Privacy Policy
1. Information We Collect
We collect information in the following ways:
Information you provide directly, when you fill out our Contact Us form, the “Get Matched” popup form, or otherwise reach out to us — including your name, email address, phone number, company name, and any message or project details you share.
Information collected through scheduling, when you book a discovery call via Calendly. Calendly may collect your name, email address, and scheduling preferences on our behalf, governed by Calendly’s own privacy policy.
Information collected automatically, when you browse the Site, through cookies and similar tracking technologies (see Section 3). This may include your IP address, browser type, device type, pages visited, time spent on pages, and referring URLs, collected via Google Analytics and Google Tag Manager.
We do not knowingly collect financial information, government ID numbers, or other sensitive personal data through this Site.
2. How We Use Your Information
We use the information we collect to:
- Respond to your inquiries and match you with a suitable engineer
- Schedule and manage discovery calls
- Communicate with you about your project, trial, or engagement
- Improve our Site’s performance, content, and user experience
- Understand how visitors use our Site through aggregated analytics
- Comply with legal obligations
We do not sell your personal information to third parties.
3. Cookies & Tracking Technologies
We use cookies and similar technologies, primarily through Google Analytics and Google Tag Manager, to understand how visitors interact with our Site. These tools may collect information such as pages viewed, session duration, and general location (city/country level, derived from IP address).
You can control cookies through your browser settings, including blocking or deleting them. Disabling cookies may affect some Site functionality but will not prevent you from contacting us or using core features.
If you serve visitors in the EU/UK, you’re legally required to obtain consent before non-essential cookies (like Google Analytics) load — not just disclose them after the fact. I didn’t see a cookie consent banner on the live site during our review. That’s a gap worth closing alongside publishing this policy, not just a policy-wording issue.
4. Legal Basis for Processing (EU/UK Visitors)
If you are located in the European Economic Area or the United Kingdom, we process your personal data based on:
- Consent — for non-essential cookies and marketing communications
- Legitimate interest — for responding to inquiries and improving our services
- Contractual necessity — where processing is required to deliver a service you’ve requested (e.g., matching you with an engineer)
5. Third-Party Service Providers
We share information with the following categories of service providers, solely to operate our business:
- Calendly — for call scheduling
- Google Analytics / Google Tag Manager — for website analytics
- Our hosting and email infrastructure providers — to operate and maintain the Site and respond to inquiries
These providers may process data outside India, including in the United States, under their own privacy and security policies.
6. International Data Transfers
As we work with clients and visitors globally, your information may be transferred to, stored in, and processed in countries other than your country of residence, including India and the United States. Where required by law, we rely on appropriate safeguards (such as standard contractual clauses) for such transfers.
7. Data Retention
We retain personal information only for as long as necessary to fulfill the purposes outlined in this policy, respond to your inquiry, or comply with legal, accounting, or reporting obligations. Inquiry and contact form data not converted into an active engagement is retained for [Insert retention period, e.g., 24 months] before deletion.
8. Data Security
We implement reasonable technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. However, no method of transmission or storage is 100% secure, and we cannot guarantee absolute security.
9. Your Privacy Rights
If you are in the EU/UK (GDPR): you have the right to access, correct, delete, restrict, or object to our processing of your personal data, and the right to data portability. You may also lodge a complaint with your local data protection authority.
If you are a California resident (CCPA/CPRA): you have the right to know what personal information we collect, request deletion of your information, and opt out of the sale or sharing of personal information. (We do not sell personal information.)
If you are in India: you have rights under the Digital Personal Data Protection Act, 2023, including the right to access, correct, and request erasure of your personal data, and to withdraw consent at any time.
To exercise any of these rights, contact us using the details in Section 12.
10. Children's Privacy
Our Site and services are intended for businesses and professionals. We do not knowingly collect personal information from individuals under 18 years of age.
11. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or for legal, operational, or regulatory reasons. We will post the updated version on this page with a revised “Last Updated” date.
12. Contact Us
If you have questions about this Privacy Policy or wish to exercise your data rights, contact us at:
Xspot India
Ahmedabad, India
Email: hello@xspotindia.com
Phone: +91 90232 70889
Who we are
Suggested text: Our website address is: http://xspotindia.com.
Comments
Suggested text: When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.
An anonymized string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service privacy policy is available here: https://automattic.com/privacy/. After approval of your comment, your profile picture is visible to the public in the context of your comment.
Media
Suggested text: If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.
Cookies
Suggested text: If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.
If you visit our login page, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.
When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.
If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.
Embedded content from other websites
Suggested text: Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.
These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.
Who we share your data with
Suggested text: If you request a password reset, your IP address will be included in the reset email.
How long we retain your data
Suggested text: If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue.
For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.
What rights you have over your data
Suggested text: If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.
Where your data is sent
Suggested text: Visitor comments may be checked through an automated spam detection service.