Privacy Policy
Who We Are
Xēra is a private AI executive assistant operated by [COMPANY NAME] ("Company", "we", "us", "our"), a [JURISDICTION] entity.
"You" and "Your" refer to the individual user of Xēra's website, app, or services.
Scope & Roles: Xēra is used by individuals for personal and professional follow-ups, monitoring, briefings, and assistant workflows. [COMPANY NAME] acts as the data controller of your personal information and the content you bring into Xēra — including contacts, threads, watches, briefings, drafts, and notes. Xēra does not currently offer team or organisational workspaces; all workspaces are single-user.
Information We Collect
2a. Information you provide
- Name, email address, password, time zone, and billing details where applicable.
- Contacts you add to Xēra, including names, phone numbers, email addresses, notes, relationship tags, and the groups you assign them to.
- Threads and follow-up context, including objectives, touchpoints, drafts, outcomes, and schedules.
- Watches you create, including the topics, conditions, cadences, and thresholds you define.
- Briefings you request, including topics, delivery preferences, and the inputs you write into the Daily Briefing window.
- Any other content you send to Xēra through its input surfaces.
2b. Automatically collected
- Device type, device ID, IP address, operating system, browser type, and usage behaviour within the platform.
- Product analytics via PostHog to understand feature usage, onboarding completion, and assistant interactions. You may opt out via our cookie banner where required by law.
2c. Billing
Billing and subscription management, where applicable, are handled by Stripe, Inc. Xēra does not store full card numbers. Stripe processes payment data under its own Privacy Policy and PCI-DSS compliance programme.
A note on third-party data: When you add a contact, thread, or any information about another person into Xēra, you represent that you have a legitimate basis for doing so. We treat data about third parties with the same care as data about you, and we will honour verified deletion requests from those individuals.
How We Use Your Information
We use the information we collect to:
- Provide, operate, and improve the Xēra platform and its assistant capabilities.
- Generate drafts, interpret briefings, and produce assistant outputs on your behalf.
- Run scheduled checks for watches, alerts, and briefings you define.
- Deliver notifications, summaries, and approved assistant communications.
- Process billing transactions and manage your subscription, where applicable.
- Send transactional emails, product updates, and security alerts.
- Detect fraud, abuse, and ensure platform security.
- Comply with legal obligations and enforce our Terms of Use.
- Conduct aggregated, anonymised product research and analytics to improve the service.
We do not sell your personal information to third parties.
We do not use your contacts, threads, watches, drafts, briefings, or other personal content to train general-purpose AI models made available to other customers.
Sharing Your Information
We share your information only in the following limited circumstances:
- Service providers acting as data processors on our behalf (listed below).
- Third-party data sources you authorise (market data, news feeds, fare APIs) when you configure a watch that uses them.
- Professional advisers such as lawyers, auditors, and insurers, under strict confidentiality obligations.
- Law enforcement or regulatory bodies when required by applicable law or to protect legal rights.
- In connection with a merger, acquisition, or sale of assets, subject to the acquirer honouring this policy.
The following sub-processors are authorised to handle personal data on our behalf:
| Processor | Purpose | Location |
|---|---|---|
| Supabase | Database & authentication infrastructure | USA |
| Stripe, Inc. | Payment processing | USA |
| PostHog | Product analytics | USA / EU |
| Resend | Transactional email | USA |
| OpenAI / Anthropic | AI inference for drafts, interpretation, and summaries | USA |
| Vercel | Application hosting and edge delivery | Global |
Data Retention
We retain your personal data for as long as your account is active or as needed to provide the service:
- Account data is retained for the duration of your subscription and for up to 90 days following account deletion, to allow recovery.
- Contacts, threads, watches, briefings, drafts, and other user-generated content are retained as long as your account is active. You may delete individual items at any time.
- Billing records are retained for 7 years to comply with applicable financial and tax regulations.
- Analytics and usage logs are retained in aggregated form for up to 24 months.
After account deletion, personal data is purged from production systems within 90 days and from backups within 180 days.
Your Rights
Depending on your jurisdiction, you may have the following rights regarding your personal data:
- Access — request a copy of the personal data we hold about you.
- Rectification — request correction of inaccurate or incomplete data.
- Erasure — request deletion of your personal data ("right to be forgotten").
- Restriction — request that we limit processing of your data in certain circumstances.
- Portability — receive your data in a structured, machine-readable format.
- Objection — object to processing based on legitimate interests or for direct marketing.
- Withdrawal of consent — where processing is based on consent, you may withdraw it at any time.
To exercise any of these rights, email us at privacy@agentxera.pro. We will respond within 30 days. For GDPR-related requests, we will acknowledge receipt within 72 hours.
International Transfers
[COMPANY NAME] is based in [JURISDICTION] and our primary infrastructure is hosted in the United States. If you access Xēra from the European Economic Area, United Kingdom, or other jurisdictions with data transfer restrictions, your information may be transferred to and processed in the US.
Where required, we rely on appropriate safeguards including Standard Contractual Clauses (SCCs) approved by the European Commission, and equivalent mechanisms recognised by the UK ICO, to ensure an adequate level of protection for your personal data.
Cookies & Tracking
We use cookies and similar tracking technologies to operate the platform and understand usage patterns. Our use includes:
- Essential cookies — required for authentication, session management, and security.
- Analytics cookies — used via PostHog to measure feature engagement and onboarding. These can be declined via our cookie banner.
- Preference cookies — to remember your workspace settings and display preferences.
We do not use third-party advertising cookies and we do not sell behavioural data to ad networks. You can manage cookie preferences at any time through your browser settings or our in-app cookie banner.
Children's Privacy
Xēra is not directed to children under the age of 16. We do not knowingly collect personal information from anyone under 16. If we become aware that we have inadvertently collected data from a child under 16, we will promptly delete it.
If you believe a child has provided us with personal information, please contact us at privacy@agentxera.pro.
Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:
- Update the "Last Updated" date at the top of this page.
- Send an in-app notification or email to account owners at least 14 days before material changes take effect.
- Maintain a version history accessible on request.
Your continued use of Xēra after the effective date of any changes constitutes your acceptance of the updated policy.
Contact Us
If you have questions, concerns, or requests relating to this Privacy Policy or [COMPANY NAME]'s data practices, please contact us:
Company: [COMPANY NAME]
Email: privacy@agentxera.pro
Address: [COMPANY ADDRESS]
We aim to respond to all privacy enquiries within 5 business days.