ximu
ximu

Privacy Policy

Last Updated: 24 November 2025

We, VOCAL MIDDLE COMMUNICATIONS CONSULTANTS INC. operating ximu (hereinafter "ximu", "we", "us", or "our"), place great importance on your privacy and the protection of personal data. This Privacy Policy primarily applies to B2B users, mainly enterprises (hereinafter "you"). Whenever you access or use our services, this Policy applies.

This Privacy Policy describes how we collect, use, store, and share your data when you access and use our official website and web-based applications (collectively, the "Services"), as well as your rights regarding such data.

1. Data Controller and Contact Information

The data controller for this Service is:

VOCAL MIDDLE COMMUNICATIONS CONSULTANTS INC.

Registered Address: 7F-10, No. 188, Section 5, Nanjing East Road, Songshan District, Taipei City, Taiwan.

Contact Email: hello@ximu-geo.com

If you have any questions, requests, or complaints regarding data protection, you may contact us via the email address above.

2. Technical Logs and Basic Data Processing When You Access the Services

When you access our website or web applications, in order to ensure secure operation and provide basic functionality, we automatically process certain technical log information, including but not limited to:

  • IP address
  • Access date and time
  • Requested URLs and referrer URLs
  • Device information (such as device type, operating system version, browser type and version, language settings)
  • Session ID or similar session identifiers

Purposes of processing:

  • To provide and maintain basic functions of the website and web applications
  • To ensure system security and stable operation (e.g., attack prevention, troubleshooting)
  • To generate aggregated or anonymized traffic statistics and usage analytics

We do not use the above log data to identify any specific natural person, unless required for security investigations or legal obligations.

3. Data Processed at Your Request

3.1 Account Registration, Login, and Waitlist

To enable you or your organization to create a ximu account (including free trial access), join a waitlist, or log in to use the Services, we may collect and process the following data:

Required information (subject to the actual product features, which may be simplified or expanded):

  • Business email address (for login, Magic Link authentication, and communication)
  • Company name and relevant product or brand information (for data configuration and account management)

If you log in via Magic Link, we will:

  • Send a one-time login link to your email address; and
  • Verify the validity of that link within a limited time window to complete the login process.

Purposes of processing:

  • To create and manage user accounts and organization workspaces
  • To provide access control, permission management, and secure login
  • To send account security-related notifications (e.g., login alerts)

3.2 Identity Verification and Third-Party Login Services

We may use third-party authentication services (such as Magic Link-based authentication providers) to enable passwordless login. Such providers may process your:

  • Email address
  • IP address and device information
  • Login time and verification status

Purposes of processing:

  • To provide secure and reliable login mechanisms
  • To reduce password leakage risks and improve user experience

Specific providers (e.g., the name of a third-party auth provider) and their privacy policies will be available through links within the Services.

3.3 Communications, Support, and Feedback

When you contact us via online forms, support emails, or other channels, we may process the information you voluntarily provide, such as:

  • Name and business email address
  • Company name and product information
  • Your inquiries, feedback, and any attachments

Purposes of processing:

  • To respond to your requests and questions
  • To provide customer support and document issue-resolution processes
  • To improve product quality and internal service management

3.4 Marketing Emails and Newsletters

If you voluntarily subscribe to our newsletters or product updates, we will use your email address to send you:

  • Product update notifications
  • Industry insights and event invitations
  • Trial and promotional information

You may unsubscribe at any time through the "unsubscribe" link in our emails or by contacting us.

4. Data Processing During Your Use of ximu

ximu is an enterprise-focused AI GEO platform. During your or your organization's use of the Services, we process two categories of data:

  • Account and usage data
  • Brand and content analysis data

4.1 Account and Usage Data

This includes, but is not limited to:

  • Account and organization information (see Section 3.1)
  • Usage behavior records, such as login time, feature clicks, viewed reports/pages, and operation logs
  • Basic subscription and billing data (e.g., plan type, expiration date; detailed payment information is processed by third-party payment providers)

Purposes of processing:

  • To provide core product functions (e.g., brand influence, visibility, and sentiment reporting)
  • To generate usage statistics and optimize experience and performance
  • To prevent misuse (e.g., abnormal calling patterns or account-sharing detection)

4.2 Brand and Content Analysis Data

As a GEO platform, we process information that you or your organization configure or upload within the Services (generally non-personal data, though it may include personal data in certain cases), including:

  • Brand information: brand name, product line names, categories, etc.
  • Competitor information: competitor names and comparison dimensions you configure
  • Marketing and content links: such as brand official websites, product documentation links, publicly available social media/content links
  • Prompts and queries: prompts used to monitor AI models (should not include sensitive personal information)
  • Analysis results: influence index, visibility index, sentiment index, source statistics, and other outputs derived from AI model answers and public data

We may also collect relevant information about your configured brands/products from public sources, such as:

  • Public websites, news media, social media, or industry reports
  • Lawfully authorized data providers

Purposes of processing:

  • To measure your brand's visibility and sentiment across different AI models
  • To generate dashboards, reports, comparison charts, and optimization recommendations
  • To help you continuously track brand performance within the AI ecosystem

In normal use cases, we recommend that you avoid uploading or entering personal sensitive data that could directly identify natural persons (e.g., customer names, ID numbers). If necessary, you must ensure you have obtained a lawful basis or authorization from the relevant data subjects before uploading such data. You are solely responsible for compliance with applicable laws and for any claims arising from your provision or use of personal data or sensitive personal data, and such responsibility does not fall on ximu.

5. Cookies, Analytics, and Third-Party Tools

5.1 Cookies and Local Storage

We may use cookies or similar technologies (such as local storage) to:

  • Maintain login sessions
  • Remember interface preferences (e.g., language, theme)
  • Perform basic statistics and usage analysis

You may manage or disable cookies via your browser settings. Disabling strictly necessary cookies may prevent you from logging in or using certain features.

5.2 Third-Party Analytics Tools

We may use third-party analytics tools to understand how visitors use our website. These tools often use cookies or similar identifiers to collect anonymized or pseudonymized data, such as:

  • Pages visited and time spent
  • Referral sources (e.g., search engines, external links)
  • Browser and device types

6. Third-Party Services and Data Sharing

We only disclose your data to third parties under the following circumstances:

Service providers / processors

Such as cloud hosting, authentication, email delivery, analytics, etc. They process data only under our instructions and contractual obligations and must comply with corresponding data protection requirements.

Legal obligations

Where required by law or by compulsory requests from governmental or judicial authorities.

Corporate transactions

In the event of restructuring, merger, acquisition, or asset transfer, we may transfer relevant data to a receiving party in compliance with legal requirements.

We do not sell your personal data to third parties.

6.1 Cross-Border Data Transfers

As ximu may provide services across multiple regions, your data is primarily stored and processed in data centers located in the United States and provided by Alibaba Cloud International (Alibaba Cloud). Where data is transferred to countries/regions with a different level of legal protection than your jurisdiction, we will implement appropriate safeguards, such as:

  • Executing standard contractual clauses

7. Data Retention and Security Measures

We retain your data only for as long as necessary to fulfill the purposes described in this Privacy Policy, perform contractual obligations, and comply with legal requirements. Retention periods depend on the data type and purpose, for example:

  • Account information: retained during account validity and for a reasonable period after closure (for billing and compliance)
  • Log data: typically retained for 180 days for security and audit purposes
  • Marketing communications data: retained until you withdraw consent or after a defined period of inactivity

We implement reasonable technical and organizational measures to protect your data against unauthorized access, loss, misuse, or alteration, including but not limited to:

  • Access control and least-privilege principles
  • Encrypted storage and transmission (e.g., HTTPS/TLS)
  • Log auditing and anomaly monitoring

8. Your Rights

You have the following rights regarding your personal data:

  • Right of access: to request confirmation whether we process your personal data and to obtain a copy.
  • Right of rectification: to request correction where data is inaccurate or incomplete.
  • Right of erasure: to request deletion under certain conditions (e.g., data no longer necessary or consent withdrawn).
  • Right to restrict processing: to request temporary restriction of processing in certain situations.
  • Right to data portability: where technically feasible, to receive data you provided in a structured, commonly used, machine-readable format and request transfer to another controller.
  • Right to object: to object at any time where processing is based on legitimate interests or direct marketing.
  • Right to withdraw consent: to withdraw consent at any time where processing is based on consent.

To exercise these rights, please contact us using the contact details provided at the beginning of this Policy.

If you believe our processing violates applicable law, you also have the right to lodge a complaint with a competent data protection authority.

9. Children's Privacy

Our Services are intended for business users and professionals, not minors. If you believe we have collected personal data from a minor without awareness, please contact us promptly. We will take appropriate measures, such as deleting such data.

10. Updates to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in the Services or legal requirements. Updated versions will be published on our website with a revised "Last Updated" date. Where changes are significant, we may notify you via email or in-service notices.

If you continue to use the Services after an update becomes effective, you will be deemed to have read and agreed to the updated Privacy Policy.