Privacy Policy

Effective Date: 2025-09-25  ·  Last updated: 2025-09-25

Xpometer (“we,” “our,” or “us”) is committed to protecting your privacy. This Privacy Policy explains how we process your personal data as a data controller. This Privacy Policy applies to our website, and its associated subdomains (collectively, our “Service”) alongside our application, Xpometer. Please also review our Terms of Service https://xpometer.com/terms for other details and conditions regarding your use of the Xpometer application.

Please note that if you are usually resident in the European Economic Area or the UK, this Privacy Policy is supplemented with the Additional Information for Individuals in Europe and the UK. This Additional Information does not apply if you are usually resident elsewhere. In the event of any conflict between the terms of this Privacy Policy and the Additional Information for Individuals in Europe and the UK, the latter shall prevail.

Definitions and key terms

To help explain things as clearly as possible in this Privacy Policy, every time any of these terms are referenced, are strictly defined as:

  • Cookie: small amount of data generated by a website and saved by your web browser. It is used to identify your browser, provide analytics, remember information about you such as your language preference or login information.
  • Company: when this policy mentions “Xpometer”, “Company,” “we,” “us,” or “our,” it refers to Xpometer Ltd, (Street, Postal code, Malta) that is responsible for your information under this Privacy Policy.
  • Country: where Xpometer or the owners/founders of Xpometer are based, in this case is Malta.
  • Customer: refers to the company, organization or person that signs up to use the Xpometer Service to manage the relationships with your consumers or service users.
  • Device: any internet connected device such as a phone, tablet, computer or any other device that can be used to visit Xpometer and use the services.
  • IP address: Every device connected to the Internet is assigned a number known as an Internet protocol (IP) address. These numbers are usually assigned in geographic blocks. An IP address can often be used to identify the location from which a device is connecting to the Internet.
  • Personnel: refers to those individuals who are employed by Xpometer or are under contract to perform a service on behalf of one of the parties.
  • Personal Data: any information that directly, indirectly, or in connection with other information — including a personal identification number — allows for the identification or identifiability of a natural person.
  • Service: refers to the service provided by Xpometer as described in the relative terms (if available) and on this platform.
  • Third-party service: refers to advertisers, contest sponsors, promotional and marketing partners, and others who provide our content or whose products or services we think may interest you.
  • Website: Xpometer site, which can be accessed via this https://xpometer.com.
  • You: a person or entity that is registered with Xpometer to use the Services.

What Information Do We Collect?

We collect and process your personal data – and when legally required, where we have a legal basis to do so. This includes when you visit our website, register on our site, place an order, subscribe to our newsletter, respond to a survey, fill out a form, or use our Services.

Contact information:

  • Name / Username
  • Phone Numbers
  • Email Addresses

Technical Information:

  • IP addresses
  • Device information (type, operating system, browser)
  • Location data (general geographic location)
  • Connection speed and technographics
  • Website usage data and analytics
  • Cookies and similar tracking technologies
  • Session data
  • Log file data

Account & Transaction Information:

  • Payment information (credit card details, billing information)
  • Transaction history
  • Account preferences and settings
  • Language preferences
  • Login credentials

Communication & Interaction Data:

  • Survey responses
  • Form submissions
  • Newsletter subscriptions
  • Customer service interactions
  • Social media information (when voluntarily provided)

Professional Information:

  • Company/organization name
  • Business information
  • Professional relationships
  • Job Titles

How Do We Use The Information We Collect?

We process your personal data only for specified, explicit and legitimate purposes, including:

  • To personalize your experience (your information helps us to better respond to your individual needs)
  • To improve our website (we continually strive to improve our website offerings based on the information and feedback we receive from you)
  • To improve customer service (your information helps us to more effectively respond to your customer service requests and support needs)
  • To process transactions
  • To administer a contest, promotion, survey or other site feature
  • To send periodic emails (excluding service emails)
  • To provide Services to you and perform our contract with you; and
  • To carry out product improvement.

When does Xpometer use end user information from third parties?

Where we process End User Data as a data processor on behalf of our customers, we do so in accordance with our data processing agreements and our customers' instructions.

Processing of Publicly Available Data

Xpometer collects and analyses data from public sources to provide our application services. When acting as a data processor on behalf of our clients, we collect and analyse data from the Internet, and track various online sources including forums, blogs, and online news websites and social media platforms. We only process information that is publicly available and do so pursuant to our clients' instructions and in accordance with our data processing agreements with them.

When processing publicly available data on behalf of our clients, we may process the following personal data:

  • Identification data (name, username, user identification, and geographical area)
  • Personal characteristics (age, gender, and family status)
  • Professional and educational background
  • Pictures and videos
  • Any other information published on websites or third-party platforms that fall within the scope of our clients' monitoring requirements

While we collect the personal data listed above from public sources, our analysis primarily uses aggregate data.

Our clients implement strict limitations on the topics we monitor and ensure that our personnel accessing and using public source databases are bound by clear instructions and confidentiality obligations.

Important Note for End Users: When we process publicly available personal data, we act as a data processor on behalf of our clients (your employer, organization, or the company using our services). Our clients are the data controllers responsible for determining the purposes and means of processing. If you have questions or concerns about how your publicly available personal data is being processed, please contact the organization that is using our services directly. You may also contact us, and we will direct your inquiry to the appropriate client organization.

When does Xpometer use customer information from third parties?

We receive some information from the third parties when you contact us. For example, when you submit your email address to us to show interest in becoming a Xpometer customer, we receive information from a third party that provides automated fraud detection services to Xpometer. We also occasionally collect information that is made publicly available on social media websites.

You can control how much of your information social media websites make public by visiting these websites and changing your privacy settings.

Do we share the information we collect with third parties?

We may share your personal data with third parties, subject to applicable laws. This may include sharing with advertisers, contest sponsors, promotional and marketing partners, and others who provide our content or whose products or services we think may interest you (subject to your consent where required by law). We may also share it with our current and future affiliated companies and business partners, and if we are involved in a merger, asset sale or other business reorganization, we may also share or transfer your personal and non-personal information to our successors-in-interest.

We may engage trusted third party service providers to perform functions and provide services to us, such as hosting and maintaining our servers and the website, database storage and management, e‑mail management, storage marketing, credit card processing, customer service and fulfilling orders for products and services you may purchase through the website. We will likely share your personal information, and possibly some non-personal information, with these third parties to enable them to perform these services for us and for you.

We may share portions of our log file data, including IP addresses, for analytics purposes with third parties such as web analytics partners, application developers, and ad networks.

If your IP address is shared, it may be used to estimate general location and other technographics such as connection speed, whether you have visited the website in a shared location, and type of the device used to visit the website. They may aggregate information about our advertising and what you see on the website and then provide auditing, research and reporting for us and our advertisers.

We may also disclose personal and non-personal information about you to government or law enforcement officials or private parties as we, in our sole discretion, believe necessary or appropriate in order to respond to claims, legal process (including subpoenas), to protect our rights and interests or those of a third party, the safety of the public or any person, to prevent or stop any illegal, unethical, or legally actionable activity, or to otherwise comply with applicable court orders, laws, rules and regulations.

Where and when is information collected from customers and end users?

Xpometer will collect personal information that you submit to us. We may also receive personal information about you from third parties as described above.

How Do We Use Your Email Address?

Where you provide your email address, we will ask for your explicit consent before sending marketing communications where this is legally required. You have the right to withdraw this consent at any time. You can cancel your participation in any of these email lists at any time by clicking on the opt-out link or other unsubscribe option that is included in the respective email. We only send emails to people who have authorized us to contact them, either directly, or through a third party. We do not send unsolicited commercial emails, because we hate spam as much as you do. By submitting your email address, you also agree to allow us to use your email address for customer audience targeting on sites like Facebook, where we display custom advertising to specific people who have opted-in to receive communications from us. Email addresses submitted only through the order processing page will be used for the sole purpose of sending you information and updates pertaining to your order. If, however, you have provided the same email to us through another method, we may use it for any of the purposes stated in this Policy. Note: If at any time you would like to unsubscribe from receiving future emails, we include detailed unsubscribe instructions at the bottom of each email.

How Long Do We Keep Your Information?

We keep your information only so long as we need it to provide Xpometer to you and fulfill the purposes described in this policy. This is also the case for anyone that we share your information with and who carries out services on our behalf. When we no longer need to use your information and there is no need for us to keep it to comply with our legal or regulatory obligations, we’ll either remove it from our systems or depersonalize it so that we can't identify you.

How Do We Protect Your Information?

We implement a variety of security measures to maintain the safety of your personal information when you place an order or enter, submit, or access your personal information. We offer the use of a secure server. All supplied sensitive/credit information is transmitted via Secure Socket Layer (SSL) technology and then encrypted into our Payment gateway providers database only to be accessible by those authorized with special access rights to such systems, and are required to keep the information confidential. After a transaction, your private information (credit cards, social security numbers, financials, etc.) is never kept on file. We cannot, however, ensure or warrant the absolute security of any information you transmit to Xpometer or guarantee that your information on the Service may not be accessed, disclosed, altered, or destroyed by a breach of any of our physical, technical, or managerial safeguards.

Could my information be transferred to other countries?

Xpometer is incorporated in Malta. Information collected via our website, through direct interactions with you, or from use of our help services may be transferred from time to time to our offices or personnel, or to third parties, located throughout the world, and may be viewed and hosted anywhere in the world, including countries that may not have laws of general applicability regulating the use and transfer of such data.

Is the information collected through the Xpometer Service secure?

We take precautions to protect the security of your information. We have physical, electronic, and managerial procedures to help safeguard, prevent unauthorized access, maintain data security, and correctly use your information. However, neither people nor security systems are foolproof, including encryption systems. In addition, people can commit intentional crimes, make mistakes or fail to follow policies. Therefore, while we use reasonable efforts to protect your personal information, we cannot guarantee its absolute security. If applicable law imposes any non-disclaimer duty to protect your personal information, you agree that intentional misconduct will be the standards used to measure our compliance with that duty.

Can I update or correct my information?

The rights you have to request updates or corrections to the information Xpometer collects depend on your relationship with Xpometer. Personnel may update or correct their information as detailed in our internal company employment policies.

Customers have the right to request the restriction of certain uses and disclosures of personally identifiable information as follows. You can contact us in order to (1) update or correct your personally identifiable information, (2) change your preferences with respect to communications and other information you receive from us, or (3) delete the personally identifiable information maintained about you on our systems (subject to the following paragraph), by cancelling your account.

Such updates, corrections, changes and deletions will have no effect on other information that we maintain, or information that we have provided to third parties in accordance with this Privacy Policy prior to such update, correction, change or deletion. To protect your privacy and security, we may take reasonable steps (such as requesting a unique password) to verify your identity before granting you profile access or making corrections. You are responsible for maintaining the secrecy of your unique password and account information at all times.

You should be aware that it is not technologically possible to remove each and every record of the information you have provided to us from our system. The need to back up our systems to protect information from inadvertent loss means that a copy of your information may exist in a non-erasable form that will be difficult or impossible for us to locate. Promptly after receiving your request, all personal information stored in databases we actively use, and other readily searchable media will be updated, corrected, changed or deleted, as appropriate, as soon as and to the extent reasonably and technically practicable.

If you are an end user and wish to update, delete, or receive any information we have about you, you may do so by contacting the organization of which you are a customer.

Personnel

If you are a Xpometer worker or applicant, we collect information you voluntarily provide to us. We use the information collected for Human Resources purposes in order to administer benefits to workers and screen applicants. You may contact us in order to (1) update or correct your information,(2) change your preferences with respect to communications and other information you receive from us, or (3) receive a record of the information we have relating to you. Such updates, corrections, changes and deletions will have no effect on other information that we maintain, or information that we have provided to third parties in accordance with this Privacy Policy prior to such update, correction, change or deletion.

Sale of Business

We reserve the right to transfer information to a third party in the event of a sale, merger or other transfer of all or substantially all of the assets of Xpometer or any of its Corporate Affiliates (as defined herein), or that portion of Xpometer or any of its Corporate Affiliates to which the Service relates, or in the event that we discontinue our business or file a petition or have filed against us a petition in bankruptcy, reorganization or similar proceeding, provided that the third party agrees to adhere to the terms of this Privacy Policy.

Affiliates

We may disclose information (including personal information) about you to our Corporate Affiliates. For purposes of this Privacy Policy, "Corporate Affiliate" means any person or entity which directly or indirectly controls, is controlled by or is under common control with Xpometer, whether by ownership or otherwise. Any information relating to you that we provide to our Corporate Affiliates will be treated by those Corporate Affiliates in accordance with the terms of this Privacy Policy.

This Privacy Policy applies only to the Services. The Services may contain links to other websites not operated or controlled by Xpometer. We are not responsible for the content, accuracy or opinions expressed in such websites, and such websites are not investigated, monitored or checked for accuracy or completeness by us. Please remember that when you use a link to go from the Services to another website, our Privacy Policy is no longer in effect. Your browsing and interaction on any other website, including those that have a link on our platform, is subject to that website’s own rules and policies. Such third parties may use their own cookies or other methods to collect information about you.

Cookies

Xpometer uses "Cookies" to identify the areas of our website that you have visited. A Cookie is a small piece of data stored on your computer or mobile device by your web browser. We use Cookies to enhance the performance and functionality of our website but are non-essential to their use. However, without these cookies, certain functionality like videos may become unavailable or you would be required to enter your login details every time you visit the website as we would not be able to remember that you had logged in previously. Most web browsers can be set to disable the use of Cookies. However, if you disable Cookies, you may not be able to access functionality on our website correctly or at all. We never place Personally Identifiable Information in Cookies.

Blocking and disabling cookies and similar technologies

Wherever you're located you may also set your browser to block cookies and similar technologies, but this action may block our essential cookies and prevent our website from functioning properly, and you may not be able to fully utilize all of its features and services. You should also be aware that you may also lose some saved information (e.g. saved login details, site preferences) if you block cookies on your browser. Different browsers make different controls available to you. Disabling a cookie or category of cookie does not delete the cookie from your browser, you will need to do this yourself from within your browser, you should visit your browser's help menu for more information.

Remarketing Services

We use remarketing services. What Is Remarketing? In digital marketing, remarketing (or retargeting) is the practice of serving ads across the internet to people who have already visited your website. It allows your company to seem like they're “following” people around the internet by serving ads on the websites and platforms they use most.

Minor's Privacy

We do not address anyone under the age of 18. We do not knowingly collect personally identifiable information from anyone under the age of 13. If You are a parent or guardian and You are aware that Your child has provided Us with Personal Data, please contact Us. If We become aware that We have collected Personal Data from anyone under the age of 13 without verification of parental consent, we take steps to remove that information from Our servers.

Changes To Our Privacy Policy

We may change our Service and policies, and we may need to make changes to this Privacy Policy so that they accurately reflect our Service and policies. Unless otherwise required by law, we will notify you (for example, through our Service) before we make changes to this Privacy Policy and give you an opportunity to review them before they go into effect.

Third-Party Services

We may display, include or make available third-party content (including data, information, applications and other products services) or provide links to third-party websites or services ("Third‑Party Services"). You acknowledge and agree that Xpometer shall not be responsible for any Third-Party Services, including their accuracy, completeness, timeliness, validity, copyright compliance, legality, decency, quality or any other aspect thereof. Xpometer does not assume and shall not have any liability or responsibility to you or any other person or entity for any Third-Party Services. Third-Party Services and links thereto are provided solely as a convenience to you and you access and use them entirely at your own risk and subject to such third parties' terms and conditions.

Tracking Technologies

Cookies

We use Cookies to enhance the performance and functionality of our website but are non-essential to their use. However, without these cookies, certain functionality like videos may become unavailable or you would be required to enter your login details every time you visit the website as we would not be able to remember that you had logged in previously.

Local Storage

Local Storage sometimes known as DOM storage, provides web apps with methods and protocols for storing client-side data. Web storage supports persistent data storage, similar to cookies but with a greatly enhanced capacity and no information stored in the HTTP request header.

Sessions

Xpometer uses "Sessions" to identify the areas of our website that you have visited. A Session is a small piece of data stored on your computer or mobile device by your web browser.

Additional Information for European & UK Individuals

In order to address our legal obligations in the European Economic Area (EEA) and the United Kingdom (UK), Xpometer provides the following additional information for European and UK visitors and users of the Services and our application. If you are based elsewhere in the world this additional information does not apply to you.

When we collect and process personal information about you in relation to services we offer to individuals in the UK and EEA, we are subject to the UK General Data Protection Regulation (UK GDPR) and EU General Data Protection Regulation (EU GDPR) respectively. Contact details for Xpometer are as follows:

Email: privacy@xpometer.com
Address: Centre Room 1 Level 1 Suite 2, Triq L-Imdina, Zebbug, ZBG 9015, Malta

UK Representative

We have appointed DP Data Protection Services UK Ltd to be our data protection representative within the UK. Their contact details are DP Data Protection Services UK Ltd., Attn: XPOMETER LIMITED, 16 Great Queen Street, Covent Garden, London, WC2B 5AH, United Kingdom, xpometer@eu-rep.global.

Individuals within the UK can contact us direct (see above) or contact our UK representative as applicable.

International Transfer of Your Personal Information

Your personal information provided to us is processed in the United States and in other locations outside the EEA or UK - and may be processed in other places where the parties involved are located. As a result, personal information may be transferred to — and maintained on — computers located outside of your state, province, country or other governmental jurisdiction where the data protection laws may differ from those in your home country or jurisdiction.

If you are in either the EEA or the UK, such processing may involve transferring your personal information outside of the EEA or the UK. For such processing, if we transfer your personal information out of the EEA or the UK, we will only transfer your personal data to a country outside the UK or EEA where:

  • in the case of transfers subject to UK data protection law, the UK government has decided the particular country ensures an adequate level of protection of personal data (known as an ‘adequacy regulation’) further to Article 45 of the UK GDPR. We rely on the adequacy regulation for transfers to the United States pursuant to the UK extension to the Data Privacy Framework where this is available.
  • in the case of transfers subject to EEA data protection laws, the European Commission has decided that the particular country ensures an adequate level of protection of personal data (known as an ‘adequacy decision’) further to Article 45 of the GDPR. We rely on adequacy decision for transfers to the United States pursuant to the Data Privacy Framework where this is available.

In the case where no adequacy regulation or adequacy decision has been issued,

  • there are appropriate safeguards in place, together with enforceable rights and effective legal remedies for you;
  • you expressly consent to such transfers; or
  • a specific exception applies under relevant data protection law.

Any changes to the destinations to which we send personal data or to the transfer mechanisms we rely on to transfer personal data internationally will be notified to you in accordance with the section on “Changes to our Privacy Policy” above.

If you would like further information about data transferred outside the UK or EEA, please contact us or our UK Representative (see “Contact Us” above).

Please note that international transfers may also be subject to the provisions of separate agreements, including but not limited to a Data Protection Agreement/Addendum.

Legal Bases for Using Your Information

We process personal information obtained in connection with the operation of the Services and application for different purposes (as described in the “What Information We Collect” section, above) on the following legal bases:

  • To perform our contractual obligations. We and our service providers process your personal information to perform our contractual obligations when we use your personal information to provide you with the Services and application and to communicate with you. Failure to provide requested personal information could prevent or delay the fulfillment of our contractual obligations;
  • To pursue our legitimate interests. We process your information to meet our legitimate interests when we use your personal information to provide you with the Services, for promotional, advertising and marketing purposes. For example, our legitimate interests include making improvements to, customizing and understanding you and others interact with the Services and applications. We also rely on our legitimate interests to send you communications (e.g., about services we think may be of interest to you provided you had an opportunity to opt-out, where this is legally required). To accomplish our legitimate interests, we may share your personal information with our service providers (including for our advertising and marketing purposes) and in the context of a corporate transaction;
  • To comply with our legal obligations. We process and share your personal information as necessary to comply with our legal obligations. Such uses may include such protecting our rights or the rights of others, sharing your personal information with other parties where required by law or as necessary to protect other users; and
  • With your consent. We obtain your consent to process your personal information when we are required to do so by law. If consent is the legal basis on which we process your personal information, you can withdraw your consent at any time by contacting us following the instructions provided in the “Contact Us” section above.

Special Category Data

Special category data, also known as sensitive data, includes personal information revealing racial or ethnic origin, political opinions, religious beliefs, philosophical beliefs or trade union membership, genetic data, biometric data (where used for identification purposes), data concerning health, sex life or sexual orientation. We do not process special category data unless you expressly and voluntarily provide this to us or unless we process this as a processor pursuant to providing our application to our clients. If we do process special category data, we will always ensure we are permitted to do so under data protection laws, such as on the basis of your explicit consent,