Xeneos AI Privacy Policy

1. Introduction

This privacy policy ("Policy") describes how Xeneos Consulting Limited (Company No. 13759590) trading as Xeneos AI, a company registered in England and Wales ("Company", "Xeneos AI", "we", "us") collects, uses, and shares personal information of users of this website, Xeneos AI https://xeneos.ai (the "Site"), as well as associated products and services (together, the "Services").

We are registered with the UK Information Commissioner's Office (ICO) under registration number ZB497557. This Policy applies to personal information that we collect through the Site and our Services as well as personal information you provide to us directly. This Policy also applies to any of our other websites and Services that post this Policy.

Legal Basis for Processing: We process your personal data in accordance with the UK General Data Protection Regulation (UK GDPR), the EU General Data Protection Regulation (GDPR), and other applicable data protection laws. By using the Site or the Services, you acknowledge that we will collect, use, and share your personal information as described below and in accordance with applicable law. If you do not agree to this Policy, please do not use the Site or the Services.

2. Personal Information We Collect

We collect personal information about you in a number of different ways.

Personal Information From Users Of Our Websites Generally: When you use our Services, we collect personal information that you provide to us, which may include the following categories of personal information depending on how you use our Services and communicate with us:

• User content, such as your prompts to the Xeneos AI product and other content you upload to the product, including PDF files, images and text files.

• General identifiers, such as your full name, email address and Google Account ID.

• Online identifiers, such as your username and passwords for any of our Sites, or information we automatically collect through cookies and similar technologies used on our websites. This may include your computer or mobile device’s operating system type and version number, manufacturer and model, browser type, screen resolution, internet protocol (IP) address, unique identifier, the website you visited before browsing to our Site, and general location information such as city, state or geographic area.

• Protected classification characteristics that you choose to provide to us in communications with us or the Services, or that we collect in connection with providing our Services to you, including age, race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex, sexual orientation, veteran or military status or genetic information.

• Commercial information, such as the billing details we use to bill you for our Services, your billing and payment history, and any records of personal property that we collect in connection with providing our Services to you. We also collect information about your preferences regarding marketing communications.

• Audio, electronic, and visual information that we collect in connection with providing our Services to you, such as video or audio recordings of conversations made with your consent, and any security camera recordings of your activity in our physical locations.

• Professional or employment-related information that we collect in connection with providing our Services to you, such as your job title, employer information and work history.

• Other information you provide to us.

Personal Information We Get From Others: We may collect personal information about you from other sources. We may add this to information we collect from this Site and through our Services.

Information We Collect Automatically: We automatically log information about you and your computer, phone, tablet, or other devices you use to access the Site and Services. For example, when visiting our Site or the Services, we may log your computer or device identification, operating system type, browser type, browser language, the website you visited before browsing to our Site or the Services, pages you viewed, how long you spent on a page, access times and information about your use of and actions on our Site or the Services. How much of this information we collect depends on the type and settings of the device you use to access the Site and Services.

Cookies: We may log information using “cookies.” Cookies are small data files stored on your hard drive by a website. We may use both session Cookies (which expire once you close your web browser) and persistent Cookies (which stay on your computer until you delete them) to provide you with a more personal and interactive experience on our Site. Other similar tools we may use to collect information by automated means include web server logs, web beacons and pixel tags. This type of information is collected to make the Site and Services more useful to you and to tailor the experience with us to meet your interests and needs.

Analytics Information: We may use analytics tools to help analyze how users use the Site and the Services. These analytics services use Cookies to collect information such as how often users visit the Site or use the Services, what pages they visit, file types uploaded, storage utilization, volume of messages and what other sites they used prior to coming to the Site. We use the information we get from use of these analytics services only to improve our Site and the Services. Analytics services drop persistent Cookies on your web browser to identify you as a unique user the next time you visit the Site or use the Services.

Additional Information: If you choose to interact on the Site or through the Services (such as by registering; using our Services; entering into agreements with us; or requesting information from us), we will collect the personal information that you provide. We may collect personal information about you that you provide through telephone, email, or other communications. If you provide us with personal information regarding another individual, please do not do so unless you have that person’s consent to give us their personal information.

3. Legal Basis and How We Use Your Personal Information

We process your personal information based on the following legal bases under UK GDPR and EU GDPR:

• Contract performance - to provide our Services to you

• Legitimate interests - for service improvement, security, and customer support

• Consent - for marketing communications (where required)

• Legal obligation - to comply with applicable laws

Generally, we may use information in the following ways and as otherwise described in this Privacy Policy:

To Provide the Services and Personalize Your Experience: We use personal information about you to provide the Services to you, including:

• To help establish and verify your identity;

• For the purposes for which you specifically provided it to us, including, without limitation, to enable us to process and fulfill your requests or provide the Services to you;

• To provide you with effective customer service;

• To provide you with a personalized experience when you use the Site or by delivering relevant Site content;

• To send you information about your relationship or transactions with us;

• To otherwise contact you with information that we believe will be of interest to you, including marketing and promotional communications; and

• To enhance or develop features, products or services.

Research and development: We may use your general identifiers, online identifiers, internet activity information and commercial information for research and development purposes, including to analyze and improve the Services, our Sites and our business. As part of these activities, we may create aggregated, de-identified or other anonymous data from personal information we collect. We make personal information into anonymous data by removing information that makes the data personally identifiable to you. We may use this anonymous data and share it with third parties for our lawful business purposes.

Training of AI Models: We do not use your personal information to train AI models.

Marketing: We may use your general identifiers, online identifiers, internet activity information and commercial information in connection with sending you marketing communications as permitted by law, including by mail and email. You may opt-out of marketing communications by following the unsubscribe instructions in marketing emails, or by emailing us at support@xeneos.ai.

Compliance and protection: We may use any of the categories of personal information described above to:

• Comply with applicable laws, lawful requests, and legal process, such as to respond to subpoenas or requests from government authorities.

• Protect our, your and others' rights, privacy, safety and property (including by making and defending legal claims).

• Audit our internal processes for compliance with legal and contractual requirements and internal policies.

• Enforce the terms and conditions that govern the Site and our Services.

• Prevent, identify, investigate and deter fraudulent, harmful, unauthorized, unethical or illegal activity, including cyberattacks and identity theft.

We may also use personal information for other purposes consistent with this Privacy Policy or that are explained to you at the time of collection of your personal information.

4. How We Share Your Personal Information

We may disclose all categories of personal information described above with the following categories of third parties:

Affiliates: We may share your personal information with our affiliates, for purposes consistent with this notice or that operate shared infrastructure, systems and technology.

Third Party Service Providers: We may provide your personal information to third-party service providers that help us provide you with the Services that we offer through the Site or otherwise, and to operate our business. Our third-party service providers with whom we may share your personal information include, but are not limited to:

• Microsoft Azure.
  We use Microsoft Azure to help us with web hosting.
  You can view the Microsoft privacy statement here: https://www.microsoft.com/en-us/privacy/privacystatement

• Amazon Web Services.
  We use Amazon Web Services ("AWS") to help us with web hosting.
  You can view the AWS privacy notice here: https://aws.amazon.com/privacy/

• Vercel (Vercel Inc.).
  We use Vercel to help us with web hosting, deployment, and content delivery network (CDN) services.
  You can view the Vercel privacy policy here: https://vercel.com/legal/privacy-policy

• OpenAI (OpenAI OpCo, LLC).
  We use OpenAI to provide AI and chatbot technology and functionality. When you utilize our services that rely on OpenAI's technology, we send the necessary input data to OpenAI's servers to process your request.
  You can view OpenAI's privacy policy here: https://openai.com/policies/privacy-policy/

• Google Gemini (Google, Inc.).
  We use Google Gemini to provide AI and chatbot technology and functionality. When you utilize our services that rely on Google's technology, we send the necessary input data to Google's servers to process your request.
  You can view Google's privacy policy here: https://policies.google.com/privacy

• Anthropic Claude (Anthropic, PBC).
  We use Anthropic Claude to provide AI and chatbot technology and functionality. When you utilize our services that rely on Anthropic's technology, we send the necessary input data to Anthropic's servers to process your request.
  You can view Anthropic's privacy policy here: https://www.anthropic.com/legal/privacy

• OpenRouter (OpenRouter, Inc.).
  We use OpenRouter to provide AI and chatbot technology and functionality. When you utilize our services that rely on OpenRouter's technology, we send the necessary input data to OpenRouter's servers to process your request.
  You can view OpenRouter's privacy policy here: https://openrouter.ai/privacy

Professional Advisors: We may provide your personal information to our lawyers, accountants, bankers and other outside professional advisors in the course of the services they provide to us.

Corporate Restructuring: We may share some or all of your personal information in connection with or during negotiation of any merger, financing, acquisition or dissolution, transaction or proceeding involving the sale, transfer, divestiture, or disclosure of all or a portion of our business or assets. In the event of an insolvency, bankruptcy, or receivership, personal information may also be transferred as a business asset. If another company acquires Xeneos AI our business, or assets, that company will possess the personal information collected by us and will assume the rights and obligations regarding your personal information described in this Privacy Policy.

Other Disclosures: We may disclose your personal information if we believe in good faith that such disclosure is necessary for any of the following:

• In connection with any legal investigation;

• To comply with relevant laws or to respond to subpoenas or warrants served on us;

• To protect or defend the rights or property of Xeneos AI or users of the Site or Services; and/or

• To investigate or assist in preventing any violation or potential violation of the law, this Privacy Policy, or our terms of service/terms of use.

We may also share personal information with other categories of third parties with your consent or as described to you at the time of collection of your personal information.

We do not sell your personal information.

Third Party Websites: Our Site or the Services may contain links to third party websites or services. When you click on a link to any other website or location, you will leave our Site or the Services and go to another site and another entity may collect your personal information from you. We have no control over, do not review, and cannot be responsible for these outside websites or their content, or any collection of your personal information after you click on links to such outside websites. The links to third party websites or locations are for your convenience and do not signify our endorsement of such third parties or their products, content, websites or privacy practices.

5. Your Rights Regarding Your Personal Information

Data Subject Rights: Under UK GDPR and EU GDPR, you have the following rights:

• Right of access - to obtain confirmation of processing and a copy of your personal data

• Right to rectification - to correct inaccurate personal data

• Right to erasure - to request deletion of your personal data

• Right to restrict processing - to limit how we use your personal data

• Right to data portability - to receive your personal data in a portable format

• Right to object - to object to processing based on legitimate interests

• Right to withdraw consent - where processing is based on consent

To exercise these rights, please contact us at legal@xeneos.ai. We will respond to your request within one month. You also have the right to lodge a complaint with the UK Information Commissioner's Office (ICO) at https://ico.org.uk/ or your local data protection authority.

Additional Choices: You have several other choices regarding the use of your personal information on the Site and our Services:

Email Communications: We may periodically send you free newsletters and e-mails that directly promote the use of our Site or Services. When you receive newsletters or promotional communications from us, you may indicate a preference to stop receiving further communications from us and you will have the opportunity to "opt-out" by following the unsubscribe instructions provided in the e-mail you receive or by contacting us directly (please see contact information below). Despite your indicated e-mail preferences, we may send you Service-related communications, including notices of any updates to our Privacy Policy or terms of service/terms of use.

Cookies: If you decide at any time that you no longer wish to accept cookies from our Site for any of the purposes described above, then you can instruct your browser, by changing its settings, to stop accepting cookies or to prompt you before accepting a cookie from the websites you visit. Consult your browser's technical information. If you do not accept cookies, however, you may not be able to use all portions of the Site or all functionality of the Services. If you have any questions about how to disable or modify cookies, visit https://www.allaboutcookies.org/.

6. Security Of Your Personal Information

Xeneos AI is committed to protecting the security of your personal information. We use a variety of security technologies and procedures to help protect your personal information from unauthorized access, use, or disclosure. No method of transmission over the internet, or method of electronic storage, is 100% secure, however. Therefore, while we use reasonable efforts to protect your personal information, we cannot guarantee its absolute security.

7. International Transfers

As a UK company, we are subject to UK data protection laws. However, we provide our Services globally and may transfer your personal data to third countries, including the United States, for the purposes described in this Policy.

For more information about international transfers and safeguards, please contact us at legal@xeneos.ai.

8. Data Retention

We retain your personal information only for as long as necessary to fulfill the purposes outlined in this Policy, unless a longer retention period is required or permitted by law. Specifically:

• Account information: Retained while your account is active and for up to 7 years after account deletion for legal and accounting purposes

• User content: Retained while your account is active, deleted upon account termination unless backup retention is required

• Usage data: Retained for up to 2 years for service improvement purposes

• Marketing data: Retained until you withdraw consent or object to processing

9. Children

Our Site and the Services are not intended for children under 13 years of age, and you must be at least 13 years old to have our permission to use the Site or the Services. We do not knowingly collect, use, or disclose personally identifiable information from children under 13.

Parental Consent: In jurisdictions where required by law (including the UK for children under 13), we require verifiable parental consent before collecting personal information from children. If you believe that we have collected, used, or disclosed personally identifiable information of a child without appropriate consent, please contact us using the contact information below so that we can take appropriate action.

10. Do Not Track

We currently do not support the Do Not Track browser setting or respond to Do Not Track signals. Do Not Track (or DNT) is a preference you can set in your browser to let the websites you visit know that you do not want them collecting certain information about you. For more details about Do Not Track, including how to enable or disable this preference, visit https://www.allaboutdnt.com.

11. Updates To This Privacy Policy

We reserve the right to change this Privacy Policy at any time. If we make any material changes to this Privacy Policy, we will post the revised version to our website and update the "Effective Date" at the top of this Privacy Policy. Except as otherwise indicated, any changes will become effective when we post the revised Privacy Policy on our website.

12. Contact Us

Our contact information is as follows:

Data Controller:
Xeneos Consulting Limited (Company No. 13759590)
Trading as Xeneos AI
Registered in England and Wales
Swift House, Ground Floor,
18 Hoffmanns Way,
Chelmsford,
Essex,
CM1 1GU
United Kingdom

Email: legal@xeneos.ai
ICO Registration Number: ZB497557