This Privacy Policy explains how Xvariate (“Xvariate”, “we”, “us”, or “our”) collects, uses, shares, and protects your information when you use our websites, products, and services (collectively, the “Service”). By using the Service, you agree to this Policy. If you do not agree, do not use the Service.

Xvariate is the data controller for your personal data when you use our Service. To contact us about privacy, email contact@xvariate.com.

This Policy applies to personal information we process about visitors, customers, account users, and individuals interacting with our websites and services. It does not apply to third-party websites or services that we do not control.

Information you provide to us

Identity and contact details (name, email, phone), account credentials, profile details, communications you send to us, support requests, and preferences. If you choose to provide it, we may also collect business information (company, role) needed to deliver the Service.

Payment and billing data

We use payment processors to handle payments. Our primary processor is Razorpay, and we may also use Stripe. We do not store full payment card numbers on our servers. We may receive limited information from these processors, such as transaction IDs, last four digits of the card, expiry month and year, and billing status, to keep your account in good standing and to prevent fraud.

Information collected automatically

When you use the Service, we automatically collect device and usage information, including IP address, browser type, device identifiers, pages viewed, referring URLs, approximate location (country or region), time spent, and performance or diagnostic data. We use cookies and similar technologies to operate the Service, remember settings, and measure performance. See the “Cookies and Similar Technologies” section below.

Information from third parties

• Payment processors and banks (payment status, risk signals).

• Service providers (analytics, support, cloud hosting).

• Business partners, referral programs, or publicly available sources.

• Provide, maintain, and improve the Service.

• Create and manage accounts, authenticate users, and provide support.

• Process payments, issue invoices, and manage subscriptions or refunds.

• Send transactional notices, security alerts, and service updates.

• Monitor and prevent fraud, abuse, and security incidents.

• Analyze performance, fix bugs, and develop new features.

• Comply with legal obligations and enforce our terms.

• With consent or as permitted by law, send marketing or promotional communications. You can opt out at any time.

• Generate aggregated, de-identified, or anonymized insights.

India (Digital Personal Data Protection Act, 2023)

• Consent: you can withdraw consent at any time.

• Permitted uses under the DPDP Act: for example, to comply with law, to prevent fraud and security incidents, or other legitimate uses allowed by the Act.

EEA/UK (GDPR/UK GDPR)

• Contract: to provide the Service you request.

• Consent: where you have given consent, which you may withdraw.

• Legitimate interests: to secure, improve, and operate the Service.

• Legal obligation: to comply with applicable laws.

• Vital interests: in rare cases to protect someone’s safety.

We use third-party payment processors to handle payments securely. Our primary processor is Razorpay, and we may also process payments through Stripe. These companies process your payment data in line with their own privacy policies. We do not store full card numbers on our servers.

• Razorpay Privacy Policy: https://razorpay.com/privacy/

• Stripe Privacy Policy: https://stripe.com/privacy

We use cookies, local storage, and similar technologies to operate the Service, remember your preferences, keep you signed in, and measure performance. You can control cookies through your browser settings. If you disable cookies, parts of the Service may not work properly.

• Essential: required for basic site functionality and security.

• Preferences: remember choices such as language and theme.

• Analytics: help us understand usage and improve performance.

For detailed information about the cookies we use, retention periods, and how to change consent, see our Cookie Policy.

We may use analytics providers to understand how the Service is used and to improve reliability and performance. These providers may set cookies or collect identifiers and usage information in line with their policies.

For example, Google Analytics privacy information is available at Google Privacy and Terms.

We share information only as needed to provide the Service, comply with law, or protect our rights.

• Service providers that help us operate the Service.

• Payment processors (Razorpay and Stripe) for payment processing and fraud prevention.

• Professional advisors, auditors, or insurers under confidentiality.

• Law enforcement or regulators where required by law or to protect rights, safety, or property.

• Business transfers, such as a merger, acquisition, or asset sale.

• With your consent or at your direction.

We may share aggregated or de-identified information that does not identify you.

We retain personal information for as long as necessary to deliver the Service, comply with our legal obligations, resolve disputes, and enforce agreements. Retention periods vary based on the type of data and our obligations. We may retain limited information after account closure where required by law or to prevent fraud and abuse.

We use technical and organizational measures designed to protect personal information, including encryption in transit, access controls, and monitoring. No method of transmission or storage is fully secure, and we cannot guarantee absolute security. If we suspect unauthorized access, we will act promptly and notify you when required by law.

We may transfer, store, and process your information in countries other than your own, including India, the EEA, the UK, and the United States. Where required, we use appropriate safeguards, such as Standard Contractual Clauses, and we take steps to ensure a level of protection consistent with applicable law.

General rights

• Access, correction, deletion, and portability of your data.

• Restriction or objection to processing where applicable.

• Withdraw consent where processing is based on consent.

• Not to receive discriminatory treatment for exercising rights.

EEA/UK (GDPR/UK GDPR)

• Right to access, correction, and erasure of personal data.

• Right to grievance redressal within a reasonable time.

• Right to withdraw consent and to nominate a representative.

• If unresolved, you may approach the Data Protection Board of India.

You have rights under data protection law, including the right to lodge a complaint with your local supervisory authority. We will respond to valid requests within applicable timeframes.

India (Digital Personal Data Protection Act, 2023)

• Right to access, correction, and erasure of personal data.

• Right to grievance redressal within a reasonable time.

• Right to withdraw consent and to nominate a representative.

• If unresolved, you may approach the Data Protection Board of India.

California (CCPA/CPRA)

California residents have rights to know, delete, correct, and opt out of the sale or sharing of personal information, and to limit the use of sensitive personal information. We do not sell personal information for money. Where we share information with service providers, we do so under contracts that limit their use.

How to exercise your rights

To submit a request, email support@xvariate.com. We may need to verify your identity before responding. Certain requests may be limited by law or necessary for us to provide the Service.

• Marketing emails: use the unsubscribe link in the message.

• Cookies: control cookies via your browser settings.

• Account: contact us to close or delete your account.

The Service is not directed to children under 13. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, contact us and we will take appropriate steps to delete it. For users in the EEA, the minimum age may be higher under local law.

Some browsers offer a Do Not Track signal. There is no uniform standard for responding to these signals, so we do not respond to them. You can control cookies through your browser settings.

The Service may contain links to other websites. We are not responsible for the privacy practices of those websites. We encourage you to review their policies.

We may update this Policy to reflect changes to our practices, technologies, or legal requirements. If we make material changes, we will post the updated Policy here and update the “Last updated” date above. Your continued use of the Service means you accept the changes.

If you have questions or concerns about this Policy or our data practices, contact us at:

Email: contact@xvariate.com