Privacy Policy

Effective Date: June 21, 2026

1. Introduction

Xamio (“we,” “our,” or “us”) respects your privacy. This Privacy Policy explains how we collect, use, store, and protect your personal information when you use our platform at xamio.com (the “Service”).

2. Information We Collect

2.1 Information you provide

  • Account data: Email address and Google profile information when you sign up via Google OAuth.
  • Usage data: Exam answers, practice session results, vocabulary reviews, and performance analytics.
  • Payment data: When you subscribe to Premium, payment is processed by Polar.sh. We do not store full payment card details.

2.2 Information collected automatically

  • Technical data: IP address, browser type, device information, and pages visited.
  • Cookies: Essential session cookies for authentication. Optional analytics cookies if you consent.

3. How We Use Your Information

  • Providing and personalizing the Service
  • Improving our question bank and adaptive algorithms
  • Sending service-related communications
  • Processing payments and managing subscriptions
  • Complying with legal obligations

4. Data Storage and Security

Your data is stored on Supabase (database) and Vercel (hosting), both of which maintain industry-standard security certifications. We implement encryption in transit (TLS) and at rest. You can request deletion of your data at any time.

5. Third-Party Services

We use the following third-party services:

  • Supabase: Database and authentication
  • Vercel: Application hosting
  • Polar.sh: Payment processing for Premium subscriptions
  • Google OAuth: Authentication
  • Groq / NVIDIA: AI-powered question generation and explanations

Each third party processes data according to their own privacy policies and data processing agreements.

6. Your Rights

Under applicable law, you have the right to:

  • Access the personal data we hold about you
  • Request correction of inaccurate data
  • Request deletion of your data
  • Export your data in a portable format
  • Withdraw consent at any time
  • Lodge a complaint with a supervisory authority

7. GDPR Compliance (EU Users)

If you are located in the European Economic Area, you have additional rights under the General Data Protection Regulation (GDPR). Our legal basis for processing your data is:

  • Consent: For optional cookies and marketing communications
  • Contract: To provide the Service under our Terms of Service
  • Legitimate interests: To improve the Service and ensure security

We transfer data to Israel, which the European Commission has recognized as providing adequate protection under GDPR Article 45.

8. Israel Privacy Protection Law

We comply with Israel's Privacy Protection Law, 1981. Data is maintained in a registered database. You may exercise your rights under Israeli law by contacting us.

9. Data Retention

We retain your data for as long as your account is active. Upon account deletion, we delete or anonymize your data within 30 days, except where retention is required by law.

10. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be notified via email or a notice on the Service.

11. Contact

For questions, data requests, or complaints, contact us at support@xamio.vercel.app.