Table of Contents
- Data Collection
- Data Usage
- Data Sharing
- Data Storage, Retention, and Security
- Cookies and Tracking Technologies
- Data Subject Rights
- Data Controller vs. Processor
- Your Consent
Thank you for choosing to be part of our community at Xebcore Inc. (“Xebcore”), a California corporation, and its subsidiary, Xebcore Inc., a California corporation, based in San Jose, California (“Xebcore”), and Xebrium’s subsidiary, Xebrium Software Private Limited, based in Pune, India (collectively “Xebcore”, “Company”, “we”, “us”, or “our”).
This policy applies to information we collect:
- On this Website.
- In email, text, and other electronic messages between you and this Website.
- Through mobile and desktop applications you download from this Website, which provide dedicated non-browser-based interaction between you and this Website.
It does not apply to information collected by:
- Us offline or through any other means, including on any other website operated by Company or any third party (including our affiliates and subsidiaries); or
- A third party through any application or content (including advertising) that may link to or be accessible from (or on) the Website
(i) Customer/Customer Account – The Customer or Customer Account is the entity that has contractually engaged with Xebcore to receive a free trial, or paid Subscription Plan to our Services. When a business or individual purchase a Subscription Plan and use the Services under the Subscription Plan for employees, work associates, or external stakeholders associated with the business or the individual, the business or individual is the Customer Account, and each employee or associate using Services under the Subscription Plan is a User.
(ii) Subscription Plan – A Subscription Plan is a Customer Account’s free trial, or paid subscription to use Services.
(iii) GDPR – The General Data Protection Regulation (GDPR) 2016/679 is a regulation in the European Union law on data protection and privacy within the EU and the European Economic Area.
(iv) Data Controller – A Data Controller is a natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of processing of Personal Data according to the GDPR.
(v) Data Processor – A Data Processor processes the data on behalf of the Data Controller according to the GDPR.
(vi) Data Subprocessor – A Data Subprocessor is any legal person, public authority, agency, or other body appointed by or on behalf of Data Processor to process Personal Data on behalf of Xebcore.
(vii) Personal Data – Personal Data is a subset of Collected Information and refers to any information that relates to an identified or identifiable individual. Different pieces of information, which collected together, can lead to the identification of a particular person, also constitute Personal Data.
(viii) Service Data – Service Data is Personal Data or other information that Users input directly into the Project Workspace and create within the Project Workspace.
(ix) Project Workspace – A Project Workspace is the Service instance to which the Customer Account and related Users gain access when signing onto a Subscription Plan. The Project Workspace may contain one or more projects administered by the Customer Account.
(x) User – A User is an individual who uses the Services through a Customer. Within the Project Workspace, there are two types of Users: Internal User and External User.
Internal User – An Internal User is an individual associated with a Customer Account using the Service, who has full rights within a Project Workspace, except for rights reserved for Account Administrators. Internal users can be assigned as Project Workspace Administrators with extended permissions within a Project Workspace.
External User – An External User is an individual associated with a Customer Account using the Service who has similar permissions to Internal Users, but is not authorized by the Customer Account to create projects in the Project Workspace. For example, vendors and clients are associated with the Customer Account but will not have such authority. If a vendor or client is given authority by a Customer Account to create projects in the Project Workspace, such authorized vendor or client shall be deemed to be an Internal User.
(xi) Account Administrator/Administrator – An Account Administrator or Administrator is a User who signs up and manages the Project Workspace for the Customer Account.
(xii) “Standard Contractual Clauses” means the contractual clauses as amended from time to time.
(xiii) CCPA – Stands for the California Consumer Privacy Act; The California Consumer Privacy Act is a state statute intended to enhance privacy rights and consumer protection for residents of California,
(xiv) CPRA – Stands for the California Privacy Rights Act; the Act revises the CCPA described above, including establishing the California Privacy Protection Agency to implement and enforce the law.
2. Data Collection
The Customer Account collects Personal Data that you, as a User, voluntarily provide when participating in activities in the Services. The Company also collects information from your organization or third-party sources when you contact us or express an interest in obtaining information about us or about our Services.
In collecting and using Personal Data, the Customer Account acts as a Data Controller with regard to the User, under the GDPR. The Company cannot, and does not take responsibility for the privacy practices of the Customer Account or its External Users. We encourage Users to review the particular Customer Account’s privacy policies to understand its privacy practices and procedures.
The information that is collected depends on the context of your interaction with the Customer Account, Xebcore, and the Services, the choices you make, and the products and features you use. We may collect the following information about you:
Information Provided by You
Account Information – This is the user data and account information that the Customer Account obtains from you when you use the Service as a User. This includes personal details (first name, last name, nickname and profile photo), work details (industry, organization, designation, department, and the number of users), contact information (phone numbers, email addresses, business email, business phone number, social media, and other similar data). Also, Personal Data which is collected are account login details (such as email addresses, personal information, password hints, security information, and passwords) These details are automatically hashed meaning that they are automatically encrypted so as to become illegible to all persons other than our computers. Other information which you choose to provide while interacting with third parties via our Services may not be encrypted.
Support Channels – The Services also include our customer support and the various channels through which you can submit information regarding a problem you are experiencing with our Services. Whether you designate yourself as a technical contact, open a support ticket, speak to one of Xebcore’s representatives directly, or otherwise engage with our support team, you will be asked to provide contact information, a summary of the problem you are experiencing, and any other documentation, screenshots, or information that would be helpful in resolving the issue.
Payment Data: We collect data necessary to process your payment if you make purchases. We utilize a third-party credit card payment processing partner to collect payment information, including your credit card number, billing address, and phone number. In such circumstances, the third-party service provider, and not Xebcore, stores your payment information on our behalf but we have no direct access to such financial information. As with other third-party providers, your interaction with a third-party’s website(s), or usage of a third-party’s services are governed solely by such third-party’s terms, conditions, and policies.
Information Automatically Collected
We automatically collect certain information when you visit, use, or navigate within or through the Services. This information does not reveal your specific identity (like your name or contact information) but may include device identification (computer, phone, tablet etc.) and usage information such as your IP address, browser type, URLs of referring/exit pages, crash data, operating system, language preferences, device characteristics, device name, country, location, information about how and when you use our Services, and other technical information.
Project Workspace Metadata – When you interact with our Services, metadata is generated that provides high-level (non-content) information about the way you work in your Project Workspace. For example, the Services may log the number of projects you work in; the number of tasks, milestones, requirements, assets, projects to which you are assigned; the features you interact with; the types of files you share; and what, if any, third party services and integrations you use. This information is primarily needed to maintain the security and operation of our Services, and for our internal analytics and reporting purposes.
Cookies and Tracking – Like many businesses, we also collect information through cookies and similar technologies (e.g., web beacons, device identifiers, pixels, etc.).
Service Integrations and Third Parties – We may receive your Personal Data from third party providers of business information and publicly available sources (like social media platforms) including physical mail addresses, job titles, email addresses, phone numbers, intent data (or user behavioral data), IP addresses, social media profiles and the like for the purposes of targeted advertising of products that may interest you, delivering personalized communication, event promotion, and profiling. We may also receive information about you and your activities from third-party partners, such as advertising and market research partners who provide us with information about your interest and engagement with our Services, and online advertisements.
3. Data Usage
We use Personal Data collected via our Services for a variety of business purposes described below. We process your Personal Data for these purposes in reliance on our legitimate business interests, in order to enter into or perform a contract with you, with your consent, and/or for compliance with our legal obligations. We indicate the specific processing grounds we rely on next to each purpose listed below.
We use the information we collect or receive for the following purposes:
(i) Verification of User Identity – We facilitate the login processes to authenticate the identity of our Users, and to allow them to access our Services. We base the processing of your Personal Data, (e.g. a first name and last name, address, an email address such as email@example.com, an identification card number, location data (for example the location data function on a mobile phone), an Internet Protocol (IP) address, cookie ID or the advertising identifier of your phone) on our legitimate interest to operate and administer our websites and to provide you with content you access and request (e.g., to download content from our websites).
(ii) Communication of Administrative Information – We may use your Personal Data to send you products, Services, or new feature information and/or information about changes to our terms, conditions, and policies which changes we may make at our sole discretion with or without notice, at any time, and for any reason.
(iii) Technical Support – We may use your Personal Data to respond to your inquiries and to solve any issues you might have with the use of our Services.
(iv) Management of Payment Information – If you have provided financial information to us through a third-party payment processing service, in order to collect payments, we process your Personal Data to verify such financial information but only to the extent needed to complete a transaction.
(v) Services and Website Development and Improvement – We process your Personal Data to analyze trends and to track your interaction and usage of our websites and Services to the extent that we believe is needed for our legitimate interest in developing and improving our websites and Services, and for providing our Users with more relevant content and service offerings, or where we seek your consent beforehand.
(vi) Communication of Marketing and Promotional Activities – We and/or our third-party marketing partners may use the Personal Data you send to us or which we have collected, for our marketing purposes so long as it is in accordance with your marketing preferences. Such activities allow us to highlight the benefits of using our Services and to thereby increase your engagement and overall satisfaction with our Services. You may opt out of receiving such promotional communication from us by using the unsubscribe link within each email.
(vii) Delivery of Targeted Advertising – We may use your information to develop and display content and advertising (and work with third parties who do so) tailored to your interests and/or location, and to also measure its effectiveness.
(viii) Feedback – We may use your Personal Data to request your feedback and to contact you about your use of our Services.
(ix) Service Protection – We may use your Personal Data as a part of our efforts to keep our Services safe and secure (e.g., for fraud monitoring and prevention).
(x) Enforcement of Terms, Conditions, and Policies – We may use your Personal Data for business, legal, and contractual reasons.
(xi) Addition of Feedback to Forums, Blogs, and the Website – For specific purposes not already listed above, we use information about you when you have given us prior explicit consent.
(xii) Response to Legal Requests and Prevention of Harm – If we receive a legal request from a person whom we believe in good faith is an authorized party, we may need to inspect the data we hold to determine how to respond to such a request. We may use Personal Data in connection with legal claims, compliance matters, regulatory issues, and audit functions. We may also make disclosures in connection with the acquisition, merger, or sale of a business or its assets, including ours; you will be notified via email and/or a prominent notice on our website of any change in ownership or uses of your Personal Data, as well as any choices you may have regarding your Personal Data.
(xiii) Other Business Purposes – We may use your information for other business purposes such as data analysis, identifying usage trends, determining the effectiveness of our promotional campaigns, evaluating and improving our Services, our products and marketing, and your experience (collectively “Business Purposes”). We may use and store this information in an aggregated and anonymized form so that it is not associated with individual Users and does not include Personal Data.
4. Data Sharing
We only share Personal Data in order to comply with applicable laws including judicial directives, to provide Services, to protect the rights of Users, to fulfill business obligations, or otherwise with your prior consent.
Legal Obligation – We may disclose your Personal Data when legally required to ensure compliance with applicable law, governmental requests, judicial proceedings, court orders, or legal process such as to respond to a a subpoena or the like.
Vital Interests – We may disclose your Personal Data where we believe in our sole discretion, in good faith, that it is necessary to investigate violations of the law, prevent injurious violations, or to take action regarding possible violations of our policies, commission of crime(s), illegal activities, suspected fraud, situations which threaten personal safety, or as evidence in litigation in which we are involved.
Business Transfers – We may share or transfer your Personal Data in connection with, or during negotiations of any merger, sale of company assets, financing, or acquisition of all or a portion of our business by another company.
Business Partners – We may share your Personal Data with our business partners to offer you certain products, services, or promotions.
Third-Party Services, Websites, and Forums – Our Services may also contain links and integrations to third party websites.
Any Personal Data or other content submitted by you to private Project Workspaces may still be accessed, copied and processed by the Account Administrator of the Customer Account you are associated with. Your Personal Data will also be made accessible to all the authorized Users who can view the same Project Workspaces as you. Please note that Xebcore does not control and is not responsible for any further disclosure, use or monitoring by or on behalf of the Customer Account, that itself acts as the Data Controller of such data.
If you are an Account Administrator for a Project Workspace within the Services, we may share your Personal Data with current or past Users to facilitate Services-related requests. This may include instances where you may contact us for help in resolving an issue specific to a Project Workspace of which you are a member (and which is associated with the same Customer Account).
5. Data Storage, Retention, and Security
We use standard technical and organizational measures to secure the information we store. The time duration for which we keep your data depends on the type of information. After a certain duration, we will delete or anonymize your data, or if deletion or anonymizing is not possible (for example, because the information has been stored in backup archives), then we will securely store and isolate your data until such time that deletion is possible.
We retain your account’s information for as long as your account is active and for a reasonable subsequent period in case you decide to access our Services again. We also retain some of your information as may be necessary to comply with our legal obligations, for dispute resolution, to enforce our agreements, to support business operations, or to continue to develop and improve our Services.
If your account is deactivated or disabled, some of your data and the content you have provided to us will remain with us to allow other Users associated with the same Customer Account that you had accessed to use of the Services. We retain your Personal Data as long as required by the Account Administrator of your associated Customer Account. If you have chosen to receive emails from us, we retain data about your marketing preferences from cookies and other technologies for a reasonable time from the date you last expressed interest in our Services.
We are committed to protecting the Personal Data of our customers. Accordingly, we secure your Personal Data using industry-standard physical, procedural, and technical measures including encryption as appropriate.
Xebrio, as a cloud-based software application is entrusted with valuable data of our Customer Accounts and their Users. We therefore strive to ensure that we meet or exceed industry-standard privacy and security infrastructure.
If you are accessing our Services from outside the United States, please be aware that your Personal Data may be transferred to, stored, and processed by us in our facilities and by those third parties with whom we may share your Personal Data in the United States and/or in other countries.
We transfer Personal Data with regard to EU residents outside the EU in accordance with the GDPR, including when it is necessary to provide the Services.
We may use “standard contractual clauses” to protect Personal Data transferred outside the EU. Standard contractual clauses refer to contracts between companies transferring Personal Data that contain standard commitments approved by the EU Commission protecting the privacy and security of the Personal Data transferred.
6. Cookies and Tracking Technologies
Like many businesses, we also collect information through cookies and through the use of similar technologies.
The cookies and other like technologies as described here fall broadly into the following basic categories:
These cookies are necessary to provide you with the Services offered through our websites. They are also necessary to enable Users to engage in a few specific activities including for instance, gaining access to certain secure areas.
Performance and Functionality Cookies
These cookies are used to enhance the performance and functionality of our websites but are non-essential to their use. However, without these cookies, certain features (like videos) may become unavailable.
Analytics and Customization Cookies
These cookies collect information that is used either in an aggregated form to help us understand how our websites are being used or how effective our marketing campaigns are, or to help us customize our websites for our Users.
These cookies are used to make advertising messages more relevant to you. They perform some important functions such as preventing the same advertisement making repeated appearances, ensuring that advertisements are displayed correctly, and in some cases selecting advertisements based on your interests.
Social Networking Cookies
These cookies are used to enable you to share pages and content that you find interesting on our websites through third-party social networking and other websites. These cookies may also be used for advertising purposes.
These are cookies that have not yet been categorized. We are in the process of classifying these cookies with the help of their providers.
To opt out of Google Analytics and Google ads – go to: Google Ads Setting>Google Analytics>Opt out Add-on. Some browsers offer similar settings for HTML5 local storage, and Flash storage can be managed here. Some browsers have incorporated “Do Not Track” (DNT) features to send a signal to the websites you visit which indicate you do not wish to be tracked. Since there is no common adopted standard yet about how to interpret the DNT signal, our Services do not currently respond to browser DNT signals.
Legal Bases for Processing Personal Data
The laws in some jurisdictions, including the EU, require companies to tell you about the legal grounds they rely on to use or disclose your Personal Data. To the extent those laws apply, our legal grounds for Processing Personal Data are as follows:
Contractual Commitments – Some of our processing of Personal Data is to meet our contractual obligations to the individuals to whom the Personal Data relates subject to the use of terms.
Consent – Where you have given prior consent to process the Personal Data in a certain way.
Legitimate Interests – We may also process Personal Data for the legitimate interests of our customers and others, including our business partners, e.g., to prevent fraud, or to improve our Services, etc.
Legal Compliance – We need to use and disclose Personal Data in certain ways to comply with our legal obligations as explained previously.
7. Data Subject Rights
Rights of all Users
Users can review and update certain Personal Data by logging in to the relevant part of their Project Workspace.
Rights of the Residents of the European Economic Area under GDPR
These may include the right to the following insofar as the right relates to Personal Data stored directly with us:
- to request access and obtain a copy of your Personal Data
- to request rectification or erasure
- to restrict the processing of your Personal Data
- if applicable, to data portability
In certain circumstances, you may also have the right to object to the processing of your Personal Data. To make such a request, please use the contact details provided below. We will consider and act upon any request in accordance with applicable data protection laws.
To exercise any of those rights with respect to the Personal Data Xebrio controls, individuals should contact us at firstname.lastname@example.org.
Each of our Customer Accounts is responsible as the Data Controller for complying with any laws or regulations requiring notice, disclosure or obtaining consent prior to transferring Personal Data to the Company for processing. Any User who wishes to exercise any of the rights mentioned above should directly contact our Customer Account with which the User is affiliated; specifically, Users should contact the Account Administrator for the Project Workspace associated with the Service Data, not Xebcore. Regular Users of a Project Workspace can find contact information for the relevant Customer’s administrator(s) by logging in to the Project Workspace and selecting “Profile”, then “Profile Settings”, and then “Account Information.”
If our Customer Account instructs the Company to remove particular Personal Data in accordance with applicable law, the Company will process this instruction within thirty (30) days.
Rights of the Residents of California, USA
California residents may be entitled to the following rights under the CCPA, including:
- The right to know about the personal information a business collects about them and how it is used and shared;
- The right to delete personal information collected from them (with some exceptions);
- The right to opt-out of the sale of their personal information; and
- The right to non-discrimination for exercising their CCPA rights.
If you are a California resident, you may ask businesses to disclose what personal information they have about you and what they do with that information, to delete your personal information and not to sell your personal information. You also have the right to be notified, before or at the point businesses collect your personal information, of the types of personal information they are collecting and what they may do with that information. Generally, businesses cannot discriminate against you for exercising your rights under the CCPA. Businesses cannot make you waive these rights, and any contract provision that says you waive these rights is unenforceable.
The CCPA applies to for-profit businesses that do business in California and meet any of the following:
- Have a gross annual revenue of over $25 million;
- Buy, receive, or sell the personal information of 50,000 or more California residents, households, or devices; or
- Derive 50% or more of their annual revenue from selling California residents’ personal information.
8. Data Controller vs. Data Processor
Data protection laws and regulations, such as the GDPR, distinguish between two roles for parties processing Personal Data. These roles are the “Data Controller” who determines the purposes and means of processing; and the “Data Processor” who processes the data at the direction and instruction of, and on behalf of, the Data Controller. Below we explain how these roles apply to our Service, to the extent that such laws and regulations apply.
Xebcore is the Data Controller with respect to the Personal Data of its Customers. Such Personal Data may include contact details, personal profile information, analytics, and usage data. We assume the role of Data Controller with respect to such data and our service providers processing such data will assume the role of Data Processors.
If a Customer Account uploads data containing Personal Data of its customers to the Project Workspace such data will only be processed by Xebcore on behalf of such Customer Account. In these cases, such Customer Account will be deemed to be the Data Controllers of such data, and Xebcore will process such data on that Customer Account’s behalf, and at the Customer Account’s direction and instruction, as a Data Processor. In this case, Xebcore’s third party service providers will act as Data Subprocessors of Xebcore.”
95 South Market Street, Suite 500
San Jose, California 95113
10. Your Consent