Privacy Policy

When you use our services, you’re trusting us with your information. We understand this is a big responsibility and work hard to protect your information and put you in control.

Last Update: 2023-03-16T14:00:00+08:00

Introduction

Although the information might be collected to improve application and service quality, we take your privacy seriously. To better protect your privacy we provide this privacy policy notice describing the way your personal information is collected, processed, stored, and used.

How to Read This Privacy Policy

Privacy policies are often lengthy and difficult to read. We will mark some content to make it easier for you to read.

The content marked "green" indicates that it is for you.
Annotated with "yellow" indicates that you might need extra attention.
The content marked "red" indicates that you may need extra attention as it might be against you.

Revision Strategy

We reserve the right to modify, amend or update this policy at any time. The current version will always be posted on our Privacy Policy page.

If you click the "Refresh" button in your browser and the "Last Updated" date remains the same, you can assume that there is no change to this policy.

A change in the "Last Updated" date indicates that the policy has been updated or edited, and the updated or edited version replaces any previous version immediately after it is released.

Browsers, Internet Service Providers (ISPs), CDNs, and other organizations or individuals may cache our pages for bandwidth savings or other reasons, in which case you should refresh the cache yourself to check for the latest privacy policy. If the content of the page caused by the cache does not match the actual content, it should be based on what we provide.

Interpretation and Definitions

Interpretation

The words of which the initial letter is capitalized have meanings defined under the following conditions. The following definitions shall have the same meaning regardless of whether they appear in singular or plural.

Definitions

  • Account means a unique account created for You to access our Service or parts of our Service.
  • We (also referred to as either "Us" or "Our" in this policy) refers to the owner of the provided Services. For the purpose of the GDPR, "We" are the Data Controller.
  • Cookies are a small piece of data that the server sends to the user's browser and is stored at the user-side locally. It may contain an anonymous unique identifier that is carried and sent to the server the next time the browser re-initiates a request to the same server. Usually, it is used to tell the server whether different requests are from the same browser/user, such as keeping the user's login status.
  • Customers (also referred to as either "You" or "Your" in this policy) are those who utilize the services. Under GDPR (General Data Protection Regulation), You can be referred to as the "Data Subject" or as the "User" as you are the individual using the Service.
  • Data Controller for the purposes of the GDPR (General Data Protection Regulation), refers to "We" as the legal person which alone or jointly with others determines the purposes and means of the processing of the Personal Information.
  • End-Users are who interact with our Service through the websites of our Integrators.
  • Integrators are those who incorporate our Service into their website or service.
  • Personal Information (also referred to as "Personal Data" in this policy), is any information recorded in an electric form or other forms that can identify an individual itself or when it is associated with other information. If the subject of several acts can be identified as the same person by a single piece of information (with or without simple assistance), then the information will be considered as Personal Information, and vice versa.
  • Personal Identifiable Information is one type of Personal Information. If it is possible to directly identify, contact or accurately locate the corresponding single specific natural person through a single piece of information (without any assistance), then the information will be considered as Personal Identifiable Information, and vice versa. Personal Identifiable Information includes, without limitation, the individual's name, date of birth, identification card number or SSN, biometric identifier (e.g. photographs, fingerprints, palm prints, iris, etc.), address, telephone number, precise coordinates, etc.
Your IP address will be desensitized and obscured during the process of de-identified, anonymized, desensitized and aggregated, thus we treat it as personal information rather than personal identifiable information.
  • Non-personal Information is any information recorded but cannot be directly linked to any particular individual by itself. Usually, this kind of information will be aggregated into categories, thus it is almost impossible to use this information to restore any personally relevant data about a particular individual.
Notes that the use of Non-personal Information in combination with Personal Information will be treated as the use of Personal Information.
  • Service (also referred to as "The Services We Provided" in this policy) include, without limitation, websites, online services, interactive applications, and email.
  • Unique Identifier, (sometimes called a unique ID or UUID) is a string of characters that is incorporated into a device by the manufacturer or server and can be used to uniquely identify the device or user.
  • Usage Data (also referred to as "Analytics Information" in this policy) refers to data collected automatically, either generated by the use of the Service or from the Service infrastructure itself (for example, the duration of a page visit). Typically we treat the information as Personal Information.

Information We Collect

We collect information from individuals who interact with our Sites and Services, including Integrators, Customers, and End-Users.

We collect the following categories of information:

Personal Information

We collect from our current and prospective Integrators and Customers when they give it directly to us (for example, by filling in a form when signing up for an account, or applying to receive email notifications from us). We may also verify the identity of our Integrators and Customers by comparing personal information against third-party databases or official legal documents.

Analytics Information

Information collected automatically as a result of an Integrator’s or Customer's use of the Sites or the Services. Some Analytics Information is collected on our behalf by third parties we engage for that purpose, and some Analytics Information is collected through a variety of tracking technologies, including cookies:

  • The referrer, frequency, date and the time of your accessing, the clickstream data, the time you spent, the browser you use
  • Device brand, vendor, model, factor, screen size and operating systems
  • Network operator and location in province level
  • Application or website startup and loading speed, critical operation timing
  • Application or website critical errors and related error information that doesn't include any personal information
According to the definition of "Personal Information" and "Non-personal Information", this information **will not be considered as Personal Information**.
If we need certain files for investigating some specific application errors, we will contact you. Files won't be uploaded automatically unless you permitted.
Besides that, like most Internet services, we also automatically collect certain information, such as your IP address and HTTP request headers. Usually, we use this information to protect our services from being infringed. For example, we will use this information in our Web Application Firewall. Usually, this kind of information will be stored log files and will be deleted within the certain time limit.

Personal Identifiable Information

We do not knowingly, actively and proactively and collect any Personal Identifiable Information through the Service we provide. Never.

How we collect your information

The services we provided might use Cookies and other technologies such as pixel tags, web beacons, HTML5 fingerprint, TLS Handshake fingerprint, etc.

We use those technologies to help us better understand the behavior of our users, distinguish between natural persons and automated software, to tell us which parts of our website are being viewed.

Cookies or Browser Cookies

You can instruct Your browser to refuse all Cookies or to indicate when a Cookie is being sent. If you would prefer to block cookies or other tracking technologies, most browsers and mobile devices all you to change your settings so as to notify you when you receive cookies or other tracking technologies are being used, and to choose whether or not to accept/allow it. Most browsers also allow you to disable or delete existing cookies or to automatically reject future cookies. You may also use third-party tools, including browser plug-ins and extensions, to control your cookie preferences. Note, however, that if you disable all cookies, some portions of our Sites may not function properly. Unless you have adjusted Your browser setting so that it will refuse Cookies, our Service may use Cookies.

Certain features of our Service may use local stored objects (or Flash Cookies) to collect and store information about Your preferences or Your activity on our Service.

Web Beacons

Certain sections of our Service and our emails may contain small electronic files known as web beacons (also referred to as clear gifs, pixel tags, and single-pixel gifs) that permit us, for example, to count users who have visited those pages or opened an email and for other related website statistics.

Third-Party Analytics and Tracking Technologies

As discussed above, we (and our third-party vendors) collect Analytics Information in part through the use of cookies, web beacons, and other tracking technologies. In some instances, we work with third-party vendors to employ cookies for the purposes of collecting Analytics Information.

  • We use Microsoft Azure to optimize our web traffic and protect us from online attack. For information on how Microsoft Azure collects and processes data, please see Microsoft's Privacy Policy
  • We use Google Analytics to track and report website traffic, and monitor the use of our Service. This data might be shared with other Google services. Google may use the collected data to contextualize and personalize the ads of its own advertising network. For information on how Google uses the collected data, please see Google's Privacy Policy.
  • We use Umami to track and report website traffic, and monitor the use of our Service. For information on how Umami uses the collected data, please see Umami's Privacy Policy.
  • We use Atlassian Statuspage to report information to users about service outages and planned maintenance. When you subscribe to Xl Clan Status page, you need to provide personal information such as your name, email address or Slack group name to Atlassian Statuspage. For information on how Atlassian Statuspage collects and processes data, please refer to Atlassian’s Privacy Policy.

How We Transmit, Process, Store and Protect Information Collected

The online services we provided use encryption technologies such as Transport Layer Security (TLS) to protect collected information during transmission so that it won't be theft by the Man-in-the-Middle.
The information we collected will be aggregated into categories. Any information that is not required for those purpose described in the policy will be deleted, de-identified, anonymized, or desensitized during the aggregation process.
Analytical information will be stored in computer systems with limited, authorization-required access rights that are protected by mathematical algorithmic encryption and/or physical security measures that cannot be cracked in modern computer systems in a short period of time. Among the facilities. We store the data in encrypted form, as we use third-party storage services.

Unfortunately, no security measures are 100% foolproof, and as such no network or system (including ours) can be guaranteed to be 100% secure against destruction, loss, alteration, unauthorized disclosure of, or access to the information we collect and store. If you believe your information may not be secure for any reason, please contact us immediately at: secure@xlclan.com

We will store the information for the purposes described in this Privacy Policy. Usually, this information will be deleted after the purpose has been fulfilled or unless being required by law or regulation.

How We Use Information

We generally use this information for internal purposes such as auditing, data analysis, research, etc.; to protect our services from intrusion; to administer the website; to understand user behavior on the website; to understand and analyze trends; to gather information about the overall audience characteristics of our user base; to create, develop and improve the services we provide. Specifically:

  • To administer Integrator and Customer accounts and provide the Service. We use Personal Information in order to associate specific accounts with Integrators and Customers and provide them the Service, respond to requests or inquiries, provide support or technical assistance, and facilitate payments.
  • To improve to Site and the Service. We use Analytics Information to improve our existing and develop new services and offerings and to customize existing and future product offerings.
  • To derive market insights. We use Analytics Information to analyze the market and conduct business analyses related to the Site and our Services, and for other research purposes.
  • To secure our services and systems. We use Analytics Information to secure our systems by identifying potential threats and vulnerabilities and to otherwise protect the information we collect.
  • For any legitimate business purpose.
Before such information is used for this purpose, it will be deleted,de-identified, anonymized, desensitized, categorized, and aggregated in ways described above that it cannot be reasonably tied to any individual.

We do not use the information we collect for content and advertising.

How We Share Information

We share or disclose Personal Information in the following cases:

  • Upon direct request from an Integrator to identify the fraud risk of a specific network request or IP address, or otherwise where specific consent was given.
  • With vendors, we engage to provide essential aspects of the Sites and the Service, such as data storage, hosting, and Analytics, and only for those purposes.
  • As necessary to comply with applicable law, including written requests from government agencies or law enforcement, and otherwise to public and private entities in order to protect the rights, privacy, safety, or property of you, us, or others.
We would exhaust our legal remedies before complying with such a request, to minimize the information we have to share.

We have never implemented any "back doors" or other access methods in the services we provided. We do not knowingly, actively and proactively disclose any information to any government. Never.

  • With others for any legitimate business purpose, provided the information is deleted, de-identified, anonymized, desensitized, categorized, and aggregated in ways that it cannot be reasonably tied to any individual.
We do not share any information with third parties for any content, marketing purposes, or advertising purposes.

Warranty Disclaimers

To the fullest extent permitted by law, the Site and the Service (and any other associated services, information, data, features, and other content or materials) are provided on an “as-is” and “as-available” basis. To the fullest extent permitted by law, IMI excludes all warranties, including but not limited to the implied warranties of merchantability, fitness for a particular purpose, and non-infringement.

Data Retention

We store your Personal Data securely throughout the life of your account with us. We will only retain your Personal Data for as long as necessary to fulfill the purposes for which we collected it, including for the purposes of satisfying any legal, accounting, or reporting obligations or resolving disputes. The criteria we use to determine storage periods include the applicable contractual provisions that are in force, legal statutory limitation periods, applicable regulatory requirements, and industry standards.

While retention requirements vary by jurisdiction, information about our typical retention periods for different aspects of your Personal Information are described below.

Contact information for marketing purposes is retained on an ongoing basis until you un-subscribe. Thereafter we will add your details to our suppression list indefinitely. Email information collected from Accessibility Users will never be used for marketing purposes.

Records of communications with you (e.g. support tickets opened via email or Twitter) may be kept indefinitely.

Information collected via technical means such as Cookies, webpage counters and other analytics tools is discarded as soon as practical, but may be kept for a limited period of up to one year from expiry of the cookie, typically in a de-identified, anonymized, desensitized, categorized and aggregated form unless we detect potential abuse of our service.

If we detect potential abuse of our service, we will retain that information to aid us in preventing future abuse. We are unable to link this information to you, your household, an IP address, or any personal information based on the information stored.

Cookie Policy (How We Use Cookies and Other Technologies)

Type of Cookies We Use

Cookies can be "Persistent" or "Session" Cookies. Persistent Cookies remain on your personal computer or mobile device when You go offline, while Session Cookies are deleted as soon as You close your web browser.

We use both session and Persistent Cookies for the purposes set out below:

Necessary / Essential Cookies

  • Type: Session Cookies / Persistent Cookies
  • Administered by: Us

These Cookies are essential to provide You with services available through the Website and to enable You to use some of its features (E.g. Your Login Status). They help to authenticate users and prevent fraudulent use of your accounts. Without these Cookies, the services that You have asked for cannot be provided, and We only use these Cookies to provide You with those services.

Functionality Cookies

  • Type: Persistent Cookies
  • Administered by: Us

These Cookies allow us to remember choices You make when You use the Website, such as remembering your login details or language preference. The purpose of these Cookies is to provide You with a more personal experience and to avoid You having to re-enter your preferences every time You use the Website.

We considered the information collected through cookies and other technologies as Non-personal Information, as it is impossible for others to restore any personally relevant data about you through it.
We will not use cookie technology to share any of your personal information to any third-party, or to assist third parties in collecting any of your personal information.

Tracking and Performance Cookies

  • Type: Persistent Cookies
  • Administered by: Third-Parties Vendors

These Cookies are used to track information about traffic to the Website and how users use the Website. The information gathered via these Cookies may directly or indirectly identify you as an individual visitor. This is because the information collected is typically linked to a pseudonymous identifier associated with the device you use to access the Website. We may also use these Cookies to test new advertisements, pages, features, or new functionality of the Website to see how our users react to them.

We have taken every possible measure to avoid the usage of cookies for tracking and performance analysis purposes. We also have taken every possible measure to prevent third-party vendors from setting cookies for such purposes on your browser or device.

Your Choices Regarding Cookies

If You prefer to avoid the use of Cookies on the Website, first You must disable the use of Cookies in your browser and then delete the Cookies saved in your browser associated with this website. You may use this option for preventing the use of Cookies at any time.

If You do not accept Our Cookies, You may experience some inconvenience in your use of the Website and some features may not function properly.

If You'd like to delete Cookies or instruct your web browser to delete or refuse Cookies, please visit the help pages of your web browser.

Flash Cookies are not managed by the same browser settings as those used for Browser Cookies. For more information on how You can delete Flash Cookies, please read "Where can I change the settings for disabling, or deleting local shared objects?" available on Adobe's website.

Personal Information from Children

Our Sites and Service are not directed to children under the age of 13 and we do not knowingly collect Personal Information from children under the age of 13, although certain third-party vendors that we use, or certain websites that we link to may do so.

These third-party websites have their own terms of use and privacy policies and we encourage parents and legal guardians to monitor their children's Internet usage and instruct their children to never provide information on other websites without their permission.

If we learn that we have collected Personal Information of a child under the age of 13, we will take reasonable steps to delete such information from our files as soon as is practicable, unless we have a legal obligation to retain it. Please contact us through secure@xlclan.com if you believe we have any information from or about a child under the age of 16.
We do not share the personal information of Consumers We actually know are less than 16 years of age, even if We already receive affirmative authorization (the "right to opt-in") from either the Consumer who is between 13 and 16 years of age, or the parent or guardian of a Consumer less than 13 years of age. And consumers may opt-out of future sales at any time. To exercise the right to opt-out, You (or Your authorized representative) may submit a request to Us by contacting Us.

Cross-Border Data Transfer

Please be aware that your personal data will be transferred to, processed, and stored in the United States. Data protection laws in the U.S. may be different from those in your country of residence. You consent to the transfer of your information, including personal information, to the U.S. as set forth in this Privacy Policy by visiting our Sites or using our Service.

Use Your Personal Information for New Purposes

We may use your personal information for reasons not described in this Privacy Policy, where we are permitted by law to do so and where the reason is compatible with the purpose for which we collected it. If we need to use your personal information for an unrelated purpose, we may notify you and explain the applicable legal basis for that use. If we have relied upon your consent for a particular use of your personal information, we may seek your consent for any unrelated purpose and allow you to terminate your use of the service at that time if you object.

Do Not Sell My Personal Information

You have the right to opt-out of the sale of Your personal information. However, we do not, and will never sell your personal information. So You don't have to send request to Us.

Notice to California Residents

This section provides additional details about the personal information we collect about California consumers and the rights afforded to them under the California Consumer Privacy Act or "CCPA".

For the categories of personal information we have collected from you in the preceding 12 months, please see the sections above. We collect this information for the business and commercial purposes described above. In the preceding 12 months, we have shared the following categories of information with third parties for a business purpose:

Category of Personal Information Examples of Personal Information Shared Categories of Third-Party Recipients
Identifiers Unique personal identifier, online identifier, Internet Protocol address, account name, or other similar identifiers. Service Providers
Commercial information Records of products or services purchased, obtained, or considered Service Providers
Internet or other electronic network activity Information on a consumer's interaction with an internet website, application, or advertisement Service Providers

We do not "sell" (as this term is defined in the CCPA) the personal information we collect. Please refer to the section above for more information regarding the types of third-party cookies, if any, that we use.

Subject to certain limitations, the CCPA provides California consumers the right to request to know more details about the categories or specific pieces of personal information we collect (including how we use and disclose this information), to delete their personal information, to opt out of any "sales" that may be occurring, as well as the right to not be discriminated against for exercising these rights.

California consumers may make a request pursuant to their rights under the CCPA by contacting us at secure@xlclan.com. Please note that you must verify your identity and request before further action is taken, such as by providing your government identification. Consistent with California law, you may designate an authorized agent to make a request on your behalf. In order to designate an authorized agent to make a request on your behalf, you must provide a valid power of attorney, the requester’s valid government-issued identification, and the authorized agent’s valid government-issued identification.

Notice to EU Data Subjects

We may process Personal Data (Personal Information) under the following conditions:

  • Consent: You have given Your consent for processing Personal Data for one or more specific purposes.
  • Performance of a contract: Provision of Personal Data is necessary for the performance of an agreement with You and/or for any pre-contractual obligations thereof.
  • Legal obligations: Processing Personal Data is necessary for compliance with a legal obligation to which we are subject.
  • Vital interests: Processing Personal Data is necessary in order to protect Your vital interests or of another natural person.
  • Public interests: Processing Personal Data is related to a task that is carried out in the public interest or in the exercise of official authority vested in us.
  • Legitimate interests: Processing Personal Data is necessary for the purposes of the legitimate interests pursued by us.
updatedupdated2024-10-112024-10-11