Privacy Policy

This Privacy Policy describes how xPointLabs collects, uses, stores, discloses, and otherwise processes information in connection with the xPointLabs website, application, analytics platform, integrations, reports, and related services (collectively, the Service).

xPointLabs is built for business teams that connect conversation data from chatbots, support systems, and related customer interaction channels in order to generate analytics, scoring, clustering, reporting, and operational insights.

Depending on the context, xPointLabs may process information as a direct business operator for its own account, and may also process customer-submitted content on behalf of business customers as part of delivering the Service.

xPointLabs is a product operated by Trustity Ltd.

Founder review required: add the registered address and any formal company details that should appear in privacy notices.

We may collect and process the following categories of information:

• Account information: names, email addresses, authentication records, login credentials managed through our authentication provider, and role or access settings.
• Workspace and team information: workspace names, team membership, invitations, permissions, plan selection, locale preferences, and workspace-level configuration.
• Billing metadata: billing contact details, subscription tier, transaction and subscription identifiers, payment-method readiness status, invoices or billing events supplied by our billing provider, and related account history.
• Usage records: feature usage, job history, token usage measurements, reports generated, audit logs, source sync history, and similar operational records.
• Imported conversation data: conversation content, message text, metadata, timestamps, user or session identifiers supplied by the customer, classifications, derived scores, summaries, clusters, and analytics outputs.
• Support communications: messages sent to us for support, billing review, onboarding, or account assistance.
• Technical and log information: service logs, device/browser information, IP-derived security signals, request metadata, and other information reasonably required to operate, troubleshoot, and secure the Service.

We use information we process through the Service to:

• operate, host, maintain, and improve the Service;
• authenticate users and manage workspace access;
• connect, import, normalize, and analyze customer conversation data;
• generate analytics, scoring, clustering, summaries, reporting, and related outputs;
• meter usage, enforce plan limits, and support subscription billing;
• monitor reliability, detect abuse, prevent fraud, and protect the security of the Service;
• provide support, customer communication, and operational notices;
• comply with applicable law, lawful requests, and internal record-keeping obligations.

Business customers retain ownership of the conversation data, metadata, and related materials they submit to or connect with xPointLabs. xPointLabs does not acquire ownership of customer data merely because that data is processed through the Service.

xPointLabs processes customer data for the limited purpose of providing the Service, including hosting, storing, transmitting, analyzing, classifying, summarizing, scoring, reporting on, and displaying such data within the customer’s authorized workspace environment.

Customers are responsible for ensuring that they have all rights, permissions, notices, and lawful bases required to submit or connect data to the Service.

Certain Service features may use third-party AI service providers, including OpenAI, to process customer-submitted data in order to generate classifications, summaries, clustering, sentiment analysis, quality scoring, reporting content, or related analytical outputs.

In that context, conversation content, structured metadata, prompts, and derived context may be transmitted to third-party AI providers solely as part of delivering the Service to the applicable customer workspace. These providers act as service providers or subprocessors to the platform in connection with those functions.

xPointLabs does not use customer content to train its own proprietary models unless expressly stated in a separate written policy or agreement.

Founder/legal review required: confirm and insert the correct statement regarding whether content sent to OpenAI or other AI providers is or is not used for model training under the provider’s current business and data-processing terms.

AI-generated outputs may be probabilistic, incomplete, or inaccurate. Customers should review generated insights before relying on them for important business, legal, financial, operational, or customer-impacting decisions.

xPointLabs uses third-party providers to support delivery of the Service, including:

• Supabase for database services, authentication-related infrastructure, storage, and application data management.
• Railway for application hosting, runtime infrastructure, and background service execution.
• OpenAI for AI-assisted processing, classification, summarization, and related analytical functions where enabled by the platform.
• Paddle for subscription billing, commercial transactions, and related billing event processing.
• Other service providers as needed for monitoring, support, communications, security, analytics, or infrastructure support.

We may update our provider stack from time to time as operational needs evolve. We expect such providers to process information only as necessary to perform services for us or on our behalf.

We retain information for as long as reasonably necessary to provide the Service, maintain workspace continuity, support customer reporting needs, and satisfy legitimate legal, accounting, security, or fraud-prevention obligations.

• Account and workspace records are generally retained while the workspace remains active and for a limited period afterward for restoration, audit, and support purposes.
• Imported conversation data is retained until deleted by the customer, removed as part of account closure, or otherwise deleted under our internal retention practices.
• Billing, audit, fraud-prevention, and security records may be retained longer where reasonably necessary for legal compliance, dispute resolution, abuse prevention, or operational integrity.

Customers may request deletion of workspace data or closure of accounts. Deletion may be subject to technical limitations, backup cycles, billing record retention, legal obligations, and records needed to protect the Service and its users.

We use administrative, technical, and organizational safeguards designed to protect information against unauthorized access, loss, misuse, alteration, and disclosure. However, no system or transmission method is completely secure, and we cannot guarantee absolute security.

Customers are responsible for maintaining the confidentiality of account credentials, limiting workspace access appropriately, and avoiding the submission of data they are not authorized to disclose or process through the Service.

xPointLabs and its service providers may process information in multiple countries depending on hosting, support, billing, and AI-processing infrastructure. As a result, information may be transferred to or accessed from jurisdictions outside the customer’s or end user’s country.

Where applicable, we may take reasonable steps to support lawful transfer mechanisms or contractual safeguards appropriate to the context of the Service and the laws that apply.

Depending on applicable law, individuals may have rights to request access to personal information, correction of inaccurate information, deletion, restriction, objection to certain processing, or data portability.

Because xPointLabs is frequently used by business customers to process their own conversation data, some requests may need to be directed to the relevant customer acting as the primary controller or business owner of the data in question.

We will review requests in accordance with applicable law, technical feasibility, identity verification, and our obligations to preserve certain information for security, billing, or legal reasons.

The Service is designed for business use and is not directed to children. We do not intentionally build the Service for use by children or knowingly collect personal information directly from children through our consumer-facing experience.

If you believe that information relating to a child has been submitted to the Service in error, please contact us so we can review and address the issue as appropriate.

We may update this Privacy Policy from time to time to reflect changes in the Service, our providers, legal obligations, or our data-handling practices. When we make material changes, we may update the effective date and provide notice through the Service or other reasonable channels.

Privacy-related questions, data handling requests, or concerns may be sent to service@xpointlabs.com.

Founder review required: add the designated privacy contact name, legal entity name, registered business address, and any required regional contact information if and when available.