Legal

Privacy Policy

Effective Date: April 05, 2025

Welcome to XMobility.ai ("Website"), a platform operated by GlideMobility Private Limited, a company registered under the Companies Act, 2013, in India. GlideMobility Private Limited ("we," "us," "our," or "XMobility") is dedicated to safeguarding your privacy and ensuring transparency in how we handle your information. This Privacy Policy outlines how we collect, use, disclose, store, and protect your personal information when you visit our website https://xmobility.ai/ or its subdomains like https://app.xmobility.ai/ orhttps://demo.xmobility.ai/ (the "Website"), use our services, or interact with us in any way (collectively, the "Services"). By accessing or using our Services, you agree to this Privacy Policy. If you do not agree, please refrain from using our Services.

This Privacy Policy complies with all applicable laws globally, including but not limited to:

  • Indian Laws: The Information Technology Act, 2000, and the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 ("IT Rules").
  • European Union (EU) Laws: The General Data Protection Regulation (GDPR) for users in the EU and European Economic Area (EEA).
  • United States (US) Laws: The California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA) for California residents.
    • Other Global Regulations: Applicable privacy laws in jurisdictions where our users reside or where we operate.

Definitions

For the purposes of this Privacy Policy:

  • 'Personal Information' means any information relating to an identified or identifiable individual.
  • 'Sensitive Personal Information' includes government-issued IDs, financial data, and health or biometric information.
  • 'Controller' refers to the entity that determines the purposes and means of processing personal data.
  • 'Processor' refers to the entity that processes personal data on behalf of the controller.
  • 'Data Subject' means the individual to whom the personal data relates.
  • 'Consent' refers to freely given, specific, informed, and unambiguous indication of the data subject's wishes.

Scope of This Policy

This Privacy Policy applies to all users of our Website and Services, including visitors, registered users, and customers. It covers information collected through our Website, mobile applications (if applicable), email communications, and other interactions with XMobility.ai. This policy does not apply to third-party websites, services, or applications linked from our Website, which have their own privacy policies.

Information We Collect

We collect information to provide, improve, and personalize our Services. We adhere to the principle of data minimization and only collect personal information that is necessary for the purposes outlined in this policy. The types of information we collect fall into the following categories:

Information You Provide to Us

We collect personal information you voluntarily provide, including:

  • Contact Information: Name, email address, phone number, mailing address, or other contact details provided when you register for an account, fill out forms, subscribe to newsletters, request support, or contact us.
  • Account Information: Username, password, security questions, or other credentials created when you set up an account.
  • Payment Information: Credit card details, billing address, or other payment method information when you make purchases through our Services, processed securely via third-party payment processors.
  • User-Provided Content: Information submitted through feedback forms, surveys, reviews, comments, or customer support interactions.
  • Professional Information: Job title, company name, or other business related details if you engage with us in a professional capacity (e.g., as a business customer or partner).
  • Event or Webinar Registrations: Information provided when signing up for events, webinars, or other promotional activities, such as name, email, and organization.

Information Collected Automatically

We use automated technologies to collect information about your interactions with our Services, including:

  • Usage Data: Pages visited, time spent on the Website, links clicked, search terms, referral URLs, and other behavioral data.
  • Device Information: IP address, browser type and version, operating system, device type, unique device identifiers, and network information.
  • Location Data: Approximate location based on your IP address or, if you consent, precise geolocation data from your device (e.g., GPS data for mobile app users).
  • Cookies and Tracking Technologies: Data collected via cookies, web beacons, pixel tags, or similar technologies to track user behavior, store preferences, and deliver personalized content (see Section 6 for details).
  • We may use session replay tools or fingerprinting technologies to diagnose issues and improve platform usability. These tools may record interactions such as mouse movements, clicks, and page navigation in anonymized form.

Information from Third Parties

We may obtain information about you from external sources, such as:

  • Analytics Providers: Tools like Google Analytics or similar services that provide aggregated or anonymized data on Website usage and performance.
  • Social Media Platforms: Information shared when you interact with our Services via platforms like Twitter/X, LinkedIn, or Facebook (e.g., profile information or engagement data).
  • Business Partners: Data from partners for joint marketing, co-branded services, or lead generation, provided such sharing complies with applicable laws.
  • Publicly Available Sources: Information from public databases or directories, such as business contact details.

Sensitive Personal Information

In certain cases, we may collect sensitive personal information, such as payment details or, for specific Services, additional data like government-issued IDs (e.g., for identity verification in regulated industries). We only collect sensitive information with your explicit consent or as required by law, and we implement enhanced safeguards to protect it.

How We Use Your Information

We use your information to operate, improve, and personalize our Services, including for the following purposes:

  • Service Delivery: To provide and maintain our Website and Services, process transactions, fulfill orders, and deliver customer support.
  • Account Management: To create and manage user accounts, authenticate logins, and facilitate account-related activities.
  • Communication: To send transactional emails (e.g., order confirmations, account updates), respond to inquiries, or provide marketing communications (with your consent where required).
  • Personalization: To tailor content, advertisements, recommendations, or user interfaces based on your preferences, interests, and behavior.
  • Analytics and Improvement: To analyze usage trends, monitor Website performance, and enhance functionality, user experience, and Service offerings.
  • Security and Fraud Prevention: To detect and prevent fraud, cyberattacks, unauthorized access, or other illegal activities.
  • Marketing and Promotions: To deliver targeted advertising, promotional offers, or event invitations, subject to your opt-in preferences.
  • Legal Compliance: To comply with applicable laws, regulations, or legal processes, such as responding to subpoenas, court orders, or tax requirements.
  • Research and Development: To conduct internal research, develop new features, or improve existing Services.
  • Automated Decision-Making and Profiling: Our Services may use automated logic to assist in processing optimization, eligibility validation, and workflow management. However, no decisions with legal or similarly significant effects are made solely based on automated processing without human intervention.

XMobility conducts internal Data Protection Impact Assessments (DPIAs) where required by law, especially when introducing new technologies or services that involve processing sensitive information at scale.

How We Share Your Information

We do not sell, rent, or trade your personal information for monetary consideration. However, we may share your information in the following circumstances:

  • Service Providers: With trusted third-party vendors who perform services on our behalf, such as:
    • Hosting and cloud storage providers (e.g., AWS, Google Cloud).
    • Payment processors (e.g., Stripe, PayPal).
    • Email and marketing platforms (e.g., Mailchimp).
    • Analytics providers (e.g., Google Analytics).
    • Customer support tools (e.g., Zendesk).

    These providers are bound by contracts to protect your information and only use it for the purposes we specify.

  • Business Partners: With partners for co-branded services, joint marketing, or lead-sharing programs, provided you have consented where required.
  • Business Transfers: In connection with a merger, acquisition, bankruptcy, or sale of assets, your information may be transferred to the acquiring entity, subject to confidentiality agreements.
  • Legal Obligations: When required by law, regulation, or legal process, such as responding to subpoenas, court orders, or government audits.
  • Protection of Rights: To protect our rights, property, or safety, or that of our users or the public, including to prevent fraud or enforce our Terms of Service.
  • With Your Consent: When you explicitly agree to share your information, such as for a co-sponsored event or integration with a third-party service.

We may also share aggregated or anonymized data that cannot identify you for purposes like industry reports, benchmarking, or analytics.

Data Security

We implement robust technical, administrative, and physical safeguards to protect your information, including:

  • Encryption: Using Secure Sockets Layer (SSL)/Transport Layer Security (TLS) for data transmission and encryption for sensitive data at rest.
  • Access Controls: Restricting access to personal information to authorized personnel only, with role-based permissions.
  • Security Monitoring: Regular vulnerability scans, penetration testing, and monitoring for suspicious activity.
  • Incident Response: A documented process to detect, respond to, and notify users of data breaches, as required by law.
  • Vendor Oversight: Ensuring third-party service providers adhere to strict security standards through contractual agreements.

Despite these measures, no system is entirely secure. In the event of a data breach, we will notify affected users and relevant authorities promptly, as required by applicable laws (e.g., GDPR's 72-hour notification requirement).

Cookies and Tracking Technologies

We use cookies, web beacons, pixel tags, and similar technologies to enhance your experience, analyze usage, and deliver personalized content.

Types of Cookies

  • Strictly Necessary Cookies: Essential for Website functionality, such as maintaining user sessions or enabling secure logins.
  • Performance Cookies: Collect anonymized data to analyze Website performance and user behavior (e.g., Google Analytics).
  • Functional Cookies: Enable enhanced features, such as saving your preferences or remembering your login details.
  • Advertising Cookies: Support targeted advertising by tracking your interests and behavior across sites (e.g., via third-party ad networks).
  • Session Cookies: Temporary cookies that expire when you close your browser.
  • Persistent Cookies: Remain on your device for a set period to remember your preferences across visits.

Managing Cookies

You can manage cookies through:

  • Browser Settings: Configure your browser to block or delete cookies. Note that disabling cookies may impact Website functionality.
  • Cookie Consent Tool: Use our Website's cookie banner (if available) to customize your preferences.
  • Opt-Out Tools: Opt out of targeted advertising via tools like the Network Advertising Initiative or Digital Advertising Alliance.

For more information, visit www.allaboutcookies.org.

Your Privacy Rights

Depending on your location, you may have specific rights regarding your personal information under laws like GDPR, CCPA/CPRA, or other regulations. These rights include:

General Rights

  • Access: Request a copy of the personal information we hold about you, including categories of data, sources, and purposes of use.
  • Rectification: Correct inaccurate or incomplete personal information.
  • Deletion: Request deletion of your personal information, subject to exceptions (e.g., legal obligations to retain data).
  • Restriction: Limit how we process your data in certain circumstances (e.g., while verifying disputed data).
  • Data Portability: Receive your personal information in a structured, commonly used, and machine-readable format.
  • Objection: Object to certain types of processing, such as direct marketing or processing based on legitimate interests.
  • Opt-Out of Sales/Sharing: Opt out of the sale or sharing of your personal information for targeted advertising (note: we do not sell personal information for monetary consideration).
  • Non-Discrimination: We will not discriminate against you for exercising your privacy rights (e.g., by denying services or charging different prices).

How to Exercise Your Rights

To submit a request, contact us at privacy@xmobility.ai with the subject line "Privacy Rights Request." Please include:

  • Your name and contact details.
  • The specific right you are exercising (e.g., access, deletion).
  • Any relevant details (e.g., account ID or interaction history).

We will verify your identity to ensure security, which may involve requesting additional information (e.g., account credentials or government-issued ID for sensitive requests). We will respond within legally required timeframes:

  • GDPR: 30 days, with possible extensions for complex requests.
  • CCPA/CPRA: 45 days for access or deletion requests, with possible 45-day extensions.

California residents may authorize an agent to submit CCPA requests on their behalf, provided we receive written proof of authorization (e.g., a signed letter or power of attorney).

Opting Out of Marketing

To unsubscribe from marketing emails, click the "Unsubscribe" link in any email or contact us at privacy@xmobility.ai. You may still receive transactional or service-related communications.

International Data Transfers

If you are located outside the United States, your information may be transferred to, stored, and processed in the United States or other countries where our servers or service providers operate. These jurisdictions may have different data protection laws. To ensure compliance, we use:

  • Standard Contractual Clauses (SCCs): For transfers to/from the EU/EEA, UK, or other regions requiring safeguards.
  • Data Protection Agreements: With third-party vendors to ensure adequate protection.
  • Adequacy Decisions: Where applicable, relying on jurisdictions deemed to have adequate data protection by the EU or other authorities.
  • Data Storage: Our primary data hosting occurs in USA, with backups and redundancy across other jurisdictions. We ensure secure and compliant cross-border data flow through Standard Contractual Clauses or similar safeguards.

By using our Services, you consent to such transfers, subject to these safeguards.

Children's Privacy

Our Services are not intended for individuals under 16 years of age. We do not knowingly collect personal information from children under 16. If we discover that such information has been collected, we will promptly delete it. If you believe a child under 16 has provided us with personal information, contact us at privacy@xmobility.ai.

Data Retention

We retain personal information only as long as necessary to fulfill the purposes outlined in this policy or as required by law. Retention periods vary based on the type of data and purpose:

  • Account Data: Retained while your account is active and for a reasonable period thereafter (e.g., 1 year for inactive accounts, unless otherwise required).
  • Transactional Data: Kept for at least 7 years to comply with tax and financial regulations.
  • Usage Data: May be retained in anonymized form for analytics purposes indefinitely.
  • Marketing Data: Retained until you opt out or the data is no longer relevant.
  • Legal Obligations: Data required for legal compliance (e.g., audit logs) is retained as mandated by law.

When data is no longer needed, we securely delete or anonymize it using industry standard methods. Data backups are maintained securely and retained for disaster recovery and audit compliance purposes for a limited time in encrypted environments.

Third-Party Links and Services

Our Services may contain links to third-party websites, applications, or services (e.g., social media platforms, payment processors, or partner sites). We are not responsible for their privacy practices or content. We encourage you to review the privacy policies of these third parties before sharing personal information.

Do Not Track Signals

Some browsers transmit "Do Not Track" (DNT) signals. As there is no uniform standard for interpreting DNT signals, our Website does not currently respond to them. You can still manage tracking preferences via our cookie consent tool or browser settings.

California Privacy Disclosures

CCPA/CPRA Disclosures

Under the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), California residents have specific rights. In the past 12 months, we may have:

  • Collected: Personal information categories listed in Section 2 (e.g., contact details, usage data, payment information).
  • Disclosed for Business Purposes: Shared personal information with service providers (e.g., hosting, analytics, payment processors) for operational purposes.
  • Sold or Shared: We do not sell personal information for monetary consideration. We may share data with advertising partners for targeted advertising, which may be considered "sharing" under CCPA/CPRA. You can opt out of this sharing viaprivacy@xmobility.ai or our cookie consent tool.

Shine the Light Law

Under California's "Shine the Light" law (Civil Code § 1798.83), California residents may request information about our sharing of personal information with third parties for direct marketing purposes. To make such a request, contact us at privacy@xmobility.ai.

Grievance Redressal (Indian Users)

In compliance with the IT Rules, we have appointed a Grievance Officer to address concerns regarding the handling of personal information and SPDI. If you have any complaints or concerns, please contact:

Grievance Officer

Email: grievance@xmobility.ai

Address: NO.2201A, 22ND FLR, World Trade Center, Brigade Gateway, Rajajinagar EXTN, Malleswaram West, Bangalore North, Bangalore-560055, Karnataka, India

Our Grievance Officer is responsible for resolving any user complaints or concerns related to the handling of personal or sensitive data and will respond within 30 days from the date of receipt of the grievance, as required by Indian law.

Changes to This Privacy Policy

We may update this Privacy Policy to reflect changes in our practices, technology, or legal requirements. Updates will be posted on this page with a revised "Effective Date." For material changes (e.g., new data uses or disclosures), we will notify you via email, a Website notice, or other reasonable means, as required by law. We encourage you to review this policy periodically.

Contact Us

For questions, concerns, or to exercise your privacy rights, please contact us at:

XMobility.ai

Email: privacy@xmobility.ai

Address: NO.2201A, 22ND FLR, World Trade Center, Brigade Gateway, Rajajinagar EXTN, Malleswaram West, Bangalore North, Bangalore-560055, Karnataka, India

EU/UK Data Protection Officer: For residents of the EU, EEA, or UK, contact our Data Protection Officer at privacy@xmobility.ai.

Complaints: If you have concerns about our data practices, you may file a complaint with us or with your local data protection authority (e.g., an EU supervisory authority or the California Attorney General).

Thank you for trusting XMobility.ai with your personal information. We are committed to protecting your privacy and providing transparent information about our data practices.