Privacy Policy

This policy applies to users of our website and customers using XenReality's Vision AI solutions. It is aligned with GDPR principles and security standards comparable to ISO 27001 and SOC 2.

Personal Data: Information that identifies or can identify an individual.

Processing: Any operation or set of operations performed on personal data.

Roles: XenReality acts as a Controller for website data and as a Processor for data handled within customer AI deployments.

Website Data

Name, email address, company name, and contact details submitted via our contact form.

Technical Data

IP address, browser type, device information, server logs, and usage analytics.

AI System Data

Images, video streams, detection outputs, and associated metadata processed as part of our Vision AI solutions.

We follow strict data minimisation — only data necessary for the stated purpose is collected.

• Delivering and improving our Vision AI solutions
• Responding to customer support and sales enquiries
• System performance monitoring and reliability
• Security incident detection and compliance obligations

We do not use customer data to train our AI models without explicit written consent.

• Consent — where you have actively agreed (e.g. contact form submission)
• Contractual necessity — to deliver services under a signed agreement
• Legitimate interest — for security monitoring and product improvement
• Legal obligation — where required by applicable law

On-Premise Deployments: All data remains within the customer's own infrastructure. XenReality does not have access to or store this data.

Cloud Deployments: Data is processed in secure, tenant-isolated environments with encryption at rest and in transit.

Access to processing systems is governed by role-based access control (RBAC) and full audit logging.

We do not sell, rent, or trade personal data. Data may be shared only with:

• Cloud infrastructure providers (e.g. AWS) under strict data processing agreements
• Professional advisors (legal, audit) bound by confidentiality obligations
• Authorities where required by law

Where personal data is transferred outside the EEA or India, we apply appropriate safeguards such as Standard Contractual Clauses (SCCs) approved by the European Commission, or equivalent mechanisms under applicable data protection law.

Personal data is retained only for as long as necessary to fulfil the purpose for which it was collected, or as required by law. Website enquiry data is retained for up to 3 years. Upon expiry or written request, data is securely deleted or anonymised.

• Encryption in transit (TLS 1.2 or higher) and at rest
• Role-based access control and least-privilege principles
• Continuous monitoring and anomaly detection
• Formal incident response procedures
• Regular internal security reviews and risk assessments

Depending on your jurisdiction, you may have the right to:

• Access the personal data we hold about you
• Correct inaccurate or incomplete data
• Request deletion of your data
• Object to or restrict certain processing
• Data portability
• Withdraw consent at any time (without affecting prior lawful processing)

To exercise any right, email us at hello@xenreality.com. We will respond within 30 days.

In the event of a personal data breach, we will investigate promptly, contain the incident, and notify affected individuals and relevant supervisory authorities within the timeframes required by applicable law (72 hours under GDPR where feasible).

We use cookies and similar technologies for:

• Essential cookies — required for the site to function
• Analytics cookies — to understand how visitors use our site

You can manage or disable cookies in your browser settings at any time. Declining non-essential cookies will not affect your ability to use the site.

XenReality maintains internal data protection policies, conducts periodic risk assessments, and provides staff training on data handling obligations. We review this Privacy Policy at least annually and following any material change to our processing activities.

For privacy-related queries, requests, or complaints: