Welcome to Xapi’s Privacy Policy (the “Policy”). This Policy describes how X-venture Global Solutions Pvt Ltd (“Xapi,” “we,” or “us”) collects, uses, discloses, and protects your Personally Identifiable Information (PII) through our online services (the “Services”) and website (collectively, the “Site”).
We are committed to processing your PII in compliance with applicable data protection laws, including the General Data Protection Regulation (GDPR), the Personal Data Protection Act (PDPA) of Singapore, the Personal Data Protection Act (PDPA) of Sri Lanka, and in accordance with the security principles of ISO/IEC 27018:2019 for PII processors in the cloud.
1.1.Information You Provide Directly (User Data)
We may collect the following types of information:
| Category | Data Elements Collected | Purpose of Collection |
|---|---|---|
| Contact & Identity | User Name, First Name, Last Name, Email (corporate email for paid version and personal email free version) | To create and manage your account and identify you when you sign in. |
| Profile Information | Profile Picture/Bio, Website, Company, Country, TimeZone | To customize your user experience and facilitate collaboration within the platform |
| Account Administration | Names and email addresses for authorized users (if provided by a customer). | To administer, manage, and update the Customer's Xapi account and access permissions. |
| Billing Information | Billing address, and transaction records. | To process payments for paid services. |
1.2.Information Collected Automatically (Usage and Technical Data)
| Category | Data Elements Collected | Purpose of Collection |
|---|---|---|
| Usage Data | Interactions with the Services, features used, time spent, and service configuration settings. | To maintain and improve service performance, troubleshoot issues, and enhance user experience. |
| Log Data | IP address, browser type, device information, access times, and referring website addresses. | To monitor the stability and security of the Site and Services, prevent misuse, fraud, and security breaches |
We rely on the following legal bases to process your PII:
| Processing Purpose | Legal Basis for Processing | Rationale |
|---|---|---|
| Service Provision | Performance of a Contract | To fulfill our obligations under the End User License Agreement (EULA) and deliver the core Xapi Services. |
| Account Security | Legitimate Interests | To prevent fraud, ensure network and information security, and protect the integrity of your account and our systems. |
| Marketing & Analytics | Consent | For optional marketing communications or non-essential cookies. You have the full right to opt-in or opt-out. |
| Legal Compliance | Legal Obligation | To comply with mandatory legal or tax requirements. |
3.1.Disclosure to Third Parties
Xapi does not sell your PII. We only share PII with third parties as described below or with your explicit consent
Note: The following third-party sub-processors are authorized by Xapi to store Personal data collected through the platform with respect to the profile management of the customer.
| Sub-Processor Entity | Brief Description | Location of Data Center |
|---|---|---|
| MongoDB Atlas | Storing of customer data (First Name, Last Name, Email) related to the customer profile. | AWS / N. Virginia (us-east-1) |
| Office 365 | Storing information regarding the customers (If provided; Name, Email, and contact number). | Standard Microsoft Office 365 Cloud |
| AWS - S3 | Storing of the customer profile picture | AWS / N. Virginia (us-east-1) |
3.2. International Data Transfers
X-Venture is registered in Sri Lanka, and the PII collected from individuals located in the European Economic Area (EEA), the UK, or Singapore may be transferred to and stored in countries outside those jurisdictions.
When we transfer PII internationally, we take reasonable steps and implement appropriate safeguards to ensure the transferred PII receives a comparable level of protection, as required by the relevant data protection laws. These safeguards include Standard Contractual Clauses (SCCs) for data transfers between the originating country and third countries
3.3. Geographical Location
All User PII is primarily stored on servers located in data centers provided by our certified cloud hosting partner.
For a comprehensive list of the specific geographical locations where our sub-processors (third-party vendors) store or process data, please refer to the table in section 3.1.
We are committed to protecting your PII. We implement and maintain reasonable and appropriate technical and organizational security measures to protect your PII against unauthorized access, alteration, disclosure, or destruction, as required by global and local privacy legislations.
Our security program is designed and managed in alignment with ISO/IEC 27001:2022 (Information Security Management System) and ISO/IEC 27018:2019 (PII Protection in the cloud).
In addition, we routinely validate our security posture through independent audits, including annual penetration testing of the Xapi platform.
We retain your PII only for as long as necessary to fulfill the purposes for which it was collected, including for the purpose of satisfying any legal, accounting, or reporting requirements.
We determine the appropriate retention period based on:
You have the following rights regarding the PII we hold about you. You can exercise these rights by contacting our Data Protection Officer as per section 08.
| PII Principal Right | Description |
|---|---|
| Right to Access | Obtain confirmation of whether your PII is being processed and, if so, access to the data. |
| Right to Rectification | Have inaccurate or incomplete PII corrected without undue delay. |
| Right to Erasure | Request the deletion of your PII (Right to be Forgotten) under certain conditions. |
| Right to Restrict Processing | Restrict the way we process your PII under certain conditions. |
| Right to Data Portability | Receive your PII in a structured, commonly used, and machine-readable format. |
| Right to Object | Object the processing of your PII, especially for direct marketing purposes. |
| Right to Withdraw Consent | Withdraw your consent at any time where processing is based on consent. Withdrawal does not affect the lawfulness of processing before withdrawal. |
Cookies are small data files stored on your browser. We use them for essential service functionality and non-essential analytics/performance tracking.
For any questions, concerns, inquiries about this Privacy Policy, or to exercise any of your rights, please contact our dedicated Data Protection Officer at:
We may update this Policy to reflect changes in our practices, services, or regulatory requirements. The updated Policy will be effective upon posting on our website. We will notify you of material changes via email or a prominent notice on the Site.
The Xapi Community is a vibrant network of Xapi Platform users from around the globe: collaborating, innovating, and advancing together towards a more robust API design and governance ecosystem.
Copyright © 2025 X-Venture. All Rights Reserved.
