Privacy Policy

Effective August 14, 2025

This Privacy Policy explains how xbill.co ("we", "us") collects, uses, and discloses information about you when you access or use our services, including at https://xbill.co (the "Service").

We are committed to protecting your privacy and handling your data in a transparent way. This policy complies with applicable data protection laws including the General Data Protection Regulation (GDPR) and California Consumer Privacy Act (CCPA).

1. Information We Collect

• Email Subscription Information: When you sign up for our newsletter, we collect your email address and optionally your name.

• Account and Profile Information: If you create an account, we collect your name, email address, and profile settings. Account creation is currently optional and not required for newsletter subscription.

• Authentication Data: For account holders, we store information used to sign in, including email addresses for magic link authentication and OAuth identifiers when you sign in with Google.

• Newsletter Preferences and Engagement: We track your newsletter subscription status, signup source, and engagement with our emails (such as opens and clicks) to improve our content and delivery.

• Usage Data: Information about how you use the Service, including pages viewed, actions taken, IP address, browser type, and device information.

• Communications: Information you provide when contacting us for support, feedback, or other inquiries.

• Cookies and Similar Technologies: We use essential cookies and similar technologies to operate the Service, maintain your session if you're signed in, and remember your preferences. For detailed information about our use of cookies, please see our Cookie Policy below.

2. How We Use Information

We use information to:

• Deliver Newsletter Content: Send you our newsletter and other communications you've subscribed to
• Account Management: Authenticate users, maintain user accounts, and provide account-related features
• Service Operation: Provide, maintain, and improve the Service functionality
• Communication: Respond to your inquiries, provide customer support, and send important Service updates
• Personalization: Customize your experience and newsletter content based on your preferences and engagement
• Analytics and Improvement: Monitor usage patterns to enhance our Service and content quality
• Security: Protect against fraud, abuse, and security threats
• Legal Compliance: Comply with applicable laws and regulations

3. Legal Basis for Processing (GDPR)

Under GDPR, we process your personal data based on the following legal grounds:

• Consent: For newsletter subscriptions, marketing communications, and analytics cookies
• Contract Performance: For account management and service delivery
• Legitimate Interest: For service improvement and security
• Legal Obligation: For compliance with applicable laws

4. How We Share Information

We share limited information with trusted service providers who help us operate the Service:

• Email Service Provider: We use Resend to deliver newsletters and account-related emails. They process email addresses and content necessary for delivery.
• Authentication Services: We use Google OAuth for optional account sign-in. Google receives only the information necessary for authentication.
• Database Hosting: We use MongoDB for data storage, which hosts your account and subscription information in secure data centers.
• Legal Requirements: We may disclose information if required by law, legal process, or to protect our rights and safety or that of others.
• Business Transfers: In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction.

We do not sell, rent, or share your personal information with third parties for their marketing purposes.

5. International Data Transfers

Your information may be processed in countries other than your own. Where required, we implement appropriate safeguards for cross-border transfers, including:

• Standard Contractual Clauses (SCCs) for EU data transfers
• Adequacy decisions where applicable
• Other appropriate safeguards as required by law

6. Data Retention

We retain your information based on the following criteria:

• Newsletter Subscriptions: We retain your email address and subscription preferences until you unsubscribe or request deletion.
• Account Information: If you create an account, we retain your profile information until you delete your account or request deletion.
• Communication Records: We retain records of your communications with us for customer service purposes, typically for up to 3 years.
• Usage Data: We retain anonymized usage data and analytics for Service improvement purposes.
• Legal Requirements: We may retain certain information longer if required by law or for legitimate business purposes such as fraud prevention.

You can request deletion of your personal information at any time by contacting us at xbill@mbky.co.

7. Your Rights and Choices

You have several rights and choices regarding your personal information:

• Newsletter Unsubscribe: You can unsubscribe from our newsletter at any time by clicking the unsubscribe link in any email or contacting us directly.
• Account Management: If you have an account, you can update your profile information through your account settings.
• Data Access and Correction: You can request access to your personal information and ask us to correct any inaccuracies.
• Data Deletion: You can request deletion of your personal information, subject to certain legal limitations.
• Data Portability: Where applicable, you can request a copy of your data in a machine-readable format.
• Restriction of Processing: You can request that we restrict the processing of your personal data in certain circumstances.
• Objection to Processing: You can object to the processing of your personal data in certain circumstances.
• Withdraw Consent: Where processing is based on consent, you can withdraw consent at any time. For analytics cookies, you can withdraw consent through our cookie preferences.

To exercise these rights or if you have questions about your data, contact us at xbill@mbky.co. We will respond to your request within 30 days and in accordance with applicable law.

8. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the CCPA:

• Right to Know: You can request information about the personal data we collect, use, and disclose about you.
• Right to Delete: You can request deletion of your personal data, subject to certain exceptions.
• Right to Opt-Out: You can opt-out of the sale of personal data (we do not sell personal data).
• Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights.

9. Cookie Policy

We use the following types of cookies:

• Essential Cookies: Required for basic site functionality and security
• Functional Cookies: Remember your preferences and settings
• Analytics Cookies: Help us understand how visitors use our site

Cookie Consent: We use a cookie consent banner that allows you to accept or reject non-essential cookies. Analytics cookies are only loaded after you provide explicit consent. You can manage your cookie preferences at any time through the "Cookie Preferences" link in our website footer.

You can also control cookies through your browser settings. However, disabling essential cookies may affect site functionality.

10. Data Breach Notification

In the event of a data breach that poses a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours and affected individuals without undue delay, as required by applicable law.

11. Security

We use administrative, technical, and physical safeguards appropriate to the nature of the information we process, including:

• Encryption of data in transit and at rest
• Regular security assessments
• Access controls and authentication
• Secure development practices

However, no method of transmission or storage is completely secure.

12. Children's Privacy

The Service is not directed to children under 13, and we do not knowingly collect personal information from children under 13. If we become aware that we have collected personal information from a child under 13, we will take steps to delete such information.

13. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will update the "Effective" date above and, where appropriate, provide additional notice through email or prominent website notification. Your continued use of the Service after changes take effect indicates your acknowledgment of the updated policy.

14. Contact Us

If you have questions or requests regarding this Privacy Policy, contact us at xbill@mbky.co.

Data Protection Officer: For GDPR-related inquiries, you may also contact our Data Protection Officer at the same email address.