Privacy Policy
Last updated September 16, 2021
In this policy, we describe how we are processing your personal data as a data controller and how you as an individual can exercise your rights. We only process personal data in accordance with the GDPR and other applicable legislations.
Logs
In order to respect our users’ privacy, Xeovo enforces a strict no-logs policy. This means we keep no session usage logs of what you do online, and we do not log metadata that can compromise your privacy.
- no logging of IP addresses
- no logging of traffic
- no logging of timestamps
- no logging of DNS requests
- no logging of MAC addresses
- no logging of individual user bandwidth volumes
Court orders
Xeovo can not provide any activity information or logs about users if a court order was issued asking us to provide that information. As previously mentioned, no information about what our users do when connected is stored.
The only information we would be able to provide would be account information detailed further below as well as the method of payment. However, it requires that the court order is for a specific person and that the authorities want to verify if that person has a user account with us. We have not provided any information about our users to any government entities.
Cookies
We use cookies to help you authenticate with our Service and to prevent unauthorized parties from accessing your account. We don't use any analytics.
- csrftoken (expires after one year) – is used to prevent Cross-Site Request Forgery (CSRF) attacks.
- referrer (expires after one year) - is created when someone invites you through referral link.
- sessionid (expires after 14 days) - is used to identify a user that has logged into a website.
- theme (expires after one year) - is used to save which color theme you prefer to use on our website.
- __stripe_sid (expires after 30 minutes) – is implemented by Stripe and created when you proceed to the Stripe payment page.
- __stripe_mid (expires after one year) – is implemented by Stripe and created when you proceed to the Stripe payment page.
User information
During account registration, users must supply a desired username and a password. While we recommend our users to provide an email address, it is entirely optional. The email address is used for events such as account recovery in case of a forgotten password, to send upcoming billing notifications, receipts after payments as well as an optional newsletter about our service.
We store the following data for each account:
- Username: the username that was specified during account registration.
- Password: the password that was specified during account registration is stored hashed.
- Email: the email address that was specified during account registration.
- Date joined: timestamp rounded to the nearest hour of when the account was created.
- Newsletter: 0 or 1. If user is subscribed to our newsletter.
- Subscription: expiration date of the subscription.
Retention of data
We will retain your information as long as your account is active, and as long as necessary to provide you with the services or as otherwise set forth in this Policy. We will also retain and use this information as necessary for the purposes defined in this Policy and to the extent necessary to comply with our legal obligations, resolve disputes, enforce our agreements and protect Xeovo's legal rights.
Links to other websites
The website may provide the ability to connect to other websites. These websites may operate independently from us and may have their own privacy notices or policies, which we strongly suggest you to review. If any linked website is not owned or controlled by us, we are not responsible for its content, any use of the website or the privacy practices of the operator of the website.
International data transfers
We comply with European Economic Area (“EEA”) applicable laws to provide an adequate level of data protection and will not transfer your stored Personal Data outside of European Economic Area (“EEA”).
The rights of individuals
If a user wishes to delete any information we have about them, that user can contact us. If the user has an active subscription, any remaining subscription time will also be removed.
Users have the right to request, at any time, that their personal is either corrected or deleted. Users also have the right to request a copy of their personal data. If a user wishes to change, delete or receive a copy of their personal data, please contact our support.
Do note that we are not able to provide users with payment data as that is not stored by us.
If you are displeased with our processing of your personal data, please contact us or submit a complaint to the supervisory authority (The Office of the Data Protection Ombudsman (Tietosuojavaltuutetun toimisto), https://tietosuoja.fi/).
Data controller contact information
Xeovo Oy Reg. no. 3233901-7 Rautiontie 5G 30 00640 Helsinki Finland [email protected]To exercise your rights under the GDPR or if you have any questions regarding our processing of your personal data, please send your inquiry to the e-mail address above.
Privacy policy changes
We may update this Policy from time to time to reflect new services, changes in our Personal Data practices or relevant laws. Any changes are effective when we post the revised Privacy Policy on our website.