X
Xyphro
Sign in
Legal

Privacy Policy

Last updated: 6 May 2026

1. Data we collect

When you sign up, we collect:

  • Your name, email, phone, business name, GST (optional)
  • The competitor URLs and social handles you choose to monitor
  • Razorpay payment metadata (we never store full card numbers)
  • Usage analytics (page views, feature usage) — for product improvement

2. How we use your data

We use your data to operate the Service, generate competitive-intelligence reports, send you alerts, process payments via Razorpay, and improve our AI models. We do not sell your data. We do not share competitor intelligence between unrelated clients.

3. Cookies

We use a small number of essential cookies to keep you logged in and remember your dashboard preferences. We do not use third-party advertising cookies.

4. Data retention

Active accounts: data is retained for as long as your subscription is active. Cancelled / expired accounts: data is preserved for 30 days post-expiry, after which it may be permanently deleted. You can request immediate deletion at any time via support@xyphro.com.

5. Third-party processors

We use the following processors who may access your data on our behalf:

  • Razorpay — payments (subject to Razorpay's privacy policy)
  • Resend — transactional email delivery
  • OpenAI — AI analysis (via Emergent LLM proxy; competitor URLs are sent, but we do not send your personal data to OpenAI)
  • Apify — public social media scraping
  • Visualping — public website change detection

6. Data removal

To request deletion of your account and data, email support@xyphro.com from your registered email. We will confirm and delete within 7 working days.

7. GDPR / CCPA

We currently serve Indian businesses. If we expand to EU or California users, we will publish a full GDPR / CCPA compliance addendum and update this page. In the meantime, all the rights described in those regulations (access, rectification, deletion, portability) are honored on request.

8. Security

We use HTTPS everywhere, store passwords as bcrypt hashes, and require signed JWT tokens for all admin operations. Razorpay-handled payment data is PCI-DSS compliant. No system is 100% secure — if you discover a vulnerability, please email security@xyphro.com.

9. Contact

For any privacy questions, email privacy@xyphro.com.