1. Introduction
XaiSolution ("we", "our", "us", or "XaiSolution") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, share, and safeguard your information, including Google user data, when you use our AI-powered recruiting platform and related services (collectively, the "Service").
This Privacy Policy applies to XaiSolution, operated by XaiSolution, and governs the collection and use of information, including Google user data, through our application. By using our Service, you agree to the collection and use of information in accordance with this policy.
2. Information We Collect
The data we collect about you includes information you have provided to us directly, as well as information collected through your use of our Service:
2.1 Account and Profile Information
- Account information (name, email address, password)
- Organization information (name, slug)
- Profile information and preferences
2.2 Google User Data
When you sign in with Google or grant access to Google services, we may collect, or process on behalf of our customers, the following categories of Google user data:
- Authentication Data: Email address, profile information (name, profile picture), and unique identifier provided by Google OAuth
- Google Drive Data (if granted): Files, folders, and metadata from your Google Drive account that you explicitly choose to access through our Service
- Google Sheets Data (if granted): Spreadsheet data and metadata from Google Sheets that you explicitly choose to access through our Service
- Gmail Data (if granted): Email messages and metadata from your Gmail account that you explicitly choose to access through our Service
Important: We only access Google user data that you explicitly grant permission to access. You can revoke access at any time through your Google account settings or by disconnecting your Google account from XaiSolution.
2.3 Usage and Analytics Data
- API usage data and analytics
- Service usage patterns and interactions
- Feature usage statistics
2.4 Payment Information
Payment information is processed securely through Stripe. We do not store full credit card numbers or sensitive payment details on our servers.
2.5 Communication Data
- Support requests and customer service communications
- Contact form submissions
- Feedback and survey responses
3. How We Use Your Information
We will use your data to provide you with the services you requested and to improve our Service. Specifically, we use the information we collect, including Google user data, to:
- Provide and maintain our Service: Authenticate your account, enable access to features, and deliver the core functionality of our AI-powered recruiting platform
- Process transactions: Process subscription payments and send related transaction information
- Send communications: Send technical notices, updates, security alerts, and support messages
- Respond to requests: Respond to your comments, questions, and customer service requests
- Improve our Service: Monitor and analyze usage patterns to improve user experience, fix bugs, and develop new features
- Ensure security: Detect, prevent, and address technical issues, fraud, and security threats
Restriction on Use of Google User Data:
We limit our use of Google user data to providing or improving user-facing features of our Service. We do NOT use Google user data for:
- Targeted advertising, personalized advertising, retargeted advertising, or interest-based advertising
- Selling to data brokers or information resellers
- Determining credit-worthiness or lending purposes
- Creating databases for purposes other than providing our Service
- Training AI models using your personal Google data
- Any purpose other than providing or improving the functionality of our Service
4. How We Share, Transfer, or Disclose Information
We do not sell your personal information or Google user data to third parties. We do not transfer or disclose your information to third parties for purposes other than providing or improving our Service.
We may share your information, including Google user data, only in the following limited circumstances:
4.1 Service Providers
We may share information with trusted service providers who assist us in operating our Service, conducting our business, or serving our users, such as:
- Cloud hosting providers: To host and store data securely
- Payment processors: To process subscription payments (Stripe)
- Email service providers: To send transactional and service-related emails
- Analytics providers: To analyze usage patterns and improve our Service
All service providers are contractually obligated to protect your information and use it only for the purposes we specify. They are prohibited from using your Google user data for any purpose other than providing services to us.
4.2 Legal Requirements
We may disclose information if required by law, court order, or governmental regulation, or if we believe disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to government requests.
4.3 Business Transfers
In the event of a merger, acquisition, reorganization, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change in ownership or control of your personal information.
Restriction on Transfer of Google User Data:
We do NOT transfer Google user data to third parties for:
- Targeted advertising, personalized advertising, retargeted advertising, or interest-based advertising
- Selling to data brokers or information resellers
- Determining credit-worthiness or lending purposes
- Any purpose other than providing or improving the functionality of our Service
5. Data Security and Protection
Security procedures are in place to protect the confidentiality of your data. We implement appropriate technical and organizational measures to protect your personal information and Google user data against unauthorized access, alteration, disclosure, or destruction. Our security measures include:
- Encryption: We use encryption to protect your information both in transit and at rest. All data transmitted between your device and our servers is encrypted using industry-standard TLS/SSL protocols
- Secure password hashing: Passwords are hashed using bcrypt before storage
- Access controls: We implement role-based access controls and limit access to personal information to authorized personnel only
- Regular security audits: We conduct regular security assessments and vulnerability testing
- Secure API key management: API keys are encrypted and securely stored
- OAuth token security: Google OAuth tokens are securely stored and automatically refreshed to maintain security
- Database security: Our databases are protected by firewalls and access controls
- Incident response: We have procedures in place to detect, respond to, and mitigate security incidents
While we strive to use commercially acceptable means to protect your information, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security, but we are committed to maintaining the highest standards of data protection.
6. Data Retention and Deletion
We store your personal information, including Google user data, for a period of time that is consistent with our business purposes. Specifically:
- Active accounts: We will retain your personal information for the length of time needed to fulfill the purposes outlined in this privacy policy while your account is active
- Inactive accounts: If you close your account, we will retain your information for a reasonable period to comply with legal obligations, resolve disputes, and enforce our agreements
- Legal requirements: We may retain certain information for longer periods if required by law, court order, or governmental regulation
- Google user data: Google user data is retained only as long as necessary to provide our Service. When you disconnect your Google account, we will delete associated Google user data within 30 days, except where retention is required by law
When the data retention period expires for a given type of data, we will delete or destroy it using secure deletion methods that make the data unrecoverable.
Your right to deletion: You may request for your data to be deleted by contacting us at privacy@xaisolution.com or by using the account deletion feature in your account settings. We will process deletion requests within 30 days, subject to legal retention requirements.
7. Your Rights and Choices
You have the following rights regarding your personal information and Google user data:
- Access: Request access to your personal information and Google user data
- Correction: Correct inaccurate or incomplete data
- Deletion: Request deletion of your data, including Google user data
- Objection: Object to processing of your data
- Data portability: Export your data in a machine-readable format
- Revoke Google access: Disconnect your Google account or revoke specific Google permissions at any time through your Google account settings or through our Service
- Opt-out: Opt-out of certain data collection and processing activities where permitted by law
To exercise these rights, please contact us at privacy@xaisolution.com. We will respond to your request within 30 days.
8. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify users if we change how we use Google user data or make other material changes to this policy.
We will notify you of any material changes by:
- Posting the updated Privacy Policy on this page with an updated "Last updated" date
- Sending an email notification to the email address associated with your account
- Displaying a prominent notice on our Service
Your continued use of our Service after such changes constitutes your acceptance of the updated Privacy Policy.
9. Contact Us
If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, including questions about how we handle Google user data, please contact us: