Privacy Policy

This Privacy Policy explains how Natasha Kyra Martinoff d/b/a XILLION (“Company,” “we,” “us,” or “our”) collects, uses, stores, and protects personal data when you use XILLION and related services available through https://xillion.app.

This policy is intended to comply with applicable privacy laws, including the GDPR, UK GDPR, CCPA, and CPRA.

1. Data Controller

The data controller responsible for your personal information is:

Natasha Kyra Martinoff d/b/a XILLION
Los Angeles, California, USA
Email: help.xillion@outlook.com
Website: https://xillion.app

2. Information We Collect

Account Information

When you create an account, we may collect:

• Email address
• Authentication credentials (stored securely in hashed form through Supabase Auth)
• Account preferences and settings

Payment Information

Payments are processed by Stripe.

We may receive limited payment metadata, including:

• Stripe customer ID
• Purchase history
• Transaction status
• Tax and billing metadata

We do not receive or store:

• Full card numbers
• CVV codes
• Full banking details

Usage and Technical Data

We may collect:

• IP address
• Device/browser information
• Log data
• Error reports
• Security and abuse-prevention information

AI Prompt Processing

When you interact with the AI assistant, your prompts and messages are transmitted to third-party AI providers, including OpenAI and Google Gemini, for processing and response generation.

What We Do NOT Store

We do not persistently store your chat history on our servers.

Chat conversations are stored locally in your browser using localStorage and remain under your control on your device.

If you clear browser storage or switch devices, your local chat history may be lost.

3. Legal Bases for Processing (GDPR)

Where GDPR or UK GDPR applies, we process personal data under the following legal bases:

Contractual Necessity

To:

• Create and manage accounts
• Process payments
• Provide the Service
• Respond to support requests

Legitimate Interests

To:

• Maintain security
• Prevent fraud and abuse
• Improve system reliability
• Diagnose technical issues

Consent

Where legally required, we rely on consent for specific activities.

You may withdraw consent at any time where processing is based on consent.

4. How We Use Information

We use collected information to:

• Operate and maintain the Service
• Authenticate users
• Process purchases and taxes
• Provide customer support
• Detect abuse and security threats
• Improve product performance
• Comply with legal obligations

We do not sell personal data.

5. Third-Party Service Providers

We use trusted third-party providers to operate the Service, including:

Supabase

Used for authentication and database infrastructure.

Stripe

Used for payment processing and Stripe Tax functionality.

OpenAI and Google Gemini

Used to process AI prompts and generate responses.

Your prompts may be transmitted to these providers solely to provide AI functionality.

6. International Data Transfers

Your information may be processed or stored in countries outside your own jurisdiction, including the United States.

Where required by law, we implement safeguards intended to protect transferred data, including contractual protections and reliance on recognized transfer mechanisms.

7. Data Retention

We retain personal data only as long as reasonably necessary for:

• Providing the Service,
• Legal compliance,
• Security,
• Accounting and tax obligations,
• Dispute resolution.

You may request deletion of your account and associated personal data at any time, subject to legal retention requirements.

Because chat history is stored locally in your browser, deleting browser storage may erase your local conversations.

8. Your Privacy Rights

Depending on your jurisdiction, you may have rights to:

• Access your data
• Correct inaccurate information
• Delete personal information
• Restrict processing
• Object to processing
• Withdraw consent
• Request data portability

To exercise these rights, contact help.xillion@outlook.com.

California Privacy Rights (CCPA/CPRA)

California residents may request:

• Disclosure of collected information categories
• Deletion of personal information
• Correction of inaccurate data
• Access to retained information

We do not sell or share personal information for cross-context behavioral advertising.

Therefore, we do not provide a “Do Not Sell or Share My Personal Information” opt-out because we do not engage in those activities.

We do not knowingly process sensitive personal information for purposes requiring a “Limit Use” right under California law.

9. Cookies and Tracking

We use only essential cookies and authentication-related storage necessary for:

• Logging users in,
• Maintaining sessions,
• Security and fraud prevention.

We do not use third-party advertising cookies or behavioral tracking systems.

10. Security Measures

We implement reasonable technical and organizational safeguards intended to protect personal data.

However, no online service can guarantee absolute security.

You are responsible for maintaining the confidentiality of your login credentials.

11. Data Breach Notification

If we become aware of a data breach affecting personal information, we will take reasonable steps to investigate, mitigate harm, and provide notifications where required by applicable law.

12. Children’s Privacy

The Service is not intended for individuals under 18 years old.

We do not knowingly collect personal data from children under 18.

If we learn that a minor has provided personal information, we may delete the data and terminate the associated account.

13. Changes to This Privacy Policy

We may update this Privacy Policy periodically.

Updated versions become effective when posted on https://xillion.app.

Continued use of the Service after updates constitutes acceptance of the revised policy.

Contact

For privacy requests or questions:

Natasha Kyra Martinoff d/b/a XILLION
Los Angeles, California, USA
Email: help.xillion@outlook.com
Website: https://xillion.app