Your Privacy Matters

We collect information to provide, improve, and personalise our Services. This may include:

a. Information You Provide

• Name, company name, email address, and contact details
• Account registration data and communication preferences
• WhatsApp Business account details and API credentials
• Queries, feedback, or customer support interactions

b. Automatically Collected Information

• Log data such as browser type, IP address, device identifiers, and pages visited
• Usage data related to feature engagement and service performance
• Cookies or similar tracking technologies to enhance user experience

c. Information from Integrations and Third Parties

When you connect Xilot with third-party CRMs, e-commerce platforms, communication tools, or analytics services, we may receive limited data required to enable those integrations — always in accordance with the connected platform's own privacy rules.

• Deliver and improve Xilot's WhatsApp automation, Flow Builder, Agentic AI, and Lead Management features
• Authenticate accounts and secure access to the platform
• Personalise dashboards, analytics, and engagement insights
• Send product updates, customer support responses, and service notifications
• Process payments and manage subscription billing
• Comply with applicable legal and regulatory requirements
• Detect, investigate, and prevent fraudulent transactions and other illegal activities

We do not sell or rent your personal data to third parties. Information may be shared only in the following circumstances:

• Service Providers: With trusted vendors who assist in operations such as cloud hosting, payment processing, analytics, or communication delivery.
• Integrations: With third-party tools or systems that you explicitly choose to connect with your Xilot account.
• Legal Requirements: When disclosure is required to comply with applicable law, court orders, or to protect rights and prevent fraud.
• Business Transfers: In the event of a merger, acquisition, or sale of assets, your data may be transferred as part of that transaction.

All partners and vendors are bound by strict confidentiality and data protection agreements.

We implement industry-standard encryption (TLS in transit, AES-256 at rest), role-based access controls, audit logging, and continuous monitoring to safeguard your data against unauthorised access, alteration, disclosure, or destruction. However, no online service is entirely risk-free. You are encouraged to use strong, unique passwords, enable two-factor authentication where available, and follow best security practices for your account.

We retain your personal information for as long as your account is active or as needed to provide our Services, comply with legal obligations, resolve disputes, and enforce our agreements. Conversation logs and analytics data are retained for the duration of your subscription and up to 90 days after account closure, unless a longer period is required by law. You may request permanent deletion of your data by contacting us at info@crediblearena.com.

Depending on your location and applicable law (including GDPR, CCPA, and India's DPDP Act), you may have the following rights:

• Access or request a copy of the personal data we hold about you
• Correct or update inaccurate or incomplete information
• Request erasure ("right to be forgotten") of your personal data
• Withdraw consent or restrict processing where consent is the legal basis
• Object to processing for direct marketing purposes
• Request data portability in a machine-readable format

To exercise any of these rights, email us at info@crediblearena.com. We will respond within 30 days.

Xilot uses cookies, pixel tags, and similar technologies to understand traffic patterns, optimise user experience, and measure marketing effectiveness. Essential cookies are required for the platform to function. Analytics and preference cookies are optional and can be managed through your browser settings or our cookie consent banner. We do not use cookies to track you across unrelated third-party websites.

Xilot integrates with the WhatsApp Business API provided by Meta Platforms. By using Xilot's WhatsApp features, you also agree to Meta's Business Terms of Service and WhatsApp Business Policy. Customer conversations facilitated through our platform are subject to WhatsApp's messaging policies. Xilot acts as a data processor on your behalf for messages sent through the WhatsApp API.

Xilot operates globally. If you access our Services from outside India, your information may be transferred to and processed in India or other jurisdictions. We take appropriate safeguards, including Standard Contractual Clauses and data processing agreements, to ensure your data remains protected in accordance with applicable law regardless of where it is processed.

Xilot's Services are intended for business use by individuals aged 18 and above. We do not knowingly collect personal information from children under 13. If you believe a child has provided us personal information, please contact us immediately at info@crediblearena.com and we will promptly delete such data.

You have the right to request permanent deletion of all personal data Xilot holds about you. This right applies under GDPR (Article 17), CCPA, India's DPDP Act, and is required by Meta's Platform Terms for apps integrating with WhatsApp Business API.

How to Submit a Deletion Request

Email info@crediblearena.com with the subject "Data Deletion Request", or visit our dedicated page: xilot.app/data-deletion.

What Gets Deleted

• Account and profile information
• WhatsApp API credentials and phone number associations
• Conversation logs and automation flow history
• Contacts, leads, and CRM data you uploaded
• Usage analytics linked to your identity

Timeline

We acknowledge requests within 3 business days and complete deletion within 30 days of identity verification, followed by a written confirmation email. Certain data may be retained where required by law (e.g. tax, fraud prevention) or for active legal disputes.

We may update this Privacy Policy periodically to reflect changes in our practices, technologies, or applicable law. The "Effective Date" at the top of this page will reflect the most recent revision. We will notify you of material changes via email or an in-app notification at least 14 days before the changes take effect. Continued use of our Services after the effective date constitutes your acceptance of the updated policy.