Privacy Policy

1. Introduction

XS2Content B.V. ("we," "our," or "us") is committed to protecting your privacy and ensuring the security of your personal data. This Privacy Policy explains how we collect, use, process, and protect your personal information when you use our AI-powered content transformation platform and related services.

This Privacy Policy applies to all users of XS2Content Hub, including visitors to our website, account holders, and enterprise customers. By using our services, you acknowledge that you have read and understood this Privacy Policy and agree to the processing of your personal data as described herein.

We are committed to compliance with the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and other applicable data protection laws.

2. Data Controller Information

XS2Content B.V. acts as the data controller for the personal data we process through our services. Our contact details are:

3. What Data We Collect

We collect various types of personal data to provide and improve our services. The data we collect includes:

Account Information

• Contact Details: Name, email address, phone number, company name
• Account Credentials: Username, encrypted password, account preferences
• Profile Information: Job title, department, profile picture (optional)
• Billing Information: Billing address, payment method details, tax information

Content Data

• Uploaded Content: Text, images, audio, video files you upload for transformation
• Generated Content: AI-processed outputs and transformations
• Project Data: Pipeline configurations, processing settings, project metadata
• Usage Data: Processing history, feature usage, API calls

Technical Information

• Device Information: Browser type, operating system, device identifiers
• Network Data: IP address, location data (country/region level)
• Usage Analytics: Page views, feature usage, session duration
• Performance Data: Error logs, processing times, system performance metrics

Communication Data

• Support Communications: Messages, tickets, feedback, and support interactions
• Marketing Communications: Newsletter subscriptions, marketing preferences
• Event Data: Webinar attendance, training session participation

4. How We Use Your Data

We use your personal data for the following purposes:

Purpose	Data Used	Legal Basis
Service Provision	Account info, content data, technical info	Contract performance
Content Processing	Uploaded content, processing settings	Contract performance
Account Management	Contact details, account credentials	Contract performance
Billing & Payments	Billing info, usage data, account details	Contract performance
Customer Support	Contact info, communication data, technical info	Legitimate interest
Service Improvement	Usage analytics, performance data (anonymized)	Legitimate interest
Security & Fraud Prevention	Technical info, usage patterns, account data	Legitimate interest
Marketing Communications	Contact details, communication preferences	Consent
Legal Compliance	All data types as required	Legal obligation

5. Legal Basis for Processing

Under GDPR, we process your personal data based on the following legal grounds:

Contract Performance

We process your data to fulfill our contractual obligations to provide the XS2Content Hub services, including content transformation, account management, and billing.

Legitimate Interest

We have legitimate interests in:

• Improving our services and developing new features
• Ensuring the security and integrity of our platform
• Providing customer support and technical assistance
• Analyzing usage patterns to optimize performance
• Preventing fraud and unauthorized access

Consent

We obtain your explicit consent for:

• Marketing communications and newsletters
• Non-essential cookies and tracking technologies
• Sharing data with third parties for non-service purposes
• Processing special categories of personal data (if applicable)

Legal Obligation

We process data when required by law, including:

• Tax and accounting requirements
• Regulatory compliance and reporting
• Response to legal requests and court orders
• Anti-money laundering and fraud prevention

6. Data Sharing and Disclosure

We do not sell your personal data. We may share your data in the following limited circumstances:

Service Providers

We work with trusted third-party service providers who help us operate our platform:

• Cloud Infrastructure: Amazon Web Services (AWS), Google Cloud Platform
• Payment Processing: Stripe, PayPal for secure payment handling
• Analytics: Google Analytics (anonymized data only)
• Customer Support: Zendesk, Intercom for support ticket management
• Email Services: SendGrid, Mailchimp for transactional and marketing emails

Business Transfers

In the event of a merger, acquisition, or sale of assets, your data may be transferred to the new entity, subject to the same privacy protections.

Legal Requirements

We may disclose your data when required by law or to:

• Comply with legal processes and court orders
• Respond to lawful requests from public authorities
• Protect our rights, property, or safety
• Investigate and prevent fraud or security breaches

7. Data Retention

We retain your personal data only as long as necessary for the purposes outlined in this policy:

Data Type	Retention Period	Rationale
Account Information	Duration of service + 7 years	Service provision and legal compliance
Content Data	As specified by user settings	User-controlled retention
Billing Records	7 years after last transaction	Tax and accounting requirements
Support Communications	3 years after case closure	Service improvement and training
Usage Analytics	2 years (anonymized after 6 months)	Service optimization
Marketing Data	Until consent withdrawal	Marketing communications

8. Your Privacy Rights

Under GDPR and other privacy laws, you have the following rights regarding your personal data:

How to Exercise Your Rights

To exercise any of these rights, please contact our Data Protection Officer at [email protected]. We will respond to your request within 30 days and may request additional information to verify your identity.

9. Data Security

We implement comprehensive security measures to protect your personal data:

Technical Safeguards

• Encryption: All data is encrypted in transit (TLS 1.3) and at rest (AES-256)
• Access Controls: Role-based access with multi-factor authentication
• Network Security: Firewalls, intrusion detection, and monitoring systems
• Regular Updates: Prompt security patches and system updates

Organizational Measures

• Staff Training: Regular privacy and security training for all employees
• Background Checks: Security screening for personnel with data access
• Incident Response: Established procedures for security breach response
• Regular Audits: Third-party security assessments and penetration testing

Compliance Certifications

• SOC 2 Type II compliance
• ISO 27001 information security management
• GDPR compliance and regular assessments
• Annual third-party security audits

10. International Data Transfers

We primarily process data within the European Union, but may transfer data internationally for specific purposes:

Adequacy Decisions

We only transfer data to countries with an adequate level of data protection as determined by the European Commission, or implement appropriate safeguards such as:

• Standard Contractual Clauses (SCCs) approved by the European Commission
• Binding Corporate Rules for multinational service providers
• Certification schemes and codes of conduct

US Data Transfers

For transfers to the United States, we rely on:

• EU-US Data Privacy Framework for certified organizations
• Standard Contractual Clauses with additional safeguards
• Specific consent for limited data transfers

11. Cookies and Tracking

We use cookies and similar technologies to improve your experience and analyze usage. For detailed information about our cookie practices, please see our Cookie Policy.

Cookie Categories

• Essential Cookies: Required for basic platform functionality
• Analytics Cookies: Help us understand how you use our services
• Marketing Cookies: Used for personalized advertising (with consent)
• Preference Cookies: Remember your settings and preferences

12. Children's Privacy

Our services are not directed to children under 16 years of age. We do not knowingly collect personal data from children under 16. If we become aware that we have collected personal data from a child under 16, we will take steps to delete such information promptly.

If you are a parent or guardian and believe your child has provided us with personal data, please contact us at [email protected].

13. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make significant changes, we will:

• Post the updated policy on our website
• Update the "Last Modified" date
• Send email notifications to registered users
• Provide prominent notice of material changes
• Obtain new consent where required by law

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your data.

14. Contact Information