Privacy Policy

1. Introduction

XLDN Technologies Ltd ("XLDN", "we", "us", or "our") is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform and services (the "Service").

We comply with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and other applicable data protection laws. By using our Service, you agree to the collection and use of information in accordance with this policy.

2. Data Controller

XLDN Technologies Ltd is the data controller responsible for your personal data.

3. Information We Collect

3.1 Information You Provide

• Account Information: Email address, name, password, and profile details when you create an account.
• Payment Information: Payment details processed securely through our third-party payment processor (Stripe). We do not store full card numbers.
• Communications: Messages you send through our concierge service, support requests, and feedback.
• Corporate Information: Company name, role, and business contact details for corporate accounts.

3.2 Information Collected Automatically

• Usage Data: Pages visited, features used, time spent on the platform, and interaction patterns.
• Device Information: Browser type, operating system, device identifiers, and IP address.
• Cookies: We use cookies and similar technologies for authentication, preferences, and analytics.

4. How We Use Your Information

We use your personal data for the following purposes:

• Service Delivery: To provide, maintain, and improve our ticket concierge and event access services.
• Account Management: To manage your account, verify your identity, and maintain membership status.
• Communications: To send service updates, booking confirmations, ticket deliveries, and respond to inquiries.
• Payments: To process payments and prevent fraud.
• Personalization: To customize your experience and provide relevant recommendations.
• Legal Compliance: To comply with legal obligations and protect our rights.

5. Legal Basis for Processing

Under UK GDPR, we process your data based on:

• Contract Performance: Processing necessary to fulfill our service agreement with you.
• Legitimate Interests: For service improvement, fraud prevention, and marketing (where you haven't opted out).
• Consent: Where you've given explicit consent, such as for marketing communications.
• Legal Obligation: Where required by law.

6. Data Sharing and Third Parties

We may share your data with:

• Payment Processors: Stripe for secure payment processing.
• Email Service Providers: Brevo (Sendinblue) for transactional and service emails.
• Cloud Infrastructure: For hosting and data storage.
• Event Partners: Necessary ticket and booking information to fulfill your requests.
• Legal Authorities: When required by law or to protect our rights.

We require all third parties to respect the security of your data and process it in accordance with applicable laws.

7. International Data Transfers

Some of our service providers may be located outside the UK/EEA. Where we transfer data internationally, we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) approved by the UK Information Commissioner's Office (ICO), or transfers to countries with adequacy decisions.

8. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected:

• Account Data: Retained while your account is active, plus 3 years after deletion.
• Transaction Records: 7 years for tax and accounting purposes.
• Communications: Up to 3 years from the last interaction.
• Marketing Data: Until you unsubscribe or withdraw consent.

9. Your Rights Under GDPR

You have the following rights regarding your personal data:

To exercise any of these rights, please contact us. We prioritise data requests and will respond promptly.

10. Cookies and Tracking

We use cookies for:

• Essential Cookies: Required for authentication and core functionality.
• Analytics Cookies: To understand how you use our service and improve it.
• Preference Cookies: To remember your settings and preferences.

You can manage cookie preferences through your browser settings. Disabling certain cookies may affect functionality.

11. Data Security

We implement appropriate technical and organizational measures to protect your personal data, including:

• Encryption of data in transit (TLS/SSL) and at rest
• Secure authentication with hashed passwords
• Regular security assessments and monitoring
• Access controls and employee training
• PCI-DSS compliant payment processing through Stripe

12. Children's Privacy

Our Service is not intended for individuals under the age of 18. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us immediately.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last updated" date. We encourage you to review this policy periodically.

14. Complaints

If you have concerns about how we handle your personal data, please contact us first.

You also have the right to lodge a complaint with the UK Information Commissioner's Office (ICO):

15. Contact Us

For any questions about this Privacy Policy or our data practices: