Privacy Policy
Effective Date: December 6, 2024
Last Updated: December 6, 2024
1. Introduction
Welcome to XWire Supply ("we," "us," or "our"). We operate the website supply.xwire.ai and related services (collectively, the "Platform").
This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you use our B2B marketplace and showroom platform. We are committed to protecting your privacy and complying with applicable data protection laws, including the General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), and other relevant privacy regulations.
By using our Platform, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree with our policies and practices, please do not use our Platform.
2. Information We Collect
2.1 Information You Provide to Us
We collect information you voluntarily provide when you:
- Create an Account: Name, email address, phone number, business name, business address, tax ID (EIN), business type, professional credentials
- Complete Your Profile: Profile photo, bio, portfolio images, certifications, specializations, service areas
- Make a Purchase: Billing address, shipping address, payment method details (processed by Stripe)
- Submit a Quote Request: Project details, specifications, budget, timeline, delivery location
- Create Content: Posts, comments, reviews, messages, showroom content, project portfolios
- Contact Us: Support inquiries, feedback, complaints, correspondence
- Opt-in to Marketing: SMS marketing preferences, email newsletter subscriptions
2.2 Information Collected Automatically
When you use our Platform, we automatically collect:
- Device Information: IP address, browser type, operating system, device identifiers, mobile network information
- Usage Data: Pages viewed, features used, time spent on pages, navigation paths, click patterns, search queries
- Location Data: Approximate location based on IP address, precise location if you grant permission
- Cookies and Tracking Technologies: Session cookies, persistent cookies, web beacons, analytics tags (see our Cookie Policy)
2.3 Information from Third Parties
We may receive information about you from:
- Social Media Platforms: If you sign in using Google OAuth
- Business Partners: Suppliers, manufacturers, distributors who list products on our Platform
- Public Sources: Business registries, professional directories, public social media profiles
- Service Providers: Payment processors (Stripe), SMS providers (Twilio), email services (SendGrid), analytics providers (PostHog, Google Analytics)
3. How We Use Your Information
We use your personal information for the following purposes:
3.1 Platform Operations
- Create and manage your account
- Process orders, payments, and refunds
- Facilitate quote requests and bid submissions
- Enable communication between buyers and suppliers
- Provide customer support and respond to inquiries
- Verify your identity and business credentials
3.2 Platform Improvement
- Analyze usage patterns and user behavior
- Conduct research and development
- Test new features and functionality
- Monitor and improve Platform performance
- Personalize your experience and recommendations
3.3 Marketing and Communications
- Send transactional emails (order confirmations, shipping updates, invoices)
- Send promotional emails about new products, features, and offers (with your consent)
- Send SMS marketing messages (only if you opt-in, with ability to opt-out via STOP)
- Display targeted advertising based on your interests and activity
- Conduct surveys and request feedback
3.4 Safety and Security
- Detect and prevent fraud, abuse, and illegal activity
- Enforce our Terms of Service and Community Guidelines
- Moderate user-generated content
- Investigate and respond to content reports
- Protect the security and integrity of our Platform
3.5 Legal Compliance
- Comply with legal obligations (tax reporting, record-keeping, court orders)
- Respond to lawful requests from government authorities
- Establish, exercise, or defend legal claims
- Maintain business records as required by law
4. How We Share Your Information
We do not sell your personal information. We share your information only in the following circumstances:
4.1 With Other Users
- Public Profile Information: Your name, photo, bio, portfolio, and reviews are visible to other users
- Buyers and Suppliers: When you submit a quote request, your contact information and project details are shared with relevant suppliers
- Transaction Parties: Contact and shipping information is shared between buyers and suppliers for order fulfillment
4.2 With Service Providers
We share information with third-party service providers who perform services on our behalf:
- Firebase (Google Cloud): Authentication, database, file storage, hosting
- Stripe: Payment processing, tax calculation, subscription management
- Twilio: SMS messaging, phone verification
- SendGrid: Transactional emails, marketing emails
- PostHog: Product analytics, session recording, feature flags
- Google Analytics: Website analytics, user behavior tracking
- Vercel: Website hosting and deployment
- TaxJar: Sales tax calculation and compliance
These service providers are contractually obligated to use your information only for providing services to us and in compliance with applicable privacy laws.
4.3 For Legal Reasons
- To comply with legal obligations, court orders, or government requests
- To enforce our Terms of Service and other agreements
- To protect our rights, property, and safety, or that of our users and the public
- In connection with investigations of fraud, abuse, or illegal activity
4.4 Business Transfers
If we are involved in a merger, acquisition, reorganization, sale of assets, bankruptcy, or similar business transaction, your information may be transferred as part of that transaction. We will notify you via email and/or prominent notice on our Platform of any change in ownership or use of your personal information.
4.5 With Your Consent
We may share your information with third parties when you have given us explicit consent to do so.
5. Data Retention
We retain your personal information for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law.
Retention Periods:
- Account Information: Until you delete your account, plus 30 days for recovery
- Transaction Records: 7 years (IRS tax reporting requirements)
- Payment Data: Stored by Stripe per PCI DSS requirements (we do not store card numbers)
- Marketing Consent: Until you opt-out, plus 3 years for compliance records
- Content Reports: 2 years for moderation and legal purposes
- Analytics Data: Aggregated and anonymized data may be retained indefinitely
- Legal Records: As long as required by applicable law or to defend legal claims
When we no longer need your information, we will securely delete or anonymize it in accordance with our data retention policies and applicable laws.
6. Your Privacy Rights
Depending on your location, you may have certain rights regarding your personal information:
6.1 For All Users
- Access: Request a copy of your personal information
- Correction: Update or correct inaccurate information
- Deletion: Request deletion of your account and personal information
- Opt-Out: Unsubscribe from marketing emails and SMS messages
- Data Portability: Export your data in a machine-readable format
6.2 For California Residents (CCPA/CPRA)
California residents have additional rights under the California Consumer Privacy Act:
- Right to Know: Request disclosure of personal information collected, used, and shared
- Right to Delete: Request deletion of personal information (subject to exceptions)
- Right to Opt-Out: Opt-out of sale or sharing of personal information (we do not sell your data)
- Right to Non-Discrimination: We will not discriminate against you for exercising your rights
- Right to Limit Use: Request limitation of use and disclosure of sensitive personal information
6.3 For EU/UK Residents (GDPR)
If you are located in the European Union or United Kingdom, you have rights under the GDPR:
- Right of Access: Obtain confirmation of processing and a copy of your data
- Right to Rectification: Correct inaccurate or incomplete data
- Right to Erasure: Request deletion ("right to be forgotten")
- Right to Restriction: Restrict processing under certain circumstances
- Right to Data Portability: Receive data in structured, machine-readable format
- Right to Object: Object to processing based on legitimate interests or direct marketing
- Right to Withdraw Consent: Withdraw consent at any time (where processing is based on consent)
- Right to Lodge a Complaint: File a complaint with your local data protection authority
How to Exercise Your Rights
To exercise any of these rights, please:
- Email us at: privacy@xwire.ai
- Use the "Privacy Settings" in your account dashboard
- For SMS opt-out: Reply STOP to any marketing message
- For email opt-out: Click "Unsubscribe" in any marketing email
We will respond to your request within 30 days (or 45 days for GDPR requests if the request is complex). We may ask you to verify your identity before processing your request.
7. Cookies and Tracking Technologies
We use cookies, web beacons, and similar tracking technologies to collect information about your browsing activities and to provide personalized services.
Types of Cookies We Use:
- Essential Cookies: Required for Platform functionality (authentication, shopping cart, security)
- Performance Cookies: Analytics and performance monitoring (Google Analytics, PostHog)
- Functionality Cookies: Remember your preferences and settings
- Advertising Cookies: Deliver targeted advertising based on your interests
You can control cookies through your browser settings. However, disabling cookies may affect Platform functionality. For more details, see our Cookie Policy.
Do Not Track Signals
Some browsers support "Do Not Track" (DNT) signals. Currently, there is no industry standard for responding to DNT signals, so we do not currently respond to DNT browser settings.
8. Data Security
We implement industry-standard security measures to protect your personal information from unauthorized access, disclosure, alteration, and destruction.
Security Measures:
- Encryption: All data in transit is encrypted using TLS 1.3
- Authentication: Firebase Authentication with secure password hashing (bcrypt)
- Access Controls: Role-based access control (RBAC) and principle of least privilege
- Payment Security: PCI DSS Level 1 compliant payment processing via Stripe (we do not store card numbers)
- Database Security: Firestore security rules, encrypted at rest
- Monitoring: Automated security monitoring and threat detection
- Regular Audits: Periodic security assessments and penetration testing
However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to protect your personal information, we cannot guarantee its absolute security. You are responsible for maintaining the confidentiality of your account credentials.
9. International Data Transfers
Our Platform is operated in the United States. If you are located outside the United States, please be aware that information we collect will be transferred to, processed, and stored in the United States.
The United States may not have the same data protection laws as your jurisdiction. However, we take steps to ensure that your personal information receives an adequate level of protection:
- Standard Contractual Clauses: We use EU Standard Contractual Clauses with our service providers
- GDPR Compliance: We comply with GDPR requirements for EU residents
- Privacy Shield Replacement Mechanisms: We use appropriate safeguards following the invalidation of Privacy Shield
By using our Platform, you consent to the transfer of your information to the United States and other countries where we or our service providers operate.
10. Children's Privacy
Our Platform is designed for business users and is not intended for individuals under 18 years of age. We do not knowingly collect personal information from children under 18.
If we discover that we have collected personal information from a child under 18, we will delete that information as quickly as possible. If you believe we have collected information from a child, please contact us at privacy@xwire.ai.
11. Third-Party Links and Services
Our Platform may contain links to third-party websites, services, and social media platforms. We are not responsible for the privacy practices of these third parties.
When you click on a third-party link or use a third-party service, you are subject to that third party's privacy policy. We encourage you to review the privacy policies of any third-party sites you visit.
12. SMS Marketing and Communications
If you opt-in to receive SMS marketing messages from us, the following terms apply:
- Consent: You must explicitly opt-in to receive SMS messages
- Message Frequency: Varies by campaign (typically 2-4 messages per month)
- Message Rates: Standard message and data rates may apply from your carrier
- Opt-Out: Reply STOP to any message to unsubscribe (you will receive a confirmation message)
- Help: Reply HELP for assistance or contact support@xwire.ai
- Provider: SMS messages are sent via Twilio from phone number +1 (888) 411-8078
We comply with the Telephone Consumer Protection Act (TCPA) and other applicable SMS marketing regulations. Opting out of SMS marketing will not affect transactional messages (order confirmations, shipping updates, account notifications).
13. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors.
When we make changes, we will:
- Update the "Last Updated" date at the top of this page
- Notify you via email if the changes are material (at the email address associated with your account)
- Display a prominent notice on our Platform
Your continued use of the Platform after the effective date of the updated Privacy Policy constitutes your acceptance of the changes. If you do not agree with the updated Privacy Policy, you must stop using our Platform and may request deletion of your account.
14. Contact Us
If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:
For GDPR-related inquiries, you may also contact our EU representative (if applicable) or your local data protection authority.
15. Additional Information for California Residents
Categories of Personal Information Collected (Past 12 Months)
| Category | Examples | Collected |
|---|
| Identifiers | Name, email, phone, IP address | YES |
| Commercial Information | Purchase history, orders, quotes | YES |
| Internet Activity | Browsing history, clicks, searches | YES |
| Geolocation | IP-based location, GPS (if permitted) | YES |
| Professional Information | Business name, credentials, portfolio | YES |
| Inferences | Preferences, interests, behavior patterns | YES |
| Sensitive Personal Information | Precise geolocation (only if granted) | LIMITED |
Do We Sell or Share Personal Information?
No. We do not sell personal information as defined by the CCPA. We do not share personal information for cross-context behavioral advertising.
Shine the Light Law
California Civil Code Section 1798.83 permits California residents to request information about disclosure of personal information to third parties for direct marketing purposes. We do not share personal information with third parties for their direct marketing purposes.