not sell your data. We share data only with:

  • Service processors: cloud infrastructure (GCP/AWS/Azure depending on deployment region), email delivery (Postmark), payment processing (Stripe), analytics (Plausible). Each has a signed DPA with us.
  • Legal requirement: if required by law, court order, or to protect the rights and safety of Xynage or others.
  • Business transfers: in the event of a merger or acquisition, personal data may transfer to the new entity under the same privacy terms.

5. Data retention

  • Account data: retained for the duration of your account plus 90 days after deletion.
  • Trial data: deleted 30 days after trial expiry unless converted to a paid account.
  • Uploaded source data: deleted within 30 days of project deletion or account closure.
  • Communications and support records: retained for 3 years for legal compliance.

6. Your rights (GDPR)

If you are in the European Economic Area or United Kingdom, you have the right to:

  • Access: request a copy of personal data we hold about you.
  • Correction: request correction of inaccurate data.
  • Erasure: request deletion of your data ("right to be forgotten").
  • Portability: receive your data in a structured, machine-readable format.
  • Restriction: request that we restrict processing in certain circumstances.
  • Objection: object to processing based on legitimate interests.
  • Withdraw consent: where processing is based on consent, you may withdraw it at any time.

To exercise any right, email privacy@xynage.io. We will respond within 30 days. You also have the right to lodge a complaint with your local data protection authority.

7. Cookies

Our website uses minimal cookies:

  • Strictly necessary: session cookies required for authentication and security.
  • Analytics: Plausible Analytics uses no cookies and is exempt from consent requirements under GDPR (no cross-site tracking, no fingerprinting, no personal data).

We do not use advertising or tracking cookies. You can delete all cookies via your browser settings at any time.

8. International transfers

Xynage operates on cloud infrastructure that may process data outside the EEA. Where transfers occur, we rely on the EU Standard Contractual Clauses (SCCs) and ensure recipient processors provide equivalent protection.

9. Security

We implement technical and organisational measures including: encryption in transit (TLS 1.2+), encryption at rest, access controls, regular security reviews, and incident response procedures. No transmission over the internet is 100% secure — we cannot guarantee absolute security, but we take it seriously.

10. Children

Xynage is a B2B platform for enterprise use. We do not knowingly collect data from persons under 18. If you believe a minor has provided us data, contact us and we will delete it promptly.

11. Changes to this policy

We may update this policy as our practices evolve. Material changes will be communicated by email to active account holders at least 14 days in advance. The "Last updated" date at the top of this page reflects the current version.

12. Contact

For privacy questions, data requests, or DPA enquiries:

Email: privacy@xynage.io
Subject line: "Privacy Request — [your name]"

We aim to respond within 5 business days.