top of page

Xylor
- Privacy Policy

Effective date: 1st January 2026

This Privacy Policy explains how P101 LLC (“Xylor”, “we”, “us”) collects, uses, shares, and protects information when you use our websites, apps, and services (the “Services”).

If you have questions, contact us at privacy@xylor.ai

1) Scope

This Privacy Policy applies to:

  • visitors to our website(s),

  • people who create accounts or use our Services,

  • and people who communicate with us (sales, support, onboarding).

Customer Content: Our Services allow business customers to upload and process content (including contact records, documents, messages, and operational data). In those cases, the customer decides what data is uploaded and how it is used.

If you are an end user of a Xylor customer (for example, you are a contact or client whose information appears in a customer’s Xylor workspace), please contact that customer directly about your data.

2) Roles under privacy laws

Depending on the context:

  • Website visitors / marketing: Xylor is typically a data controller for information collected directly through our site (e.g., contact forms, analytics cookies).

  • Service platform: For Customer Content uploaded into the platform, Xylor typically acts as a data processor / service provider, and the business customer is the controller.

3) Information we collect

A) Information you provide to us

We may collect:

  • Account information: name, email address, role/title, company name, login credentials (or authentication tokens).

  • Billing information: billing contact details and payment status (payment card data is usually handled by our payment processor, not stored by us directly).

  • Support and onboarding communications: messages, files, and other information you send to us.

B) Customer Content (uploaded into the Service)

Our customers may upload content such as:

  • contact records (e.g., customers/clients),

  • business documents and attachments,

  • workflow data (tasks, projects, process steps),

  • communications and messages sent via the platform,

  • and other business operational content.

Important: Xylor does not provide third-party “enrichment” data. We do not buy or sell personal data. Data in the platform is provided by customers and their users.

C) Usage and device data

When you use the Services, we may collect:

  • log data (IP address, device/browser type, timestamps),

  • activity events (feature usage, clicks, page views inside the app),

  • performance and diagnostic data (crash logs, latency, errors),

  • approximate location (derived from IP, not precise GPS).

D) Cookies and similar technologies

We use cookies and similar tools for:

  • site functionality (session, preferences),

  • security (fraud prevention),

  • analytics (understanding site and product usage),

  • and, if enabled, marketing/advertising.

You can control cookies through your browser settings and, where required, through our cookie banner/consent tool.

4) How we use information

We use information to:

  • Provide and operate the Services (authentication, access control, feature delivery).

  • Secure the Services (fraud prevention, abuse detection, monitoring, incident response).

  • Support and onboard customers (implementation, troubleshooting, training).

  • Improve and develop features (analytics, debugging, product insights).

  • Communicate with you (service updates, billing notices, support responses).

  • Comply with legal obligations and enforce our Terms.

5) Legal bases for processing (EEA/UK)

Where GDPR applies, we rely on:

  • Contract (to provide the Services to customers and users),

  • Legitimate interests (security, service improvement, fraud prevention, business operations),

  • Consent (for certain cookies/marketing communications where required),

  • Legal obligation (compliance with laws, lawful requests).

6) Sharing and disclosure

We share information only as needed to operate the Services:

A) Service providers (sub-processors)

We use vendors to host and operate the Services. Examples may include:

  • Cloud hosting and storage: AWS (Amazon Web Services)

  • Email sending providers (for platform emails)

  • Telephony providers (for the Global Calling System)

  • AI providers (to power AI-assisted features)

  • Analytics and error monitoring tools

  • Customer support tools

We require service providers to protect data and use it only to provide services to Xylor.

B) Calling (Global Calling System)

Calling usage is billed on a per-usage basis. Telephony providers process call metadata and/or content as required to complete calls. Rates and usage details are provided during onboarding and/or within workspace settings.

C) Legal and safety

We may disclose information if we believe disclosure is reasonably necessary to:

  • comply with law or lawful requests,

  • protect rights, safety, and security of Xylor, our customers, or others,

  • investigate fraud or abuse.

D) Business transfers

If Xylor is involved in a merger, acquisition, financing, or sale of assets, information may be transferred as part of that transaction, subject to appropriate protections.

7) Data retention

We retain information for as long as needed to:

  • provide the Services,

  • comply with legal obligations,

  • resolve disputes,

  • enforce agreements,

  • and maintain security.

Customer Content is retained according to the subscription lifecycle and our standard deletion practices. After termination, we may provide a limited export window and then delete Customer Content from production systems within a commercially reasonable period, subject to backups and legal requirements.

Retention details: 15 days of data retention.

8) Security

We use technical and organizational measures designed to protect information, including:

  • encryption in transit (TLS) and encryption at rest where supported,

  • access controls and least-privilege practices,

  • monitoring and logging to detect abuse and security incidents,

  • secure cloud infrastructure (e.g., AWS).

No system can be guaranteed 100% secure. Customers are responsible for setting appropriate internal controls, permissions, and safe data practices when using the platform.

9) International data transfers

If you access the Services from outside the country where our systems operate, your information may be transferred internationally. Where required, we use appropriate transfer mechanisms (e.g., Standard Contractual Clauses) and vendor safeguards.

10) Your privacy rights

Depending on your location, you may have rights such as:

  • access to personal information,

  • correction,

  • deletion,

  • restriction or objection,

  • data portability,

  • withdrawal of consent (where processing is based on consent).

Platform data rights: If your information is contained in a customer’s workspace, we may refer your request to the relevant customer (the controller) to handle it.

To submit a request, contact privacy@xylor.com

11) Children

Our Services are not directed to children, and we do not knowingly collect information from children under [13/16](choose based on your target markets).

12) Changes to this policy

We may update this Privacy Policy from time to time. If changes are material, we will post an updated version and update the effective date. Where required, we will provide additional notice.

13) Contact us

P101 LLC
Address: 1309 Coffeen Avenue STE 1200,  Sheridan Wyoming 82801

Email: privacy@xylor.com

bottom of page