Privacy Policy

Xpylon Ltd ("Xpylon", "we", "us", or "our") operates the Xpylon Connect mobile application and website (the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

1. Information We Collect

1.1 Information You Provide

• Account information: Phone number (for authentication via OTP), first name, last name, email address, company name, job title/role, industry, and bio.
• Profile data: Professional information you share to help us match you with relevant contacts and opportunities.
• Communications: Messages, files, and attachments you send through the platform's chat feature.
• Opportunity listings: Business opportunities you create, including titles, descriptions, tags, and visibility preferences.
• Call recordings: Audio recordings of calls, only when both participants explicitly consent to recording. Recordings are used solely for transcription and summary generation.

1.2 Information Collected Automatically

• Device information: Push notification tokens for delivering notifications to your device.
• Usage data: Online/offline status, last seen timestamps, and message read/delivery receipts.
• AI-generated data: Profile embeddings (mathematical representations of your professional profile) used for smart matching. These are not human-readable.

1.3 Information We Do NOT Collect

• Location data
• Contact list or address book
• Browsing history
• Financial or payment information
• Biometric data

2. How We Use Your Information

• Authentication: We use your phone number to verify your identity via one-time passcodes (OTP) sent by SMS.
• Smart matching: We use AI to analyze your professional profile and match you with relevant professionals and business opportunities.
• Messaging: We store and deliver your messages, attachments, and call data to facilitate communication between connected users.
• Call transcription and summaries: When both parties consent, we transcribe call recordings and generate AI-powered summaries to help you track discussions and action items.
• Content moderation: We use AI to screen business opportunities for scams, fraud, and policy violations to maintain platform integrity.
• Notifications: We send push notifications for new messages, connection requests, incoming calls, reminders, and opportunity matches.
• Follow-up reminders: When you set a reminder, we store it and notify you at the scheduled time.

3. Call Recording & Transcription

Xpylon Connect offers an optional call recording feature designed to help professionals keep track of business discussions. This feature has strict privacy safeguards:

• Dual consent required: Recording can only begin after both participants explicitly consent. Either party can decline, and either can stop the recording at any time.
• Transparency: A visible recording indicator is shown to all participants throughout the recording.
• Purpose limitation: Recordings are used solely to generate transcriptions and AI summaries. They are not shared with third parties, used for advertising, or retained longer than necessary.
• Professional focus: AI summaries extract only business-relevant content (topics, decisions, next steps) and exclude personal conversation.
• Content safety: AI automatically flags potentially inappropriate or harmful content and notifies platform administrators.

4. Privacy-First Networking

Your profile privacy is central to Xpylon Connect's design:

• Anonymized suggestions: When you appear as a match suggestion, other users see only your role, industry, and bio — never your name, company, or contact details.
• Mutual consent: Your full profile is revealed only after you accept a connection request.
• No public profiles: There are no publicly searchable profiles. Connections are made through AI matching or personal invitations only.

5. Data Sharing

We do not sell your personal information. We share data only in these limited circumstances:

• With connected users: When you accept a connection, your profile information becomes visible to that contact.
• Service providers: We use the following third-party services to operate the platform:
  • Twilio — SMS delivery for authentication and invitations
  • OpenAI — AI matching, content moderation, call transcription (Whisper), and conversation summaries (GPT)
  • Expo — Push notification delivery
• Legal requirements: We may disclose information when required by law, regulation, or legal process.

6. Data Security

• All API communication uses HTTPS encryption in transit.
• Authentication tokens (JWT) are short-lived (15 minutes) with secure refresh tokens (7 days).
• Passwords are never stored — we use OTP-based authentication.
• File uploads are validated and restricted (no executable files).
• WebSocket connections are authenticated and membership-verified for every operation.
• Call recordings are processed and deleted after transcription is complete.

7. Data Retention

• Account data: Retained as long as your account is active.
• Messages: Stored until you delete them (soft delete — marked as deleted but content removed).
• Call recordings: Audio files are deleted after transcription is complete. Transcription text and summaries are retained in the conversation.
• Reminders: Stored until they are sent or cancelled by you.
• AI embeddings: Updated whenever your profile changes, deleted when your account is removed.

8. Your Rights

Depending on your jurisdiction, you may have the right to:

• Access the personal data we hold about you
• Request correction of inaccurate data
• Request deletion of your account and associated data
• Object to or restrict certain processing
• Withdraw consent for call recording at any time
• Request a copy of your data in a portable format

To exercise any of these rights, please contact us at the address listed above.

9. Demo Mode

Xpylon Connect offers a demo mode for exploring the platform with sample data. In demo mode:

• No real SMS or emails are sent
• Demo data is fully isolated from real user data
• No personal phone numbers are required — you can use pre-configured demo accounts
• Push notifications may still be sent to your device for demonstration purposes

10. Children's Privacy

Xpylon Connect is designed for business professionals and is not intended for use by individuals under the age of 18. We do not knowingly collect information from minors.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last updated" date. Your continued use of the Service after changes constitutes acceptance of the updated policy.

12. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us at: