Privacy Policy

Effective Date: 7/30/2018

Plain English Version of Our Privacy Policy

We keep your name, email and company so you can use our system. We place cookies on your browser to make our system faster. We may use your name and email to send you information about our system. Please keep your personal information up to date. We do not and will not sell Your Data, individually or in aggregated form. You may stop receiving information from us at any time. You are responsible for maintaining the privacy of data you enter into our system. We keep your data very private on our cloud providers. At present, we use AWS. x.ai is a U.S. company. We follow the laws of all the countries where we operate, and follow GDPR requirements. If you need more information, see the sections below.

Table of Contents

  1. About This Privacy Policy
  2. Information We Collect and Receive
  3. How We Use the Information We Collect
  4. How We Share And Disclose Information
  5. Other Access to or Disclosure of Your Information
  6. Security and Information Protection
  7. Payment Information
  8. Your Controls and Choices
  9. Changes to the Privacy Policy
  10. No Children Under Age 13
  11. International Transfer of Data
  12. Contact Us
  13. x.ai Subprocessors
  14. Privacy Shield Notice

About This Privacy Policy

This Privacy Policy (the “Policy”) applies to the website the https://x.ai/ and various related services (collectively, the “Sites”, “Services”, “we”, “us”, or “our”) to you (“You”), the user (“User”). This Policy describes how we collect, use and disclose information, and what choices you have with respect to the information. This Policy should be read in conjunction with our Terms of Service.

We understand that by choosing x.ai, you are placing some of your important data in our hands. We are only in business if you trust us, so your privacy means everything to us! Here are the key things you should know:

Information We Collect and Receive

Our primary goals in collecting information are to provide and improve our Services, to administer your use of the Services and to enable you to enjoy and easily navigate our Services. We collect and use this information to provide, improve and protect our Services.

A. Information Related to Your Account and Interaction with x.ai.

Registration and Contact Information. We collect certain “Personally Identifiable Information” from you when you sign up to our Services, that can be used to identify you, such as your name, email address, mailing address, telephone number, and any other information that we deem relevant for the purpose of providing you with our Services or which you provided to use voluntarily. This category also includes information tied to your identity that you provide us through other means, such as emails to our support service.

Team Subscription. When you create a team account using the Services, we collect an email address, a team name, domain details and user name for the individual setting up the team. In some cases, the Organization (e.g., your employer or another entity) or the individual (e..g. your team administrator) may create an account on your behalf and may provide your information, including Personal Information (most commonly when your company requests that you use our products). We collect this information under the direction of our Users. If you are an employee of one of our Users and would no longer like us to process your information, please contact your team administrator. If you are providing information (including Personal Information) about someone else, you must have the authority to provide this information on their behalf and consent to the collection and use of their Personal Information as described in this Privacy Policy.

Payment Information. When you purchase the Services, we will also collect transaction information, which may include your credit card information, billing and mailing address, and other payment-related information (“Payment Information”). We describe how Payment Information may be collected and processed in Section 7.

Technical, Usage and Location Information. Whenever you visit our Site, we may collect ”Non-identifying Information” from you, such as your IP address, referring URL, browser, operating system, cookie information, and Internet Service Provider. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, this information alone cannot usually be used to identify you.

Third Party Platforms. We may collect information when you interact with our advertisements and other content on third-party sites or platforms, such as social networking sites. This may include information such as “Likes”, profile information gathered from social networking sites or the fact that you viewed or interacted with our content.

Other Information. We receive additional information provided to us when submitted to our Sites or if you participate in a focus group, contest, activity or event, apply for a job, or otherwise communicate with x.ai.

B. Information Related to Our Service.

Calendar and Email Information. In order to perform the Services, we ask for visibility into your calendar, but you can revoke our access to your calendar at any time. x.ai is by design exposed to emails we are explicitly copied on through the Services. We do not have access to your inbox, read your attachments or forward thread text to third parties.

Guest Information. x.ai is by design exposed to emails we are explicitly copied on through the Services. You may submit various types of information and data into the Services for scheduling and processing purposes (“Your Data”). Your Data may include, without limitation, personal information such as names, email addresses and phone numbers of your guests, assistants, potential guests and other properties (“Contacts”), which information may be input into the Services by you. If you are providing information (including Personal Information) about your Contacts, you must have the authority to provide that information on their behalf and consent to the collection and use of their Personal Information as described in this Privacy Policy.

C. Cookies.

We use cookies, tracking pixels and related technologies. Cookies are small data files that are served by our platform and stored on your device. Our Site uses cookies dropped by us or third parties for a variety of purposes including to operate and personalize the Site. We use technologies like cookies and pixel tags to provide, improve, protect and promote our Services. For example, cookies help us with things like remembering your username for your next visit, understanding how you are interacting with our Services, and improving them based on that information. Cookies are small pieces of information that are stored as text files by your Internet browser on your computer’s hard drive. Most Internet browsers are initially set to accept cookies. You can set your browser to refuse cookies from websites or to remove cookies from your hard drive, but this may limit your ability to use the Services.
Revoke cookies

How We Use the Information We Collect

We use your information in the following ways:

  • to provide, update, maintain, improve and protect our Services, including to operate certain features and functionality of the Services, to prevent or address service errors (for example, by remembering your calendar information), security or technical issues, analyze and monitor usage, trends and other activities.
  • For billing, account management and other administrative matters, we share and use Payment Information as described in Section 7.
  • to respond to your support requests, comments and questions.
  • to control unauthorized use or abuse of the Services, if we have a good faith belief, or have received a complaint alleging, that Your Data is in violation of our Acceptable Use Guidelines.
  • to communicate directly with you, including by sending you newsletters, promotions and special offers or information about new products and services. You may, at any time, request to opt-out of receiving future emails or notifications from us, by contacting us.

How We Share And Disclose Information

We do not and will not sell Your Data, individually or in aggregated form. We may share or transfer your personal information to third parties only in the following limited circumstances:

We will display your Account information on your https://my.x.ai profile page and elsewhere through the Services in accordance with the preferences you set in your Account. You can review and revise your Account information at any time.

We will display your Your Data within the Services as directed by you. If you elect to use a third party application through the Services, then we may share or disclose Your Data with that third party application as directed by you. Please remember that we are not responsible for the privacy practices of such third parties so you should make sure you trust the application and that it has a privacy policy acceptable to you.

With Trusted Service Providers and Business Partners. We may utilize trusted third party service providers to assist us in delivering, improving, protecting and promoting the Services. For example, we may use third parties to help host our Services, send out email updates, perform analyses related to the operation of the Services, or process payments. These third party service providers may have access to Your Data for the limited purpose of providing the service we have contracted with them to provide. They are required to have a privacy policy and security standards in place that are at least as protective of your information as is this Privacy Policy. Additional information about the subprocessors we use to support delivery of our Services is set forth at x.ai Subprocessors.

In an Aggregate and Non-Personally Identifiable Manner. We may disclose aggregate non-personally identifiable information (such as aggregate and anonymous usage data, platform types, etc.) about the overall use of our Services publicly or with interested third parties to help them understand, or to help us improve, the Services.

In Connection With a Sale or Change of Control. If the ownership of all or substantially all of our business changes, we may transfer your information to the new owner so that the Services can continue to operate. In such case, your information would remain subject to the promises and commitments contained in this Privacy Policy until such time as this Privacy Policy is updated or amended by the acquiring party upon notice to you.

Other Access to or Disclosure of Your Information

We restrict access to any data and content you transmit to x.ai or is otherwise made available via the Services to x.ai employees, payment processors, contractors and agents who need to know that information in order to perform the Services. All of these individuals are subjected to strict contractual confidentiality obligations and may be disciplined or terminated if they fail to meet these obligations.

Security and Information Protection

We take security seriously. We take various steps to protect information you provide to us from loss, misuse, and unauthorized access or disclosure. These steps take into account the sensitivity of the information we collect, process and store, and the current state of technology. We use commercially reasonable and industry-standard physical, managerial, and technical safeguards to preserve the integrity and security of your information. To learn more about our current practices and policies regarding data privacy, security and confidentiality, please see https://x.ai/security.

Payment Information

We use a third party, Stripe, to process subscription payments, and therefore provide them with the Personally Identifiable Information required to charge your credit card. Stripe commits to complying with the Payment Card Industry Data Security Standard (PCI-DSS) and using industry standard security. Stripe may use your Payment Information in accordance with their own Privacy Policy here: https://stripe.com/us/checkout/legal.

Your Controls and Choices

Opt-Outs. x.ai provides you with the opportunity to choose (opt out) whether your personal information is to be disclosed to a third party or to be used for a purpose that is incompatible with the purpose(s) for which it was originally collected or subsequently authorized. You may exercise your choice by contacting us at: information-security@human.x.ai. If you decide to opt-out, we may not be able to provide certain features of the Services to you.

Communication Preferences. If you receive commercial email from us, you may unsubscribe at any time by following the instructions contained within the email. You may also opt-out from receiving commercial e-mail from us, and any other promotional communications that we may send to you from time to time by sending your request to us by e-mail at information-security@human.x.ai or by writing to us at the address given at the end of this policy. Additionally, we may allow you to view and modify settings relating to the nature and frequency of promotional communications that you receive from us.

Please be aware that if you opt-out of receiving commercial e-mail from us, it may take up to ten business days for us to process your opt-out request, and you may receive commercial e-mail from us during that period. Additionally, even after you opt-out from receiving commercial messages from us, you will continue to receive administrative messages from us regarding our Service.

Blocking Cookies. You can remove or block certain cookies using the settings in your browser but the Offerings may cease to function properly if you do so. You may also change or withdraw your cookie consent from this Privacy Policy – Cookies section.

Changes to the Privacy Policy

We reserve the right to change our Privacy Policy at any time. If we make changes, we will post them and will indicate on this page the policy’s new effective date. If we make material changes to this policy, we will notify you by email or through notice on the Services.

No Children Under Age 13

The Services are not intended for use by anyone under the age of 13, nor does x.ai knowingly collect or solicit personal information from anyone under the age of 13. If you are under 13, you may not attempt to register for the Services or send any information about yourself to us, including your name, address, telephone number, or email address. In the event that we confirm that we have collected personal information from someone under the age of 13 without verification of parental consent, we will delete that information promptly. If you are a parent or legal guardian of a child under 13 and believe that we might have any information from or about such child, please contact us at the email address provided at the end of this Privacy Policy.

International Transfer of Data

We may transfer your personal information to countries other than the one in which you live. We will protect your personal information in accordance with this Privacy Policy wherever it is processed. In addition, we deploy the following safeguards if we transfer personal information originating from the European Union or Switzerland to other countries not deemed adequate under applicable data protection law:

  • E.U.-U.S. Privacy Shield and Swiss-U.S. Privacy Shield. To comply with European Union and Swiss data protection laws, x.ai self-certified under the E.U.-U.S. Privacy Shield and the Swiss-U.S. Privacy Shield. These frameworks were developed to enable companies to comply with data protection requirements when transferring personal data from the European Union and Switzerland to the United States. For more information, including the types of Information covered, see x.ai’s EU-U.S. and Swiss-U.S. Privacy Shield Policy. To learn more about the Privacy Shield Program, please see http://www.privacyshield.gov/welcome.

 

Contact Us

If you have questions or need to contact us about this Privacy Policy, please email us at information-security@human.x.ai. You can reach x.ai by mail at:

x.ai
200 Broadway, 6th Floor,
New York, NY 10038


x.ai Subprocessors

Security, Privacy and Compliance Information for x.ai

x.ai currently uses third party subprocessors to provide infrastructure services, and to help us provide customer support and email notifications. Prior to engaging any third party subprocessor, x.ai performs diligence to evaluate their privacy, security and confidentiality practices, and executes an agreement implementing its applicable obligations.

Infrastructure Subprocessors

x.ai may use the following Subprocessors to host Your Data or provide other infrastructure that helps with delivery of our Services:

Entity Name Purposes Entity Country
Amazon Web Services, Inc Cloud Service Provider United States
MongoDB Inc. Database Hosting United States
Datadog Infrastructure Monitoring United States
NewRelic Infrastructure Monitoring United States

Other Subprocessors

x.ai may use the following subprocessors to perform other Service functions:

Entity Name Purposes Entity Country
Google Inc. Cloud Service Provider United States
Mailgun Technologies, Inc. Cloud-based Email Notification Services United States
Squarespace Hosting of Public Website United States
Salesforce CRM & Sales Administration Services United States
Intercom, Inc. Cloud-based CRM Services United States
Survey Monkey Conduct surveys and user research United States
LaunchDarkly Beta testing support United States
NomNom Insights Ltd. Customer Feedback Management United Kingdom

For Data Transfer from the EU and Switzerland into the United States: EU-US Privacy Shield Framework and Swiss-US Privacy Shield Framework Notice

x.ai, inc complies with the EU-US Privacy Shield Framework and the Swiss-US Privacy Shield Framework as set forth by the US Department of Commerce regarding the collection, use, and retention of personal information from European Union member countries and Switzerland transferred to the United States pursuant to Privacy Shield. x.ai has certified that it adheres to the Privacy Shield Principles with respect to such data. If there is any conflict between the policies in this privacy policy and data subject rights under the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, please visit https://www.privacyshield.gov/, and to view our certification page, please visit here.

In particular, if x.ai transfers to its service providers any personal information that x.ai received in reliance on its Privacy Shield certification, x.ai is responsible for the third parties’ processing of that personal information, unless x.ai proves that it is not responsible for the event giving rise to the damage.

With respect to the Personal Information received or transferred pursuant to the Privacy Shield Framework, x.ai is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission. In certain situations, x.ai may be required to disclose Personal Information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

x.ai acknowledges the right of EU and Swiss individuals to access their personal data pursuant to the Privacy Shield. Individuals wishing to exercise this right may do so by contacting us at information-security@human.x.ai.

Contacting Us, Complaints and Dispute Resolution

In compliance with the Privacy Shield Principles, x.ai, inc commits to resolve complaints about your privacy and our collection or use of your personal information transferred to the United States pursuant to Privacy Shield. European Union and Swiss individuals with Privacy Shield inquiries or complaints should first contact us email at information-security@human.x.ai. We will work to resolve your issue and will respond within 45 days of receipt.

x.ai has further committed to refer unresolved privacy complaints under the Privacy Shield Principles to an independent dispute resolution mechanism, the BBB EU PRIVACY SHIELD, operated by the Council of Better Business Bureaus. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit www.bbb.org/EU-privacy-shield/for-eu-consumers for more information and to file a complaint. This service is provided free of charge to you.

If your Privacy Shield complaint cannot be resolved through the above channels, under certain conditions, you may invoke binding arbitration for some residual claims not resolved by other redress mechanisms. See Privacy Shield Annex 1 at https://www.privacyshield.gov/article?id=ANNEX-I-introduction