Privacy Policy

1. Legal framework

This website is operated by Xinity FlexCo, domiciled at Am Gestade 5/2, 1010 Vienna, Austria. The processing of personal data is governed by the General Data Protection Regulation (GDPR), the Austrian Data Protection Act (DSG), the Austrian Telecommunications Act (TKG), and the Austrian E-Commerce Act (ECG). Information and disclosure pursuant to section 5 of the Austrian E-Commerce Act can be found on our Legal Notice page.

2. Controller

3. Hosting & infrastructure

Our website is built and hosted on Framer (GDPR-compliant infrastructure). Server locations: European Union data centers only (Frankfurt, Germany primarily). By accessing our website, traffic data and logs are handled by Framer on our behalf. Search engine accessibility: Our website is crawlable by legitimate search engines for indexing purposes. This does not involve user tracking. Legal basis: Art. 6(1)(b) GDPR (performance of contract) and Art. 6(1)(f) GDPR (legitimate interest in website operation and security).

4. Contact forms & newsletter

When you contact us or subscribe to our newsletter, we process the data you provide (e.g. name, email address, message). Purposes: Responding to inquiries Sending newsletters (only if you subscribe) Legal bases: Inquiries: Art. 6(1)(b) or Art. 6(1)(f) GDPR Newsletter: Art. 6(1)(a) GDPR (consent) We use Maildroppa as an email service provider (processor). Newsletter subscriptions use double opt-in. You can withdraw consent at any time via the unsubscribe link. Retention: We delete inquiries promptly unless follow-up is needed (typically within 6-12 months) Newsletter data: retained until you unsubscribe If you opt out of our email list, we will remove your data within 30 days (we may retain your email address on a suppression list to prevent accidental re-subscription). Newsletter subscribers can unsubscribe via the link in each email or by contacting us at contact@xinity.ai.

5. Booking & scheduling

We use Calendly, a US-based scheduling service, to allow you to book meetings and demo calls. When you book a call, Calendly collects and processes the personal data you provide (name, email address, and any additional information you enter). Calendly processes this data on their servers, which may be located outside the European Union. Calendly relies on Standard Contractual Clauses (SCCs) for international data transfers. For more information, see Calendly's own privacy policy. Legal basis: Art. 6(1)(b) GDPR (pre-contractual measures at your request).

6. Analytics

Purpose: We collect aggregated analytics to understand website usage and improve content quality. Data collected: Page views, referral sources, device types (aggregated only). We use Matomo as our analytics platform, self-hosted on our own infrastructure. Matomo is configured with: Privacy-first, GDPR-compliant settings Self-hosted on European infrastructure under our full control No cross-site tracking or behavioral profiling IP anonymization enabled Analytics are used solely to understand aggregated website usage and improve content quality - never to track individuals We explicitly do NOT use: Behavioral advertising trackers Cross-site tracking pixels User profiling for ad targeting Analytics systems that resell or reuse data Remarketing or retargeting technologies Legal basis: Art. 6(1)(f) GDPR (legitimate interest in website improvement and optimization).

7. Cookies

We do not use analytics or marketing cookies. Only strictly necessary cookies are used by Cloudflare (DDoS protection) and our hosting provider (session security and usability). These cookies are essential for security and basic site function. No consent is required for these cookies under GDPR, as they fall under the "strictly necessary" exception. Cookies we do NOT use: Third-party marketing cookies Advertising or remarketing cookies Cross-site tracking pixels Behavioral profiling cookies You can configure your browser to reject cookies entirely, but this may impact site functionality.

8. Data retention

We retain personal data only as long as necessary for the stated purposes or to meet legal obligations. General retention principles: Contact inquiries: processed promptly, data retained typically 6-12 months, then deleted unless ongoing communication requires it Newsletter subscriptions: until you unsubscribe Calendly bookings: subject to Calendly's own retention policies; we delete our copies of booking data after the purpose is fulfilled

9. Your rights

You have the right to: Access your data (Art. 15 GDPR) Rectification of inaccurate data (Art. 16 GDPR) Erasure (Art. 17 GDPR) Restriction of processing (Art. 18 GDPR) Data portability (Art. 20 GDPR) Object to processing (Art. 21 GDPR) Withdraw consent at any time (where processing is based on consent) Lodge a complaint with your local data protection authority (e.g., Austrian Data Protection Authority (DSB)) To exercise your rights, contact us at: contact@xinity.ai

10. International data transfers

We prioritize keeping data within the European Union. Our website hosting (Framer, EU servers), analytics (Matomo, self-hosted), and newsletter service (Maildroppa) all operate within the EU. However, certain third-party services we use may process data outside the EU: Calendly (US-based) for meeting scheduling relies on Standard Contractual Clauses (SCCs) for data transfers. GitHub (US-based) hosts our open-source repositories; interaction with GitHub is voluntary and subject to GitHub's own privacy policy. Google Search Console is used for website diagnostics only and does not process visitor personal data. Where data is transferred outside the EU, we ensure appropriate safeguards are in place in accordance with GDPR Art. 44-49, including Standard Contractual Clauses or adequacy decisions where available.

11. Search Engine Visibility & Discoverability

We ensure discoverability through content quality and web standards, not surveillance. Our approach: Clean, standards-compliant HTML and site structure Fast, accessible page performance High-quality, relevant content Legitimate third-party references and backlinks Diagnostic tools: We may use search engine webmaster tools (such as Google Search Console) strictly for: Monitoring indexing status Identifying crawl or technical errors Understanding aggregated search performance These diagnostic tools: Do not track individual visitors Do not set cookies on your device Do not enable advertising or remarketing Are used for operational transparency only Our philosophy: Discoverability and privacy are not in conflict. We believe search visibility can be achieved through quality content and technical excellence, without invasive tracking or user profiling.

12. Data Sovereignty & Compliance

Core Principles: Data sovereignty first - we prioritize European-hosted and self-controlled systems Privacy by design - no behavioral profiling, no cross-site tracking Minimal dependency - we use only what is technically required for visibility and operation Open web standards - discoverability through content quality, not surveillance All data processing is designed to be: Understandable to users Defensible to regulators Credible to enterprise and public-sector customers We believe long-term trust is a competitive advantage.

13. Changes to this Policy

We may update this privacy policy from time to time. Changes will be posted on this page with an updated "Last updated" date.

14. Contact

For questions about this policy or our data practices, please contact: Xinity AI

Email: contact@xinity.ai