Privacy Policy
Effective Date: June 21, 2026
1. Introduction
Xamio (“we,” “our,” or “us”) respects your privacy. This Privacy Policy explains how we collect, use, store, and protect your personal information when you use our platform at xamio.com (the “Service”).
2. Information We Collect
2.1 Information you provide
- Account data: Email address and Google profile information when you sign up via Google OAuth.
- Usage data: Exam answers, practice session results, vocabulary reviews, and performance analytics.
- Payment data: When you subscribe to Premium, payment is processed by Polar.sh. We do not store full payment card details.
2.2 Information collected automatically
- Technical data: IP address, browser type, device information, and pages visited.
- Cookies: Essential session cookies for authentication. Optional analytics cookies if you consent.
3. How We Use Your Information
- Providing and personalizing the Service
- Improving our question bank and adaptive algorithms
- Sending service-related communications
- Processing payments and managing subscriptions
- Complying with legal obligations
4. Data Storage and Security
Your data is stored on Supabase (database) and Vercel (hosting), both of which maintain industry-standard security certifications. We implement encryption in transit (TLS) and at rest. You can request deletion of your data at any time.
5. Third-Party Services
We use the following third-party services:
- Supabase: Database and authentication
- Vercel: Application hosting
- Polar.sh: Payment processing for Premium subscriptions
- Google OAuth: Authentication
- Groq / NVIDIA: AI-powered question generation and explanations
Each third party processes data according to their own privacy policies and data processing agreements.
6. Your Rights
Under applicable law, you have the right to:
- Access the personal data we hold about you
- Request correction of inaccurate data
- Request deletion of your data
- Export your data in a portable format
- Withdraw consent at any time
- Lodge a complaint with a supervisory authority
7. GDPR Compliance (EU Users)
If you are located in the European Economic Area, you have additional rights under the General Data Protection Regulation (GDPR). Our legal basis for processing your data is:
- Consent: For optional cookies and marketing communications
- Contract: To provide the Service under our Terms of Service
- Legitimate interests: To improve the Service and ensure security
We transfer data to Israel, which the European Commission has recognized as providing adequate protection under GDPR Article 45.
8. Israel Privacy Protection Law
We comply with Israel's Privacy Protection Law, 1981. Data is maintained in a registered database. You may exercise your rights under Israeli law by contacting us.
9. Data Retention
We retain your data for as long as your account is active. Upon account deletion, we delete or anonymize your data within 30 days, except where retention is required by law.
10. Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be notified via email or a notice on the Service.
11. Contact
For questions, data requests, or complaints, contact us at support@xamio.vercel.app.