Last Updated: January 2025

Effective Date: January 2025

Introduction

At XHK.AI ("XHK.AI," "we," "us," or "our"), we are strongly committed to respecting your privacy and protecting any information you share with us. This Privacy Policy explains how we collect, use, disclose, and process your personal data when you use XHK.AI's products and services, including:

• Codefulty: Our AI-powered coding assistant software
• XReply: Our AI-driven communication and email automation tool
• Our website, applications, and related services (collectively, the "Services")

This Privacy Policy applies to individuals who use our Services for personal or business purposes. By accessing or using the Services, you acknowledge that you have read and understood this Privacy Policy and consent to our practices regarding your personal information and data.

Note: This Privacy Policy does not apply where XHK.AI acts as a data processor on behalf of enterprise customers. Our use of data in those circumstances is governed by our customer agreements.

Important: For information about how third-party AI models (such as OpenAI, Claude, Gemini, etc.) handle your data when you use them through our Services, please refer to those providers' privacy policies. XHK.AI is not responsible for third-party AI providers' data practices.

1. Personal Data We Collect

We collect the following categories of personal data:

A. Personal Data You Provide Directly

We collect personal data when you create an account, use our Services, or communicate with us:

Account Information

When you create an XHK.AI account, we collect:

• Your name
• Email address
• Account credentials (username and password)
• Profile information (if provided)
• Company or organization name (if applicable)

Payment Information

If you purchase credits or paid features, we collect:

• Payment card information (processed through our third-party payment processor)
• Billing address
• Transaction history
• Account balance information

Content You Provide to Our Services

For Codefulty:

• Source code files from your local projects
• Project file structures and metadata
• Code snippets you send to AI models
• File names and directory structures
• Code-related queries and prompts

For XReply:

• Email addresses and contact information
• Email templates and message content
• Customer communication data
• Campaign information and settings
• Contact lists and segmentation data

Important: You control what content you share with our Services. We only access the information you explicitly provide or authorize.

AI-Generated Content ("Output")

We may temporarily store:

• Responses and suggestions generated by AI models
• Modifications made based on AI suggestions
• Backup copies (for Codefulty file backups)
• Generated email responses (for XReply)

Communication Information

If you contact us for support or other purposes, we collect:

• Your name and contact information
• The contents of your messages
• Any attachments or files you send
• Support ticket information

Feedback and User Interactions

We may collect:

• Feedback you provide about our Services
• Ratings or reviews
• Bug reports and error descriptions
• Feature requests and suggestions
• Survey responses

B. Personal Data We Receive from Your Use of the Services

When you use our Services, we automatically receive certain technical information:

Device Information

Your device or browser automatically sends us:

• Device type and model
• Operating system and version
• Browser type and version
• Device identifiers
• Mobile network or ISP information
• Screen resolution and device settings

Log Information

We collect technical logs, including:

• IP address
• Access times and dates
• Pages viewed and features used
• Error logs and diagnostic information
• API requests and responses (excluding your actual content)
• System performance metrics

Usage Data

We collect information about how you use our Services:

• Session duration and frequency
• Features and tools you use
• Number of items processed (files, emails, etc.)
• Interaction patterns (clicks, navigation, etc.)
• Search queries within the Services
• Settings and preferences

Cookies and Similar Technologies

We and our service providers use:

• Cookies to maintain your session and preferences
• Local storage for application functionality
• Analytics tools to understand Service usage
• Performance monitoring tools

For more details, please see our Cookie Policy at [Cookie Policy URL].

Location Information

We may determine your approximate geographic location from:

• Your IP address (for security and fraud prevention)
• Time zone settings
• Language preferences

We do not collect precise GPS location data unless you explicitly provide it.

C. Information We Do Not Collect

Content for Training: XHK.AI does NOT use your content (code, emails, files, or other Input/Output) to train AI models or for any purpose beyond providing the Services to you.

Sensitive Personal Information: We do not knowingly collect:

• Health or medical information
• Genetic or biometric data
• Religious or philosophical beliefs
• Racial or ethnic origin
• Political opinions
• Trade union membership
• Sexual orientation or sex life information
• Social security numbers or government-issued ID numbers (except as required for payment processing)

Children's Information: We do not knowingly collect information from individuals under 18 years of age. See Section 8 for more details.

2. How We Use Personal Data

We use your personal data for the following purposes:

To Provide and Maintain the Services

• Create and manage your XHK.AI account
• Process your payments and maintain billing records
• Facilitate connections to third-party AI models (for Codefulty)
• Enable email automation and communication features (for XReply)
• Display your content in our service interfaces
• Store automatic backups of your files (for Codefulty)
• Enable version control and diff features (for Codefulty)
• Process and send automated communications (for XReply)
• Provide customer support and respond to inquiries
• Send service-related notifications (session alerts, low balance notifications, etc.)

To Improve and Develop the Services

• Analyze how users interact with our Services
• Identify and fix bugs and technical issues
• Develop new features and functionality
• Conduct research on Service performance
• Optimize user experience and interface design
• Test new features and capabilities

Note: We analyze Usage Data and aggregate patterns, but we do NOT analyze your actual content (code, emails, messages) for these purposes.

To Communicate With You

• Send account-related information and updates
• Notify you about Service changes or improvements
• Respond to your questions and support requests
• Send billing notifications and payment confirmations
• Provide information about new features and products
• Send promotional emails (which you can opt out of)
• Communicate about events and webinars

To Ensure Security and Prevent Abuse

• Detect and prevent fraud, unauthorized access, and security threats
• Monitor for violations of our Terms of Service
• Investigate suspicious activity or policy violations
• Protect against malware, viruses, and malicious code
• Maintain the security and integrity of our systems
• Verify user identities and authenticate accounts

To Comply With Legal Obligations

• Respond to legal requests and court orders
• Comply with applicable laws and regulations
• Enforce our Terms of Service and other agreements
• Protect the rights, safety, and property of XHK.AI, our users, and others
• Resolve disputes and investigate claims

Aggregated and De-Identified Data

We may aggregate or de-identify personal data so that it no longer identifies you personally. We use this anonymized information to:

• Analyze Service usage trends
• Generate statistical reports
• Conduct research and development
• Improve our products and services

We maintain de-identified information in de-identified form and do not attempt to re-identify it, except as required by law.

3. How We Share Personal Data

We may disclose your personal data in the following circumstances:

Third-Party AI Model Providers (Codefulty)

When you explicitly choose to send code to a third-party AI model (such as OpenAI, Claude, Gemini, DeepSeek, etc.), that code is transmitted directly to the AI provider. Each AI provider has its own privacy policy and data handling practices, which govern how they use your data. We encourage you to review their privacy policies before using their services.

XHK.AI does not control and is not responsible for third-party AI providers' data practices.

Service Providers and Vendors

We share personal data with third-party service providers who help us operate our business:

• Cloud hosting and infrastructure providers
• Payment processors (for billing and transactions)
• Customer support platforms
• Email and communications services (for XReply functionality)
• Analytics and monitoring tools
• Security and fraud prevention services
• IT infrastructure and maintenance providers

These service providers access personal data only as necessary to perform services on our behalf and are contractually obligated to protect your information.

Business Transfers

In the event of a merger, acquisition, reorganization, bankruptcy, or sale of assets:

• Your personal data may be disclosed during due diligence
• Personal data may be transferred as part of the transaction
• The acquiring entity will be bound by this Privacy Policy (or will notify you of changes)

Legal Compliance and Protection

We may disclose personal data when we believe it is necessary to:

• Comply with applicable laws, regulations, or legal processes
• Respond to lawful requests from government authorities or law enforcement
• Enforce our Terms of Service or other agreements
• Protect against fraud, security threats, or illegal activity
• Protect the rights, safety, property, or security of XHK.AI, our users, or the public
• Defend against legal claims or liability
• Investigate policy violations or abuse

Affiliates

We may share personal data with XHK.AI affiliates and subsidiaries, who will use the information in a manner consistent with this Privacy Policy. This includes sharing data between our Codefulty and XReply products as necessary to provide integrated services.

Business Account Administrators

If you create an account using an email address owned by your employer or organization:

• We may notify that organization that you have an XHK.AI account
• We may share basic account information (email address, account status) with the organization
• If you join an enterprise or business account, administrators may access and control your account
• Business administrators may view your usage data and Content

Email Recipients and Third Parties (XReply)

When you use XReply to send emails or messages:

• Your communications are sent to the recipients you specify
• Recipients receive the content you authorize us to send
• Third-party email service providers may process your communications
• Email delivery services have their own privacy policies

Other Users You Choose to Share With

If you use sharing features (if available):

• Information you voluntarily share with other users is governed by their own practices
• You should review any applicable terms before sharing information

With Your Consent

We may share personal data when you give us explicit permission to do so, or when you direct us to share information through Service features.

Subprocessors

For our business and enterprise customers, you can review the third-party service providers we engage at trust.xhk.ai/subprocessors (if applicable).

4. Data Retention

We retain your personal data only as long as necessary to provide the Services and fulfill the purposes described in this Privacy Policy.

Retention Periods

• Account Information: We retain your account information for as long as your account remains active, plus a reasonable period afterward to comply with legal obligations.
• Payment Information: We retain payment and transaction records as required by law and for accounting purposes (typically 7 years).
• Content and Backups:
  • Codefulty: Active file backups are retained while your account is active. Upon account deletion, backups are deleted within a reasonable period (typically 30-90 days).
  • XReply: Email templates, contact lists, and campaign data are retained while your account is active. Historical communication logs may be retained for a limited period for analytics and compliance purposes.
  • We may retain certain backups for a limited time for disaster recovery purposes.
• Usage Data and Logs: We retain technical logs and usage data for:
  • Security monitoring: typically 90 days to 1 year
  • Analytics: aggregated data may be retained indefinitely after de-identification
  • Compliance: as required by applicable laws
• Communications: We retain support communications for as long as necessary to provide support and resolve issues, typically 2-3 years.

Deletion

When personal data is no longer needed:

• We delete or de-identify it in accordance with applicable laws
• Our service providers follow similar deletion practices
• Some data may persist in backup systems for a limited period

You can request deletion of your personal data at any time (subject to certain legal exceptions). See Section 6 for information about your rights.

5. Security

We implement commercially reasonable technical, administrative, and organizational measures to protect your personal data from unauthorized access, loss, misuse, alteration, or destruction.

Security Measures Include:

Your Responsibility

While we take security seriously, no method of transmission over the Internet or electronic storage is 100% secure. You should:

• Use a strong, unique password for your XHK.AI account
• Keep your login credentials confidential
• Log out of your account when using shared devices
• Exercise caution when deciding what content to share with AI models or in automated communications
• Report any suspected security issues to security@xhk.ai

We are not responsible for circumvention of privacy settings or security measures, or for security of third-party AI providers or websites.

6. Your Rights and Choices

Depending on where you live and applicable laws, you may have certain rights regarding your personal data.

Rights You May Have

How to Exercise Your Rights

To exercise any of these rights, you or your authorized agent may:

• Email us at: privacy@xhk.ai
• Submit a request through your account settings (where available)
• Use our online privacy request form at [privacy portal URL]

Verification: We may request information to verify your identity before processing your request to protect against fraudulent requests.

Authorized Agents: You may designate an authorized agent to submit requests on your behalf. The agent must provide written authorization, and we may require you to verify your identity directly.

Response Time: We will respond to your request within the timeframe required by applicable law (typically 30-45 days).

Appeals: If we deny your request, you may appeal by contacting us at privacy@xhk.ai.

Your Choices

• Email Communications: You can opt out of promotional emails by clicking the "unsubscribe" link in any marketing email. You will continue to receive service-related communications.
• XReply Email Preferences: Recipients of XReply-generated emails can manage their communication preferences through unsubscribe links or preference centers (if configured).
• Cookies: You can control cookies through your browser settings. Note that disabling cookies may affect Service functionality.
• Account Deletion: You can close your account at any time by contacting support@xhk.ai.

7. Children's Privacy

Our Services are not directed to, and we do not knowingly collect personal data from, individuals under 18 years of age.

• Users must be at least 18 years old (or the age of majority in their jurisdiction) to use our Services
• We do not knowingly collect, use, or disclose personal information from children under 18
• If we learn that we have collected personal data from a child under 18, we will delete that information promptly
• If you believe a child under 18 has provided personal data to XHK.AI, please contact us at privacy@xhk.ai

8. International Data Transfers

XHK.AI processes personal data on servers located in various jurisdictions, including the United States. If you access our Services from outside the United States, your personal data may be transferred to, stored in, and processed in the United States and other countries where our service providers operate.

Data Protection Commitments:

• We apply the protections described in this Privacy Policy to your personal data regardless of where it is processed
• We transfer personal data only pursuant to legally valid transfer mechanisms, such as:
  • Standard Contractual Clauses approved by the European Commission
  • Adequacy decisions
  • Your explicit consent
  • Other lawful transfer mechanisms under applicable law

For EEA, UK, and Swiss Users:

• When we transfer personal data outside the EEA, UK, or Switzerland, we ensure an adequate level of protection
• We comply with applicable data transfer requirements under GDPR and UK GDPR

9. Privacy Policy Changes

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors.

How We Notify You:

• We will update the "Last Updated" date at the top of this Privacy Policy
• For material changes that significantly affect your rights, we will provide at least 30 days' advance notice via:
  • Email to the address associated with your account
  • In-app notification
  • Prominent notice on our website
• For minor or non-material changes, we will post the updated Privacy Policy on our website

Your Acceptance:

• Your continued use of the Services after changes take effect constitutes your acceptance of the updated Privacy Policy
• If you do not agree to the changes, you must stop using the Services and may close your account

Previous Versions:

Previous versions of this Privacy Policy are available upon request by contacting privacy@xhk.ai

10. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us:

• Privacy Inquiries: privacy@xhk.ai
• Data Protection Officer: dpo@xhk.ai
• General Support: support@xhk.ai
• Security Issues: security@xhk.ai

Privacy Request Portal: [URL for online privacy request form]

We will respond to your inquiries within a reasonable timeframe as required by applicable law.