Privacy Policy

This Privacy Policy ("Policy") explains how XGPT INC ("we", "us", "our") collects, uses, and protects your personal data when you visit our website at https://xgpt.live ("Website"), when you sign up on it, use any of our services, and when you communicate with us. It also tells you what your rights are regarding your personal data. We care about your privacy and we ask you to read this Policy carefully and understand its content. If you have any questions, you can contact us using the contact information at the end of this Policy.

We process your personal data in accordance with the UK Data Protection Act 2018 and the UK General Data Protection Regulation (UK GDPR), which are the UK's implementation of the EU General Data Protection Regulation (GDPR).

Please note that our Website may have links to and from other websites that are owned by our partners, advertisers, and affiliates. If you follow a link to any of these websites or use third-party services, you should know that they have their own privacy policies and that we are not responsible for how they process your personal data. Therefore, please make sure to read their privacy policies before giving them your personal data.

CONTROLLER INFORMATION

The Website is owned and operated by XGPT INC, a company registered in the UK, with its office at [insert address]. We are the controller of your personal data for the purposes of data protection laws.

PERSONAL DATA

Personal data is any information that relates to a natural person who can be identified directly or indirectly by one or more specific features.

Personal data that has been pseudonymized but can be linked to a natural person by using additional information is considered to be information about an identifiable person and is therefore also protected.

Anonymous information that does not allow anyone to identify a natural person is not subject to protection.

CATEGORIES OF PERSONAL DATA WE PROCESS

As described in detail in our Terms and Conditions that explain how our Website works and interacts with you, the services we offer through the Website are designed to give you the best user experience while using our proprietary AI technology.

We may process different types of personal data about you, depending on whether you choose to sign up on our Website or to visit it without signing up, to use our services to create content or communicate with us, etc.

Personal data of Website visitors without signing up

If you choose to visit our Website without signing up, we may process information about how you use our Website and interact with our content, such as the pages you visit on our Website, and the web page that referred you to our Website. We process information about your browser and operating system, the devices you use to access the Website (mobile or desktop) and your time zone setting. We also use cookies as explained below in our Cookies Policy.

Personal data of Website visitors with signing up

If you choose to sign up on our Website, we will ask you to provide your email address (or your Google or Patreon login email) to keep you signed in on our Website.

Once you are signed in, we need to collect and process more information about you to enable you to use our services. Depending on the type of services you use on the Website, this may include:

The registration information you provide when creating a profile, such as username, email, picture, and password. You can correct or update this information through the "Profile" menu on the Website.

You can also sign up for our Website through your Patreon or Google account. If you choose this option, you will be directed to the Patreon / Google LLC page, where you will be informed about the transfer of your personal data from your Patreon / Google LLC page to us. When you link your Patreon account, we can access your email and profile photo (if you have one). The access to this information is governed by Google and Patreon's privacy policies and you can change it through their privacy settings.

In some cases, you may also give us some special categories of personal data under the UK GDPR (also known as "sensitive" data) about you, such as data about your sex life or sexual orientation. You give us this data voluntarily. We do not share this data with anyone and you decide how much of this data you want to reveal to use our services. The nature and purpose of the services we offer through the Website imply that you give us this data with your consent. When you give us data about your sex life or sexual orientation, we process it lawfully based on Article 9 (2) (a) of the UK GDPR (with your consent).

We do not collect or process sensitive personal data on purpose, so you should decide for yourself whether and how you give us this information.

Information about any requests or transactions you make through the Website. We work with other payment processors and they collect and use the payment information you give them according to their privacy policies. We do not have access to your card data or authentication data when you pay with a bank card and we do not record or store it.

Information you submit to or on the Website in the form of comments or created content, chats, voice messages, etc.

When you contact us for any reason by email or through the features of the Website, we may process any information you give us. All emails we receive, as well as any messages we get through our online contact form, are recorded and sent to our staff who handle the request, and we may keep them to improve our services and Website.

We may collect and process some information about your browsing behavior on the Website, such as the content you view or post, how often you use our services, and your preferences in this regard.

We have the right to review the chat conversations you have with AI only if you report a problem related to it in our support center.

THE PRINCIPLES WE FOLLOW WHEN WE PROCESS YOUR PERSONAL DATA:

Principle of lawfulness, fairness, and transparency in the processing of personal data - we collect personal data only within the necessary limits. We collect information in a legal and fair way.

Principle of data minimization and purpose and storage limitation - we do not use personal data for purposes other than those for which they were collected, unless you agree or the law allows it. We keep personal data only for as long as needed for the purposes for which we process it.

Principle of accuracy - we make sure that personal data is accurate, complete, and up to date as far as possible for the purposes for which we process it.

Principle of integrity and confidentiality - we process personal data in a way that ensures an adequate level of security, including protection against unauthorized or unlawful processing and against accidental loss, destruction, or damage by using appropriate technical or organizational measures.

HOW WE COLLECT PERSONAL DATA

You may give us your personal data directly, for example when you sign up on our Website and create a user profile to access our services, ask for user support, or contact us for any reason.

We may also collect personal data automatically when you interact with our Website. We may collect information about your devices and browsing actions and interests by using cookies and similar technologies, as described in detail in our Cookies Policy.

HOW WE USE THE PERSONAL DATA AND WHAT OUR PURPOSES ARE

We process your personal data for various purposes, depending on the type of data, the way we collect it, and the reason we need it. We always have a legal basis for processing your personal data, which we explain below.

We process your personal data to create or perform a contract with you and/or based on your consent. This means that we use your personal data to:

  • register your user profile on the Website and to manage your account;
  • provide and maintain the services that you request or purchase from us;
  • enable you to use our Website and its features, such as fulfilling your requests, improving your user experience, and managing our contractual relationship with you;
  • respond to your inquiries and communicate with you about our services, products, and promotions;
  • monitor and analyze how you use our services and how we can improve them;
  • personalize and enhance the services to suit your preferences and interests;
  • send you invoices and process your payments.

You can withdraw your consent to this processing at any time by contacting us or changing your settings on the Website.

We process your personal data for our legitimate interests. This means that we use your personal data to:

  • inform you about any legal changes or updates to our Terms and Conditions and our Privacy Policy, and to notify you of any non-compliance issues;
  • invite you to participate in surveys or other research activities about our Website and our services;
  • conduct analysis and statistics to improve our Website and our services;
  • manage and protect our business, including troubleshooting, data analysis, testing, system maintenance, user support, reporting and hosting data, administration and IT services, network security, fraud prevention, customer services, and business reorganization;
  • provide information in case of a merger or acquisition, for business and strategic management purposes;
  • establish, exercise, or defend legal claims or disputes.

We process your personal data to comply with a legal obligation or authority decision. This means that we use your personal data to:

  • comply with the laws, regulations, and legal and regulatory processes that apply to us;
  • cooperate with law enforcement or government authorities, or respond to their requests;
  • protect the rights, property, or safety of us, our users, or others.

We will always inform you of the legal basis for processing your personal data, unless we are prohibited by law from doing so.

WITH WHOM WE SHARE YOUR DATA

We may share your personal data with third-party providers who provide services to us as needed or necessary to deliver our services and/or to perform our obligations. For example, we may share personal data with our partners who:

  • provide the infrastructure and IT services;
  • provide the data storage services, such as Microsoft Azure;
  • provide accounting, legal, and financial services.

When they provide these services, the third-party providers may have access to your personal data, but they are only allowed to process it on our behalf and according to our instructions. We keep ownership and control of the data we share.

We may also disclose your personal data to third parties if we reasonably believe that it is necessary:

  • to comply with valid legal obligations, such as subpoenas, court orders, government requests, or search warrants, or as otherwise authorized by law;
  • to protect our rights or property, or the safety of our customers or employees;
  • to protect against fraudulent, malicious, abusive, unauthorized or unlawful use of our Website and services;
  • to advance or defend against complaints or legal claims in court, administrative proceedings and elsewhere;
  • as part of potential mergers and acquisitions, for business and strategic management purposes;

We will require any third party to whom we disclose your personal data or who may obtain it on our behalf to ensure its confidentiality, and to handle it in accordance with the applicable legislation.

When we store your data on Microsoft Azure, we follow the data protection standards and practices that Microsoft offers to its customers. Microsoft Azure is a cloud platform that provides data privacy, security, and compliance features to protect your data both at rest and in transit. Microsoft Azure also allows you to choose where your data is located and how it is processed. For more information about how Microsoft Azure protects your data privacy, see Data Privacy in the Trusted Cloud

INTERNATIONAL TRANSFER OF DATA

We process your data within the UK, which is subject to the UK Data Protection Act 2018 and the UK GDPR. However, some of our third-party providers may be located outside the UK, in countries that may not have the same level of data protection as the UK. If we transfer your data to such countries, we will take appropriate measures to ensure that your data is treated securely and in accordance with this Policy and the applicable laws. These measures may include using standard contractual clauses approved by the UK government, obtaining your consent, or relying on other legal grounds. If you want to know more about these measures or get a copy of them, please contact us using the contact information at the end of this Policy.

PROTECTING YOUR PERSONAL DATA

We take your privacy seriously and we use various technical and organizational measures to safeguard your data from unauthorized or unlawful access, use, disclosure, loss, or damage. These measures include encryption, firewalls, access controls, backups, and audits. Your data may only be accessed by our employees, agents, contractors, and other third parties who need it to perform their duties and who are bound by confidentiality obligations.

However, no method of transmission or storage is completely secure and we cannot guarantee that your data will be absolutely safe from any threats. If we become aware of any breach of your data, we will notify you and the relevant authorities as required by law.

CHILDREN'S PRIVACY

Our Website and services are not intended for children under the age of 18 and we do not knowingly collect or use any personal data from children under 18. If we learn that we have collected or used any personal data from a child under 18, we will delete it as soon as possible.

DATA RETENTION PERIODS

We keep your data only for as long as necessary for the purposes for which we collected it, or as required by law. The retention period may vary depending on the type of data, the purpose of processing, and the legal obligations or rights that apply to it. When we no longer need your data, we will either delete it or anonymize it so that it cannot be linked back to you.

We review our data retention practices regularly and we may update them from time to time. If you want to know more about how long we keep your data, please contact us using the contact information at the end of this Policy.

PRIVACY RIGHTS

If you are a resident of the UK or the European Economic Area (EEA), you have certain rights regarding your personal data under the UK GDPR and the EU GDPR. These rights include:

  • Right to access your personal data: you have the right to ask us to confirm whether we process your personal data and to provide you with a copy of your personal data in a machine-readable format.
  • Right to rectify your personal data: you have the right to ask us to correct any inaccurate or incomplete personal data that we hold about you.
  • Right to erase your personal data (right to be forgotten): you have the right to ask us to delete or remove your personal data from our systems, under certain conditions, such as if your personal data is no longer necessary for the purposes for which we collected it, or if you withdraw your consent and there is no other legal basis for us to process it.
  • Right to restrict the processing of your personal data: you have the right to ask us to limit or suspend the processing of your personal data, under certain conditions, such as if you contest the accuracy of your personal data, or if you object to our legitimate interests for processing it.
  • Right to object to the processing of your personal data: you have the right to object to our processing of your personal data, under certain conditions, such as if we process your personal data for direct marketing purposes, or if we process your personal data based on our legitimate interests and you have reasons related to your specific situation.
  • Right to withdraw your consent: if we process your personal data based on your consent, you have the right to withdraw your consent at any time, without affecting the lawfulness of the processing before the withdrawal.
  • Right to data portability: if we process your personal data by automated means based on your consent or for the performance of a contract, you have the right to ask us to transfer your personal data to you or to another controller in a structured, commonly used, and machine-readable format.
  • Right to lodge a complaint with a supervisory authority: if you are not satisfied with how we handle your personal data or your requests, you have the right to file a complaint with the supervisory authority in your country or in the UK, which is the Information Commissioner's Office (ICO). You can find their contact details here: https://ico.org.uk/global/contact-us/.

To exercise any of these rights, please contact us using the contact information at the end of this Policy. We will respond to your request within one month, unless we need more time or we have a valid reason to reject it. We may ask you to verify your identity before we process your request.

CHANGES TO THIS POLICY

We may update this Policy from time to time to reflect changes in our data processing practices, the legal requirements, or the feedback from our users. We will post the updated Policy on our Website and we will notify you by email or by other means if the changes are significant. We will also indicate the date of the last update at the top of this Policy. If you continue to use our Website and services after the changes, you agree to the updated Policy. If you do not agree, you should stop using our Website and services.

GOVERNING LAW

This Policy is governed by and construed in accordance with the laws of the UK. Any disputes or conflicts arising from or related to this Policy will be settled by the courts of the UK.

CONTACT US

If you have any questions or comments about this Policy or your personal data, please contact us by email at [email protected] or by mail at [insert address]. We will do our best to resolve your concerns.