Privacy Policy
Privacy Policy
Last Updated: February 11, 2026
Applies to: en.xinity.ai
1. Controller
Xinity FlexCo
Am Gestade 5/2, 1010 Vienna, Austria
Email: privacy@xinity.ai
3. Contact forms & newsletter
When you contact us or subscribe to our newsletter, we process the data you provide (e.g. name, email address, message). Purposes: Responding to inquiries Sending newsletters (only if you subscribe) Legal bases: Inquiries: Art. 6(1)(b) or Art. 6(1)(f) GDPR Newsletter: Art. 6(1)(a) GDPR (consent) We use Maildroppa as an email service provider (processor). Newsletter subscriptions use double opt-in. You can withdraw consent at any time via the unsubscribe link. Retention: We delete inquiries promptly unless follow-up is needed (typically within 6-12 months) Newsletter data: retained until you unsubscribe If you opt out of our email list, we will remove your data within 30 days (we may retain your email address on a suppression list to prevent accidental re-subscription). Newsletter subscribers can unsubscribe via the link in each email or by contacting us at contact@xinity.ai.
4. Analytics
Purpose: We collect aggregated analytics to understand website usage and improve content quality. Data collected: Page views, referral sources, device types (aggregated only). We use Matomo as our analytics platform, configured with: Privacy-first, GDPR-compliant settings EU-hosted or self-hosted infrastructure No cross-site tracking or behavioral profiling IP anonymization enabled Cookie-less operation where legally permitted Analytics are used solely to understand aggregated website usage and improve content quality — never to track individuals We explicitly do NOT use: Behavioral advertising trackers Cross-site tracking pixels User profiling for ad targeting Analytics systems that resell or reuse data Remarketing or retargeting technologies Legal basis: Art. 6(1)(f) GDPR (legitimate interest in website improvement and optimization).
5. Cookies
We do not use analytics or marketing cookies. Only strictly necessary cookies are used by Cloudflare (DDoS protection) and our hosting provider (session security and usability). These cookies are essential for security and basic site function. No consent is required for these cookies under GDPR, as they fall under the "strictly necessary" exception. Cookies we do NOT use: Third-party marketing cookies Advertising or remarketing cookies Cross-site tracking pixels Behavioral profiling cookies Our analytics operate cookie-less where legally permitted. You can configure your browser to reject cookies entirely, but this may impact site functionality.
6. Data retention
We retain personal data only as long as necessary for the stated purposes or to meet legal obligations. General retention principles: Contact inquiries: processed promptly, data retained typically 6-12 months, then deleted unless ongoing communication requires it Newsletter subscriptions: until you unsubscribe
7. Your rights
You have the right to: Access your data (Art. 15 GDPR) Rectification of inaccurate data (Art. 16 GDPR) Erasure (Art. 17 GDPR) Restriction of processing (Art. 18 GDPR) Data portability (Art. 20 GDPR) Object to processing (Art. 21 GDPR) Withdraw consent at any time (where processing is based on consent) Lodge a complaint with your local data protection authority (e.g., Austrian Data Protection Authority (DSB)) To exercise your rights, contact us at: contact@xinity.ai
8. Search Engine Visibility & Discoverability
We ensure discoverability through content quality and web standards, not surveillance. Our approach: Clean, standards-compliant HTML and site structure Fast, accessible page performance High-quality, relevant content Legitimate third-party references and backlinks Diagnostic tools: We may use search engine webmaster tools (such as Google Search Console) strictly for: Monitoring indexing status Identifying crawl or technical errors Understanding aggregated search performance These diagnostic tools: Do not track individual visitors Do not set cookies on your device Do not enable advertising or remarketing Are used for operational transparency only Our philosophy: Discoverability and privacy are not in conflict. We believe search visibility can be achieved through quality content and technical excellence, without invasive tracking or user profiling.
9. Data Sovereignty & Compliance
Core Principles: Data sovereignty first – we prioritize European-hosted and self-controlled systems Privacy by design – no behavioral profiling, no cross-site tracking Minimal dependency – we use only what is technically required for visibility and operation Open web standards – discoverability through content quality, not surveillance All data processing is designed to be: Understandable to users Defensible to regulators Credible to enterprise and public-sector customers We believe long-term trust is a competitive advantage.
10. Changes to this Policy
We may update this privacy policy from time to time. Changes will be posted on this page with an updated "Last updated" date.
11. Contact
For questions about this policy or our data practices, please contact: Xinity AI Email: contact@xinity.ai
