XLanding Personal - Privacy Policy
Last Updated: 15 December 2025
Protecting your privacy at XLanding
Your privacy matters to us as much as it does to you. At XLanding,
we take great care in handling your personal data safely and
responsibly.
Our Privacy Commitments
-
We never sell or rent your personal data to third parties.
-
We access or use your data only as necessary to provide and
improve the Services, or with your consent where required.
-
We may use anonymised or aggregated data to enhance
functionality, security, and overall user experience.
How We Share Data
-
When you give explicit consent, and only with the third parties
identified in this Privacy Policy.
-
To protect the rights, property, or safety of XLanding, our
users, or others.
-
With trusted service providers who help operate the Services,
under strict data protection agreements.
Information We Collect
We collect personal data to provide, operate, and improve the
Services. This includes, but is not limited to:
-
Account Information – such as name, email, and content you
share.
- Usage Data – information about how you use the Services.
-
Visitor and Third-Party Data – information from third-party
accounts you choose to use and data collected via cookies or
similar technologies.
This Privacy Policy (the “Policy”) sets out the basis on which any
personal data we collect from you, or that you provide to us, will
be processed by us during your interactions with our Services. The
Services include our websites (including xlanding.ai and its
subdomains), XLanding Pages, mobile applications, platform features,
and any other products or services that link to or reference this
Policy (collectively, the “Services”).
We provide the Services to:
-
Individual Users who register for and use XLanding to create and
manage their own XLanding Pages and related features; and
-
Visitors, including individuals who access or interact with
XLanding Pages or communicate with us through our websites,
applications, or other channels.
Within this Policy, we have identified which sections apply to
Individual Users and Visitors. Certain parts of the Services may
include additional privacy information or notices which should be
read together with this Policy.
We handle personal data in accordance with applicable data
protection laws, including the UK General Data Protection Regulation
(UK GDPR) and applicable EU data protection laws. Where relevant,
this Policy also outlines how responsibilities are divided between
XLanding and Individual Users, including how personal data from
Visitors to XLanding Pages may be processed.
1. Scope of This Privacy Policy
This Privacy Policy applies to personal data we collect and process
through your use of the Services, including:
-
when you register for and use the XLanding platform or XLanding
Pages;
-
when you browse our websites (xlanding.ai, including its
subdomains), mobile applications, contact us, or interact with
our content or communications.
2. Data We Collect
We collect various types of data in the course of your use of our
services:
-
Account Information: Name, email address, phone number, and
other information provided during registration.
-
Usage Data: We collect data, including but not limited to
logins, IP addresses, browser type, device information,
operating system, timestamps, and platform usage metrics.
-
Profile Information: Your profile image, personal profile
details, social media links, instant messaging links, and other
content you choose to share through XLanding account.
-
Uploaded Content: PDFs, documents, and other files you upload to
the platform. Uploaded content may be processed to enable
interactive features and conversational display formats.
-
Communication Data: Any messages, inquiries, or feedback
submitted through the Services.
-
Passwords: Securely stored passwords for accessing the platform
and mobile app.
-
Google Account: When you sign up or sign in using Google, we may
collect your email address, name, and profile picture (depending
on the permissions granted during authentication). Processing is
based on the consent granted during Google authentication.
-
Apple ID: When you sign up or sign in using Apple, we may
collect your name and email address (if enabled by you during
authentication). Processing is based on the consent granted
- during Apple authentication.
-
Firebase Data: We collect technical, diagnostic, and usage data
via Firebase services in our Services to analyse performance,
monitor usage, and improve the user experience. Firebase may
collect device identifiers, app or web instance IDs, or similar
technologies. Data collected is used solely for analytics,
diagnostics, and performance monitoring, and is not used for
advertising or profiling without your explicit consent.
-
Visitor Data: Collected via cookies, similar technologies,
website forms, interactions with content, or other technical
means, and may include IP address, device type, browser,
operating system, location, and usage patterns. This data is
used to enable functionality, analyse usage, improve services,
and, with consent, provide personalised marketing and
advertising, which may use technical tracking tools. Visitors
can manage or withdraw marketing cookies consent at any time.
-
Google User Data:
We collect the following Google user
data only with your consent:
-
Google Account: Name, email address, and profile picture
(via Google Sign-In API).
-
Google Calendar: Events, titles, times, attendees, and other
relevant calendar information (via Google Calendar API) to
display and manage your calendar within XLanding.
-
Google In-App Purchases (IAP): Purchase and subscription
details, including product IDs, transaction dates, and
subscription status, to validate purchases and provide paid
features.
Purpose of Processing: Your Google data is used solely to
authenticate your account, manage your XLanding profile, display
calendar events, and provide paid features. We do not use this
data for advertising or share it with unauthorised third
parties.
Data Sharing: We only share your Google data with service
providers who help operate XLanding (e.g., Firebase, cloud
hosting providers). Sharing is strictly limited to providing
services, and we take reasonable measures to ensure providers
handle your data securely and in line with applicable data
protection laws.
Retention & Deletion: All Google data is deleted when you delete
your XLanding account. You can revoke XLanding’s access to your
Google account or calendar at any time through your Google
account settings. Transaction data required for legal or
accounting purposes may be retained.
Data Protection
& User Control: Your Google data is protected using encryption
in transit and at rest, access controls, and monitoring. You
retain full control over the data shared with us and can revoke
access at any time. All stored data will be deleted upon account
deletion, except where retention is required by law.
We do not collect sensitive personal data unless explicitly required
and agreed upon. Visitor Data is collected and processed based
on:
-
Consent, for marketing, analytics, or personalised advertising
cookies;
-
Legitimate Interests, for functional or essential services
necessary for platform operation.
3. Purpose of Data Processing
The data collected is used for:
-
Managing user accounts and providing access to the Services.
-
Improving the functionality, security, and performance of the
Services.
-
Ensuring data security, integrity, and fraud prevention across
the Services.
-
Communicating updates, respond to inquiries, and provide
support.
-
Processing and displaying user-uploaded content (e.g., PDFs,
images, videos, or other files) for viewing, sharing, or
interactive use within the Services.
-
Delivering marketing communications or personalised
advertisements to visitors using information collected through
cookies, pixels, similar technologies, or other technical means,
only if you have provided consent for marketing cookies. This
also includes improving the relevance, targeting, and
effectiveness of our marketing and communication activities.
-
Improving the relevance and effectiveness of our marketing and
communication activities.
-
Providing single sign-on options (e.g., Google or Apple Sign-in)
to simplify registration, authenticate identity, and grant
access to the Services, based on consent given during
authentication.
-
Engaging reputable third-party service providers (e.g.,
analytics platforms, cloud infrastructure, marketing tools) to
support the functionality and operation of the Services, in
compliance with applicable data protection laws.
-
Monitoring, analysing, and improving application performance and
user experience through diagnostic tools such as Firebase.
4. Legal Basis for Processing
-
Contractual Necessity: To provide and manage access to the
platform and related services.
-
Legitimate Interests: For improving functionality, ensuring
security, and monitoring usage performance, provided such
interests are not overridden by your rights.
-
Consent: For marketing communications, cookies, or when
connecting via third-party accounts (Google or Apple).
-
Legal Obligations: To comply with applicable laws or regulatory
requirements.
5. Data Retention
We retain personal data only as long as necessary to fulfil the
purposes outlined in this Privacy Policy or as required by law:
-
Account Data: Retained as long as you maintain an account or as
required by law.
-
Uploaded Content: PDFs, images, videos, or other files are
stored until deleted by the user.
-
Communication Data: Messages, inquiries, or feedback submitted
via the Services will be retained as long as the account is
active; after account termination, associated communication data
will be deleted within 90 days.
-
Log and Usage Data: Retained for security and analytics purposes
in line with legal obligations.
-
Visitor Data (cookies, analytics, marketing/advertising):
Retained only as long as necessary for the relevant purpose or
as required by law.
Retention periods will be reviewed periodically to ensure
compliance.
6. Sharing of Data
We do not sell or rent your data. However, your data may be shared
with:
-
Service Providers: Reputable third-party providers for hosting
and analytics services, all of whom are contractually bound to
comply with applicable data protection laws. This includes
providers such as Amazon CloudFront (content delivery network
for fast and secure content distribution), Google Fonts (font
delivery service), and Google Tag Manager (tag management tool).
-
Analytics Services: We use Google Analytics 4 to understand how
users interact with our website and platform. See Section 10
(Cookies and Tracking) for more details.
-
Regulatory Authorities: If required by law or for compliance
purposes.
-
Business Transfers: In the event of a merger, acquisition, or
sale of assets.
-
Mailing List or Newsletter: If you subscribe, we'll send updates
to your email. You can unsubscribe anytime via the link in the
email or by contacting us.
-
Affiliates: We may share your information with our affiliates,
in which case we will require those affiliates to honour this
privacy policy. Affiliates include our parent company and any
subsidiaries, joint venture partners, or other companies that we
control or that are under common control with us.
-
Third-Party Vendors, Contractors, or Agents: Who provide
services on our behalf, such as: Payment processors, Data
analytics services, Cloud services, Marketing tools, and other
third- party services that help us provide or improve the
functionality of the Services.
-
Google and Apple: We do not share your Google or Apple login
data with any third parties, except where required by law or
necessary to provide our services.
-
Google Firebase: We use Google Firebase as a service provider to
process app-related data for analytics and diagnostics. Data may
be stored in or transferred to countries where Google operates
data centres.
-
Visitor Data for marketing/advertising: Shared only with
third-party advertising and analytics providers, based on
visitor consent.
We use reputable third-party service providers and take reasonable
steps to ensure that they implement appropriate measures to protect
personal data in line with applicable data protection laws.
7. Data Security
We implement robust measures to safeguard your data:
-
Encryption: Data is encrypted (AES-256, TLS 1.2, and other
industry-standard measures) during storage and transmission.
-
Access Controls: Role-based permissions (where applicable) and
multi-factor authentication (MFA).
-
Monitoring: Regular vulnerability assessments and system audits.
While we strive to ensure security, no system is entirely foolproof.
If you suspect a breach, contact us immediately.
8. Data Breach Notification
We take the security of personal data seriously. In the event of a
personal data breach, we will notify the relevant individual users
(data controller) without undue delay upon becoming aware of the
breach, in accordance with applicable data protection laws.
The
individual users is responsible for informing their end-users where
the breach is likely to result in a high risk to their rights and
freedoms. We are committed to investigating any data breaches
promptly and assisting individual users in taking appropriate
remedial actions.
9. Your RightsAs a user, you have the
following rights:
-
Access: Request access to data uploaded or processed by you.
- Rectification: Correct any inaccuracies in your data.
-
Erasure: Delete uploaded content and request the removal of
stored interaction data.
- Restriction: Limit the processing of your data.
-
Data Portability: Export your content and interactions in a
machine readable format.
- Objection: Object to specific data processing activities.
-
Withdraw Consent: Revoke consent for data processing at any
time.
-
When using Google or Apple for registration or login, you retain
control over the data shared with us. You can revoke access to
your Google or Apple account at any time through your account
settings.
-
Visitors can manage cookie consent and opt-out of marketing or
personalised advertising at any time.
You can exercise your data rights by contacting us at
support@xlanding.ai.
10. Cookies and Tracking
We use cookies and similar technologies to:
-
Optimise functionality and performance across the Services.
- Analyse user behaviour to improve the Services.
-
Use third-party analytics and functional tools to monitor and
enhance platform performance and provide certain interactive
features.
-
Provide personalised communications and promotional content,
based on usage patterns and consent preferences.
Our Services may use a variety of technologies to support these
purposes, including:
-
Google Analytics 4 – to understand how users interact with the
Services, monitor usage patterns, improve features, and optimise
performance. This may involve setting cookies or similar
technologies to collect information such as pages visited, time
spent, interactions with features, and other technical or
behavioural data. Where you have provided consent, some of this
data may also be used for advertising analytics, for example to
measure campaign effectiveness.
-
Firebase SDKs: Our Services integrate Firebase to collect
technical, diagnostic, and usage data for analytics, crash
reporting, and performance monitoring. Firebase may collect
device identifiers, app or web instance IDs, or similar
technical information. Data collected is not used for
advertising or profiling without your explicit consent.
-
Umami: In addition to Firebase, the Services use Umami, a
privacy-focused analytics platform, to analyse usage and service
performance. Umami collects data such as page visits,
timestamps, browser type, device type, and other technical
information necessary to understand interactions. No personal
data is collected through Umami that could directly identify any
individual. Data collected via Umami is used solely for
analytics and performance monitoring and is not used for
advertising.
-
Marketing and remarketing technologies – With your consent, we
may use cookies, pixels, similar technologies, or other
technical means to deliver personalised marketing
communications, relevant advertisements, and measure campaign
effectiveness. These tools may include both first-party and
third-party technologies, but are only activated if you consent
to marketing cookies.
Third-Party Advertising Notice:
Even if you decline marketing cookies, tracking technologies
will not be used to deliver ads or personalised recommendations
on our Services. However, you may still see XLanding
advertisements on Facebook, Instagram, or other third-party
platforms, as these platforms may show ads based on your
activity on those platforms. We do not control how these
platforms display ads. We encourage you to review the privacy
and ad settings on those platforms to manage your preferences.
XLanding page cookies: Only XLanding can set cookies on the XLanding
Pages. Users cannot add their own cookies. If you add external links
or content to your XLanding Pages that directs to third-party
websites, XLanding is not responsible for any cookies set by those
third parties. In this case, XLanding acts as a data controller for
these cookies.
XLanding Website (xlanding.ai, including its subdomains) cookies:
The official website uses essential, functional, analytics, and
marketing cookies. Marketing and analytics cookies are only set
based on visitor consent. XLanding acts as data controller for these
cookies. You may manage or withdraw cookie consent at any time via
our Cookie Settings Page or the cookie banner. For more details,
please see our Cookie Policy.
Additionally, we may send push notifications related to your account
or features. You can opt out via device settings.
11. Cross-Border and International Data Transfers
Your personal data collected through the Services is primarily
stored and processed in the United Kingdom. To support the operation
of our Services, your data may be transferred to and processed in
other countries, including where our service providers or affiliates
operate.
This Privacy Policy applies globally to all users, and we comply
with applicable data protection laws in all jurisdictions where the
Services are provided. Appropriate measures are implemented to
ensure that your personal data is protected in line with UK GDPR and
other relevant data protection laws.
12. Data Processing Agreement (DPA)
XLanding acts solely as a data processor on your behalf when you use
our Services to create and host your XLanding Pages or use the
platform. You remain the data controller responsible for deciding
how personal data from your Visitors is collected, used, and shared.
XLanding may set cookies on its websites (xlanding.ai, including its
subdomains) and XLanding Pages for essential, functional, analytics,
and, where applicable, marketing purposes. Essential cookies are
necessary for the operation and security of the Services.
Functional, analytics, and marketing cookies are used only with your
consent, which you can manage or withdraw at any time through the
cookie banner or settings. In these cases, XLanding acts as the data
controller for these cookies. You cannot add your own cookies
through XLanding. If your XLanding Page links to external websites
or embeds third-party content that sets cookies, XLanding is not
responsible for those cookies or the data they collect.
Our responsibilities and obligations are further detailed in the
Data Processing Agreement (DPA), which forms part of our Terms of
Service. By using XLanding, you agree to the terms of the DPA.
13. Updates to This Privacy Policy
We reserve the right to update this Privacy Policy as needed.
Significant changes will be communicated via email or platform
notifications. Continued use of XLanding constitutes acceptance of
the updated policy.
14. Contact Us
If you have questions about this Privacy Policy or wish to exercise
your rights, please contact:
Data Protection Officer (DPO):
Peggy Lai
Email: support@xlanding.ai
Phone: +44 20 3239
9311
Address: 184 Shepherds Bush Road, W6 7NL, London, United
Kingdom