XPme Privacy Policy

Effective Date: 17/02/2025

XPme ("we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, and disclose your personal information when you use our mobile application and website (collectively, the "Platform"). By using XPme, you agree to the collection and use of information in accordance with this Privacy Policy.

1. Information We Collect

1.1 Personal Information

We collect personal information that you provide to us, including but not limited to:

  • Name

  • Email address

  • Date of birth

  • Phone Number

  • Location

  • Profile information (e.g., username, photos, bio)

  • Account preferences

  • Any other information you voluntarily submit to the Platform

1.2 Device and Technical Information

We automatically collect certain information when you use XPme, including:

  • Device model, operating system, and version

  • IP address

  • Unique device identifiers

  • Browser type and language

  • App usage statistics and analytics

1.3 Location Data

XPme may collect and process your location data if you enable location services. This allows us to provide features such as location-based experiences, nearby challenges, and other interactive features. You can disable location access at any time in your device settings, but certain features may not function properly.

1.4 Cookies and Tracking Technologies

We use cookies, tracking pixels, and similar technologies to enhance your experience on XPme. These technologies collect data such as:

  • User preferences and settings

  • Interaction with content and challenges

  • Traffic patterns and app performance

  • Security and fraud prevention measures

XPme’s app-based tracking mechanisms are essential for platform functionality and cannot be disabled. However, users can manage or disable browser-based cookies via their browser settings.

1.5 User Consent for Data Collection

By creating an account on XPme and clicking “I Agree”, users explicitly consent to the collection, processing, and storage of their personal data as described in this Privacy Policy. Users acknowledge that data collection is necessary for the operation of the Platform and that certain features (such as location tracking and analytics) may require additional opt-in consent, where required by law. Users may manage their privacy preferences in their account settings.

2. How We Use Your Information

2.1 Legal Basis for Data Processing
XPme processes personal data under the following legal bases:

  • User Consent: Users explicitly agree to the collection and processing of their data when they create an account and click "I Agree" to the Terms and Privacy Policy. Additional opt-in consent may be required for features such as location tracking.

  • Contractual Necessity: To provide the XPme service, including account management, XP tracking, and user authentication.

  • Legitimate Interest: To improve the Platform, enhance security, prevent fraud, and maintain operational efficiency.

  • Legal Obligation: To comply with regulatory requirements, such as responding to legal requests, investigations, and consumer protection laws.

2.2 How We Use Your Information
XPme collects and processes personal data for the following purposes:

  • To create and manage your XPme account

  • To personalise user experiences, including content recommendations and XP tracking

  • To enhance app functionality and improve user engagement

  • To process and display user-generated content (e.g., posts, comments, images)

  • To maintain the security and integrity of the Platform

  • To enforce our Terms and Conditions and prevent fraudulent activities

  • To comply with legal obligations and regulatory requirements

2.3 Automated Decision-Making & Profiling
XPme may use automated systems and AI-based analytics to enhance user experience, moderate content, detect fraudulent activity, and improve recommendations. These systems may impact how XP is awarded, content visibility, and user engagement features.
Users have the right to request human intervention for significant decisions affecting their accounts. For questions about automated decision-making, contact XPme Support.

3. How We Share Your Information

We do not sell your personal information to third parties. However, we may share your data in the following circumstances:

3.1 With Service Providers

We engage trusted third-party service providers to perform certain functions on our behalf, such as:

  • Hosting and cloud storage

  • Analytics and usage tracking

  • Security monitoring

  • Customer support.

These third parties are obligated to protect your information and use it only for the purposes specified.

3.2 With Other Users

Certain profile information (such as username, profile photo, and activity) may be visible to other XPme users. Users acknowledge that any content they voluntarily share on XPme, including photos and experiences, is publicly accessible within the Platform.

3.3 Legal and Compliance Disclosures

We may disclose personal information if required by law or if we believe that such disclosure is necessary to:

  • Comply with legal obligations

  • Protect our rights, privacy, safety, or property

  • Prevent fraud or security threats

  • Enforce our Terms and Conditions

3.3.1 Law Enforcement & Government Requests
XPme may disclose personal data in response to valid legal requests from government authorities, including law enforcement agencies, regulators, or courts, when required by applicable law.
XPme will assess such requests to ensure they comply with legal requirements and will notify users where permitted by law before disclosing their data.

3.4 Limitation of Liability for Third-Party Data Breaches
XPme contracts with third-party service providers (e.g., hosting, analytics, security) to enhance the Platform. While we take reasonable precautions in selecting providers, XPme is not responsible for security breaches or data leaks occurring within third-party systems. Users acknowledge that any third-party data breaches are outside XPme’s control, and liability shall be limited accordingly.

3.5 Third-Party Integrations & APIs
XPme may integrate with third-party applications, social media platforms, authentication services (such as Google or Apple login), and external service providers. By linking an XPme account with third-party services, users consent to the sharing of relevant data with those providers.
XPme does not control how third parties process user data and is not responsible for third-party privacy practices. Users should review the privacy policies of third-party providers before using their services through XPme.

4. Data Retention and Deletion

4.1 Personal Data Retention
XPme retains user data for as long as necessary to provide our services, comply with legal obligations, and enforce our policies. Retention periods include:

  • Account Data: Retained for the duration of an active account. Deleted within 30 days of account deletion unless required by law.

  • Transaction & Security Logs: Retained for up to 2 years for fraud prevention and compliance.

  • Anonymised Analytics Data: Retained indefinitely for research and system improvements.

  • Users may request deletion of their data at any time, subject to legal requirements.

4.2 Account Deletion

You can contact us at hello@xpme.app to request account deletion. Once requested and verified, your account will be deleted within 48 hours, and your personal data will be permanently removed from our systems, except where retention is required for legal, security, or operational reasons.

4.3 Analytics and Non-Personal Data

Non-personally identifiable or anonymised data may be retained for research, analytics, and business purposes.

4.4 User-Generated Content

XPme does not retain user-generated content on the Platform once an account has been deleted. However, we do not hold responsibility if such content remains visible due to third-party caching, sharing by other users, or technical limitations outside our control. Users acknowledge that once content is shared, it may be accessed or stored by others, and XPme is not liable for its continued visibility beyond account deletion.

XPme retains user data for as long as necessary to provide our services, comply with legal obligations, or enforce our policies.

  • If you delete your account, your personal data will be permanently removed from our systems except where retention is required for legal, security, or operational reasons.

  • Non-personally identifiable or anonymised data may be retained for research, analytics, and business purposes.

  • Some public content (e.g., shared posts, comments) may remain visible even after account deletion, unless removed by XPme at its discretion.

5. Your Rights and Choices

5.1 Depending on your jurisdiction, you may have the following rights regarding your personal information:

  • Access & Correction: Request access to or correction of your personal data.

  • Deletion: Request deletion of your account and associated data.

  • Opt-Out: Request to opt out of certain data collection or marketing communications.

  • Data Portability: Request a copy of your data in a machine-readable format.

To exercise these rights, contact us at hello@xpme.app. We will verify and respond to your request in accordance with applicable laws.

5.2 Users may opt out of certain types of data processing, including:

  • Marketing emails and push notifications (via their device settings or an "unsubscribe" link in emails).

  • Location-based services (by turning off GPS access on their device).

  • Access to Contacts (via their device settings).

However, tracking, analytics, and security monitoring are essential for the functionality of XPme and cannot be disabled. These systems are required for fraud prevention, security, and platform integrity. Users who wish to stop all data collection must delete their XPme account. XPme reserves the right to retain minimal user data where necessary for fraud prevention, legal compliance, and security purposes.

Depending on your jurisdiction, you may have the following rights regarding your personal information:

  • Access & Correction: Request access to or correction of your personal data.

  • Deletion: Request deletion of your account and associated data.

  • Opt-Out: Request to opt out of certain data collection or marketing communications.

  • Data Portability: Request a copy of your data in a machine-readable format.

To exercise these rights, contact us at hello@xpme.app. We will verify and respond to your request in accordance with applicable laws.

5.3 Verification of User Requests
To protect user privacy, XPme requires identity verification before processing data access, correction, or deletion requests. Verification methods may include:

  • Confirming ownership via registered email or phone number.

  • Requesting government-issued ID (where legally permitted).

  • Validating login credentials.

  • If users fail to verify their identity, XPme may deny the request for security reasons.

6. Security Measures

6.1 XPme employs industry-standard security measures to protect user data from unauthorised access, loss, misuse, or alteration. These measures include:

  • Encryption of sensitive data

  • Regular security audits and vulnerability assessments

  • Restricted access controls

  • Firewalls and intrusion detection systems

Despite these measures, no online platform is completely secure, and we cannot guarantee absolute data security. Users are encouraged to use strong passwords and safeguard their account information.

6.2 Data Breach Notification
XPme implements security measures to protect personal data; however, in the event of a data breach that may result in harm, XPme will take immediate action, including:

  • Investigating the breach and mitigating risks.

  • Notifying affected users via email or in-app alerts.

  • Reporting the incident to relevant authorities, including the Office of the Australian Information Commissioner (OAIC) or EU Data Protection Authorities, where legally required.

  • Users are encouraged to update their passwords and monitor their accounts in the event of a security notice.

7. International Data Transfers

XPme is based in Australia but operates globally. If you access XPme from outside Australia, your data may be transferred, processed, and stored in countries with different data protection laws. By using XPme, you consent to such international transfers.

8. Children’s Privacy

XPme is not intended for users under the age of 16. We do not knowingly collect personal data from children under 16. If we become aware that a child has provided personal information, we will take steps to delete such data.

9. Changes to This Privacy Policy

XPme reserves the right to update this Privacy Policy at any time. If we make significant changes, we will notify users via email or in-app notifications. Continued use of XPme after such updates constitutes acceptance of the revised policy.

10. Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy, please contact us at:

XPme Support
Email: hello@xpme.app
Website: www.xpme.app

By using XPme, you acknowledge that you have read, understood, and agree to this Privacy Policy.