Xapix Privacy Statement

Effective Date May 25, 2018 (To view the prior version of our privacy statement, go here.)

Xapix is a cloud data processing platform that provides software developers with building blocks to enable API and other data integrations into their applications.

We understand that when you use Xapix’s platform you are placing your trust in us to handle your data appropriately, including the personal information of you and your end users.

We want to make sure that you, the developer, have information about how we process personal information in connection with your use of our products and services. We want to enable you to make informed decisions about your personal information when building your software applications on Xapix’s platform. We also want to provide you with relevant information to help your end users make informed decisions about their personal information when they use your software applications built on Xapix’s platform.

We’re realists here. And, as much as our Privacy Team wishes it were otherwise, we know that most developers don’t spend their time reading privacy notices...

But they do read API docs! So, we’ve added information to our API docs about personal information processing to give you information to help you build in a smarter, more privacy-aware way.

So, let’s say you’ve read everything here and you’ve checked out our product-specific API docs, but you still have more questions or concerns about how we’re processing personal information. You can contact our Privacy Team in the Office of the Data Protection Officer by either emailing us at privacy@xapix.io or, by writing to us at:

WORLDWIDE HEADQUARTERS
Xapix Worldwide Headquarters in San Francisco, California
Xapix, Inc., 44 Tehama Street, San Francisco, CA 94105, USA

Mail: Xapix Inc., 2443 Fillmore St #380-7300, San Francisco, CA 94115, USA
(our worldwide headquarters)

EUROPEAN HEADQUARTERS
Xapix Software GmbH, Lindenstrasse 73, 10969 Berlin, Germany

TABLE OF CONTENTS

  • Let's Get Oriented

  • How Xapix Processes Your Personal Information

  • How Xapix Processes Your End Users’ Personal Information

  • When and Why We Share Your Personal Information Or Your End Users’ Personal Information

  • Transfers of Personal Information Out of the EEA and Switzerland

  • Automated Decision Making

  • Handling Disputes Relating To Our Data Protection Practices

  • How We Secure Personal Information

  • Other Information You May Find Useful



Let's Get Oriented
Xapix processes two broad categories of personal information when you use our products and services:

Your personal information as a developer customer (or potential developer customer) of Xapix - information that we refer to as Customer Account Data, and the personal information of your end users’ who use or interact with your application that you’ve built on Xapix’s platform - this category contains both your Customer Usage Data (e.g., communications metadata) and your Customer Content (e.g., the contents of communications) - those are mainly the users that you have granted access to your API and data as part of our publishing service.


Xapix processes these categories of personal information differently because the direct relationship we have with you, our customer, is different than the indirect relationship we have with your end users.

How Xapix Processes Your Personal Information
We, Xapix, collect and process your personal information:

When you visit a Xapix public-facing website like xapix.io, sign up for a Xapix event, or make a request to receive information about Xapix or our products, like a Xapix whitepaper or a newsletter;
When you contact Xapix’s Sales Team or Customer Support Team; and
When you sign up for a Xapix account and use our products and services.
We call this personal information Customer Account Data.

Data protection and privacy laws in certain jurisdictions, like the European Economic Area (EEA), differentiate between “controllers” and “processors” of personal information. A controller decides why and how to process personal information.
A processor processes personal information on behalf of a controller based on the controller’s instructions. When Xapix processes your Customer Account Data, the Xapix entity with whom you are contracting is acting as a controller.

Broadly speaking, we use Customer Account Data to further our legitimate interests to:

understand who our customers and potential customers are and their interests in Xapix’s product and services

manage our relationship with you and other customers,
carry out core business operations such as accounting and filing taxes, and
help detect, prevent, or investigate security incidents, fraud and other abuse and/or misuse of our products and services.


What Customer Account Data Xapix Processes When You Visit Our Website, Sign Up for a Xapix Event, or Make a Request for Information About Xapix and Why

When you visit our website, sign up for a Xapix event or request more information about Xapix, we collect information automatically using tracking technologies, like cookies, and through web forms where you type in your information. We collect this information to provide you with what you request through the web form, to learn more about who is interested in our products and services, and to improve navigation experience on our pages.

In further detail
Information You Share Directly: In some places on Xapix’s public-facing websites, you can fill out web forms to ask to be contacted by our Sales Team, sign up for a newsletter, register for a Xapix event, or take a survey. The specific personal information requested on these forms will vary based on the purpose of the form. We will ask you for information necessary for us to provide you with what you request through the form (for example, we will ask you for your email address if you want to sign up for an email newsletter and for your phone number if you want a member of our Sales Team to call you). We may also ask you for additional information to help us understand you better as a customer like your Xapix use case, your company name, or your role at your company. If you sign up to receive ongoing marketing communications from Xapix, like a newsletter, you can always choose to opt-out of further communications through a preferences page which will be linked from any marketing email you receive from Xapix. Or, you can contact our Customer Support Team to communicate your choice to opt-out.

Information We Collect Automatically: When you visit Xapix websites, including our web forms, we and our service providers acting on our behalf automatically collect certain information using tracking technologies like cookies, web beacons, and similar technologies. We use this information to understand how visitors to our websites are using them and which pages and features of the websites are most popular. This helps us understand how we can improve our websites and track performance of our advertisements. In addition, we using tracking technologies to help improve the navigation experience on Xapix websites. For more details on our use of cookies and tracking technologies, please see our
Cookie Notice.

What Customer Account Data Xapix Processes When You Communicate with Our Sales or Customer Support Teams and Why
You may share personal information, like your contact information, with a member of our Sales or Customer Support Team when you communicate with them. We keep a record of this interaction.

In further detail
If you contact our Sales or Customer Support Teams, those teams keep a record of that communication, including your contact details and other information you share during the course of the communication. We store this information to help us keep track of the inquiries we receive from you and from customers generally so we can improve our products and services and provide training to team members. This information also helps our teams manage our ongoing relationships with our customers. Because we store a record of these communications, please be thoughtful about what information you share with our Sales and Customer Support Teams. While we will take appropriate measures to protect any sensitive information you share with us, it is best to avoid sharing any personal or other sensitive information in these communications not necessary for these teams to assist you.


What Customer Account Data Xapix Processes When You Sign Up for and Log Into a Xapix Account and Why
When you sign up for a Xapix account, we ask for certain information like your contact details and billing information so we can communicate with you and so you can pay for our products and services. We also collect some information automatically, like your IP address, when you log in to your account or when your software application built on Xapix makes requests to our APIs. We use this to understand who is using our services and how, and to detect, prevent and investigate fraud, abuse, or security incidents.

In further detail
Information You Share Directly: When you sign up for a Xapix account, you’ll be asked to give us your name, email address, and optionally, your company name, and to create a password - directly or through Github. You can also name your account (or accounts, if you have more than one). We collect this information so we know who you are, we can communicate with you about your account(s), and we can recognize you when you communicate with us through the account portal or otherwise.

We also use your email address to send you information about other Xapix products, services or events in which we think you may be interested. You can opt out of further marketing communications through your marketing preferences page linked from any marketing email you receive from Xapix. Or, you can contact our Customer Support Team to communicate your choice to opt-out.

When you upgrade your trial account, we’ll ask you to provide our payment processor with your payment method information like a credit card or your Paypal account, and/or your billing address. Our payment processor, acting on our behalf, gathers this so we can bill you for your use of our products and services. Our payment processor will share your billing address with Xapix. Your billing address may also be used by Xapix for tax calculation and audit purposes.

For some products, we may also have to obtain a physical address from you, including proof of address or other identification information. We may also use this physical service address for tax purposes.

Similarly, for some of our products, you may have to complete an application form providing details about your company and your intended use of the product, like when you are interested in getting a short code. We’ll use this information for the purpose for which it was gathered from you. We may also use it in connection with improving our own internal processes and services or training our team members.

Information We Generate or Collect Automatically.

When you sign up for an account with Xapix, we’ll automatically assign you and your account(s) unique IDs called SIDs and we’ll generate an API token for each of your accounts in the process. These are used like a username and password to make API requests. Instead of using these API tokens, you can provision API Keys, and use your API key for authentication when making requests to our APIs. We keep a record of these credentials so we know it is you making the requests when your application makes requests to our API using these credentials.

In addition, when you use our account portal, we collect your IP address and other data through tracking technologies like cookies, web beacons, and similar technologies. We use this information to understand how customers are using our platform, who those customers are (if they are a company and the IP address is associated with that company), what country they are logging in from (for analytics and export control purposes), and to help improve the navigation experience. For more details on our use of cookies and tracking technologies, please see our Cookie Notice.

All information we collect when you sign up for a Xapix account and interact with the Xapix account portal or our products or services may be used to detect, prevent, or investigate security incidents, fraud, or abuse and misuse of our platform and services.

Other Customer Account Data We Collect and Why
We may collect information about you, as our customer, from publicly-available sources so we can understand our customer base better.

In further detail
We may use publicly-available information about you through services like LinkedIn or Hubspot, or we may obtain information about your company from third party providers to help us understand our customer base better, such as your industry, the size of your company, and your company’s website URL.

How Long We Store Your Customer Account Data
Xapix will store your Customer Account Data as long as needed to provide you with our services and to operate our business. If you ask Xapix to delete specific personal information from your Customer Account Data (see ‘How To Make Choices About Your Customer Account Data’ below), we will honor this request unless deleting that information prevents us from carrying out necessary business functions, like billing for our services, calculating taxes, or conducting required audits.

In further detail
Here is an overview of how long we hold on to Customer Account Data in a form that can be used to identify you, unless there is a specific need or obligation to retain your information longer (like in the case of an open investigation, audit or other legal matter):

Customer Account Data stored in our customer relationship management system(s) is generally stored up to 7 years following closure of your account. Invoice records, including their digital equivalent, may be retained in identifying form by Xapix for longer periods for accounting, tax, and audit purposes depending on and in accordance with applicable tax law.
Your communications with Xapix’s Customer Support Teams may be retained for up to 3 years after your account is closed.

Apart from the above, within 60 days following closure of your account, we will either delete other Customer Account Data or transform it such that it can no longer be used to identify you.

How To Make Choices About Your Customer Account Data
You can make various choices about your Customer Account Data through the account portal, such as accessing it, correcting it, deleting it, or updating your choices about how it is used, when you log into your Xapix account or through the marketing preferences center. Any other requests about your data you cannot make through these self-service tools, you can request by emailing privacy@xapix.io or contacting Customer Support.

In further detail
Closing Your Account and Deletion. To request closure or deletion of your Xapix account, you can email us at privacy@xapix.io or contact Customer Support. You should know that closure and/or deletion of your Xapix account will result in you permanently losing access to your account and data in the account. Please note that certain information associated with your account may nonetheless remain on Xapix’s servers in an aggregated form that does not identify you or your end users. Similarly, data, including personal information, associated with your account we are required to maintain for legal purposes or for necessary business operations (see “How Long We Store Your Customer Account Data” section above) will be retained after account closure until no longer needed.

Promotional Communications. You can choose not to receive promotional emails from Xapix by following the unsubscribe/opt-out instructions in those emails. You can also opt-out by contacting Customer Support. Please note that even if you opt out of promotional communications, we may still send you non-promotional messages relating to things like updates to our terms of service or privacy notices, security alerts, and other notices relating to your access to or use of our products and services.

Cookies and Tracking Technologies. How you make choices about cookies and other tracking technologies depends on the type of cookie or tracking technology being used. For details on how to manage your preferences for cookies and tracking technologies, please check out our Cookie Notice.

Other Choices About Your Customer Account Data. In addition, you can express other choices about your Customer Account Data (i.e., accessing it, deleting it, restricting its use, porting it, or withdrawing consent for its use) by contacting privacy@xapix.io.

If you are an end user of an application built on Xapix’s platform and not a direct customer of Xapix, you should direct requests relating to your personal information to the relevant application provider in accordance with the application provider’s own privacy policy.

How Xapix Processes Your End Users’ Personal Information
Your end users’ personal information typically shows up on Xapix’s platform in a few different ways:

Communications-related personal information about your end users,like your end users’ email addresses show up in our systems when you use or intend to use this information to contact your end user through use of our products and services. We call this information Customer Usage Data.


As noted above, data protection and privacy law in certain jurisdictions, like the EEA, differentiate between “controllers” and “processors” of personal information. When Xapix processes Customer Usage Data, we act as a processor in many respects, but we may act as a controller in others. For example, we may need to use certain Customer Usage Data for the legitimate interests of billing, reconciling invoices with API providers, and in the context of troubleshooting and detecting problems with the network.

What Customer Usage Data and Customer Content Xapix Processes and Why
We use Customer Usage Data and Customer Content to provide services to you and to carry out necessary functions of our business as a communications service provider. We do not sell your end users’ personal information and we do not share your end users’ information with third parties for those third parties’ own business interests.

When and Why We Share Your Personal Information Or Your End Users’ Personal Information
We do not sell or allow your Customer Account Data to be used by third parties for their own marketing purposes, unless you ask us to do this or give us your consent to do this. Further, we do not sell your end users’ personal information (as contained in Customer Usage Data). And, we do not share it with third parties for their own marketing or other purposes, unless you instruct us to do so.

Compliance with Legal Obligations. We may disclose your or your end users’ personal information to a third party if (i) we reasonably believe that disclosure is compelled by applicable law, regulation, legal process or a government request (including to meet national security or law enforcement requirements), (ii) to enforce our agreements and policies, (iii) to protect the security or integrity of our services and products, (iv) to protect ourselves, our other customers, or the public from harm or illegal activities, or (v) to respond to an emergency which we believe in good faith requires us to disclose data to assist in preventing a death or serious bodily injury. If Xapix is required by law to disclose any personal information of you or your end user, we will notify you of the disclosure requirement, unless prohibited by law. Further, we object to requests we do not believe were issued properly.
Affiliates. We may share your personal information or your end users’ personal information with an affiliate company, like a subsidiary of Xapix Inc. We and our subsidiaries will only use the information as described in this notice.
Business transfers. If we go through a corporate sale, merger, reorganization, dissolution or similar event, data we gather from you may be part of the assets transferred or shared in connection with the due diligence for any such transaction. Any acquirer or successor of Xapix may continue to process data consistent with this notice.
Aggregated or de-identified data. We might also share data with third parties if the data has been de-identified or aggregated in a way so it cannot be used to identify you or your end users.


Transfers of Personal Information Out of the EEA and Switzerland
When you use our account portal, or our other products and services, personal information of you and your end users processed by Xapix may be transferred to the United States, where some of our processing facilities are located, and possibly to other countries where we or our service providers operate.


Xapix employs appropriate safeguards for cross-border transfers of personal data, as required by applicable local law, including the EU-U.S. Privacy Shield and Swiss - U.S. Privacy Shield Frameworks.

Handling Disputes Relating To Our Data Protection Practices
We hope we can resolve any disputes relating to our data protection practices between us. You can raise your concern or dispute by emailing our Privacy Team at privacy@xapix.io or by writing to us at:

Xapix Inc., 2443 Fillmore St #380-7300, San Francisco, CA 94115, USA

Or


Xapix Software GmbH, Lindenstrasse 73, 10969 Berlin, Germany

For individuals in the EEA, you have additional rights to make a complaint to a competent data protection authority or commence proceedings in a court of competent jurisdiction in accordance with applicable data protection laws.

How We Secure Personal Information
We use appropriate security measures to protect the security of your personal information both online and offline. These measures vary based on the sensitivity of the personal information we collect, process and store and the current state of technology. We also take measures to ensure service providers that process personal data on our behalf also have appropriate security controls in place.

In further detail
Please note that no service is completely secure. While we strive to protect your data, we cannot guarantee that unauthorized access, hacking, data loss or a data breach will never occur.

If you provision an API Key, you should keep your secret, well… secret. You should store your API Key Account SID and secret in a secure location. Information on provisioning and revoking API Keys can be found here.


Learn More
Information from Children
We do not knowingly permit children (under the age of 13 in the US or 16, if you live in the EEA) to sign up for a Xapix account. If we discover someone who is underage has signed up for a Xapix account, we will take reasonable steps to promptly remove that person’s personal information from our records. If you believe a person who is underage has signed up for a Xapix account, please contact us at privacy@xapix.io.

Do-Not-Track Signals
Xapix does not currently respond to web browser’s Do-Not-Track signals.


Changes to Our Privacy Statement
We may change our Privacy Statement from time to time. If we make changes we’ll revise the “Effective” date at the top of this statement, and we may provide additional notice such as on the Xapix website, account portal sign-in page, or via the email address we have on file for you. We will comply with applicable law with respect to any changes we make to this notice and seek your consent to any material changes if this is required by applicable law.

Legal Basis for Processing Personal Information (EEA only)
If you are from the EEA, our legal basis for collecting and using the personal information described above will depend on the personal information concerned and the specific context in which we collect it.

However, we will normally collect personal information from you only where we need the personal information to perform a contract with you, or where the processing is in our legitimate interests and not overridden by your data protection interests or fundamental rights and freedoms, or where we have your consent to do so. In some cases, we may also have a legal obligation to collect personal information from you or may otherwise need the personal information to protect your vital interests or those of another person such as in the case where we request personal information from you in the context of a government audit or in response to a request from law enforcement.

If you have questions about or need further information concerning the legal basis on which we collect and use your personal information, please contact us using the contact information provided in the introduction section of this privacy statement.