Xube Logo

Privacy Policy

Last updated: December 11, 2024

XUBE is owned and operated by XUBE PTY LTD.

XUBE deeply values your privacy and the protection of your personal data. This privacy policy details the information we collect, the methods we use to obtain it, the purposes for which we use it, the process by which we obtain your consent, the period for which we retain it in our databases and, if necessary, with whom we share it.

In this privacy policy, the words "website" refer to the XUBE website, "we", "us", "our" and "XUBE" refers to XUBE PTY LTD, "you", "customer" and "user" refers to you, a user or customer of XUBE and "services" refers to the products, services and solutions offered and provided by XUBE.

By using our website and services, you are accepting the practices described in this privacy policy. Your use of the website and our services is also subject to our terms and conditions. This privacy policy may change from time to time. Any changes to this policy that affect the processing of your data will be notified to our users or interested parties by any electronic means and posted on the XUBE website. Your continued use of the website and our services after we make changes to this privacy policy will be deemed acceptance of those changes, so please check this policy periodically for updates.

This privacy policy has been developed and is maintained in accordance with all applicable national and international privacy and data protection laws and regulations and specifically, the Privacy Act 1988 (Australian Regulations), the Data Protection Act 2018 (UK regulations), the General Data Protection Regulation (GDPR - European regulations), the Digital Personal Data Protection Act (DPDPA - Indian regulations), the Personal Information Protection and Electronic Documents Act (PIPEDA - Canadian regulations), the California Consumer Privacy Act of 2018 (CCPA), and the California Privacy Rights Act (CPRA).

1. GENERAL INFORMATION

The personal data of users that are collected and processed through the website and the use of XUBE services will be under the responsibility and in charge of:

  • XUBE PTY LTD.
  • Email: help@xube.io

2. HOW WE OBTAIN YOUR CONSENT

By visiting the website, contracting and using our services, making a payment for our services and contacting us via our forms or contact information, you agree to our collection, storage and use of your information as set out in this privacy policy. You may withdraw your consent at any time by sending us your request through our contact information.

3. TYPES OF INFORMATION COLLECTED

The information we collect from our users helps us to continually improve the user experience on the website and provide our services appropriately. These are the types of information we collect:

Information you provide to us. You provide information when you visit the website, contract and use our services, make a payment for our services and contact us through our forms and contact information. As a result of those actions, you may provide us with the following information:

For Users:

  • Name
  • Business name
  • Email
  • Phone number (optional)
  • Avatar (optional)

For Organizations:

  • Organizational name
  • Server addresses
  • Location
  • Device locations
  • Payment information (credit card details)

Data Collected through Sensors: XUBE collects data from sensors connected to its hardware solely for the purpose of transmitting it to the endpoints specified by the customer. This data is collected ephemerally during the transfer process and is not stored in our systems, unless the customer explicitly requests and agrees with XUBE to temporary or permanent storage of the data. XUBE guarantees that all transmitted data is handled securely and in compliance with applicable data protection regulations, limiting its processing strictly to the scope defined by the customer.

User login and authentication: To access the XUBE platform, users may be required to authenticate themselves using options such as single sign-on (SSO) and federated authentication, including third party providers such as Google or other systems that support OAuth protocols. During this process, XUBE collects and processes basic information provided by the authentication provider, such as name, email address and access token, necessary to identify the user and grant access to the platform.

The information collected in the authentication process is used exclusively to manage access to the platform, ensure account security and provide a personalised experience. By opting for authentication through a third party provider, the user authorises XUBE to receive and process this information under the terms of this privacy policy and in accordance with the terms and conditions of the third party provider.

XUBE does not store or have access to user passwords for third party accounts and will not be responsible for unauthorised access resulting from the loss or compromise of external credentials. All information processed during authentication is handled in accordance with XUBE's security standards and applicable data protection laws.

Usage Data (website): As you browse our website, certain usage data is automatically collected. These include technical information such as the IP address of your device, the type and version of your browser, the specific pages you visit on our website, the date and time of your access, the amount of time you spend on those pages, and other diagnostically relevant data.

In the case of access via mobile devices, we also collect information specific to these devices. This may include, but is not limited to, the type of mobile device used, its unique identifier, the IP address of the device, the mobile operating system and the type of mobile browser, along with other identifiers and diagnostic data.

In addition, we collect information that your browser automatically provides each time you visit our website or access our website using a mobile device.

Contact Information: We may access some personal information about the user, such as name and email address, when the user or any third party communicates with us through our contact information. Personal information provided through our contact information is not stored on any XUBE server and will be stored on the respective server of our email service.

4. HOW LONG WE KEEP YOUR DATA

Personal data provided by our users through our website and services, as well as information collected through the use of our hardware and sensors, will be retained only for as long as necessary to provide the contracted services and fulfil the legitimate purposes described in this policy. Ephemeral data collected through sensors connected to our hardware are processed exclusively for operational purposes and are not stored on a long-term basis, unless the customer explicitly requests their storage. In such cases, XUBE will limit the temporary storage period to a maximum of 30 days, unless there are legal requirements or specific contractual agreements that allow or require a longer period. Once the agreed temporary period has expired, the data will be securely deleted.

In addition, information about your use of our platform (including flow data, API calls and other transactional interactions) is retained for the purposes of calculating the costs associated with our services, billing customers based on usage and providing clear records of your transactional interactions. This information will be stored for the period necessary to comply with contractual, accounting and tax obligations, not exceeding the time periods established by applicable laws in each jurisdiction.

XUBE may retain personal data for longer periods if the user has given explicit consent or if it is necessary for compliance with legal obligations or by order of a competent authority. Once the retention period has expired, the personal data will be permanently deleted. Therefore, the right of access, the right of erasure, the right of rectification and the right to data portability may not be exercised with regard to data that have been deleted after the expiry of their retention period.

5. HOW WE USE YOUR INFORMATION (LEGITIMATE PURPOSES)

In general, we use the data we collect from our users and customers primarily to provide our services properly. We use the data collected through our website as described below:

  • Provide our services appropriately (DAQ, SaaS, HaaS, API, customised solutions and backend hosting).
  • Prepare the relevant service agreement and Statement of Work (SOW) with the customer.
  • Perform analytics functions cover interactions between the website, the application (user-to-machine) and the API (machine-to-machine).
  • Facilitate the functionality, analysis and secure operations of our services.
  • Install our hardware at the customer's premises.
  • Provide our system of access and identity management (roles, etc.).
  • Send invoices for our services to customers.
  • Process payments for our services.
  • Process ephemeral and sensor data according to customer specifications.
  • Send push notifications through our applications and services.
  • Process cancellation and refund requests.
  • Understand and improve your experience using our website and services.
  • Respond to your comments or questions through our contact information.
  • Send you related information, including confirmations, invoices, technical notices, updates, security alerts, and support and administrative messages.
  • Send you relevant information about our website and services.
  • Marketing purposes of XUBE.
  • Link or combine your information with other data we obtain from third parties to help us understand your needs and provide you with better service.
  • Process and respond to requests related to users' privacy rights.
  • Protect, investigate and deter fraudulent, unauthorised or illegal activities.

6. HOW WE SHARE INFORMATION

Information about our customers is an important part of our business, and we are not in the business of selling it to others. We share customer information only as described below.

Third-Party Tools. XUBE uses third party tools to support the functionality of its services and ensure an optimal experience for its users. These tools include current services such as AWS (DynamoDB, S3) and HubSpot, which are used for data storage, processing and management. In order to adapt to changing customer needs and continuously improve the platform, XUBE's system can be extended over time to incorporate additional third-party tools.

All third-party tools used comply with applicable data protection regulations, including, but not limited to, the General Data Protection Regulation (GDPR) and other international privacy laws. Before integrating any new tool, XUBE performs security and privacy assessments to ensure the protection of users' personal data.

XUBE guarantees that any use of third-party tools will be limited to the extent necessary to provide the contracted services and fulfil the legitimate purposes described in this policy. Users will be informed of any significant changes in the use of third-party tools through updates to this privacy policy.

Push Notifications: XUBE uses push notifications through its applications and services to keep users informed about relevant updates, system status, alerts related to hardware and contracted services, as well as important communications related to the use of the platform. These notifications are sent for operational, informational or maintenance purposes only and may include reminders or specific recommendations related to device and data management. Users have the ability to manage their push notification preferences through the settings of the application or device used, and can enable or disable them at any time. XUBE guarantees that push notifications will not include unsolicited content or content of an advertising nature without the prior consent of the user.

Email Communications: By providing your email address, you consent to receive relevant content, notifications, and information from us. As a result, your email address may be shared with third-party bulk email service providers solely for the purpose of sending you these communications. If you wish to stop receiving emails from XUBE, You can unsubscribe at any time by using the ‘unsubscribe’ link available in some XUBE emails or you can send us a request through our contact information available in this policy.

Business Transfers. In the event XUBE creates, merges with, or is acquired by another entity, your information will likely be transferred. XUBE will send you an email or post a prominent notice on our website before your information becomes subject to another privacy policy.

Protection of XUBE and Others. We release personal information when we believe release is appropriate to comply with the law, enforce or apply our terms and conditions and other agreements, or protect the rights, property, or safety of XUBE, our users, or others. This includes exchanging information with other companies and organisations for fraud protection and credit risk reduction.

Anonymous Information. XUBE uses anonymous browsing information collected automatically by our servers primarily to help us administer and improve the website. We may also use aggregated anonymous information to provide information about the website to potential business partners and other unaffiliated entities. This information is not personally identifiable.

7. DATA BREACH NOTIFICATIONS

In the event of a personal data breach, such as unauthorised access, loss, disclosure or improper alteration of information that may compromise the privacy or security of users, an immediate response protocol will be activated to assess and mitigate the impact of the incident. Once the scope of the breach has been confirmed, and if it represents a high risk to the rights and freedoms of the affected individuals, the competent authorities will be notified within 72 hours of becoming aware of the incident, in compliance with the provisions of the General Data Protection Regulation (GDPR) and other relevant international regulations.

Affected users will be informed without delay if the breach poses a significant risk to their rights and freedoms. The notification shall include a detailed description of the nature of the incident, the types of data compromised, the possible consequences, the actions implemented to resolve the problem and recommendations to protect against possible additional risks.

A comprehensive record shall be kept of all incidents related to personal data breaches, including investigations, corrective actions and communications with the parties involved. This approach seeks to ensure transparency, compliance and continuous improvement of security measures to protect personal information.

8. TRANSBORDER DATA TRANSFERS

XUBE may transfer personal data collected from its users to servers located outside the European Economic Area (EEA) or the country of residence of the user, in order to ensure the functionality of our services and the fulfillment of the contracted operations. Such transfers are only made to countries that guarantee an adequate level of data protection, in accordance with the provisions of the General Data Protection Regulation (GDPR) and other applicable international regulations.

Where transfers of personal data are made to countries that do not provide an adequate level of protection according to the European Commission, XUBE will implement appropriate safeguards, such as the use of standard contractual clauses approved by the European Commission or equivalent mechanisms, to ensure the protection of the information. In addition, XUBE will take the necessary technical and organisational measures to ensure the security and confidentiality of the data transferred.

Users have the right to obtain information about the specific safeguards implemented for each international data transfer, as well as to receive a copy of these safeguards upon request through the contact channels specified in this policy. By using XUBE's services, users consent to such international data transfers in accordance with the terms set forth in this policy and applicable privacy regulations.

9. PROTECTION OF YOUR INFORMATION (DATA SECURITY)

We only grant access to your personal information to those outside persons or services who have a legitimate need to know, in accordance with our privacy policy. We adhere to industry-recognised security standards to protect your personal information during both transmission and storage. We currently use tools such as AWS (DynamoDB, S3) and HubSpot to manage and store data, and additional tools may be introduced as our platform evolves. Our permissions system, although currently in a basic state, is continually being improved to ensure greater levels of security and control over access to information.

It is important to note that while XUBE strives to implement commercially viable methods of data protection and follows state-of-the-art security standards, no method of transmission over the Internet or electronic storage is completely foolproof or 100% secure. For this reason, we cannot guarantee the absolute security of your personal information.

We undertake not to sell, distribute or transfer your personal information to unauthorised third parties unless we have your explicit consent or are required by law to do so. We continue to evaluate and improve our security practices to protect your information effectively and responsibly.

10. PRIVACY RIGHTS

Users who provide information through our website and the use of our services, as data subjects and owners of their data, have the right to access, rectify, download or delete their information, as well as to restrict and object to certain processing of their information. While some of these rights apply generally, others apply only in certain limited circumstances. These rights are described below:

  • Access and portability: to access and know what information is stored on our servers, you can send us your request through our contact information.
  • Rectification, restriction, limitation and deletion: You may also rectify, restrict, limit or delete much of your information.
  • Right to be informed: Users of our website will be informed, upon request, about what data we collect, how it is used, how long it is kept and whether it is shared with third parties.
  • Object: Where we process your data based on our legitimate interests, as explained above, or in the public interest, you may object to this processing in certain circumstances. In such cases, we will stop processing your information unless we have legitimate grounds to continue processing it or where necessary for legal reasons.
  • Withdraw consent: Where you have previously given your consent, for example to allow us to process and store your personal information, you have the right to withdraw your consent to the processing and storage of your information at any time. For example, you can withdraw your consent by contacting us. In certain cases, we may continue to process your information after you have withdrawn your consent if we have a lawful basis for doing so or if your withdrawal of consent was limited to certain processing activities.
  • Complaint: If you wish to lodge a complaint about our use of your information (and without prejudice to any other rights you may have), you have the right to do so with your local supervisory authority. Users may exercise all of these rights by contacting us via the contact information or contact page.
  • Rights related to automated decision-making, including profiling: Users may request that we provide them with a copy of the automated processing activities we conduct if they believe that data is being unlawfully processed.

Users or holders of personal data provided through the website and the use of our services may exercise these rights over their personal data at any time and without limitation, by sending their request to the email help@xube.io or complete our contact form available on the website. The request to exercise your rights will be processed and answered within 10 working days of sending the request.

11. RIGHT TO LODGE A COMPLAINT WITH THE DATA PROTECTION AUTHORITIES

XUBE users and customers have the right to lodge a complaint with the competent data protection authorities if they consider that their rights have been violated or that their personal data have not been processed in accordance with the applicable regulations. Listed below are the main jurisdictions where XUBE operates, the relevant competent authorities and links to file a complaint. This is subject to change:

Australia

  • Authority: Office of the Australian Information Commissioner (OAIC)
  • Complaint link: OAIC - Make a complaint
  • Expected response time: Up to 30 working days from receipt of the complaint.

United States

  • Authority: Depends on the state; at the federal level, the Federal Trade Commission (FTC) oversees privacy issues.
  • Complaint link (FTC): FTC - File a complaint
  • Expected response time: Varies by state or federal agency; the FTC does not guarantee specific time frames.

European Union (EU)

  • Authority: National data protection authorities of each Member State (supervised by the European Data Protection Board - EDPB).
  • Complaint link: Consult the list of local authorities EDPB - National Authorities.
  • Expected response time: Up to 3 months, according to the General Data Protection Regulation (GDPR).

Canada

  • Authority: Office of the Privacy Commissioner of Canada (OPC)
  • Complaint link: OPC - Make a complaint
  • Expected response time: Up to 12 months depending on the complexity of the case.

India

  • Authority: Data Protection Board of India (once implemented by the Digital Data Protection Act). Currently, complaints are directed to data controllers.
  • Complaint link: Not available at the moment; will be updated once secondary regulations are issued.
  • Expected response time: As set out in the applicable law.

Singapore

  • Authority: Personal Data Protection Commission (PDPC).
  • Complaint link: PDPC - Make a complaint
  • Expected response time: Up to 90 days, depending on the complexity of the case.

Malaysia

  • Authority: Personal Data Protection Department (PDPD)
  • Complaint link: PDPD - File a complaint
  • Expected response time: Varies depending on initial assessment.

United Kingdom

  • Authority: Information Commissioner's Office (ICO)
  • Complaint link: ICO - File a complaint
  • Expected response time: Up to 3 months.

Brazil

  • Authority: National Data Protection Authority (ANPD)
  • Complaint link: ANPD - File a complaint
  • Expected response time: According to the applicable regulations.

XUBE is committed to cooperating fully with local data protection authorities in the investigation and resolution of any complaints. In addition, we will work to respond directly to users within a reasonable timeframe, generally within 30 days of receipt of the complaint.

12. PERSONAL INFORMATION OF MINORS

We comply with the requirements of national and international data protection regulations regarding the protection of personal data of minors. Our services are intended for persons over the age of 18 and we do not collect any information from children under the age of 18. If we become aware that a child under the age of 18 has provided us with personal information, we will take steps to delete that information.

13. THIRD PARTIES

Except as expressly included in this privacy policy, this document only addresses the use and disclosure of information that XUBE collects from you. If you disclose your information to third parties, different rules may apply to their use or disclosure of the information you disclose to them. XUBE does not control the privacy policies of third parties, and you are subject to the privacy policies of such third parties where applicable. XUBE is not responsible for the privacy or security practices of third parties, including those linked to or from the website. Please refer to the privacy policies of any third-party websites or services you access through the website.

14. CHANGES TO PRIVACY POLICY

We reserve the right to change our privacy policy at any time. Any changes to our privacy policy that involve a significant change in the processing of data will be promptly notified to our users and customers and posted on our website. Your continued use of our website and services following such informed changes will signify your acceptance of those changes.

15. CONTACT INFORMATION

If you have questions or concerns about this privacy policy and the treatment and security of your data, please contact us using the contact information below:

XUBE PTY LTD - XUBE.

Email: help@xube.io