Back to Home

Privacy Policy

Last updated: February 24, 2026

1. Information Collection (GDPR/CCPA Compliant)

xPilot collects the following personal information to provide and improve our services:

  • Account Information: Name, email, phone provided during registration
  • Social Media Credentials: API tokens for X, TikTok, Instagram, and other platforms
  • Payment Information: Transaction records and subscription status
  • Usage Data: IP address, device information, and access logs
  • API Usage Records: Logs of AI generation and platform usage for billing and improvement

2. Legal Basis for Processing

We process your data based on:

  • Contract Necessity: To deliver our services
  • Legal Compliance: Tax, regulatory, and anti-fraud obligations
  • Your Consent: Where you have explicitly opted in
  • Legitimate Interests: Security, fraud prevention, service optimization

3. How We Use Your Data

We use collected information to:

  • • Provide, maintain, and improve service features
  • • Process payments and manage subscriptions
  • • Send service updates and security notifications
  • • Analyze usage patterns and optimize user experience
  • • Prevent fraud and maintain platform security

⚠️ International Transfers: Some processing involves US-based service providers. We ensure adequate safeguards via Data Processing Agreements.

4. Data Security

Your data is stored on US-based Vercel and Neon servers. We implement:

  • ✓ AES-256 database encryption
  • ✓ TLS 1.2+ transport security
  • ✓ Multi-factor authentication
  • ✓ Regular security audits and penetration testing
  • ✓ Automated backups and disaster recovery

5. Third-Party Data Sharing

We share information only with:

Payment Processors

Stripe (US) and WeChat Pay (China)

Cloud Providers

Vercel, Neon, AWS for hosting and infrastructure

AI Providers

OpenAI (US) — only user-provided text and instructions

Analytics

Vercel Analytics for anonymized usage

Statement: We never sell your data. All partnerships are governed by strict Data Processing Agreements.

6. Data Retention

Except where required by law, we delete most personal data within 90 days of service termination. Tax and legal records are retained 5-7 years per regulatory requirements. You can request deletion anytime.

7. Your Data Rights (GDPR/CCPA)

You have the right to:

  • Access: Request a copy of your personal data
  • Rectification: Correct inaccurate information
  • Erasure: Request deletion under applicable conditions
  • Restrict Processing: Limit how we process your data
  • Data Portability: Export your data in standard format
  • Withdraw Consent: Revoke consent-based processing
  • Opt-Out (CCPA): We do not sell your information
  • Lodge Complaints: Contact your local data protection authority

8. Contact Us

To exercise your rights or for privacy inquiries:

  • WeChat: techfront-robot or xinmai002leo
  • Email:support@xpilot.app

You can also lodge formal complaints with your local data protection authority.