Privacy Policy

1. Commitment to Privacy

Xentos is committed to protecting the privacy and security of your data. This policy outlines how we collect, use, and safeguard your information in accordance with the Personal Information Protection and Electronic Documents Act (PIPEDA) in Canada and the General Data Protection Regulation (GDPR) in Europe.

2. Data Encryption

All data at rest is encrypted using **AES-256** encryption standards. Data in transit is protected using TLS 1.3. We employ zero-trust principles within our cloud architecture to ensure that only authorized personnel have access to the infrastructure layer.

3. Information We Collect

• Account information (Name, Email, Professional Title).
• Billing information (Processed through secure, PCI-compliant third-party providers).
• Compliance evidence and organizational data (Only processed as per your usage).

4. Your Rights (PIPEDA/GDPR)

Under PIPEDA and GDPR, you have the right to access, rectify, and delete your personal data. Requests can be sent to privacy@xentosone.com.

5. Data Retention

We retain your data for as long as your account is active or as needed to provide the Service. Upon termination of service, all organizational data is purged from our active systems within 30 days.