Privacy Policy

1. Introduction

This Privacy Policy ("Policy") describes how XEUS SOLUTIONS INC., doing business as XEUS ("XEUS," "we," "us," or "our"), collects, uses, shares, and protects information in connection with our AI-powered business intelligence and analytics platform, our website at goxeus.com, and all related services, applications, and APIs (collectively, the "Service").

By accessing or using the Service, creating an account, or submitting information to us, you acknowledge that you have read and understood this Policy and consent to the collection, use, and sharing of your information as described herein. If you do not agree with this Policy, please do not use the Service.

This Policy should be read in conjunction with our Terms of Service, which govern your use of the Service.

2. Information We Collect

We collect and receive information in several ways depending on how you interact with the Service:

2.1 Information You Provide Directly

• Account Information: When you register for the Service, we collect your name, email address, company name, job title, phone number, and login credentials.
• Billing and Payment Information: When you subscribe to a paid plan, we collect billing details such as your payment method, billing address, and transaction history. Payment card information is processed by our third-party payment processor and is not stored directly on our servers.
• Customer Data: Any data, files, databases, or information that you upload, submit, or connect to the Service for analysis, including data from third-party integrations you authorize.
• User Content: Dashboards, reports, queries, visualizations, and other outputs you create through the Service.
• Communications: Information you provide when you contact us for support, submit feedback, respond to surveys, or communicate with us by email or other means.

2.2 Information Collected Automatically

• Usage Data: We collect information about how you interact with the Service, including features used, queries executed, Credit consumption, pages viewed, actions taken, timestamps, and session duration.
• Device and Browser Information: We collect device type, operating system, browser type and version, screen resolution, language preferences, and unique device identifiers.
• Log Data: Our servers automatically record information such as your IP address, access times, referring URLs, and error logs.
• Cookies and Similar Technologies: We use cookies, pixels, local storage, and similar tracking technologies to collect information about your browsing activity and preferences. See Section 9 (Cookies and Tracking Technologies) for more details.

2.3 Information from Third Parties

• Third-Party Integrations: When you connect third-party data sources, APIs, or applications to the Service (such as databases, cloud storage, or analytics tools), we receive data from those services as authorized by you.
• Analytics Providers: We may receive aggregated or anonymized information from third-party analytics services that help us understand usage trends.

3. How We Use Your Information

We use the information we collect for the following purposes:

3.1 Providing and Operating the Service

• To create and manage your account, authenticate your identity, and deliver the Service;
• To process your Customer Data and generate AI-powered analytics, insights, visualizations, and reports;
• To process billing, manage subscriptions, track Credit usage, and process Top-Up Credit charges;
• To provide customer support and respond to your inquiries.

3.2 Improving and Developing the Service

• To analyze usage patterns, diagnose technical issues, and improve the performance, reliability, and security of the Service;
• To develop new features, products, and services.

3.3 Communications

• To send you service-related notices, including billing confirmations, security alerts, Credit usage notifications, and Terms or Policy updates;
• To send you marketing and promotional communications where permitted by law (you may opt out at any time).

3.4 Safety, Security, and Compliance

• To detect, investigate, and prevent fraud, abuse, security incidents, and violations of our Terms of Service;
• To comply with applicable laws, regulations, legal processes, and governmental requests;
• To enforce our Terms of Service and protect the rights, property, and safety of XEUS, our users, and the public.

4. AI, Machine Learning, and Data Processing

XEUS uses artificial intelligence and machine learning technologies to power its analytics capabilities. It is important that you understand how your data interacts with these systems:

4.1 Use of Transactional Data

XEUS does not access, store, or process your customers' personal data. When you connect Third-Party Services to the platform, XEUS accesses aggregated transactional data (such as order volumes, product sales figures, and revenue metrics) solely to generate analytics reports, visualizations, and recommendations ("AI Outputs"). No personally identifiable customer information is collected, stored, or used by XEUS at any point in this process.

4.2 Aggregated and Anonymized Data

We may use aggregated and anonymized data derived from your use of the Service (including usage patterns, query types, and platform interaction data) to improve our AI models, algorithms, and overall Service quality. This aggregated data does not identify you or any individual and cannot be used to reconstruct your Customer Data.

4.3 AI Output Accuracy

AI-generated outputs may contain errors, inaccuracies, or biases. XEUS does not guarantee the accuracy, completeness, or reliability of any AI Output. You are solely responsible for evaluating and verifying AI Outputs before relying on them. For more detail, see Section 13 of our Terms of Service.

5. How We Share Your Information

We do not sell your personal information. We share your information only in the following circumstances:

5.1 Service Providers

We share information with third-party vendors and service providers who perform functions on our behalf, such as cloud hosting, payment processing, email delivery, analytics, and customer support. These providers are contractually obligated to use your information only to provide services to us and in accordance with this Policy.

5.2 Third-Party Integrations

When you connect Third-Party Services to the platform, data may flow between XEUS and those services as necessary to deliver the requested functionality. Your use of Third-Party Services is governed by their own privacy policies.

5.3 Legal and Compliance

We may disclose your information to governmental authorities, law enforcement agencies, or third parties if we reasonably believe that such disclosure is: (a) required by applicable law, regulation, legal process, or governmental request; (b) necessary to enforce our Terms of Service; (c) necessary to protect the rights, property, or safety of XEUS, our users, or the public; or (d) necessary to detect, prevent, or address fraud, security issues, or technical problems.

We will make reasonable efforts to notify you of such disclosures unless prohibited by law or court order, or where notification would jeopardize an ongoing investigation.

5.4 Business Transfers

In the event of a merger, acquisition, reorganization, bankruptcy, or sale of all or a portion of our assets, your information may be transferred as part of that transaction. We will notify you of any such change in ownership or control of your information.

5.5 Aggregated Data

We may share aggregated or de-identified information that cannot reasonably be used to identify you for business intelligence, benchmarking, research, or marketing purposes.

6. Data Retention

We retain your information for as long as your account is active or as needed to provide the Service. Specifically:

• Account Information: Retained for the duration of your account and for a reasonable period thereafter for legal, audit, and compliance purposes.
• Customer Data: Retained for the duration of your account. Upon account termination, XEUS will make your Customer Data available for export for thirty (30) days. After this period, Customer Data may be permanently deleted.
• Billing Records: Retained for a minimum of seven (7) years as required by applicable tax and financial regulations.
• Usage and Log Data: Generally retained for up to twenty-four (24) months for analytics, security, and troubleshooting purposes.
• Inactive Accounts: If your account remains inactive for twelve (12) consecutive months, we may deactivate or delete your account after providing thirty (30) days' notice to the email address on file.

When information is no longer required, we will delete or anonymize it in accordance with our internal data retention schedules.

7. Data Security

We implement commercially reasonable technical and organizational security measures to protect your information against unauthorized access, loss, misuse, alteration, or destruction. These measures include encryption in transit and at rest, access controls, regular security assessments, and employee training.

However, no method of electronic storage or transmission over the Internet is completely secure. While we strive to protect your information, we cannot guarantee its absolute security. You are responsible for maintaining the confidentiality of your account credentials and for notifying us immediately at info@goxeus.com if you suspect unauthorized access to your account.

8. Data Breach Notification

In the event of a security breach that results in the unauthorized access, disclosure, or loss of your personal information, XEUS will:

• Investigate and take reasonable steps to contain and remediate the breach;
• Notify affected users without unreasonable delay and no later than required by applicable law;
• Provide details about the nature of the breach, the types of information affected, and the steps we are taking in response; and
• Notify applicable regulatory authorities as required by law.

9. Cookies and Tracking Technologies

We use cookies and similar technologies to operate and improve the Service. The types of cookies we use include:

Type	Purpose	Duration
Essential	Required for the Service to function (authentication, security, session management)	Session / persistent
Functional	Remember your preferences and settings (language, layout, display options)	Persistent
Analytics	Help us understand usage patterns, measure performance, and improve the Service	Persistent
Marketing	Used to deliver relevant advertising and measure campaign effectiveness	Persistent

You can manage your cookie preferences through your browser settings. Disabling certain cookies may limit your ability to use some features of the Service. Most browsers allow you to block or delete cookies, and you may also opt out of certain third-party tracking by visiting industry opt-out pages such as the Network Advertising Initiative or Digital Advertising Alliance.

10. Your Rights and Choices

10.1 All Users

Regardless of your location, you have the following rights:

• Access and Portability: You may request a copy of the personal information we hold about you.
• Correction: You may request that we correct inaccurate personal information.
• Deletion: You may request that we delete your personal information, subject to certain legal exceptions.
• Marketing Opt-Out: You may opt out of marketing communications at any time by using the unsubscribe link in our emails or by contacting us at info@goxeus.com.
• Data Export: You may export your Customer Data through the Service at any time while your account is active.

To exercise any of these rights, contact us at info@goxeus.com. We will respond to verified requests within thirty (30) days.

10.2 California Residents (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA):

• Right to Know: You have the right to know what personal information we collect, use, disclose, and sell (if applicable), and to request the specific pieces of personal information we have collected about you.
• Right to Delete: You have the right to request deletion of your personal information, subject to certain exceptions.
• Right to Correct: You have the right to request correction of inaccurate personal information.
• Right to Opt Out of Sale or Sharing: XEUS does not sell your personal information. We do not share personal information for cross-context behavioral advertising purposes.
• Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA/CPRA rights.

To exercise your California rights, contact us at info@goxeus.com or submit a request through the methods described in Section 15.

10.3 European Economic Area, United Kingdom, and Switzerland Residents (GDPR)

If you are located in the European Economic Area (EEA), the United Kingdom, or Switzerland, the following additional provisions apply:

Lawful Basis for Processing: We process your personal data under the following legal bases:

• Contract Performance: Processing necessary to provide the Service under our Terms of Service;
• Legitimate Interests: Processing necessary for our legitimate business interests, such as improving the Service, preventing fraud, and conducting analytics, where these interests are not overridden by your rights;
• Consent: Where you have given consent to specific processing activities, such as marketing communications; and
• Legal Obligation: Processing necessary to comply with applicable laws.

Your Additional Rights: In addition to the rights listed in Section 10.1, you have the right to:

• Restrict Processing: Request that we restrict processing of your personal data in certain circumstances;
• Object to Processing: Object to processing of your personal data based on legitimate interests;
• Data Portability: Receive your personal data in a structured, commonly used, and machine-readable format; and
• Withdraw Consent: Withdraw consent at any time where processing is based on consent.

International Transfers: Your personal data may be transferred to and processed in the United States. When we transfer data outside the EEA, UK, or Switzerland, we rely on appropriate safeguards such as Standard Contractual Clauses approved by the European Commission to ensure your data is protected.

Supervisory Authority: You have the right to lodge a complaint with your local data protection authority if you believe we have not complied with applicable data protection laws.

11. Children's Privacy

The Service is not intended for individuals under the age of 18. We do not knowingly collect personal information from anyone under 18 years of age. If we become aware that we have collected personal information from a minor under 18, we will take steps to delete that information promptly. If you believe that a minor has provided us with personal information, please contact us at info@goxeus.com.

12. Third-Party Links and Services

The Service may contain links to, or integrations with, third-party websites, applications, or services that are not operated by XEUS. This Policy does not apply to those third-party services. We encourage you to review the privacy policies of any third-party services you access through or in connection with the Service. XEUS is not responsible for the privacy practices or content of third-party services.

13. International Data Transfers

The Service is hosted and operated in the United States. If you access the Service from outside the United States, your information will be transferred to, stored, and processed in the United States, where data protection laws may differ from those in your jurisdiction.

By using the Service, you consent to the transfer of your information to the United States. Where required by applicable law, we implement appropriate safeguards for international data transfers, including Standard Contractual Clauses approved by the European Commission and the UK International Data Transfer Addendum.

14. Changes to This Privacy Policy

We may update this Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. When we make material changes, we will:

• Update the "Effective Date" at the top of this Policy;
• Post the revised Policy on our website; and
• Notify you by email or in-platform notification at least fifteen (15) days before the changes take effect.

Your continued use of the Service after the updated Policy takes effect constitutes your acceptance of the changes. We encourage you to review this Policy periodically.

15. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

We will acknowledge your request and respond within thirty (30) days. If you are not satisfied with our response, you may have the right to lodge a complaint with your local data protection authority.

Last updated: March 30, 2026