Privacy Policy

This Privacy Policy was recently updated on May 01, 2023. Previous versions of policy are linked under this document. Thank you for visiting or becoming a member of Xiphos.

  1. Data controller:

Xiphos d.o.o.
Fabijaniceva 60
10040 Zagreb
Croatia
Privacy contact: support@xspcloud.com or https://support.xiphos.co

At Xiphos d.o.o. (“Xiphos,” “we,” or “us”), we value your privacy and aim to ensure that you comprehend how we gather, utilize, and share information about you. This Privacy Policy outlines our data collection practices and delineates your rights concerning your personal information.

Unless we refer to a different policy or specify otherwise, this Privacy Policy is applicable when you visit or use Xiphos websites (xiphos.hr, xiphos.co, xiphosacademy.com, xiphossecurityportal.com, xspcloud.com), mobile applications, APIs, or related services (the “Services”). It also pertains to potential customers of our business and enterprise products. By utilizing the Services, you agree to abide by the terms of this Privacy Policy. If you do not agree with this Privacy Policy or any other agreement governing your use of the Services, kindly refrain from using them.

  1. Information We Obtain

We directly collect specific information from you, such as data you input yourself, details about your content consumption, and data from third-party platforms with which you connect to Xiphos. Additionally, we automatically gather certain data, such as information about your device and your interaction with or utilization of various parts of our Services.

All the data mentioned in this section is subject to the following processing activities: collection, recording, structuring, storage, modification, retrieval, encryption, pseudonymization, deletion, consolidation, and transmission.

2.1. Data You Provide to Us

The data we collect from or about you may vary based on how you employ the Services. Here are some examples that can help you comprehend the information we collect.

When you create an account and utilize the Services, either directly or through a third-party platform, we gather any data you provide, which includes:

 

    • Processing Account Data – To access certain features and create a user account, we collect and store your email address, password, account settings, and, for affiliate accounts, your name, email address, password, and account settings. Additional information such as occupation, ID information, and phone number may be required when using specific site features. Upon creating an account, a unique identifying number is assigned to you. Legal basis: Performance of contract, Legitimate interests (service provisioning, identity verification, fraud prevention and security, communication.
    • Profile Data – You have the option to provide profile information such as a photo, headline, biography, language, website link, social media profiles, country, or other data. Your Profile Data is visible to the administrators of your company team and our administrators and instructors. Legal basis: Performance of contract and Legitimate interests (enhanced platform functionality, conveying content source information).
    • Shared Content – Interacting with other users or sharing content publicly on the Services, such as posting reviews, asking, or answering questions, messaging instructors, or uploading photos or other work, may make the shared content viewable by others depending on the posting location. Legal basis: Performance of contract and Legitimate interests (service provisioning, enhanced platform functionality).
    • Learning Data – When accessing content, we collect specific data including courses, assignments, labs, workspaces, quizzes started and completed; content and subscription purchases and credits; subscriptions; completion certificates; interactions with instructors, teaching assistants, and other students; and items submitted for course and related content requirements. Legal basis: Performance of contract and Legitimate interests (service provisioning, enhanced platform functionality)
    • Student Payment Data – For purchases, we collect data necessary to process orders, such as name, billing address, and company info. Payment and billing data are directly provided to our payment service providers (Stripe), including name, credit card information, billing address, and ZIP code. Limited information, such as new card notifications and last four digits of the card, may be received from payment service providers to facilitate payments. Sensitive cardholder data is not collected or stored by Xiphos. In compliance with applicable laws, trusted third parties collect tax information, including residency information, tax identification numbers, biographical information, and other personal information required for taxation purposes. Legal basis: Performance of contract and Legal obligation and Legitimate interests (payment facilitation, fraud prevention and security, compliance)
    • Affiliate Payment Data – For affiliates, we collect and use information including payment account email address, account ID, physical address, and other data necessary to send payments. In compliance with applicable laws, trusted third parties collect tax information, including residency information, tax identification numbers, biographical information, and other personal information required for taxation purposes. Sensitive bank account information is not collected or stored by Xiphos. The privacy policy and terms of your payment account provider govern the collection, use, and disclosure of payment, billing, and taxation data. Legal basis: Performance of contract and Legal obligation and Legitimate interests (service provisioning, payment facilitation, fraud prevention and security, compliance)
    • Data About Your Accounts on Other Services – Information from your connected social media or online accounts may be obtained if linked to your Xiphos account. When logging in through third-party platforms or services, we may request permission to access specific information from those accounts, such as name, account ID number, and login email address. The availability and extent of information depend on your privacy settings and the discretion of the platform or service. When using our Services through a third-party platform, the privacy policies, and agreements of that third party apply to the collection, use, and sharing of your data. Legal basis: Legitimate interests (identity verification, user experience improvement).
    • Promotions, and Surveys – Participation in surveys or promotions (contests, sweepstakes, challenges) may be offered through the Services or a third-party platform. Data provided during participation, such as name, email address, postal address, date of birth, or phone number, will be collected and stored for administering the promotion or survey. This data may also be used for purposes such as notifying winners and distributing rewards. In some cases, you may be required to allow us to publicly post certain information, such as on a winner’s page, to receive a reward. If a third-party platform is used to administer a survey or promotion, their privacy policy will apply. Legal basis: Performance of contract and Legitimate interests (promotions administration, prize delivery, compliance)
    • Communications and Support – When you contact us for support or to report a problem or concern, we collect and store your contact information, messages, and other relevant data such as your name, email address, messages, location, Xiphos user ID, refund transaction IDs, and any other data provided or collected through automated means. This data is used to respond to your inquiries, address your concerns, and conduct necessary research, all in accordance with this Privacy Policy. Legal basis: Legitimate interests (customer and technical support)

The aforementioned data is stored by us and linked to your account.

2.2. Data Collected through Automated Means

When you utilize the Services (including browsing content), we automatically collect certain data, which includes:

 

    • System Data – Technical information about your computer or device, such as your IP address, device type, operating system type and version, unique device identifiers, browser, browser language, domain, and other system-related data, and platform types. Legal basis: Performance of contract, Legitimate interests (service provisioning, customer and technical support, fraud prevention and security, communication, product improvement)
    • Usage Data – Statistics regarding your usage of the Services, including accessed content, time spent on pages or the Service, pages visited, features utilized, search queries, click data, date and time, referrer, and other data related to your use of the Services. Legal basis: Legitimate interests (service provisioning, user experience improvement, product improvement)
    • Approximate Geographic Data – An approximate geographic location, which may include country, city, and geographic coordinates. This information is derived from your IP address. Legal basis: Legitimate interests (user experience improvement, fraud prevention and security, compliance)

The aforementioned data is collected through the utilization of server log files and tracking technologies, as outlined in the “Cookies and Data Collection Tools” section. It is stored by us and linked to your account.

2.3. How We Obtain Data About You

We utilize tools such as cookies and similar tracking technologies to collect the aforementioned data. Some of these tools provide options for opting out of data collection.

  1. Cookies and Data Collection Tools

We employ cookies, which are small text files stored by your browser, to collect, store, and share data regarding your activities across websites, including on Xiphos. They enable us to remember information about your visits to Xiphos, and enhance the usability of the site. To learn more about cookies, you can visit https://cookiepedia.co.uk/all-about-cookies. Additionally, we may use clear pixels in emails to track deliverability and open rates.

Xiphos, along with service providers acting on our behalf (such as Google Analytics and third-party advertisers), utilize server log files and automated data collection tools like cookies, tags, scripts, customized links, device or browser fingerprints, and web beacons (collectively referred to as “Data Collection Tools”) when you access and use the Services. These Data Collection Tools automatically track and gather certain System Data and Usage Data during your use of the Services.

3.1. Purpose of Data Collection Tools

Xiphos utilizes the following types of Data Collection Tools for the purposes described:

 

    • Strictly Necessary: These Data Collection Tools enable you to access the site, provide essential functionality (such as logging in or accessing content), secure the site, protect against fraudulent logins, and detect and prevent abuse or unauthorized use of your account. Disabling these tools may result in certain parts of the site breaking or becoming unavailable.
    • Functional: These Data Collection Tools remember information about your browser and preferences, provide additional site functionality, affiliate information, customize content to be more relevant to you, and retain settings that affect the appearance and behavior of the Services (such as preferred language or video playback volume).
    • Performance: These Data Collection Tools assist in measuring and improving the Services by providing usage and performance data, visit counts and traffic sources. These tools help us test different versions of Xiphos to determine user preferences for features or content, and identify which email messages are being opened.
    • Advertising: These Data Collection Tools are employed to deliver targeted advertisements (on the site and/or other sites) based on information we know about you, such as your Usage and System Data, as well as information gathered by ad service providers through their tracking data. The ads may be tailored to your recent activity, activity over time, and across other sites and services. To enable personalized advertising, we may provide these service providers with a hashed and anonymized version of your email address (in a non-human-readable form) and publicly shared content on the Services.
    • Social Media: These Data Collection Tools enable social media functionality, such as content sharing with friends and networks. These cookies may track a user or device across other sites and create a profile of user interests for targeted advertising purposes.

You can configure your web browser to notify you about attempts to place cookies on your computer, restrict the types of cookies you allow, or reject cookies altogether. However, doing so may limit your access to certain features or render some or all of the Services less functional. For further guidance on managing Data Collection Tools, please refer to Your Choices About the Use of Your Data section below.

  1. How We Use Your Data

We utilize your data to provide our Services, communicate with you, address issues, ensure security and integrity, improve, and update our Services, analyze usage patterns, deliver personalized advertising, and fulfill legal requirements or safety measures. We retain your data for as long as necessary to fulfill the purposes for which it was collected.

We employ the data we collect through your use of the Services to:

 

    • Provide and administer the Services, including facilitating participation in educational content, issuing completion certificates, displaying customized content, and enabling communication with other users (Account Data, Shared Content, Learning Data, System Data, Usage Data, Approximate Geographic Data).
    • Process payments to affiliates (Affiliate Payment Data).
    • Process your requests and orders for educational content, products, specific services, information, or features (Account Data, Learning Data, Student/Company Payment Data, System Data, Communications and Support).
    • Communicate with you regarding your account by responding to your inquiries and concerns, sending administrative messages and information (including messages from instructors and teaching assistants), notifications about changes to our Service, and updates to our agreements. Additionally, we may provide information via email or text messages about your progress in courses and related content, rewards programs, new services, new features, promotions, newsletters, and other instructor-created content (Account Data, Shared Content, Learning Data, Sweepstakes, Promotions, and Surveys, System Data, Communications and Support).
    • Manage your account, account preferences, and personalize your experience (Account Data, Learning Data, Student Payment Data, Instructor Payment Data, System Data, Usage Data, Cookie Data).
    • Facilitate the technical functioning of the Services, including troubleshooting and resolving issues, securing the Services, and preventing fraud and abuse (Account Data, Student Payment Data, Affiliate Payment Data, Communications and Support, System Data, Approximate Geographic Location).
    • Verify the identity of affiliates (Account Data, Affiliate Payment Data).
    • Gather feedback from users (Account Data, Communications and Support).
    • Market products, services, surveys, and promotions (Account Data, Learning Data, Promotions, and Surveys, Usage Data, Cookie Data).
    • Market subscription plans to prospective customers (Account Data, Learning Data, Cookie Data).
    • Identify unique users across devices (Account Data, System Data, Cookie Data).
    • Customize advertisements across devices (Cookie Data).
    • Improve our Services and develop new products, services, and features (all data categories).
    • Analyze trends and traffic, track purchases and usage data, and gather insights (Account Data, Learning Data, Student Payment Data, Communications and Support, System Data, Usage Data, Approximate Geographic Data, Cookie Data).
    • Comply with legal obligations or requirements (all data categories).
    • Ensure the safety and integrity of our users, employees, third parties, the public, or our Services, as determined at our discretion (all data categories).

We utilize your data for these purposes in accordance with applicable privacy laws and regulations.

4.1. Who We Share Your Data With

We may share certain data about you with the following entities or under the circumstances described in this Privacy Policy:

 

    • Affiliates: We share data with our affiliates, which are entities through whom you came to our service.
    • Service Providers, Contractors, and Agents: We share your data with third-party companies that perform services on our behalf, such as payment processing, fraud prevention, email and hosting services. These service providers are required to use your personal data solely as directed by us to provide the requested services.
    • Instructors and Teaching Assistants: We share data with instructors and teaching assistants to improve educational content and personalize the learning experience. This data may include information such as your country, browser language, operating system, device settings, referring site, e-mail address, enrolled courses, and course reviews. Additionally, depending on your settings, your shared content may be publicly viewable, including by instructors and other users in shared groups.
    • Social Media Features: If you interact with social media features integrated into our Services (such as the Facebook Like button), the third-party social media provider may collect certain information, such as your IP address and the page of our Services you are visiting. The collection and use of your data by these features are governed by the privacy policy of the respective third-party company.
    • Promotions and Surveys: We may share your data as necessary to administer, market, or sponsor promotions and surveys in which you choose to participate, as required by applicable law or in accordance with the rules of the promotion or survey.
    • Security and Legal Compliance: We may disclose your data to third parties if we have a good faith belief that such disclosure is required:

 

        • as part of a judicial, governmental, or legal inquiry, order, or proceeding;
        • to enforce our Terms of Use, Privacy Policy, and other legal agreements;
        • to detect, prevent, or address fraud, abuse, misuse, potential violations of law or security or technical issues;
        • to protect the rights, property, or safety of Xiphos, our users, employees, the public, or our Services;
        • to comply with our disclosure obligations and rights under this Privacy Policy; or
        • as otherwise required or permitted by law.
    • Change in Control: In the event of a merger, acquisition, corporate divestiture, or dissolution of Xiphos (including bankruptcy) or a sale of all or a portion of our assets, we may share, disclose, or transfer all of your data to the successor organization during the transition or in anticipation of it.
    • Aggregated or De-identified Data: We may disclose or use aggregated or de-identified data for any purpose.
    • With Your Permission: With your consent, we may share your data with third parties beyond the scope of this Privacy Policy.

4.2.  Security

We employ appropriate security measures based on the type and sensitivity of the data we store. While we take reasonable steps to protect your personal data, no system is completely secure. Therefore, we cannot guarantee the absolute security of your data or the communications between you and Xiphos. It is important for you to safeguard your password and notify us immediately if you suspect any unauthorized access to your account. We have implemented optional two-factor authentication to enhance the security of our educational system, so we encourage you to use it.

  1. Your Rights

You have certain rights regarding the use of your data, including the ability to opt out of promotional emails, cookies, and the collection of your data by certain third parties.

5.1. Your Choices Regarding Data Use

You have the option to withhold certain data from us, although it may restrict your access to certain features of the Services.

 

    • To stop receiving promotional communications, you can unsubscribe using the provided mechanism in the promotional emails or modify your email preferences in your account settings. Please note that we will continue to send you transactional and essential messages related to the Services.
    • You can adjust your cookie settings at any time by selecting the appropriate option in your browser or use the button in the bottom of our webpage. To manage cookies and learn more about them, visit cookiepedia.co.uk/how-to-manage-cookies.
    • Your browser or device may offer controls to manage cookies and local data storage. Refer to the instructions provided by your specific browser or device.
    • If you wish to opt out of analytics services provided by Google Analytics, please refer to the respective opt-out mechanisms: Google Analytics Opt-out Browser Add-on.
    • For tailored advertising within mobile apps, refer to the instructions provided by Apple iOS, Android OS, and Microsoft Windows. Other devices and operating systems may have similar privacy settings.

If you have any questions about your data, its usage, or your rights, you can contact us at support@xspcloud.com.

5.2. Accessing, Updating, and Deleting Your Personal Data

You can access and update your personal data collected by Xiphos in the following ways:

 

    • Log into your account to directly update the data you have provided.

 

        • Students: Visit your profile settings page and modify your data.
        • Affiliates: Visit your profile settings page and modify your data.
    • To terminate your account:

 

        • Contact our support team at https://support.xiphos.co. Please note that even after your account is terminated, certain data may still be visible to others, such as copied or shared content, or data posted on third-party platforms. We retain your data for as long as necessary to fulfill legal obligations, resolve disputes, and enforce agreements.
    • To request access, correction, or deletion of your personal data, please use our online form on https://support.xiphos.co or send a written request to Xiphos d.o.o., Fabijaniceva 60, 10040 Zagreb, Croatia. Please allow up to 30 days for a response. We may require verification of your identity and retain certain data as required by law.

5.3. Our Policy Concerning Children

We are committed to protecting the privacy of children and encourage parents and guardians to be involved in their children’s online activities. We do not knowingly collect information from individuals under the age of 18. If we become aware that we have inadvertently collected personal data from a child under this age, we will take steps to delete it. Parents who believe that their child’s information has been collected by Xiphos can contact us at support@xspcloud.com for assistance in removing the information.

5.4. Jurisdiction-Specific Rules

Users in California

If you are a California resident, you have rights under the California Consumer Privacy Act (CCPA). These rights include:

 

    • Right to Know: You can request information about the categories and specific pieces of personal information we have collected about you, as well as access a copy of your personal information.
    • Right to Correction: You can request the correction of inaccurate personal information.
    • Right to Deletion: You can request the deletion of personal information we have collected about you.
    • Right to Non-Discrimination: Exercising your rights under CCPA will not result in any discriminatory treatment.
    • Right to Opt-Out: You have the right to opt out of the sale of your personal information. While Xiphos does not sell personal information in the traditional sense, we may use cookies that make non-personally identifiable information available to select third parties. To opt out of such “sales,” click on the “Do Not Sell My Personal Information” link at the bottom of the page. To exercise these rights or for more information, please email support@xspcloud.com or write to us at Xiphos d.o.o., Fabijaniceva 60, 10040 Zagreb, Croatia. We may need to verify your identity before fulfilling your request.

Users in Nevada

Xiphos does not sell personal information of its users. However, Nevada residents have the right to request that we do not sell their covered personal information. To submit such a request, please email support@xspcloud.com or write to us at Xiphos d.o.o., Fabijaniceva 60, 10040 Zagreb, Croatia.

Users in Australia

If you are an Australian resident and have a complaint, you may contact the Office of the Australian Information Commissioner (OAIC) by visiting www.oaic.gov.au, emailing enquiries@oaic.gov.au, calling 1300 363 992, or writing to OAIC at GPO Box 5218, Sydney NSW 2001. For privacy-related complaints about Xiphos, please email support@xspcloud.com, and we will respond within 30 days.

Users in the European Economic Area (EEA) and United Kingdom (UK)

If you are located in the EEA or UK, you have certain rights regarding your personal data, including the right to access, rectify, erase, restrict processing, and object to processing. If you have concerns, you can also lodge a complaint with the supervisory authority in your country.

  1. Updates & Contact Info

When there are significant changes to this privacy policy, we will notify users via email, in-product notices, or other mechanisms as required by law. Changes to the policy will become effective on the day they are posted.

If you have any questions, concerns, or disputes regarding our Privacy Policy, please feel free to contact us at support@xspcloud.com. You can also reach out to us via postal mail at Xiphos d.o.o., Fabijaniceva 60, 10040 Zagreb, Croatia.