Privacy Policy
XORV Digital Studio ("XORV", "we", "us", or "our"), operating at xorv.io, is committed to protecting the privacy and security of all individuals who visit our website and engage with our services. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information in full compliance with the General Data Protection Regulation (GDPR) (EU) 2016/679, the California Consumer Privacy Act (CCPA), and applicable data protection laws in the Kingdom of Saudi Arabia and the broader GCC region.
1. Information We Collect
We may collect the following categories of information:
- Identity Data: Full name, business name, job title.
- Contact Data: Email address, telephone number, mailing address.
- Transaction Data: Details of services purchased, payment amounts, and billing history. XORV does not store full credit card numbers or raw payment credentials — all payment processing is handled by Paddle.com, our designated Merchant of Record (MOR).
- Billing Metadata & Transaction Tokens: We receive and securely store tokenized transaction identifiers, subscription statuses, and event webhooks from Paddle to maintain accurate billing records and dispute resolution audit trails.
- Technical Data: IP address, browser type, time zone, operating system, and device identifiers.
- Usage Data: Pages visited, referral sources, and session duration.
2. How We Collect Your Information
We collect data through: (a) direct interactions — forms and contact requests; (b) automated technologies — cookies, server logs; (c) third-party processors including Paddle (payment processing) and standard analytics providers.
3. How We Use Your Information
- Performance of Contract: To deliver the services you have purchased, manage your account, and process payments.
- Legitimate Interests: To maintain accurate business records, prevent fraud, and manage risk against chargebacks or fraudulent disputes.
- Legal Obligation: To comply with applicable law, tax obligations, and regulatory requirements.
- Consent: To send marketing communications where you have opted in. You may withdraw consent at any time.
4. Payment Data & Paddle Processing
All financial transactions on xorv.io are processed by Paddle.com Market Limited (Paddle), which acts as the Merchant of Record for our products. Paddle is responsible for collecting, processing, and storing your payment card data (Visa, Mastercard, Mada, Apple Pay). XORV receives only tokenized transaction references, event notifications, and billing metadata necessary for service delivery and compliance records. Paddle's privacy practices are governed by Paddle's Privacy Policy at paddle.com/legal/privacy.
5. Data Security
We implement appropriate technical and organizational security measures including: encrypted data transmission (TLS 1.3+), access-controlled internal systems, tokenized storage of billing references, Content Security Policy headers, and regular security reviews. No electronic transmission method is 100% secure, but we use commercially acceptable standards at all times.
6. Data Retention
We retain personal data for as long as necessary to fulfill the purposes outlined in this policy — including accounting, legal compliance, and dispute resolution — typically a minimum of 7 years from the last transaction date, in line with standard commercial record-keeping obligations.
7. Your Rights (GDPR & CCPA)
Depending on your jurisdiction, you may have the following rights:
- Right to access — request a copy of data we hold about you.
- Right to rectification — request correction of inaccurate data.
- Right to erasure — request deletion of your data (subject to legal retention obligations).
- Right to restrict processing.
- Right to data portability.
- Right to object to processing based on legitimate interests.
- Right to opt-out of the sale of personal information (CCPA).
To exercise any right: privacy@xorv.io. We will respond to all verified requests within 30 days.
8. Cookies
We use strictly necessary cookies for website functionality and optional analytics cookies (set only with your consent). You may manage cookie preferences via your browser settings.
9. International Data Transfers
Your personal data may be processed outside your jurisdiction. Where transfers occur from the EEA/UK to third countries, we ensure appropriate safeguards including Standard Contractual Clauses approved by the European Commission.
10. Changes to This Policy
We may update this Privacy Policy periodically. Material changes will be communicated via the website or direct email. Continued use of our services following notification constitutes acceptance of the updated policy.
11. Contact
Privacy inquiries: privacy@xorv.io | XORV Digital Studio, xorv.io