XIO AI Solutions
XIOAI Solutions

Privacy Policy

Last updated: May 26, 2026

1. Introduction

Xio AI (“we,” “our,” or “us”) operates the xioai.co website and platform. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website or use our services. By using Xio AI, you agree to the collection and use of information in accordance with this policy.

2. Information We Collect

2.1 Account Information

When you create an account, we collect your name, email address, and password (hashed). If you sign in with Google OAuth, we receive your name, email, and profile picture from Google. This data is stored securely in our PostgreSQL database via Prisma ORM.

2.2 Payment Information

We use Stripe to process payments. When you subscribe to a paid plan (Founder Pro or Agency Scale), Stripe collects your payment card details directly. We store only your Stripe Customer ID, Subscription ID, Price ID, and billing period — never your full card number.

2.3 Usage Data

We collect data about how you interact with the platform, including: pages visited, features used, tool submissions (email grading, text optimization, SDR calculations), lead searches, sequence enrollments, and API requests. This helps us improve the product and enforce plan limits.

2.4 Analytics

We use Google Analytics 4 (GA4) to collect anonymized usage statistics including page views, session duration, device type, geographic region, and conversion events (e.g., signup, demo booking, checkout). Google Analytics uses cookies to identify returning visitors. You can opt out of Google Analytics by installing the Google Analytics opt-out browser extension.

2.5 AI-Processed Data

When you use our AI-powered features (email humanizer, email rewriter, lead enrichment, AI agent evaluator, automated sequences), your input text is processed by third-party large language model (LLM) APIs. We do not use your data to train AI models. Processed outputs are returned to you and may be stored in your account for your reference.

2.6 AI Calling Data

If you use the AI phone calling feature (powered by Bland.ai), call recordings, transcripts, summaries, and metadata (duration, status) are stored in our database and linked to your account. You may delete call records at any time from your dashboard.

2.7 Email & SMTP Data

If you configure custom SMTP settings for outbound sequences, we store your SMTP credentials (encrypted) to send emails on your behalf. Email content, open/click tracking, and delivery status are stored for campaign analytics.

3. How We Use Your Information

  • Provide, operate, and maintain the platform and its features
  • Process payments and manage your subscription
  • Send transactional emails (welcome, password reset, billing)
  • Enforce plan usage limits and prevent abuse
  • Improve product quality through aggregated analytics
  • Respond to support requests and communications
  • Detect and prevent fraud or security incidents

4. Third-Party Services

We share data with the following third-party services as necessary to operate the platform:

  • Stripe — Payment processing. Subject to Stripe's Privacy Policy.
  • Google — OAuth authentication and Google Analytics. Subject to Google's Privacy Policy.
  • Bland.ai — AI phone calling. Call data is processed per their terms.
  • LLM Providers — AI text processing for features like the humanizer, email rewriter, and lead enrichment.

5. Cookies

We use cookies for: session management (NextAuth session token), analytics (Google Analytics _ga cookies), and user preferences. Essential cookies are required for the platform to function. Analytics cookies can be disabled through your browser settings.

6. Data Security

We implement industry-standard security measures including: HTTPS encryption in transit, password hashing (bcrypt), secure HTTP headers (HSTS, X-Content-Type-Options, Referrer-Policy, Permissions-Policy), and access controls on administrative functions. However, no method of transmission over the Internet is 100% secure, and we cannot guarantee absolute security.

7. Data Retention

We retain your account data for as long as your account is active. If you delete your account, we will delete your personal data within 30 days, except where we are required to retain it for legal or compliance purposes. Aggregated, anonymized data may be retained indefinitely for analytics.

8. Your Rights

Depending on your jurisdiction, you may have the following rights:

  • Access — Request a copy of the personal data we hold about you
  • Correction — Request correction of inaccurate personal data
  • Deletion — Request deletion of your personal data
  • Portability — Request your data in a portable format
  • Opt-out — Opt out of marketing communications at any time

For GDPR (EU/EEA) and CCPA (California) requests, contact us at support@xioai.co. We will respond within 30 days.

9. Children's Privacy

Xio AI is not intended for use by individuals under the age of 18. We do not knowingly collect personal data from children. If we learn that we have collected data from a child, we will delete it promptly.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by posting the new policy on this page and updating the “Last updated” date. Continued use of the platform after changes constitutes acceptance of the updated policy.

11. Contact Us

If you have questions about this Privacy Policy or our data practices, contact us at: support@xioai.co