Privacy Policy

1. Who we are

xNord Ltd ("xNord", "we", "us", "our") is a company registered in England and Wales. We operate the xNord platform: an AI-assisted email management product for connected mailboxes (Microsoft Outlook / Microsoft 365 today; Gmail when enabled), available on the public website and signed-in application at xnord.co.uk (including paths such as /app).

For the purposes of UK GDPR and the EU GDPR (where applicable), xNord Ltd is the data controller of personal data described in this policy, except where we act strictly as a processor on documented instructions of a customer (for example, certain enterprise arrangements, if offered and contractually agreed).

This Privacy Policy explains what personal data we collect, why we collect it, how long we keep it, who we share it with, how we protect it, and what rights you have. It applies to visitors to our marketing site, registered users, and anyone whose information we process in connection with the service, unless we provide a separate notice (for example, for a specific beta or enterprise agreement).

Our primary contact for privacy matters is legal@xnord.co.uk. We aim to acknowledge substantive privacy enquiries within five UK business days and to resolve or escalate without undue delay.

Email provider integrations

xNord accesses email data only through the integrations we enable in the product and only with the permissions you approve at sign-in or connect time. Today you can connect Outlook and Microsoft 365 using Microsoft identity and the Microsoft Graph API. We use Graph to list, read, modify, and send messages solely as needed to provide the features you use (such as triage, drafting, archiving, rules, and notifications), consistent with the scopes and admin consent shown when you connect.

Limited access and purpose limitation. We request access no broader than necessary to operate the service. We do not sell your personal data, sell the contents of your mailbox, or use your email to profile you for third-party advertising. We do not share email contents with unrelated third parties except as described in this policy (for example infrastructure subprocessors and AI inference for features you invoke).

Security and tokens. OAuth tokens for mailbox access are stored encrypted at rest and refreshed using standard secure flows. You can disconnect a mailbox in xNord Settings at any time; we stop scheduled processing for that connection and delete or disable stored tokens according to our operational procedures, subject to legal or security retention needs.

Gmail / Google Workspace (pending verification). Google OAuth connection may be unavailable in the product while Google app verification is in progress. When Gmail is enabled, it will follow the same standards as above, alongside the Google-specific transparency and Limited Use commitments in section 2 below.

If you are in the UK or EEA, processing is carried out under UK GDPR / EU GDPR as described in sections 4 and 8 below, including lawful bases for service delivery and explicit information about international transfers and subprocessors.

2. Google user data (Gmail API, Google Sign-In, optional Google Workspace integrations)

xNord uses Google APIs and OAuth 2.0. This section summarises — in one place — how we access, use, store, share, retain, and protect information we receive from Google about you. It is intended to meet transparency expectations for OAuth verification and the Google API Services User Data Policy (including Limited Use).

Gmail connection may be temporarily unavailable in the app while Google OAuth verification completes; this section still governs any Google user data we process when Gmail or Google Sign-In is in use, and will apply in full when Gmail is re-enabled.

Application use cases, Drive access, and Workspace API attestation

This subsection is provided for Google OAuth app verification and aligns with Google's guidance on Application Use Cases.

Gmail API — how xNord uses requested scopes

xNord is an end-user email productivity and assistant application for people who connect their own Gmail account. The requested Gmail API scopes are used only to implement features the signed-in user expects from that product: reading messages and metadata to display and triage their inbox; applying labels, archiving, and similar mailbox changes according to the user's rules or explicit actions; and sending email from their mailbox when they choose to send or approve a draft. We do not use Gmail access to operate as a bulk or unsolicited email service, to monitor third parties without their involvement, or to harvest or resell mailbox data for unrelated purposes. Use of the Gmail API is subject to the Gmail API policies and Google Workspace API User Data and Developer Policy.

Google Drive API — how xNord uses requested scopes

If you enable the optional Google Sheets integration, we may request drive.readonly alongside spreadsheet scopes so the application can access spreadsheet files you connect (for example to resolve file metadata or access permitted by Sheets). xNord is not a general-purpose Google Drive client, backup tool, or broad file search or indexing product; Drive-related access is limited to supporting the Sheets workflow you opt into. Use of Google Drive and Sheets APIs is subject to Google's developer and API terms applicable at the time of use, including the Google Workspace API User Data and Developer Policy where it applies.

Affirmative statement — Workspace APIs, AI, and Limited Use

Google asks apps that combine Workspace APIs (such as Gmail) with AI/ML to publish an affirmative attestation on the application website. xNord states the following:

The use of raw or derived user data received from Workspace APIs will adhere to the Google User Data Policy, including the Limited Use requirements.

(This is the affirmative wording suggested in Google's OAuth verification guidance; the applicable developer terms for API data are published as the Google API Services User Data Policy.)

We do not use Gmail or other Workspace API data to create, train, or improve a foundational machine learning or artificial intelligence model in a way that violates those requirements. Inference is used to produce user-specific outputs (triage, summaries, drafts) for the user who connected their account, not to build general models from your mail. The Limited Use restriction applies to data obtained from the scopes whether it is raw, aggregated, anonymised, or derived.

2.1 What counts as Google user data in xNord

In this policy, "Google user data" means information we obtain from Google's services about your Google account or content held in Google products you connect to xNord — for example your Google profile details, Gmail messages and labels, OAuth tokens issued by Google, and (if you use the feature) Google Sheets or related Drive file metadata.

2.2 OAuth flows and when consent is shown

Google displays an OAuth consent screen when we request access. The exact wording and scopes shown are those presented by Google at the time you approve access; they may evolve if we add or remove features, but we will not exceed the purposes described here without updating this policy and, where required, obtaining appropriate consent.

• Sign-in with Google: You may authenticate to xNord using your Google account. That flow requests the Gmail and profile scopes needed for the product (see below) so we can identify you and operate inbox features after you complete onboarding.
• Gmail connection: Where the product uses a dedicated Gmail authorisation step, we exchange an authorisation code for access and refresh tokens and store those tokens in encrypted form to call Gmail on your behalf until you revoke access or delete your account.
• Optional Google Sheets: If you enable a Sheets-related integration, a separate OAuth request may ask for spreadsheet and limited Drive permissions so we can read or update spreadsheets you select for that workflow.

2.3 OAuth scopes we request (technical reference)

Depending on the feature, we request scopes including the following (as presented on Google's consent screen):

• https://www.googleapis.com/auth/gmail.readonly — read Gmail messages and metadata needed for triage, display, and analysis.
• https://www.googleapis.com/auth/gmail.modify — change labels, archive, and similar mailbox changes you trigger or that follow your automation rules.
• https://www.googleapis.com/auth/gmail.send — send email (for example draft replies you approve) from your connected mailbox.
• https://www.googleapis.com/auth/userinfo.email and https://www.googleapis.com/auth/userinfo.profile — your Google account email address, display name, and profile image URL for account identity and UI personalisation.
• For Sheets integrations: https://www.googleapis.com/auth/spreadsheets, https://www.googleapis.com/auth/drive.readonly, and https://www.googleapis.com/auth/userinfo.email as shown when you connect.

We use offline access (access_type=offline) where appropriate so the service can refresh tokens and process your inbox on a schedule or when you are not actively using the browser. We never ask for or store your Google account password.

2.4 Google user data we collect and process

Categories include:

• Account identifiers from Google: primary email address, display name, profile photo URL.
• Gmail message data: message IDs, thread IDs, timestamps, sender and recipient addresses/names where exposed by the API, subject lines, snippet or preview text, labels, read/archive state as synced, plain-text body content (and, where the product stores it, HTML bodies), and attachments only to the extent our product logic retrieves or processes them for features you use.
• Derived outputs: summaries, urgency scores, suggested actions, draft replies, and similar fields produced by our systems from message content.
• OAuth credentials: access tokens, refresh tokens, and token expiry metadata, encrypted at rest.
• Sheets-related content (if enabled): spreadsheet identifiers, cell values, and related content needed for the integration you configure.

2.5 How we use Google user data (purposes)

We use Google user data only to provide and improve xNord's user-facing functionality, including: authenticating you; linking your Gmail mailbox; fetching and displaying messages; running AI-assisted triage, summarisation, and draft generation; applying your rules (such as archiving or labelling); sending messages you explicitly choose to send; optional Sheets workflows; operational logging and security monitoring tied to those activities; and customer support when you ask for help (subject to the safeguards in section 5).

2.6 Limited Use: what we do not do with Google user data

We do not sell Google user data. We do not use Google user data for targeted advertising, personalised ads, retargeting, or selling personal information to data brokers. We do not use Gmail content or other Google user data to train or fine-tune general-purpose machine learning or foundation models for unrelated purposes, or to build advertising profiles. We do not transfer Google user data to third parties for those restricted purposes. As described in Google's verification guidance on AI and Workspace APIs, these restrictions apply equally to raw data from the scopes and to data that is aggregated, anonymised, or derived from those scopes.

Where a cloud AI provider is used (see section 5), we send only the prompt text needed for that inference request. We choose providers whose terms restrict use of customer content for training their general models where available (for example Groq and xAI publish policies limiting such use). Processing by those providers is for real-time inference to return a response to you, not to build xNord owned foundation models from your mail.

2.7 How we store Google user data

We store account fields, message metadata, AI outputs, and (within per-message limits) message body text in our primary database so the product can show your inbox and history in the app — see section 5 for technical detail. OAuth tokens are encrypted at rest (AES-256-GCM). Operational backups of the database may exist for disaster recovery and are subject to the same retention and security controls described in sections 6 and 10.

2.8 Sharing, transfer, and disclosure

We disclose Google user data only to the named processors and categories described in section 7 (including Supabase, AWS, Vercel, Stripe, Resend, PostHog, Groq, and xAI when used for inference), solely to operate the service on our instructions, and subject to contractual confidentiality and processing terms. We may also disclose information where required by applicable law, as described in section 7.3.

2.9 Retention, revocation, and deletion

Retention periods for stored personal data are set out in section 6. You may revoke xNord's access to your Google account at any time through your Google Account security settings (Third-party apps with account access) or equivalent Google controls; revoking access stops new Gmail API calls but does not by itself erase data already stored in xNord — use in-app account deletion or contact legal@xnord.co.uk for erasure requests.

Our use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

3. What data we collect (all sources)

This section lists personal data we collect, beyond the Google-specific summary in section 2, grouped by source.

3.1 Account and profile data

• Email address, name, and avatar URL from Google when you use Google sign-in.
• Internal user ID, account creation time, timezone or preferences you set in the app.

3.2 Gmail and connected mailbox data

• Identifiers and metadata for each processed message (for example Gmail message ID, thread ID, received time).
• From/to display names and email addresses, subject, preview/snippet, and plain-text body (stored up to a maximum length per message for display, search in-product, chat context, and automation).
• Flags we derive or sync: read/unread, archived, sent, snoozed (if used), urgency, labels/tags from triage.
• OAuth tokens for Gmail API access, encrypted at rest.

3.3 AI outputs and in-app activity

• Summaries, urgency scores, reasons, suggested actions, and draft replies generated from your messages.
• Chat messages you exchange with the in-app assistant about specific emails (stored as described in section 6).
• Automation rules you create (titles, descriptions, conditions, actions) and coarse counters such as how often a rule matched.
• Agent run records: start/end times, counts of messages processed, errors, and duration — used for billing tiers, debugging, and product improvement.

3.4 Usage, device, and log data

• IP address, user agent, approximate timestamps, and request paths from HTTP access and API calls.
• Client-side product analytics events (feature usage, funnels) captured through PostHog as described in section 9.
• Security-relevant logs (failed logins, rate limits, abuse signals).

3.5 Billing data

Stripe processes card payments. xNord does not store full card numbers, CVV, or magnetic-stripe data. We retain Stripe customer and subscription identifiers, plan name, status, and billing history references needed for invoices, tax, and support.

3.6 Communications with us

If you email support or legal, we process the sender address, message content, and attachments you send, for as long as needed to resolve the thread and meet legal or operational retention needs.

4. How we use your data

We process personal data for the following purposes (non-exhaustive where overlapping):

• Service delivery: operating accounts, syncing Gmail, running automations, rendering the inbox UI, and executing actions you approve.
• AI features: generating triage, summaries, and drafts from message content using our inference stack (see section 5).
• Communications: transactional email (digests, security alerts, billing receipts) via providers such as Resend; optional marketing only where you have opted in.
• Billing and fraud: subscription management, tax and invoice compliance, abuse detection.
• Product improvement: aggregate or de-identified metrics, feature usage analytics, and debugging — without using Gmail content for prohibited purposes in section 2.6.
• Legal and safety: complying with law, enforcing our terms, protecting rights and security.

4.1 Legal bases (UK GDPR)

• Performance of a contract: processing necessary to provide xNord under our terms — including Gmail access, AI processing you request, and billing for paid plans.
• Legitimate interests: securing the platform, improving reliability, understanding aggregated usage, direct support correspondence, and limited internal analytics — balanced against your rights; you may object as described in section 8.
• Legal obligation: retaining financial records, responding to lawful requests, and cooperating with regulators where required.
• Consent: where we rely on consent (for example certain marketing or optional analytics beyond strict necessity), you may withdraw it at any time without affecting prior lawful processing.

5. Email data and AI processing (technical detail)

This section describes how message content moves through xNord. It is important if you assess risk for confidential or regulated mail.

5.0 Plain-language summary (storage, training, third-party AI)

The following points are intentional and explicit for transparency and app review:

• Is email content stored by xNord? Yes. After we fetch mail from Gmail, we persist message metadata, subject, preview, plain-text body up to a per-message limit (currently up to 100,000 characters, subject to change), and AI-generated outputs in our database so you can use the inbox, search, chat, and automations in the app. This is not "process and discard" storage — see section 5.3 and section 6.5 for how long rows are kept.
• Is Google user data or Gmail content used to train AI models? No. We do not use Gmail content or other Google user data to train, fine-tune, or improve our own general-purpose or foundation models, and we do not use it for advertising or user profiling. See section 2.6 for the full Limited Use statement.
• Is content sent to third-party AI providers? It can be, for inference only. To generate triage, summaries, and drafts, relevant message text is sent over TLS to an inference endpoint. Depending on configuration, that may be Groq, Inc. (Groq Cloud API), xAI (Grok API) as an optional fallback, or a self-hosted Ollama instance on infrastructure we control (no third-party model vendor for that path). Third-party providers process prompts only to return a completion for your request; their retention and subprocessors are governed by their own terms and privacy policies. We do not send Gmail data to AI providers for any purpose other than providing xNord features you use.

5.1 Ingestion from Gmail

Using your encrypted OAuth credentials, our backend calls the Gmail API to list and fetch messages according to product rules (for example inbox filters, recency windows, and user configuration). Message payloads are handled server-side over TLS.

5.2 Inference (AI triage and drafts)

For each new or selected message, we send relevant text (such as subject, sender, and body preview or full body within operational limits) to an inference layer over HTTPS. The provider that receives that text depends on how the service is configured:

• Groq (Groq, Inc.): When a Groq API key is configured, prompts are sent to Groq's hosted inference API to obtain model outputs. Groq acts as a subprocessor for that processing step.
• Grok (xAI): When configured, Grok may be used as a fallback if the primary route fails. xAI acts as a subprocessor for those requests.
• Ollama (self-hosted): When inference runs against an Ollama endpoint we operate (or you designate in a private deployment), message-derived prompts stay on that infrastructure; no cloud model vendor receives them for that call.

Each request is processed to produce an immediate output (labels, summary, draft text, etc.). We do not grant AI vendors a licence to use your Gmail content for their own model training in place of your use of xNord; their policies and our agreements govern what they may log or retain. Aggregated or de-identified service metrics may be used for xNord reliability only, not for selling data or ad profiling (section 2.6).

5.3 What we persist in our database

After processing, we store a row per message including: Gmail and thread identifiers; sender name and email; subject; preview text; plain-text body content up to a per-message character limit (currently up to 100,000 characters, subject to product changes); AI-derived fields (labels, urgency, summary, suggested action, draft reply); timestamps; and mailbox flags. This lets you view threads, search in the app, and use chat and automations without re-fetching everything from Gmail on every page load. When you open a message, we may still refresh content from Gmail if needed for completeness (for example HTML rendering paths).

5.4 Human access

xNord staff do not routinely read your email bodies. Access may occur only for security investigations, legal compliance, or support where you explicitly ask us to diagnose a specific issue — in those cases we minimise access and document the reason where appropriate.

5.5 Google API User Data Policy alignment

Email content obtained via Google APIs is used only to provide and improve the user-facing features of xNord. We do not use it for advertising, for building marketing or behavioural profiles, for sale of personal data, or for training general-purpose models — including the explicit statement in section 2.6 — as required by the Google API Services User Data Policy.

6. Data storage, retention, and international transfers

6.1 Primary storage location

Our primary application database is hosted on Supabase (PostgreSQL on AWS) in the EU (eu-west-1). This is where most personal data you see in the app resides, subject to backups described below.

6.2 Hosting and edge processing

The web application and API routes may be served through Vercel and similar infrastructure. HTTP requests may be routed through Vercel's global network for performance; Vercel may process request metadata in multiple regions transiently. We configure the product to keep durable personal data in the database region above unless a subprocessor's documentation states otherwise (see section 7).

6.3 International transfers

Some subprocessors are established outside the UK / EEA (commonly the United States). Where personal data is transferred internationally, we rely on appropriate safeguards such as the UK International Data Transfer Agreement / Addendum and EU Standard Contractual Clauses, or equivalent mechanisms offered by the provider, together with supplementary measures where we assess they are needed. You may request more information about transfers by contacting legal@xnord.co.uk.

6.4 Backups

Database providers typically maintain encrypted backups for business continuity. Backup retention follows the provider's defaults and our configuration; restored backups are deleted or overwritten on the provider's cycle after deletion requests are applied at the application layer.

6.5 Retention schedule (summary)

Inference (third-party AI): Prompts sent to Groq, xAI (Grok), or similar providers exist for the duration of the API transaction plus any short-lived logging those vendors apply under their own policies — we do not control their internal log retention. xNord does not rely on "transient only" storage for your mailbox in the product: we deliberately persist email-derived rows in our database for the periods below so the app can function.

Our database (Supabase / PostgreSQL): the following are default or typical maximum retention periods unless law, a legal hold, or your contract requires longer. When a period ends, we delete or anonymise the category by operational jobs (not necessarily the same calendar day).

• Account profile: life of the account plus approximately 30 days after you request deletion (unless a longer period is required by law).
• Email rows (metadata, body text within limits, AI outputs): approximately 90 days from processing unless your plan or settings specify otherwise, then deleted or anonymised according to operational jobs.
• Agent run logs: approximately 90 days on Solo plans; longer retention on Founder and Team plans unless you delete runs or your agreement states otherwise.
• Chat messages: approximately 90 days unless deleted earlier.
• Billing records: up to 7 years where UK tax and company law require retention.
• Security and access logs: typically up to 90 days.
• Database backups: encrypted backups may persist for the window described by Supabase / AWS (often on the order of days to a few weeks for point-in-time recovery); data is aged out on the provider's cycle after application-layer deletion.

Exact retention can depend on your subscription tier, feature flags, and legal holds. After erasure, residual anonymised or aggregated statistics may remain where they no longer identify you.

7. Data sharing and subprocessors

We do not sell your personal data and we do not sell Google user data. We do not share personal data with third parties for their independent marketing.

7.0 Named processors (infrastructure, hosting, and AI)

When this policy refers to sharing with service providers, we mean the following named or identifiable entities may process personal data on our behalf, only to provide the service:

• Supabase, Inc. — hosted PostgreSQL database, authentication, and related APIs; data region EU (eu-west-1) as described in section 6.1.
• Amazon Web Services, Inc. — underlying cloud infrastructure for Supabase-hosted databases and backups (processor to Supabase).
• Vercel, Inc. — application hosting, CDN, and serverless/API execution; may process HTTP metadata and request/response bodies in transit.
• Stripe, Inc. — payment processing, billing portal, and invoices.
• Resend, Inc. — delivery of transactional email from xNord to you.
• PostHog, Inc. — product analytics (events and pseudonymous IDs as configured; no session replay in our default client integration).
• Groq, Inc. — cloud AI inference (when GROQ_API_KEY or equivalent is configured); receives prompt text derived from email content for real-time completions.
• xAI (Grok API) — optional fallback AI inference when configured; receives the same class of prompt data for real-time completions.

Self-hosted Ollama inference on infrastructure we operate does not involve an additional named model vendor for that request path; the hosting provider for that server (if any) still counts as infrastructure under our control or your deployment.

7.1 Categories of recipients

The list below matches section 7.0 by category for readers who prefer a functional description. All such processing is on our instructions as processor or subprocessor, not for the recipient's own purposes.

• Database and authentication (Supabase): stores profiles, emails table, tokens (encrypted), chat, rules, and related application data; provides authentication infrastructure (including Google OAuth session handling).
• Application hosting (Vercel): serves the site and serverless/API compute; may see request metadata and payloads in transit while handling requests.
• Payments (Stripe): card processing, customer portal, invoices; receives billing contact details and payment method tokens.
• Transactional email (Resend): delivers operational messages; receives recipient addresses and message content we send.
• Product analytics (PostHog): receives event names, coarse page or feature identifiers, and (for signed-in users) a stable pseudonymous ID; configured without session replay in our client integration.
• AI inference — Groq, xAI (Grok), and/or self-hosted Ollama: as described in sections 5.0 and 5.2; receives prompt text derived from email content solely to return model outputs for xNord features, not for advertising or profiling by xNord (section 2.6).

7.2 Contracts and onward transfers

We use written terms (including data processing agreements or provider-standard DPA addenda) that require processors to protect personal data, use it only for our documented purposes, and assist with UK GDPR compliance. Processors may use their own subprocessors as disclosed in their privacy documentation.

7.3 Legal and corporate disclosures

We may disclose personal data if we believe in good faith that disclosure is required by law, regulation, legal process, or governmental request; to enforce our terms or investigate misuse; to protect the rights, property, or safety of xNord, our users, or the public; or in connection with a merger, acquisition, or asset sale (with notice where required). We will challenge disproportionate requests where permitted and notify you when we are legally allowed.

8. Your rights (UK GDPR)

If you are in the UK (or where UK GDPR rights apply to you), you may have the following rights in relation to your personal data. They are not absolute and may be limited by law (for example we may refuse erasure where we must keep billing records).

• Access: obtain confirmation of processing and a copy of personal data we hold.
• Rectification: correct inaccurate data or complete incomplete data.
• Erasure: request deletion where there is no overriding legitimate ground to retain.
• Restriction: ask us to pause certain processing in defined circumstances.
• Portability: receive certain data in a structured, machine-readable format and transmit it to another controller where technically feasible.
• Objection: object to processing based on legitimate interests, including profiling to the extent applicable.
• Automated decisions: xNord uses automated analysis of emails to suggest actions; these suggestions are assistive. If a decision based solely on automated processing produces legal or similarly significant effects (as defined in law), you may request human review and contest the decision.
• Withdraw consent: where we rely on consent, withdraw it at any time (without affecting the lawfulness of earlier processing).
• Complaint: lodge a complaint with the UK ICO at ico.org.uk.

To exercise a right, email legal@xnord.co.uk with subject line "Data Rights Request" and enough detail for us to locate your account (typically the email address you use to sign in). We will respond within one month (UK GDPR default) unless complexity requires an extension, in which case we will tell you. We may verify your identity before disclosing or deleting data.

9. Cookies, local storage, and analytics

Our first-party site uses essential cookies and similar technologies needed to operate login sessions and CSRF protection. We do not use advertising cookies or third-party marketing pixels on xnord.co.uk.

For product analytics, we use PostHog. Our client configuration disables session replay; PostHog may use localStorage and/or cookies (for example to persist a pseudonymous distinct ID between visits). Events may include page views, feature usage, and coarse technical context. PostHog is a separate service; its processing is described in PostHog's documentation and our agreements with them.

A dedicated breakdown of cookie names and purposes is on our Cookie Policy page.

10. Security

We implement administrative, technical, and organisational measures appropriate to the risk, including:

• TLS (HTTPS) for data in transit between clients and our services.
• Encryption of OAuth refresh/access token material at rest (AES-256-GCM).
• Database row-level security policies so authenticated users access only their own rows where enforced in schema.
• Separation of privileged service credentials from the browser; no exposure of service role keys to client bundles.
• Rate limiting and abuse protections on sensitive API routes.
• Dependency and infrastructure patching practices; monitoring and alerting on critical services.
• Principle of least privilege for internal access to production systems.

No method of transmission or storage is completely secure. If we become aware of a personal data breach likely to affect your rights and freedoms, we will notify the ICO and, where required, affected users without undue delay and within UK GDPR timelines (typically 72 hours to the ICO where feasible).

11. Children's privacy

xNord is intended for adults using professional or personal email. We do not knowingly collect personal data from anyone under 13. If you believe we have collected data from a child under 13, contact legal@xnord.co.uk and we will take steps to delete it promptly after verification.

12. Changes to this policy

We may update this Privacy Policy to reflect product changes, legal requirements, or regulator guidance. When changes are material (for example new categories of data collection or new subprocessors that materially affect risk), we will provide notice — for example by email to your account address and/or a prominent notice in the app — before or when the changes take effect, and we will adjust the "last updated" date at the top of this page.

The current version is always published at xnord.co.uk/privacy. If you do not agree to an updated policy, you should stop using the service and may request account deletion.

13. Contact us

Privacy and data protection enquiries: legal@xnord.co.uk

General support: use the contact options listed on the website. We aim to respond to routine privacy questions within five UK business days and to formal data rights requests within statutory timeframes in section 8.