Privacy Policy

When you visit the website: IP address, browser type, and pages visited (standard server logs). We do not currently use analytics or advertising cookies.

When you purchase a license: name, email address, billing address, country, and tax ID (if applicable). Payment is processed by our payment processor — we do not see or store your card details.

When you use the Xandio add-in: the email address associated with your license, a machine fingerprint (a non-reversible hash of computer identifiers) for activation control, and license activation and error logs for support purposes. This is processed by our license management provider on our behalf.

When you contact us: your email address and the contents of your message.

• To deliver and operate the Service
• To process payments and issue licenses
• To detect license fraud and enforce per-seat activation limits
• To respond to support enquiries
• To comply with our legal obligations, including tax and accounting

XANDIO LLP does not operate its own customer-facing servers or databases for storing your personal data. All personal data described in this Privacy Policy is collected, stored, and processed by reputable third-party service providers ("subprocessors") who act on our behalf, including providers in the following categories:

• A payment processor and merchant of record that handles payment data, billing addresses, tax identifiers, and order records. Card numbers are processed by PCI-DSS-compliant payment networks; we never see or store them.
• A license management provider that stores license keys, activation records, and machine fingerprints used to enforce per-seat license limits.
• An email service provider that stores correspondence between you and our support team, and delivers transactional emails.
• An analytics or hosting provider that may collect standard server logs, where applicable.

An up-to-date list of our current subprocessors, including their identity and country of operation, is published at xandio.app/subprocessors. We may change subprocessors from time to time as our service evolves; material changes will be notified by updating that page and, where required by law, by direct notice to active license holders.

XANDIO LLP accesses your data only through these providers' administrative dashboards for the purpose of operating the Service. We do not maintain a separate copy of your personal data on our own infrastructure. We remain accountable as the data controller under the PDPA for ensuring our subprocessors handle your data appropriately.

We do not sell your personal data, and we do not share it for advertising purposes.

Our service providers are located in the United States. By using the Service, you consent to your personal data being transferred to and processed outside Singapore. Where transfers occur, we rely on our providers' contractual safeguards consistent with the PDPA.

• Active licenses: for the duration of the license, plus 7 years for accounting records
• Cancelled or refunded licenses: 7 years for accounting records
• Support emails: 2 years

Under the Singapore Personal Data Protection Act (PDPA):

• You may request access to or correction of your personal data
• You may withdraw your consent (note: this may end your ability to use the Service)
• You may make a complaint to the PDPC if you believe we have mishandled your data

Where the EU or UK GDPR applies to you, you also have rights to erasure, restriction, portability, and to object to processing.

To exercise any of these rights, email admin@xandio.app. We will respond within 30 days.

We use industry-standard practices to protect your data: encrypted connections (HTTPS), encrypted credentials, and access controls on our administrative systems. No system is perfectly secure — if you believe your account has been compromised, contact us immediately.

The Xandio website uses minimal first-party cookies to maintain your session. We do not use third-party advertising or cross-site tracking cookies.

We may update this policy from time to time. The "Last updated" date at the top reflects the most recent change. Material changes will be notified to active license holders by email.

XANDIO LLP
876 Yishun Street 81, #04-209
Singapore 760876
admin@xandio.app

For data protection enquiries, address them to the "Data Protection Officer" at the email above.