Check out the new PULSE+
XTi Technologies
App Privacy Policy

Respect for customer privacy and security guides every action we take at XTI. From giving customers easy-to-use products and services that help them protect and connect to the places, people and things that matter to them to prioritizing the privacy, security and control of their devices and personal information, our commitment to privacy is built on the following guiding pillars.

FULL PRIVACY POLICY

  1. INTRODUCTION

At XTI, Inc. (“XTI,” “us,” “we,” or “our”), our mission is to make you thrive. We exist to improve your life, not invade it.  We take your privacy seriously and want you to understand how we use, collect, and share Personal Data, and the measures we take to protect your Personal Data.

This Privacy Policy applies to Personal Data we collect about subscribers and other users who interact with XTI or use our services, including by visiting our websites or our social media pages, or using our mobile apps, the XTI Biolight or another XTI device (collectively, the “Services”). We continually evaluate our privacy practices to align them with applicable privacy laws including the California Consumer Privacy Act (“CCPA”) and the General Data Protection Regulation (“GDPR”).  This Privacy Policy does not cover the practices of companies that we do not own or control, or people that we do not manage. We are not responsible for the policies and practices of any third parties, and we do not control, operate, or endorse any information, products, or services that may be offered by third parties or accessible on or through the Services.

We believe you should be in control of your personal data. Consistent with this belief:

  • We will delete your personal data if you ask us to, including if asked when you cancel your membership.
  • We will provide you with access to your personal data if you ask us to, including if asked when you cancel your membership.
  • Our Privacy Policy describes how we share personal data. We will otherwise share your personal data with others only if you ask us to. For example, we would share it with an organization managing a corporate wellness program or a wearable health monitoring program if you specifically authorized us to do so.
  1. HOW WE COLLECT PERSONAL DATA

We collect Personal Data about you from:

  • Yourself, when you provide such information directly to us, such as when  purchasing our product or completing your profile;
  • XTI Biolight or another device that you utilize;
  • Automatic data collection, such as Cookies, local storage objects, web beacons, and other similar technologies in connection with your use of the Services;
  • Customers and partners, such as employers, insurance companies, coaches, teams, or other organizations that engage with our Services;
  • Marketing and advertising partners, such as companies that have entered in joint marketing relationships with us or assist us with marketing or promotional services, which may provide us with data related to how you interact with our Services, advertisements, or communications;
  • Social media, other third-party platforms, and linked accounts, devices, or features, if you interact with our pages on social media sites, post content to their sites using the Services, sign into the Services through a third-party site or service, or otherwise link accounts, devices, or features to your XTI account; and
  • Data providers, such as information services and data licensors, when we supplement your data.
  1. PERSONAL DATA WE COLLECT

We may collect the following types of Personal Data:

  • Contact details, such as your first and last name, email, birthdate, gender and mailing address, and phone number;
  • Profile data, such as username and password that you may establish to create a XTI account, as well as any photographs or information you choose to include in your XTI profile;
  • Communications that we exchange with you, including when you contact us via email, web app, or mobile app with questions, feedback, or reviews;
  • Wellness Data, from XTI Biolights, direct communication, or 3rd party devices such as resting heart rate, heart rate variability, skin temperature, blood oxygen saturation level and acceleration; metadata on workouts and sleep; the type of physical activity you engage in and the duration of your activity; data reflecting strain and recovery; your physiological profile, including birthday, gender identity, weight, height, fitness/athlete level (e.g., professional or recreational); and details you choose to submit or provide about your diet, medications, EEG, EKG, MRI, blood levels and female health tracking. We may use certain of this information to customize your experience with us as part of our Services;
  • Payment and transactional data needed to complete your orders on the website or through the Services (including name, email address, payment card information, bank account number, billing information) and your transaction history, although XTI does not have access to payment card numbers. Our payment processors will collect the financial information necessary to process your payments in accordance with the payment processor’s respective services agreement and privacy policy;
  • Marketing data, such as your preferences for receiving our marketing communications, and details about your engagement with them (e.g., the marketing emails that you open and the links within them that you click via web, social media or the mobile application);
  • Device data, such as your computer or mobile device operating system type and version, manufacturer and model, browser type, screen resolution, RAM and disk size, CPU usage, device type (e.g., phone, tablet), IP Address, unique identifiers (including identifiers used for advertising purposes), language settings, mobile device carrier, radio/network information (e.g., Wi-Fi, LTE, 3G, bluetooth), and general location information such as city, state, or geographic area;
  • Biolight system data, such as therapy running, duration, frequency, intensity, timing of use, temperature, humidity, shock and other mechanical feedback to monitor device health and use;
  • Geolocation data, such as GPS, IP Address, and movement on certain exercise types if you give permission for XTI to do so; and
  • Online activity data, such as pages or screens you view, how long you spent on a page or screen, the website you visited before visiting our website, navigation paths between pages or screens, information about your activity on a page or screen, access times, and duration of access.
  1. XTI DOES NOT SELL CUSTOMER PERSONAL DATA
  • Our business model is to provide highly valuable product experiences and services to our customers in exchange for membership fees. As such, we never sell our customers’ personal data. This is our promise. Because of how broadly the CCPA defines “sale,” we want to be clear that we use third party cookies and other tracking technologies.
  1. COOKIES AND SIMILAR TECHNOLOGIES

XTI uses cookies and similar technologies such as pixel tags, web beacons, clear GIFs, and JavaScript (collectively, “Cookies”) to enable our servers to recognize your web browser and tell us how and when you visit and use our Services, as well as to analyze trends, learn about our user base, and operate and improve our Services. Cookies are small pieces of data – usually text files – placed on your computer, tablet, phone, or similar device when you use that device to visit our Services. We may also supplement the information we collect from you with information received from third parties, including third parties that have placed their own Cookies on your device(s).

Cookie Usage and Type. XTI uses the following Cookies:

  • Essential Cookies:Essential Cookies are required for providing you with features or Services that you have requested. For example, certain Cookies enable you to log into secure areas of our Services. Disabling these Cookies may make certain features and Services unavailable.
  • Functionality Cookies: Functional Cookies are used to record your choices and settings regarding our Services, maintain your preferences over time, and recognize you when you return to our Services. These Cookies help us to personalize our content for you, greet you by name, and remember your preferences (e.g., your region).
  • Performance/Analytical Cookies: Performance/Analytical Cookies allow us to understand how users use our Services by collecting information on how often a user engages with a particular feature of the Services. We use these aggregated statistics internally to improve the Services. Performance/Analytical Cookies also help us measure the performance of our advertising campaigns in order to help us improve our campaigns and the Services’ content for those who engage with our advertising. For example, Google, Inc. (“Google”) uses Cookies in connection with its Google Analytics services. For more information on how Google uses this information, click here.
  • Marketing Cookies: Marketing Cookies collect data about your online activity and identify your interests so that we and our advertising partners can provide marketing that we believe is relevant to you. For more information, please see the section below titled “Interest-based advertisements.

Online tracking opt-outs. There are a number of ways you can opt out of certain interest-based advertising and other online tracking activities, which we have summarized below.

  • Blocking Cookies in your browser. Most browsers let you remove or reject Cookies, including Cookies used for interest-based advertising. To do this, follow the instructions in your browser settings. Many browsers accept Cookies by default until you change your settings. For more information about Cookies, including how to see what Cookies have been set on your device and how to manage and delete them, visit www.allaboutcookies.org.
  • Blocking advertising ID use in your mobile device settings. Your mobile devices may offer settings that enable you to make choices about the collection, use, or transfer of your advertising ID associated with your mobile device for interest-based advertising purposes.
  • Using privacy plug-ins or browsers. You can block our websites from setting Cookies used for interest-based ads by using a browser with privacy features, like Brave, or installing browser plugins like Privacy Badger, Ghostery, or uBlock Origin, and configuring them to block third party Cookies/trackers. You can also opt out of Google Analytics by downloading and installing the browser plug-in available at: https://tools.google.com/dlpage/gaoptout.
  • Platform opt-out.
  • Some third-party ad networks, including third-party ad servers, ad agencies, ad technology vendors, and research firms, allow you to opt-out directly by using their opt-out tools. Some of these providers, and links to their opt-out tools, are:
  • Advertising industry opt-out tools.

You can also use these opt-out options to limit use of your information for interest-based advertising by participating companies:

Please note that some opt-out features are Cookie-based, meaning that when you use these opt-out features, an “opt-out” Cookie will be placed on your computer or other device indicating that you do not want to receive interest-based advertising from certain companies. If you delete your Cookies, use a different browser, or use a different device, you will need to renew your opt-out choice.

Opting out of interest-based advertising does not mean that you will no longer receive online ads. It only means that such ads will no longer be tailored to your specific viewing habits or interests. You may continue to see ads on and about the Service.

  1. XTI EMPLOYEES ONLY ACCESS MEMBER PERSONAL DATA WHEN REQUIRED TO PROVIDE SERVICES AND SUPPORT

We prioritize accountability and the security of your personal data. Our policy is that a member’s personal data is not to be accessed or shared by anyone at XTI without an explicit need to do so. Consistent with these priorities and our policy:

  • XTI membership services representatives, management team customers, data scientists and technical team customers are not permitted to access your personal data without a legitimate business need.
  • We maintain a log that tells us who has accessed customer personal data and when.
  • We actively evaluate data access logs and investigate any anomalies for data access.
  1. HOW WE USE PERSONAL DATA

We process Personal Data to operate, improve, understand, and personalize our Services. We use Personal Data for the following purposes:

Service delivery, including to:

  • Provide, operate, improve, develop, understand, and personalize the Services and our business, including therapies, testing, research, analysis, and product development;
  • Satisfy the reason you provided the information to us, including responding to and fulfilling requests;
  • Communicate with you about the Services, including Service announcements, updates, or offers;
  • Provide support and assistance for the Services;
  • Create and manage your account or other user profiles;
  • Customize website content and communications based on your preferences; and
  • Process orders, subscriberships, or other transactions.

Research and development. We may create and use Aggregated Data, De-identified Data, or other anonymous data from Personal Data we collect, including Device Usage and Wellness Data, for our business purpose, including to analyze the effectiveness of the Services, to improve and add features to the Services, and to analyze the general behavior and characteristics of users of the Services. We also use anonymous Wellness Data for research purposes to help us and our research partners answer important questions about device performance and user response and create an even-better experience for our subscribers by identifying cutting-edge insights and providing new therapies and product features.

  1. XTI USES ONLY AGGREGATED OR DE-IDENTIFIED WELLNESS DATA TO BETTER UNDERSTAND AND MAXIMIZE HUMAN PERFORMANCE AND LONG-TERM HEALTH

Our customers may at their option from time to time provide us with an unprecedented amount of accurate physiological data that is collected by example but not limited to (their wearable devices, sleep monitoring beds, EEG, EKG, MRI, medications, and blood analysis). This information may include data such as heart rate, heart rate variability, sleep duration, respiratory rate, skin temperature, blood oxygen saturation level, data such as the type of activity engaged in and the duration of physical activity, and any additional information customers chose to enter when using XTI services (collectively, “wellness data”).We use aggregated or de-identified wellness data that no longer identifies a particular individual (and is thus no longer personal data) to help answer important questions about human performance and further explore how to improve XTI products and services to help an individual thrive. We believe we have a responsibility to create an ever-better experience for our customers by identifying and sharing cutting edge insights. We will always look to provide new content and product features, improve and customize our therapies and services (including determining and reporting on trends, sleep, strain, performance, and recovery). We hope your experience with XTI will improve over time as our membership base grows and we continue with our mission to Maximize human performance and long term health.

Direct marketing and advertising. We may use data from the Personal Data we collect, including Wellness Data and certain data collected when you browse our website, to send you direct offers marketing messages or advertise the Services or other XTI product offerings.

  • Interest-based advertising. We engage our advertising partners, including third party advertising companies and social media companies, to advertise our Services. We and our advertising partners may use Cookies and similar technologies to collect information about your interaction over time across the web, our communications, and other online services, and may use that information to serve online ads. We comply with the Digital Advertising Alliance Self-Regulatory Principles for Online Behavioral Advertising. To learn more about the industry self-regulatory programs and other information and choices about interest-based ads, please see the section above entitled “Online tracking opt-outs.

Compliance and protection, including to:

  • Protect against or deter fraudulent, illegal, or harmful actions and maintain the safety, security, and integrity of our Services;
  • Audit our internal processes for compliance with legal and contractual requirements and internal policies;
  • Protect our, your, or others’ rights, privacy, safety, or property (including by making and defending legal claims); and
  • Respond to law enforcement requests and as required by applicable law, court order, or governmental regulations.
  1. XTI BELIEVES THAT THIRD PARTIES SHOULD BE PREVENTED FROM INVADING OUR CUSTOMERS’ LIVES BY ACCESSING THEIR XTI DATA.

Like all other companies, XTI may from time to time receive requests for member data from third parties, like governmental entities (including law enforcement) and private parties engaged in civil litigation. Here are the key principles we stand by when evaluating these requests:

  • XTI will never voluntarily disclose member data in response to a request by a governmental entity or civil litigant.
  • XTI will never provide any governmental entity or civil litigant with direct access to our customers data.
  • XTI will never provide copies of member data held by XTI to any governmental entity or civil litigant without a valid, narrowly tailored, and legally-binding request (e.g., subpoena, warrant or court order).
  • If XTI receives a request for a customer’s data, we will provide notice to the member by sending an email to the email address we have on file for that member.

If you are concerned about the privacy of your XTI data, you can delete it at any time by emailing privacy@xti.us.  We know privacy and security are important to you. We will continue to be transparent about our privacy and security practices as we grow alongside our membership.

  1. HOW WE SHARE PERSONAL DATA

We may share your Personal Data with:

  • Service providers, such as payment processors, vendors who advertise our Services or other XTI products, security and fraud prevention consultants, hosting and other technology and communications providers, analytics providers, and staff augmentation and contract personnel, that provide services to us or on our behalf;
  • Advertising partners that may collect information on our website through Cookies and other automated technologies, including for the interest-based advertising purposes described above. We do not share your 3rd party Wellness Data with advertising partners;
  • Professional advisors, such as lawyers, auditors, bankers, and insurers, where necessary in the course of the professional services they render to us;
  • Authorities and others, including law enforcement, government authorities, and private parties we believe in good faith to be necessary or appropriate to comply with the law or legal process; and
  • Business transferees, such as acquirers and other relevant participants in business transactions (or negotiations for such transactions) involving a corporate divestiture, merger, consolidation, acquisition, reorganization, sale, or other disposition of all or any portion of the business or assets of, or equity interests in, XTI or our affiliates (including, in connection with a bankruptcy or similar proceedings).
  • Distributors and retailers of our Services or other XTI products;
  • Affiliates of XTI.
  1. YOUR CHOICES

Access, update, or delete. When you log in to your account through the web or access your account through the mobile app, you may access, and, in some cases, edit or delete certain information you’ve provided to us, such as first and last name, username and password, email and mailing address, and other information in your profile. When you update information, however, we may maintain a copy of the unrevised information in our records. You may request access to or a full deletion of your account and corresponding data by contacting privacy@xti.us. You will be asked to complete a verification form in connection with such access or deletion request in order to ensure that you have the authority to access or delete your account. We may need to retain certain Personal Data in our records, as well as Aggregated Data or De-identified Data derived from or incorporating your Personal Data that does not identify you after you update or delete it.

Geolocation data. You may allow or disallow XTI to collect geolocation data by enabling or disabling location services on your mobile device. If you decline to grant XTI access to this data, we will not be able to provide certain Services, capabilities, or features to you.

Marketing communications. We give you the ability to opt-out of marketing-related emails and other communications by going to our “Data Management” feature available in the XTI Privacy Center privacy@xti.us, or by following the opt-out or unsubscribe instructions contained in the marketing-related message. You cannot opt-out of receiving certain non-marketing emails regarding the Service.

Online tracking opt-outs. There are a number of ways you can opt-out of certain interest-based advertising and other online tracking activities, which we summarize in the “Online tracking opt-outs” section above.

Do Not Track. Some Internet browsers may be configured to send “Do Not Track” signals to online services. The Services do not currently support “Do Not Track” requests or similar signals. To find out more about “Do Not Track,” please visit http://www.allaboutdnt.com.

  1. OTHER SITES AND SERVICES

The Services may contain links to websites and other online services operated by Third Parties. In addition, our content may be integrated into web pages or other online services that are not associated with us. These links and integrations are not an endorsement of, or representation that we are affiliated with, any Third Party. We do not control mobile applications, websites or online services offered or operated by Third Parties, and we are not responsible for their actions. You can learn about and control how these Third Parties use and share Personal Data about you, including with XTI, by reviewing their privacy notices and exercising the privacy choices the Third Party may offer.

  1. DATA SECURITY AND RETENTION OF PERSONAL DATA

We employ a number of physical, technical, organizational, and administrative security measures designed to protect the Personal Data we collect. While we endeavor to protect the privacy of your account and other Personal Data we hold in our records, no security measures are failsafe, and we cannot guarantee the security of your Personal Data.

We retain Personal Data for as long as reasonably necessary for the purposes described in this Privacy Policy, while we have a business need to do so, or as required by law (e.g., for tax, legal, accounting, or other purposes), whichever is longer.

  1. PERSONAL DATA OF CHILDREN

If you are under the age to consent to data sharing, as applicable based on your jurisdiction, please do not attempt to register for the Services or send any Personal Data about yourself to us. If we learn that we have collected Personal Data from a child under the age to consent to data sharing, as applicable based on jurisdiction, we will delete that information as quickly as possible. If you believe that a child under the age to consent to data sharing, as applicable based on your jurisdiction,, may have provided us Personal Data, please contact us at privacy@xti.us.

  1. CHANGES TO THIS PRIVACY POLICY

We are constantly trying to improve our Services, so we may need to change this Privacy Policy from time to time. We will alert you to changes by placing a notice on the XTI website, mobile app, by sending you an email, and/or by some other means. If you use the Services after any changes to the Privacy Policy have been posted, that means you agree to all of the changes.

  1. CONTACT US

If you have any questions or concerns regarding our privacy policies, please send us a detailed message to privacy@xti.us

  1. PRIVACY NOTICE FOR CALIFORNIA RESIDENTS

We are providing this supplemental privacy notice to users in California, pursuant to the California Consumer Privacy Act of 2018 (the “CCPA”).

We do not sell Personal Data. As we explain in this Privacy Policy, we use Cookies and other tracking technologies to analyze website and application traffic and use, and to facilitate advertising. To limit use of Cookies and other tracking technologies, please review the instructions provided in the “Online tracking opt-outs” section.

California Privacy Rights. If you are a California resident, you have the following rights:

  • Information: The Privacy Policy describes the types of Personal Data we collect in the “Personal Data We Collect” section above and the sources through which we collect Personal Data in the “How We Collect Personal Data” section above. We describe the purposes for which we use and share this data in the “ How We Use Personal Data” section above and the  “ How We Share Personal Data” section above.
  • Access: You can request a copy of the personal information that we maintain about you.
  • Deletion: You can ask to delete the personal information that we have collected from you.
  • Opt-out of sale of your Personal Data: We do not sell Personal Data. We offer instructions on how to limit online tracking in the” Online tracking op-outs” section of the Privacy Policy.

Please note that the CCPA limits these rights by, for example, prohibiting businesses from providing certain sensitive information in response to an access request and limiting the circumstances in which they must comply with a deletion request.

You are entitled to exercise the rights described above free from discrimination.

Exercising Your Rights. To exercise these rights, you can submit requests as follows:

  • To request access to or deletion of Personal Data collected via your use of the Services, email us at privacy@xti.us.
  • To learn how to opt-out of interest-based ads and other online tracking, see the “Online tracking opt-outs” section of the Privacy Policy.
  • To verify your identity prior to responding to your requests, we may ask you to confirm information that we have on file about you or your interactions with us. Where we ask for additional Personal Data to verify your identity, we will only use it to verify your identity or your authority to make the request on behalf of another consumer.
  • Authorized agents: California residents can empower an “authorized agent” to submit requests on the resident’s behalf. Your authorized agent may submit requests in the same manner, although we may require the agent to present signed written permission to act on your behalf, and you may also be required to independently verify your identity with us and confirm that you have provided the agent permission to submit the request.
  1. PRIVACY NOTICE FOR EUROPEAN RESIDENTS

If you are a resident of the European Economic Area, the United Kingdom, or Switzerland (collectively, “Europe”), you may have additional rights under the General Data Protection Regulation (the “GDPR”) or other European data protection legislation.

Controller and European Representatives. Xiant Technologies Inc. will be the controller of your Personal Data processed in connection with the Services. Our contact information is as follows:

privacy@xti.us

Legal Bases for Processing. The “How We Use Personal Data”” section above explains how we use your Personal Data. We will only process your Personal Data if we have a lawful basis for doing so. Lawful bases for processing include consent, contractual necessity and our “legitimate interests” or the legitimate interest of others but will depend on the type of Personal Data and the specific context in which we process it. However, the legal bases we typically rely on for each category of processing activity are set out below.

  • Service delivery: Processing is necessary to perform our contract, or to take steps that you request prior to engaging our Services. Where we cannot process your Personal Data as required to operate the Services on the grounds of contractual necessity, we process your personal information for this purpose based on our legitimate interest in providing you with the products or Services you access and request.
  • Research and development: These activities constitute our legitimate interests.
  • Marketing and advertising: Processing is based on your consent where that consent is required by applicable law. Where such consent is not required by applicable law, we process your personal information for these purposes based on our legitimate interests in promoting our business.
  • Compliance and protection: From time to time, we may also need to process Personal Data to comply with a legal obligation, if it is necessary to protect the vital interests of you or other data subjects, or if it is necessary for a task carried out in the public interest.
  • Consent: To the extent that Wellness Data that we collect is considered health data or another special category of Personal Data subject to the GDPR, we ask for your explicit consent to process this data. You can use your account settings and tools to withdraw your consent at any time, including by unpairing your XTI Biolight, stopping use of a feature, stopping use of the biolight, removing our access to a Third-Party service, or deleting your data or your account. In addition, in some cases, such as when you direct us to share it, we process Personal Data based on the consent you expressly grant to us at the time we collect such data. When we process Personal Data based on your consent, you have the right to withdraw it any time in the manner indicated at the time you give consent or in as listed in our Services.

We may use your Personal Data for reasons not described in this Privacy Policy where permitted by law and where the reason is compatible with the purpose for which we collected it. If we need to use your Personal Data for an unrelated purpose, we will notify you and explain the applicable legal basis.

Retention. To determine the appropriate retention period for your Personal Data, we consider the amount, nature, and sensitivity of the information, the potential risk of harm from unauthorized use or disclosure of your Personal Data, the purposes for which we process your Personal Data and whether we can achieve those purposes through other means, and the applicable legal requirements.

Data Subject Rights. You have certain rights with respect to your Personal Data, including:

  • Access. You can request more information about the Personal Data we hold about you and request a copy of such Personal Data. You can also access certain of your Personal Data by contacting us at privacy@xti.us.
  • Rectification. If you believe that any Personal Data we are holding about you is incorrect or incomplete, you can request that we correct or supplement such data. You can also correct some of this information directly by logging into your account.
  • Erasure. You can request that we erase some or all of your Personal Data from our systems.
  • Withdrawal of consent. If we are processing your Personal Data based on your consent (as indicated at the time of collection of such data), you have the right to withdraw your consent at any time. Please note, however, that if you exercise this right, you may have to then provide express consent on a case-by-case basis for the use or disclosure of certain of your Personal Data, if such use or disclosure is necessary to enable you to utilize some or all of our Services.
  • Portability. You can ask for a copy of your Personal Data in a machine-readable format. You can also request that we transmit the data to another controller where technically feasible.
  • Objection. You can contact us to let us know that you object to the further use or disclosure of your Personal Data for certain purposes, such as for direct marketing purposes.
  • Restriction of processing. You can ask us to restrict further processing of your Personal Data.
  • Right to file a complaint. You have the right to lodge a complaint about our practices with respect to your Personal Data with the supervisory authority of your country or European Economic Area Member State.

For more information about these rights, or to submit a request, please email privacy@xti.us. Please note that in some circumstances, we may not be able to fully comply with your request, such as if it is frivolous or extremely impractical, if it jeopardizes the rights of others, or if it is not required by law, but in those circumstances, we will still respond to notify you of such a decision. In some cases, we may also need you to provide us with additional information, which may include Personal Data, if necessary to verify your identity and the nature of your request.

Processing of Personal Data in the United States. To provide the Services, we will process your Personal Data in the United States, where XTI is based. If such processing involves the transfer of Personal Data to the U.S. in a manner governed by European data protection law, the transfer will be performed pursuant to the applicable requirements of the law, such as standard contractual clauses, the individual’s consent, or other circumstances permitted by European data protection law.

If you have any questions about this section or our data practices generally, please contact us at privacy@xti.us

  1. PRIVACY NOTICE FOR QATAR RESIDENTS

Data Subject Rights

If you reside in Qatar, you have the following rights:

  • right to protection and lawful processing;
  • right to withdraw consent;
  • right to object to processing in certain circumstances;
  • right to erasure;
  • right to request correction;
  • right to be notified of processing;
  • right to be notified of inaccurate disclosure; and
  • right to access personal data.

If you reside in Qatar, you have the right to lodge a complaint with a supervisory authority, in addition to other rights set out in the Privacy Notice. The details of the supervisory authority are as follows:

National Cyber Governance and Assurance Affairs

Email: privacy@ncsa.gov.qa.

Basis of Lawful Processing

XTI processes End User Personal Data on the following grounds:

  • Consent: When you have provided your consent or, in the case of sensitive personal information, when you have provided your explicit consent, to our collection of your information and we have obtained permission from the supervisory authority set out above;
  • Legitimate interests: When XTI has a legitimate business or commercial reason for using your information, and your interests and your fundamental rights do not override those interests. We have carried out balancing tests for all the data processing we carry out on the basis of our legitimate interests. You can obtain information on any of our balancing tests by contacting us using the details set out later in this notice; and/or
  • Legal obligation: When we need to comply with a legal or regulatory obligation.
    • Before collecting or using any special categories of data (referred to as sensitive personal information in the Privacy Notice), we will only use that information:
      • With your explicit consent; and
      • After having obtained the permission of the supervisory authority set out above.

XTI may process your Personal Data on more than one ground depending on the reason or grounds for using your Personal Data. Please contact us if you need details about the specific grounds we are relying on to process your Personal Data.

Personal Data of Children

If you are under the age of 18, please do not attempt to register for the Services or send any Personal Data about yourself to XTI. If we learn that we have collected Personal Data from an unauthorized minor, we will promptly delete that information from our platform. If you believe that an unauthorized minor may have provided us Personal Data, please contact us at privacy@xti.us.

Transfer of Personal Data

In order to provide the Services, XTI will transfer your Personal Data to the United States. XTI will ensure that adequate safeguards are implemented if and when we need to transfer Personal Data outside of Qatar so that a similar degree of protection is afforded to it. Please contact us if you want more information on how we transfer and protect your Personal Data outside of Qatar.

  1. PRIVACY NOTICE FOR BRAZIL RESIDENTS

If: (a) you are a Brazilian resident; (b) your Personal Information was collected in Brazil (e.g. you were located in Brazil at the moment that your Personal Information was collected); or (c) the data processing activities are being performed in Brazil, this section is applicable to you.

Controller. Xiant Technologies Inc. will be the controller of your Personal Data processed in connection with the Services. Our contact information is as follows:

privacy@xti.us

Person in Charge. Please email us at privacy@xti.us and ask for the current person in charge.

Legal Bases for Processing. The “How We Use Personal Data” section above explains how we use your Personal Data. We will only process your Personal Data if we have a lawful basis for doing so. Lawful bases for processing include consent, performance of an agreement and our “legitimate interests” but will depend on the type of Personal Data and the specific context in which we process it. However, the legal bases we typically rely on for each category of processing activity are set out below.

  • Service delivery: Processing is necessary to perform our contract, or to take steps that you request prior to engaging our Services. Where we cannot process your Personal Data as required to operate the Services on the grounds of performance of an agreement, we process your personal information for this purpose based on our legitimate interest in providing you with the products or Services you access and request.
  • Research and development: Processing is based on our legitimate interests.
  • Marketing and advertising: Processing is based on your consent where that consent is required by applicable law. Where such consent is not required by applicable law, we process your personal information for these purposes based on our legitimate interests in promoting our business.
  • Compliance and protection: From time to time, we may also need to process Personal Data to comply with a legal obligation, if it is necessary to protect the vital interests of you or other data subjects, or if it is necessary for a task carried out in the public interest.
  • Consent: To the extent that Wellness Data that we collect is considered health data or another special category of Personal Data, we ask for your explicit consent to process this data. You can use your account settings and tools to withdraw your consent at any time, including by unpairing your XTI Biolight, stopping use of a feature, removing our access to a Third-Party service, or deleting your data or your account. In addition, in some cases, such as when you direct us to share it, we process Personal Data based on the consent you expressly grant to us at the time we collect such data. When we process Personal Data based on your consent, you have the right to withdraw it any time in the manner indicated at the time you give consent or in as listed in our Services.

We may use your Personal Data for reasons not described in this Privacy Policy where permitted by law and where the reason is compatible with the purpose for which we collected it. If we need to use your Personal Data for an unrelated purpose, we will notify you and explain the applicable legal basis.

Data Subject Rights. You have certain rights with respect to your Personal Data, including:

  • Right to confirmation: You have the right to obtain confirmation of the existence of the processing activity of your Personal Data. If XTI processes your Personal Data, you will also have the right to access such Personal Data, i.e. to obtain a simplified or complete statement about the categories of Personal Data processed, the source of the data, and the processing purposes. If your Personal Data is processed based on your consent, or on a contract entered into by you with XTI. You also have the right to obtain a full copy of the Personal Data that is processed based on consent or on a contract.
  • Right to correction: You have the right to request the correction of incomplete, inaccurate, or outdated data about you.
  • Right to anonymization, blocking or deletion: In certain cases, when your Personal Data is unnecessary, excessive or is processed in non-compliance with the LGPD, you have the right to request the anonymization, blocking or deletion of this data.
  • Right to data portability: In certain cases, as defined and to the extent required by the Brazilian Data Protection Authority (ANPD), and always respecting XTI trade secrets, you have the right to the portability of your Personal Data to another service provider to the extent technically feasible.
  • Right to deletion: In cases where your data is processed based on your consent, you have the right to request the deletion of such Personal Data, except in cases where XTI has the right to retain the data under the LGPD.
  • Right to information on data recipients: You have the right to obtain information about the public and private entities with which XTI has shared your Personal Data.
  • Right to refuse and revoke consent: Whenever we ask for your consent to process your Personal Data, you have the right to refuse consent. We will always inform you about this right, and about the consequences if you prefer not to provide consent. Furthermore, whenever you consent to the processing of your Personal Data for a specific purpose, you may revoke your consent at any time. In that case, all processing activities carried out up to the date of revocation of consent will be ratified.
  • Right to petition the ANPD: You have the right to lodge a complaint against XTI before the ANPD in relation to your Personal Data.
  • Right to object to unlawful processing: You have the right to object to any processing activity of your Personal Data that violates the provisions of the LGPD.
  • Right to review decisions solely based on automated processing: You have the right to request a review of decisions made solely on the basis of automated processing of Personal Data that affect your interests, including decisions intended to define your personal, professional, consumer and credit profile or aspects of your personality.

For more information about these rights, or to submit a request, please email privacy@xti.us. Please note that in some circumstances, we may not be able to fully comply with your request, such as if it is frivolous or extremely impractical, if it jeopardizes the rights of others, or if it is not required by law, but in those circumstances, we will still respond to notify you of such a decision. In some cases, we may also need you to provide us with additional information, which may include Personal Data, if necessary to verify your identity and the nature of your request.

Personal Data of Minors

If you are under the age of 18, please do not attempt to register for the Services or send any Personal Data about yourself to XTI. If we learn that we have collected Personal Data from an unauthorized minor, we will promptly delete that information from our platform. If you believe that an unauthorized minor may have provided us Personal Data, please contact us at privacy@xti.us.

International Transfer of Personal Data

Some of the third parties that have access to your Personal Data may be located in other countries or may process data outside Brazil. The level of data protection in the other country may not be equivalent to the level of protection in Brazil. Where we transfer Personal Data to a country that doesn’t provide an adequate level of protection, we’ll only do so under appropriate safeguards to protect your Personal Data.

  1. PRIVACY NOTICE FOR INDIA RESIDENTS

If you reside in India, you may have additional rights under applicable data protection laws.

Your Responsibility to Ensure Completeness, Accuracy and Consistency

By using our Services, you represent, warrant, and undertake to ensure that the Personal Data you provide directly to us (such as when completing your profile) is complete, accurate and consistent.

Our Responsibility for Data Processors

We are responsible for compliance with applicable data protection laws by our data processors.

Restricted Countries and Territories

We will not transfer your Personal Data to any country or territory outside India, where such transfer is restricted as per applicable law.

Grievance Redressal

If you have any questions, concerns, complaints or grievances regarding our privacy policies or our processing of Personal Data, please write to our Grievance Officer at privacy@xti.us.

In the event we do not address your grievances, you may approach the Data Protection Board of India to make a complaint.

Data Subject Rights

Access. You may access:

  • A summary of your Personal Data being processed by us along with information on the processing activities undertaken by us with respect to your Personal Data.
  • Subject to applicable law, the identities of the third parties with whom we have shared your Personal Data along with a description of such Personal Data.
  • Any other information relating to your personal data we may be required to share in accordance with applicable law.

You may submit a request to access your Personal Data in the manner described above, through the procedure prescribed under applicable law.

Correct, complete or update. You may correct inaccurate or misleading Personal Data, complete incomplete Personal Data and update Personal Data by contacting privacy@xti.us.

Withdraw consent to processing of your Personal Data. Where consent is the basis for our processing of your Personal Data, when you log into your account, you may withdraw such consent and we will, within a reasonable time and subject to applicable law, cease to process your Personal Data. However, you may no longer have access to the Services in the event you withdraw your consent to us processing your Personal Data. Upon withdrawal of your consent to us processing your Personal Data, we will also, unless we are required to retain your Personal Data for compliance with applicable law, erase your Personal Data, but may retain Aggregated Data or De-identified Data derived from or incorporating your Personal Data that does not identify you.

Erase your Personal Data. You may submit a request to erase your Personal Data in our possession, through the procedure prescribed under applicable law. Upon receipt of such request, unless we are required to retain your Personal Data for compliance with applicable law, we will erase your Personal Data, but may retain Aggregated Data or De-identified Data derived from or incorporating your Personal Data that does not identify you.

Right to nominate. You may submit a request, through the procedure prescribed under applicable law, to nominate an individual who shall, in the event of your death or incapacity, exercise your rights with respect to us processing your Personal Data.

Data Retention

We retain Personal Data for as long as reasonably necessary for the purposes described in this Privacy Policy, or as required by applicable law (e.g., for tax, legal, accounting, or other purposes), whichever is longer.

Personal Data of Children

If you are under the age of 18, please do not attempt to register for the Services or send any Personal Data about yourself to XTI. If we learn that we have collected Personal Data from an unauthorized minor, we will promptly delete that information from our platform. If you believe that an unauthorized minor may have provided us Personal Data, please contact us at privacy@xti.us.

  1. PRIVACY NOTICE FOR ISRAEL RESIDENTS

If you are a resident of Israel, you are not obligated by law to provide us with your Personal Data, and any collection of Personal Data is subject to your consent that may be implied from your interaction with us or your use of the Services.

Your Choices: Marketing Communications. We will request your consent to send you marketing materials. We will also give you the ability to opt-out of marketing-related emails and other communications by emailing privacy@xti.us, or by following the opt-out or unsubscribe instructions contained in the marketing-related message. Please note that emails related to the Services you are provided with by XTI will not be considered as Marketing Communications but as Service Related Communications, and therefore shall not be subject to this section.

  1. PRIVACY NOTICE FOR JAPAN RESIDENTS

We are providing this supplemental privacy notice to users in Japan, pursuant to the Act on the Protection of Personal Information (the “APPI”).

Address and Name of the Representative of the Company

Xiant Technologies Inc. is a company registered in Delaware

Information regarding the representative of the company is available at privacy@xti.us.

Exercising your Rights

To exercise your rights including the right to access, the right to rectification, the right to erasure, the right to request for disclosure of records of third party transfers, you can email us at privacy@xti.us. To verify your identity prior to responding to your requests, we may ask you to confirm information that we have on file about you or your interactions with us. Where we ask for additional Personal Data to verify your identity, we will only use it to verify your identity or your authority to make the request on behalf of another consumer.

  1. PRIVACY NOTICE FOR MEXICO RESIDENTS

Personal data we collect. If you are a resident of Mexico, XTI will obtain your express consent to collect and process Wellness Data, which is considered “sensitive personal data”, such as resting heart rate, heart rate variability, skin temperature, blood oxygen saturation level and acceleration; metadata on workouts and sleep; the type of physical activity you engage in and the duration of your activity; data reflecting strain and recovery; your physiological profile, including birthday, gender identity, weight, height, fitness/athlete level (e.g., professional or recreational); and details you choose to submit about your diet, medications, and female health tracking. We may use certain of this information to customize your experience with us as part of our Services.

Additionally we collect Device data, such as your computer or mobile device operating system type and version, manufacturer and model, browser type, screen resolution, RAM and disk size, CPU usage, device type (e.g., phone, tablet), IP Address, unique identifiers (including identifiers used for advertising purposes), language settings, mobile device carrier, radio/network information (e.g., Wi-Fi, LTE, 3G, bluetooth), and general location information such as city, state, or geographic area;

Biolight system data, such as therapy running, duration, frequency, intensity, timing of use, temperature, humidity, shock and other mechanical feedback to monitor device health and use;

Geolocation data, such as GPS, IP Address, and movement on certain exercise types if you give permission for XTI to do so; and

Online activity data, such as pages or screens you view, how long you spent on a page or screen, the website you visited before visiting our website, navigation paths between pages or screens, information about your activity on a page or screen, access times, and duration of access.

Direct marketing and advertising. Processing your personal data for the purpose of direct marketing and advertising is not necessary for the existence, maintenance, and compliance of the legal relationship you have with us, and you always have the choice not to receive marketing information. We give you the ability to opt-out of marketing-related emails and other communications by going to our “Data Management” feature available in the XTI Privacy Center privacy@xti.us, or by following the opt-out or unsubscribe instructions contained in the marketing-related message. You cannot opt-out of receiving certain non-marketing emails regarding the Service.

How we share personal data. With your consent, we may share your personal data with advertising partners that may collect information on our website through Cookies and other automated technologies, including for the interest-based advertising purposes described above. We do not share your Wellness Data with advertising partners.

It is noted that any of the transfers referred to above may be national or international.

Data Subject Rights

If you reside in Mexico, you have the following rights.

  • Right of access: you can request a copy of the personal data we hold about you.
  • Right of rectification: you can request that we correct any inaccuracies in the personal data we hold about you and complete any personal data where it is incomplete.
  • Right of cancellation: you can request that the personal data we hold about you be cancelled.
  • Right of opposition: you have a right to oppose the processing of your personal data for specific purposes.
  • Right to withdraw consent: you are entitled to withdraw your consent to that processing at any time. If you withdraw your consent, this will not mean any processing we carried out prior to your withdrawal is invalid.

If you decide to exercise any of these rights, please contact us as described in section 14. We will provide you with the following: (i) documents and information that should accompany the application, including documents to evidence your identity or your representative’s capacity; (ii) timeframes to receive a response from us regarding any request; (iii) the means of reproduction we will use to provide you with the requested information.

Available options for you to limit the usage or disclosure of your personal data

If you wish to explore the options to limit how we use and disclose your personal data so that we do not process your data for a particular purpose, please contact us as described in the section 14.

  1. PRIVACY NOTICE FOR SINGAPORE RESIDENTS

Direct marketing and advertising. With your consent, we may use data from the Personal Data we collect, including Wellness Data and certain data collected when you browse our website, to send you direct offers, marketing messages or advertise the Services or other XTI product offering.

Marketing communications. We give you the ability to withdraw your consent and opt-out of marketing-related emails and other communications by emailing us privacy@xti.us, or by following the opt-out or unsubscribe instructions contained in the marketing-related message. You cannot opt-out of receiving certain non-marketing emails regarding the Service.

Data Protection Officer information can be found by contacting privacy@xti.us.

  1. PRIVACY NOTICE FOR SOUTH AFRICA RESIDENTS

Data Subject Rights

If you are a resident of South Africa, you may have additional rights under the Protection of Personal Information Act, 2013 (POPIA) or other data protection legislation, including:

  • Access. You can request more information about the Personal Data we hold about you and request a copy of such Personal Data. You can also access certain of your Personal Data by logging into your account or emailing privacy@xti.us.
  • Rectification. If you believe that any Personal Data we are holding about you is incorrect or incomplete, you can request that we correct or supplement such data. You can also correct some of this information directly by logging into your account.
  • Erasure. You can request that we erase some or all of your Personal Data from our systems.
  • Withdrawal of consent. If we are processing your Personal Data based on your consent (as indicated at the time of collection of such data), you have the right to withdraw your consent at any time. Please note, however, that if you exercise this right, you may have to then provide express consent on a case-by-case basis for the use or disclosure of certain of your Personal Data, if such use or disclosure is necessary to enable you to utilize some or all of our Services.
  • Objection. You can contact us to let us know that you object to the further use or disclosure of your Personal Data for certain purposes, such as for direct marketing purposes.
  • Restriction of processing. You can ask us to restrict further processing of your Personal Data.
  • Right to file a complaint. You have the right to lodge a complaint about our practices with respect to your Personal Data with the Information Regulator at the following email address: popiacomplaints@inforegulator.org.za.

Information regarding our South African representative is available at privacy@xti.us.

Direct marketing and advertising

With your consent, we may use data from the Personal Data we collect, including Wellness Data and certain data collected when you browse our website, to send you direct offers, marketing messages or advertise the Services or other XTI product offering.

Marketing communications

We give you the ability to withdraw your consent and opt-out of marketing-related emails and other communications by emailing privacy@xti.us, or by following the opt-out or unsubscribe instructions contained in the marketing-related message. You cannot opt-out of receiving certain non-marketing emails regarding the Service.

Transfer of Personal Data

In order to provide the Services, XTI will transfer your Personal Data to the United States. XTI will ensure that adequate safeguards are implemented if and when we need to transfer Personal Data outside of South Africa.

  1. PRIVACY NOTICE FOR TAIWAN RESIDENTS

How We Share Personal Data

Personal Data that we collect may be stored, processed in, or transferred between parties located outside your jurisdiction, including the United States, Germany, Japan, United Kingdom, France, Canada, and India. We take reasonable steps to ensure that the parties responsible for the storage of Personal Data on overseas servers adhere to this Privacy Policy.

Your Choices

Access, update, or delete. In addition to the right to request access to or a full deletion of your account and corresponding data, you may request a copy of Personal Data and that XTI ceases processing or use of Personal Data by contacting privacy@xti.us.

  1. DEFINITIONS

We use some specifically defined terms in our Privacy Policy and when we communicate about our Privacy Policy. We want to be clear on how the terms we use are defined to help you better understand our policies.

Aggregated Data: Aggregated Data is data that has undergone a process whereby raw data is gathered and expressed in a summary form for statistical analysis. Raw data can be aggregated over a given time period, across individuals, or both, to provide statistics such as average, minimum, maximum, sum, and count. After the data is aggregated analysis can be performed to gain insights about particular data sets. When data is aggregated across a number of individuals, the resulting aggregation is considered anonymized such that it is no longer Personal Data.

CCPA: The California Consumer Privacy Act, or CCPA, is a state law that provides California users with robust data privacy rights. These rights include the right to know, the right to delete, and the right to opt-out of “sale” of personal information that businesses collect, as well as additional protections for minors. A “sale” under the CCPA is defined as “selling, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, in writing, or by electronic or other means, a consumer’s personal information by the business to another business or to a third party for monetary or other valuable consideration.”

Cookies: Cookies are small files which are stored on a user’s computer. They are designed to hold a modest amount of data specific to a particular user and website and can be accessed either by the web server or the user computer. This allows the server to deliver a page tailored to a particular user, or the page itself can contain some script which is aware of the data in the cookie and is therefore able to carry information from one visit to the website (or related site) to the next.

De-Identified Data: De-Identified Data is data where all the personally identifiable information has been removed, rendering the data anonymous by stripping out information that would allow an individual’s identity to be determined from the remaining data. Data is “de-identified” to protect the privacy and identity of individuals associated with the data. De-identified Data is no longer Personal Data.

GDPR: The General Data Protection Regulation, or GDPR, is a data privacy and security regulation under European law that sets guidelines for the collection and processing of personal information from individuals who live in the European Economic Area, Switzerland, and United Kingdom (collectively, “Europe” or “European”). The GDPR provides data protection rights to European residents and applies to any organization that offers goods or services to individuals in Europe, even if that organization is not based in Europe.

IP Address: An IP Address is a unique address that identifies a device on the internet or a local network. It allows a system to be recognized by other systems connected via the internet protocol. An IP Address may be considered Personal Data and is at times used by advertisers to serve interest-based ads.

Personal Data: Personal Data is any data that identifies or relates to you as a particular individual, including information referred to as “personally identifiable information” or “personal information” under applicable data privacy laws, rules, or regulations.

Services: Services means, collectively, our websites and mobile apps, any software or firmware embedded within the XTI Biolight, and any features, content, or applications offered, from time to time, by XTI in connection therewith.

Third Parties: Third Parties in the context of the relationship between XTI, XTI Subscribers (our end users), and third parties are entities or businesses involved in an arrangement, contract, deal, or transaction but are not one of the principals (i.e., XTI or XTI Subscribers). We use Third Parties to enable us to do business with our subscribers, such as charging for transactions or storing data. Third Parties also include advertisers that serve interest-based ads to visitors to our website.

XTI Biolight: Your XTI Biolight is an LED light bulb that either screws into an E26 or E27 eddison base socket or plugs directly into a 120V/240V socket, when used in connection with the Services, collects certain types of Use Data and physical mechanical data.

XTI, we, us, our: The terms “XTI,” “we,” “us,” or “our” mean Xiant Technologies Inc., and each of its wholly owned subsidiaries.

Wellness Data: Wellness Data is (a) data collected by 3rd party devices in combination with  your XTI Biolight usage data and sent to the XTI platform, including your XTI Biolight usages such as therapy, intensity, duration of on time along with heart rate, heart rate variability, sleep duration, respiratory rate, skin temperature, blood oxygen saturation level, and data such as the type of activity you engage in and the duration of your physical activity; and (b) any additional information you chose to enter during the use of our Services, such as information about your health and wellness, including information collected from accounts, devices, or features that you link with your XTI account.

By signing up, I agree with the data protection policy.

© 2024 XTI

US

This statement has not been evaluated by the Food and Drug Administration. This product is not intended to diagnose, treat, cure, or prevent any disease.