Privacy Policy
Introduction
Xavor Corporation (“Xavor” or “we”) is committed to protecting your personal information and being transparent about how we use it. This Privacy Policy explains how we collect, use, disclose, and protect personal information when you visit our website (www.xavor.com) or use our services. It also describes your rights under applicable privacy laws, including the European Union/United Kingdom General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA) (as amended by the CPRA), and how you can exercise those rights. This Policy applies to all users of our website worldwide, including in North America, Europe, and Asia. By using our site, you agree to the collection and use of information as described in this Policy. If you do not agree, please do not use the site. If you are under 18, do not provide personal information on this site without consent from a parent or guardian (we do not knowingly collect data from children under 16 and will delete such information if we become aware of it).
Information collection and use
Information You Provide to Us: We may collect personal information that you voluntarily provide, for example when you contact us through a form, register for an account or newsletter, comment on our blog, or inquire about our services. This may include your name, contact details (email, phone, address), company/organization, job title, and any other information you choose to provide. If you engage our services or make purchases, we might also collect billing or payment information (e.g. billing address, and if applicable, payment card details) for the purposes of processing transactions. We will use this information to fulfill the purposes for which you provided it (e.g. responding to your inquiry, providing the requested service, or sending you newsletters if you subscribed). You can always choose not to provide personal information; however, doing so may limit your ability to use certain site features or receive certain services.
Information Collected Automatically: Like many websites, our site and service providers automatically collect certain technical and usage data when you visit www.xavor.com. This may include:
- Device and Browser Information: IP address, browser type, device type, operating system, and other technical details about your device or network.
- Usage Data: Details about how you interact with our site, such as pages viewed, time spent on pages, links clicked, and the page that led you to our site (referring URL).
- Log Files: Our web servers and security systems keep logs that record visits to the site. These logs may include IP addresses (which can indicate general location), browser/user agent, and timestamps of access. We use this data for IT administration, to analyze trends, and for security monitoring. For example, our security tools record IP addresses and login attempts to help prevent unauthorized access and attacks. This information by itself does not identify you by name, but it can be considered personal data under privacy laws, so we treat it accordingly.
We collect the above information through the use of cookies and similar tracking technologies, as explained in the next section.
Cookies and tracking technologies
What Are Cookies: Cookies are small text files placed on your device when you visit a website. We use cookies and similar technologies (such as web beacons and local storage) to ensure our site functions properly, to understand and improve user experience, and to support our marketing and security efforts. Cookies may be set by our website (first-party cookies) or by third-party services that we use (third-party cookies).
Cookie Categories: We categorize the cookies we use by their purpose. You can manage your preferences for non-essential cookies via our cookie consent banner (described below). The cookie categories include:
- Strictly Necessary Cookies: These cookies are essential for the website to function and cannot be turned off in our systems. They enable core functionality such as security, network management, and accessibility. For example, when you log into a secure area, a necessary cookie might keep you logged in; likewise, our use of Google reCAPTCHA for spam protection places a necessary cookie to distinguish human users from bots. These cookies do not store personally identifiable information beyond what is needed for their purpose, and they are usually only set in response to actions you take on the site (like filling out forms or adjusting privacy settings). Without these cookies, the site may not perform properly.
- Functional Cookies: These cookies allow the site to remember choices you make (such as language or region selection) and provide enhanced, more personalized features. They may also be used to provide services you have asked for, like playing videos or live chat. Functional cookies may be set by us or by third-party providers whose services we have added to our pages. If you disable these cookies, some or all of these services may not function correctly. (Note: At this time, Xavor’s site makes limited use of functional cookies, but we include this category for transparency and future use.)
- Analytics/Performance Cookies: These cookies collect information about how visitors use our website, in order to measure and improve site performance. We (and third-party analytics providers) use analytics cookies to gather data on site usage – for example, which pages are most frequently visited, how users navigate through the site, and if they encounter errors. The data collected is typically aggregated and anonymized. For instance, we use Google Analytics and Microsoft Clarity cookies to understand visitor interactions. Google Analytics uses first-party cookies to track how often users visit the site, what pages they view, and other usage patterns. The information is collected in an anonymous form (Google Analytics reports overall website trends without identifying individual visitors. Microsoft Clarity’s cookies help capture behavioral metrics like heatmaps and session replays to see how users engage with our site’s design and content, which helps us improve our services. Analytics cookies will not be set unless you consent via the cookie banner (where required by law).
- Advertising/Targeting Cookies: These cookies are used to track browsing habits and activity across our site and other sites in order to deliver personalized advertisements or to limit the number of times you see an ad. They may be set through our site by advertising partners to build a profile of your interests. Currently, Xavor does not use third-party advertising or targeting cookies on our website. If that changes, we will update this Policy and obtain any necessary consents. In any case, you have the option to opt out of such cookies via the cookie banner or through browser settings.
Cookie Consent and Control (CookieYes): We use CookieYes (a cookie consent management tool) to inform you about our use of cookies and to store your preferences. When you first visit our site (and periodically as required), you will see a cookie consent banner. On this banner, you can choose to “Accept All” cookies or reject/allow certain categories of cookies according to your preference. Non-essential cookies (such as analytics cookies) are blocked by default until you give consent, in compliance with GDPR and similar laws. You can also click “Cookie Settings” on the banner (or the floating privacy preferences icon available on our site) to customize your choices. CookieYes will record and remember your consent choice by storing a necessary cookie on your browser. You can change or withdraw your consent at any time by revisiting the cookie settings (for example, by clicking the CookieYes icon or banner if available, which will be present in the footer or corner of the site for ongoing access to your preferences). In addition, most web browsers allow you to refuse or delete cookies via their settings. Please note that if you disable certain categories of cookies (via our banner or your browser), some features of the site may not function correctly.
How we use your information
We use personal information collected through our website for the following purposes:
- To Provide and Improve Our Services: We process the information you provide to respond to your inquiries, fulfill your requests (such as scheduling a consultation or providing a service demo), process transactions, and deliver the services or information you requested. We also use usage data and feedback to understand how our site and services are being used and to make improvements. For example, analytics data helps us identify which content is most useful to visitors and how we can enhance website functionality or user experience.
- Communications: If you fill out a “Contact Us” form, sign up for our newsletter, download content, or otherwise provide your email, we will use your contact information to communicate with you. This may include sending you requested information, updates about our services or products, company news, or marketing communications (if you have opted in to receive them). You can opt out of marketing emails at any time by using the unsubscribe link in the message or contacting us directly. (Transactional or service-related communications, such as responses to inquiries or service notifications, may be sent even if you opt out of marketing, as they are necessary for providing our services.)
- Cookies & Analytics: As detailed above, we use data collected via cookies and similar technologies to carry out analytics, measure site performance, and understand user preferences. The insights we gain from tools like Google Analytics and Microsoft Clarity are used solely for our internal purposes – to improve content, navigation, and overall user experience on our site. For instance, we may use aggregated visitation data to determine which blog topics are most popular or to troubleshoot technical issues on certain pages.
- Security and Fraud Prevention: We use personal data (particularly automatically collected technical data like IP addresses and device info) to maintain the security of our website, services, and users. This includes using Google reCAPTCHA on our web forms to block spam and abuse – reCAPTCHA analyzes information about your interaction with the site to determine if you are a human user and not an automated bot. We also maintain server logs and employ security software (such as firewalls and login protection tools) that monitor activity for signs of malicious behavior. Information like IP addresses, user agent, and browsing actions may be processed for these security purposes. We use this data only to protect against fraudulent, harmful, or unauthorized activities and do not use it for any marketing or profiling beyond security. (Google mandates that data collected via reCAPTCHA is only used for abuse prevention/security and not for any other purpose.)
- Legal Compliance and Protection: We may use or disclose personal information as necessary to comply with applicable laws, regulations, legal processes, or enforceable governmental requests. For example, if we are required by a valid subpoena or court order, we will provide the minimum necessary information in response. We may also process and disclose data to investigate or enforce our agreements, to protect the rights and safety of Xavor, our customers, or others, or as evidence in litigation in which we are involved. (See Disclosure of Your Information below for more details on when we may share data.)
We will not use the personal information we collected for materially different, unrelated, or incompatible purposes without updating this Policy or obtaining your consent as required by law.
Disclosure of your information (how we share data)
Xavor does not sell your personal information to third parties for monetary consideration. We also do not share your personal information for cross-context behavioral advertising (as defined under California law) without your consent. However, we do share personal data with certain third parties under the following circumstances, and only as needed to fulfill the purposes described in this Policy:
- Service Providers: We share information with third-party service providers and partners who perform services on our behalf or assist us in operating our website and business. These include:
- Web Hosting and Infrastructure: Our website is hosted on WP Engine, a managed WordPress hosting provider. All data that you submit to our site or that is collected by our site (including personal information) will be stored on WP Engine’s servers. WP Engine may process personal data on our behalf as needed to provide their services – for example, they handle data storage, backup and recovery, caching, and security monitoring for the site. WP Engine may incidentally have access to personal information (such as in server logs or in database backups), but they are contractually prohibited from using it for any purpose other than providing hosting services to us. In other words, any personal data processed by WP Engine remains under Xavor’s control and instructions. WP Engine will only disclose such data to their own sub-processors as needed to deliver the hosting service (for example, cloud infrastructure providers), and they must do so in compliance with applicable privacy laws. WP Engine is a company based in the United States; however, it participates in the EU-U.S. Data Privacy Framework and UK Extension, which means it has certified to provide an adequate level of protection for personal data transferred from the EU/UK to the U.S. (See International Data Transfers below for more on how we safeguard data in such cases.)
- Analytics Providers: As noted, we use Google Analytics and Microsoft Clarity to collect usage information. These are third-party services provided by Google LLC (Google Analytics) and Microsoft Corporation (Clarity). The information generated by analytics cookies about your use of the site (e.g. your IP address, device identifiers, browsing actions, etc.) may be transmitted to and stored on Google’s and Microsoft’s servers (which could be in the United States or other countries). Google Analytics helps us understand website traffic and usage patterns; it reports aggregate trends and provides insight without identifying individual users. Microsoft Clarity captures user interaction data such as clicks, scrolls, and session replays, which we review to improve our site design and fix usability issues. These providers act as our data processors for analytics, meaning they are authorized to use the data collected only to provide analytics services to us and not for their own purposes (Google Analytics data may also be used by Google for improving their analytics platform, but it is bound by Google’s Privacy Policy and terms). We have configured Google Analytics to anonymize IP addresses where applicable (for users in the EU, your IP will be truncated to remove the last octet before storage, reducing identifiability). We do not allow Google Analytics to use or share our analytics data for ad personalization. Google’s ability to use and share information collected by Google Analytics about your visits is governed by the Google Analytics Terms of Use and the Google Privacy Policy. Similarly, Microsoft Clarity’s usage of data is covered by the Microsoft Privacy Statement. You can opt out of Google Analytics tracking by refusing analytics cookies on our site, or by using Google’s Analytics Opt-Out Browser Add-on.
- Security / Anti-Spam: We use Google reCAPTCHA (v2 and/or v3) on our website forms (such as contact forms) to prevent spam and abuse. This is a service provided by Google LLC. When reCAPTCHA is enabled on a page, it may collect hardware and software information, such as your IP address, browser characteristics, and user interactions (e.g., mouse movements or clicks), and send that data to Google for analysis. Google uses this information to determine whether you are a human user and not a bot. According to Google’s requirements, we disclose that the reCAPTCHA service is subject to the Google Privacy Policy and Terms of Service. In practice, that means the data collected by reCAPTCHA is handled by Google in accordance with their privacy practices. We only implement reCAPTCHA to secure our site and do not use the information it collects for any advertising or profiling. By using our forms protected by reCAPTCHA, you acknowledge that Google will process certain data for security purposes. (You will typically see a notice near any reCAPTCHA-protected form stating “This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply”.) If you do not wish to have this data collected, please refrain from using our online forms; you may contact us through alternative means such as direct email.
- Other Vendors: Xavor may share data with other third-party vendors in order to run our business or provide specific services to you – for example, an email delivery service (to send out newsletters or transactional emails), a customer relationship management (CRM) tool to organize inquiries, or a scheduling platform if you book a meeting with us. These vendors will have access to personal information only as necessary to perform their functions and are contractually bound to protect it and use it only for our purposes. We ensure that all such providers commit to appropriate confidentiality and data protection obligations. (If you have specific questions about our current service providers, you may contact us for more information.)
- Within Our Corporate Group: Xavor Corporation is a global company with offices and affiliates in multiple countries. We may share personal information internally within our corporate family (e.g., between our U.S. headquarters and our branch offices in other regions) as needed to fulfill the purposes outlined in this Policy. For example, if you submit a contact request from Europe or Asia, it might be handled by staff in our U.S. office or vice versa, depending on your inquiry. All internal transfers of personal data are subject to strict access controls and are on a need-to-know basis. Our internal use and sharing of data will remain consistent with this Policy (we treat your data with the same level of protection regardless of which office or country is processing it).
- Legal Requirements and Business Transfers: We may disclose personal information to third parties if we believe in good faith that such disclosure is necessary to: (a) comply with a law, regulation, legal process, or government request; (b) enforce or apply our Terms of Service or other agreements; (c) investigate, detect, prevent, or address fraud, security, or technical issues; or (d) protect the rights, property, or safety of Xavor, our users, customers, or others (such as exchanging information with other companies for fraud protection or credit risk reduction, as permitted by law). Additionally, if Xavor is involved in a merger, acquisition, financing due diligence, reorganization, bankruptcy, receivership, sale of company assets, or transition of service to another provider, your information may be transferred as part of such a transaction. In such cases, we will ensure the recipient is bound to respect your personal data in a manner consistent with this Privacy Policy or we will notify you and obtain consent if required by law.
Except for the scenarios above, we will not share, sell, or rent your personal information to third parties without your consent. We do not disclose personal data to unaffiliated third parties for their own direct marketing purposes. If any sharing of personal information falls outside the scope of this Policy, we will seek your permission where required.
Data security
We take the security of your personal information seriously. Xavor implements appropriate technical and organizational measures to protect your data from unauthorized access, alteration, disclosure, or destruction. These measures include encryption of sensitive data in transit (for example, our site uses SSL/TLS encryption – you will see a padlock icon or “https://” in your browser address bar when accessing pages that collect personal information, indicating your connection is secure). We maintain up-to-date firewall and security protocols on our hosting platform, and our website is regularly monitored for vulnerabilities and attacks. Personal data is stored on secure servers managed by our hosting provider (WP Engine) which employs robust security measures and access controls. Within Xavor, access to personal information is restricted to authorized employees and contractors who need the data to perform their job duties (for example, a customer support representative or IT administrator), and they are bound by confidentiality obligations. We train our staff on data privacy and security practices. Additionally, we periodically review our security procedures to consider appropriate new technology and methods.
Despite our efforts, no security measure or method of transmission over the Internet is 100% guaranteed. Therefore, while we strive to protect your personal information, we cannot warrant absolute security. However, in the unlikely event of a data breach that affects your personal data, we will notify you and the appropriate authorities as required by law. If you have any questions about the security of our website or systems, you can contact us using the information in the Contact Us section below.
Data retention
We will retain your personal information only for as long as necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. For example, if you contact us with a question, we’ll retain your contact details for as long as is needed to respond and follow up, then a reasonable period thereafter in case you have additional questions. If you have an ongoing relationship with Xavor (e.g., you are a client or subscribe to our newsletter), we will retain your information for the duration of that relationship and for a period afterward as necessary and relevant to our legitimate interests, such as maintaining records of transactions for financial reporting, or as required by applicable law (for instance, certain commerce or tax laws may require retention of transaction data for a number of years). Usage data collected via Google Analytics, Microsoft Clarity, and similar tools may be stored in aggregated form for longer periods for historical analysis, but this data is not personally identifiable. We also regularly review and anonymize or delete data that is no longer needed. For instance, web server logs are generally rotated and purged periodically if not required for security analysis. When we no longer have a legitimate need or legal obligation to keep your personal information, we will securely delete it or anonymize it. If deletion is not possible (for example, because the data is stored in backup archives), we will isolate the data from further processing until deletion is feasible.
International data transfers
Xavor is headquartered in the United States, and our website is primarily hosted in the U.S. Additionally, we have team members and service providers in other countries (such as Pakistan and China, as well as partners in Europe and elsewhere). This means that your personal information may be transferred to, stored in, or accessed from countries other than your home country. In particular, if you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, please note that personal data we collect from you on our site will likely be transferred to the United States (and potentially to other countries where our affiliates or service providers operate).
We are mindful of our obligations under GDPR and other laws regarding international data transfers. Whenever we transfer personal data out of the EEA/UK, we ensure that at least one of the following safeguards is implemented:
- Standard Contractual Clauses: We may rely on the European Commission’s Standard Contractual Clauses (SCCs) or equivalent mechanisms under UK law as a lawful transfer mechanism. These are contractual commitments between the transferring and receiving parties designed to protect personal data exported from Europe. In practice, this means that Xavor has agreements in place with our non-EU service providers (like WP Engine, Google, Microsoft) which incorporate the SCCs, obligating them to protect European personal data to EU privacy standards regardless of where it is processed.
- Data Privacy Framework: Where applicable, we may rely on certifications to an approved data transfer framework. For example, our hosting provider WP Engine is an active participant in the EU-U.S. Data Privacy Framework (and the UK Extension and Swiss-U.S. Framework), which confirms that WP Engine adheres to rigorous privacy principles for data transferred from the EU/UK to the U.S. Similarly, Google and Microsoft have certified compliance with the EU-U.S. Data Privacy Framework for relevant services, which provides another layer of protection and compliance for personal data transferred to the U.S.
- Your Consent or Other Lawful Bases: In some cases, we may request your explicit consent for certain international transfers or rely on another lawful basis permitted by applicable law to transfer data (for example, when the transfer is necessary for the performance of a contract with you, or to fulfill a compelling legitimate interest that does not override your rights).
Regardless of the method, Xavor will always take steps to ensure that any international transfer of personal data is subject to appropriate safeguards and that your rights are protected. This includes careful vetting of our service providers, implementing robust data protection agreements, and monitoring legal developments in data transfer law. If you have questions about the international transfer of your personal data or if you would like to obtain a copy of the applicable safeguards, you can contact us (see Contact Us below).
Your privacy rights
Depending on your jurisdiction, you have certain rights regarding your personal information. Xavor is committed to honoring these rights and has processes in place for you to exercise them. Below, we outline the rights available under GDPR (for individuals in the EEA and UK) and under the CCPA (for California residents). If you are located in another region (for example, Canada or Australia) that grants additional privacy rights, you may contact us to exercise similar rights, and we will accommodate your request to the extent required by law.
Rights under GDPR (EEA/UK)
If you are in the European Economic Area, United Kingdom, or a jurisdiction with similar laws, you have the following rights with respect to your personal data, in accordance with GDPR and local data protection law:
- Right to Access: You have the right to request confirmation of whether we are processing your personal data, and if so, to request a copy of the data and certain information about how we use and share it.
- Right to Rectification: You have the right to request that we correct or update any inaccurate or incomplete personal data we hold about you. We encourage you to contact us to keep your information up-to-date or if you find any inaccuracies.
- Right to Erasure (Right to be Forgotten): You can ask us to delete or remove your personal data in certain circumstances. For example, if the data is no longer necessary for the purposes it was collected, or if you withdraw consent (where the processing was based on consent) and we have no other legal basis to continue processing, or if you object to processing (see below) and we have no overriding legitimate grounds. Please note that this right is not absolute – sometimes we may retain certain information as required by law or for legitimate business purposes (we will inform you if that is the case).
- Right to Restrict Processing: You have the right to request that we limit the processing of your personal data in certain situations – for instance, if you contest the accuracy of the data, you can request we restrict processing while we verify the accuracy; or if processing is unlawful, you may ask for restriction instead of deletion. When processing is restricted, we will still store your data but not use it further until the restriction is lifted.
- Right to Data Portability: You have the right to obtain your personal data that you provided to us in a structured, commonly used, and machine-readable format, and to transmit that data to another controller where technically feasible. This right applies when the processing is based on your consent or a contract with you, and carried out by automated means.
- Right to Object: You have the right to object to our processing of your personal data when such processing is based on our legitimate interests (or those of a third party) and you feel it impacts your fundamental rights and freedoms. You also have the absolute right to object to processing of your personal data for direct marketing purposes at any time. If you object, we will no longer process your personal information for the relevant purposes unless we have compelling legitimate grounds that override your interests, rights, and freedoms or need to continue processing for the establishment, exercise, or defense of legal claims.
- Right to Withdraw Consent: Where we rely on your consent to process personal data (for example, for optional marketing communications or certain cookies), you have the right to withdraw that consent at any time. Withdrawing consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, and it will not affect processing that is based on other lawful bases. If you withdraw consent for cookies, you can adjust your preferences via the CookieYes banner or your browser as described above. For email marketing, you can use the “unsubscribe” link in the email or contact us.
- Right to Not Be Subject to Automated Decisions: Xavor does not make any legally significant decisions about you based solely on automated decision-making, including profiling, as defined under GDPR. In the event we ever do so, you would have the right to not be subject to a decision based only on automated processing that significantly affects you, and to request human intervention or an opportunity to contest the decision.
To exercise any of your GDPR rights, please contact us at [email protected] with your request. We may need to verify your identity before fulfilling the request (to ensure we do not disclose data to an unauthorized person). We will respond to your request within one month, or inform you if we need an extension of time. You also have the right to lodge a complaint with your local Data Protection Authority if you believe that we have infringed your privacy rights. However, we encourage you to contact us first so we can address your concerns directly.
California privacy rights (CCPA/CPRA)
If you are a resident of California, you are entitled to certain rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA) amendments. The following rights apply to you (subject to some exceptions under the law):
- Right to Know: You have the right to request that we disclose what personal information we have collected about you in the past 12 months, including the categories of personal information, the categories of sources from which it was collected, the business or commercial purpose for collecting (or sharing, if applicable) the information, the categories of third parties to whom we disclosed personal information, and the specific pieces of personal information we have collected about you. Upon a verified request, we will provide the required information in a readily usable format, either electronically or by mail. (Please note we are not required to provide the data more than twice in a 12-month period.)
- Right to Delete: You have the right to request that we delete personal information we have collected from you (and direct our service providers to do the same), subject to certain exceptions. Once we receive and confirm your verifiable consumer request, we will delete (and notify our providers to delete) your personal information from our records, unless an exception applies. For example, we may retain data needed to complete a transaction or provide a service you requested, to detect security incidents, to comply with a legal obligation, or other purposes permitted by CCPA. If we deny a deletion request, we will inform you of the reason.
- Right to Correct: Under the CPRA (effective 2023), California residents have the right to request the correction of inaccurate personal information maintained about them. If you become aware that any personal information we maintain is incorrect, please submit a request for correction. Upon verification and consideration of the request, we will correct the information as you direct, or explain why we cannot fulfill the request if an exception applies.
- Right to Opt-Out of Sale or Sharing: You have the right to opt out of the sale of your personal information or the sharing of your personal information for cross-context behavioral advertising purposes. “Sale” in CCPA is broadly defined to include certain disclosures of personal information for valuable consideration, and “sharing” refers to providing data to third parties for targeted advertising. Xavor does not sell personal information for money, and we do not share your personal information for targeted advertising except possibly through the use of third-party analytics or similar tools that could be considered “sharing” under California law. To be safe and fully compliant, we treat analytics/tracking data as subject to opt-out upon request. We have provided a “Do Not Sell or Share My Personal Information” link on our website (in the footer of www.xavor.com) to enable California consumers to exercise this right easily. If you click that link (or use a browser-based opt-out signal, discussed below), we will honor your request by disabling non-essential third-party data transfers (such as certain analytics cookies) for your browser and/or by adding your details to an opt-out list. You may also submit an opt-out request by contacting us as described below. We do not knowingly sell or share the personal information of consumers under 16 years of age without affirmative authorization.
- Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA rights. This means we will not deny you goods or services, charge you a different price, or provide a different level or quality of service just because you exercised your rights. However, please understand that if the exercise of your rights limits our ability to process your personal information (for example, if you request deletion of all your data), we may not be able to provide you with certain services that rely on that data. In such cases, we will explain the situation to you so you can make an informed decision.
Exercising Your California Rights: If you are a California resident and wish to exercise your Right to Know, Delete, Correct, or Opt-Out, you (or an authorized agent acting on your behalf) can submit a request to us by email at [email protected] or via the “Do Not Sell or Share” link in our website footer for opt-outs. Please specify which right you intend to exercise and provide sufficient information for us to verify you (such as your name, email address, and relationship with Xavor). For your protection, we will only fulfill requests when we have confidence in the requester’s identity. The level of verification may depend on the sensitivity of the information – e.g., for a request for specific pieces of personal information, we may require a signed declaration under penalty of perjury that you are the consumer whose data is requested. If you use an authorized agent, we may require proof of that authorization (such as a written permission). We will respond to your request within 45 days as required by CCPA (or inform you in writing if we need more time, up to an additional 45 days). Any disclosures we provide will cover the 12-month period preceding the request, or as otherwise required by law. For opt-out requests, we will comply as soon as feasibly possible (generally within 15 business days).
Opt-Out Preference Signals (Global Privacy Control): If our site detects a valid browser or device signal that is meant to communicate your preference to opt out of the sale or sharing of personal information (such as the Global Privacy Control (GPC) signal), we will treat that as a legitimate opt-out request under CCPA. In other words, you do not have to click the “Do Not Sell or Share” link if your browser is already sending the GPC signal – our site will honor it by automatically blocking non-essential trackers for that browser. You can find more information about GPC and how to enable it on your browser at the Global Privacy Control website.
If you have any questions about your California privacy rights or need assistance exercising them, please contact us at [email protected]. We are committed to responding to legitimate requests and to ensuring that you can exercise your privacy rights.
Links to other sites
Our website contains links to third-party websites, including our pages on external platforms like LinkedIn, Instagram, Facebook, and YouTube. Please be aware that Xavor is not responsible for the content or privacy practices of those external sites. This Privacy Policy applies solely to information collected by Xavor on our own website and services. When you click a link to an external site, you will be subject to that site’s terms and privacy policy. We encourage you to read the privacy statements of any other websites you visit, especially if you provide personal information to them.
Changes to this privacy policy
We may update or revise this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or for other operational reasons. If we make material changes to the way we collect or use personal information, we will provide prominent notice on our website (for example, by posting a notice on our homepage or alert banner) and/or obtain your consent if required by law. The “Last Updated” date at the top of this Policy indicates when the latest changes were made. We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information. Your continued use of our website after any changes to this Policy constitutes acceptance of the updated terms.
Contact us
If you have any questions, concerns, or comments about this Privacy Policy or our data practices, or if you wish to exercise your privacy rights or preferences, please contact us using the information below. We will be happy to assist you and will respond as promptly as we can:
Email: [email protected]
Postal Address: Xavor Corporation
2211 Michelson Drive, Suite 900
Irvine, CA 92612, USA
You may also reach us by phone at +1 949-264-1472 during our business hours for urgent privacy matters, or contact your nearest Xavor office (see our website for contact details in other regions) and request to speak with the Privacy Officer.
Thank you for reading our Privacy Policy. Your trust is important to us, and we are dedicated to keeping your personal information safe and respecting your privacy.
Customer Service
Xavor Corporation