Privacy policy

Privacy Policy

Last Updated: May 14, 2025


INTRODUCTION.

Welcome to XbooK (“XbooK,” "we," "us," or "our"). This Privacy Policy governs the collection, use, and protection of personal information obtained from individuals ("users" or "you") who access, interact with, and use the features, functionalities, products, content, and offerings provided through our website, sub-domains, and affiliated platforms (collectively, the "Platform"). This Privacy Policy explains the types of data we collect, how we use, store, and protect that information, and your rights regarding your personal data. By accessing or using our Platform, you acknowledge that you have read, understood, and agreed to the terms of this Privacy Policy.

At XbooK, your privacy is our priority. We are committed to respecting your privacy rights and safeguarding the confidentiality and security of your personal information. If you do not agree with the practices outlined in this Privacy Policy, we kindly ask that you refrain from using our Platform.

By continuing to use the Platform, you signify your acceptance of this Privacy Policy and consent to the collection, use, storage, and disclosure of your personal data as described herein and in accordance with applicable laws and regulations. If you have any questions, concerns, or feedback about this Privacy Policy, please contact us using the information provided in the Contact Us section.

We may update this Privacy Policy periodically to reflect changes in our practices, technologies, or legal requirements. Any updates will be effective upon posting the revised Privacy Policy on our Platform. We encourage you to review this Privacy Policy regularly to stay informed about how we collect, use, and protect your information.

Thank you for choosing XbooK. Your trust and privacy are essential to us, and we are dedicated to providing a secure and enjoyable experience on our Platform.

TYPES OF DATA WE COLLECT.

To operate the XbooK Platform and fulfill your orders, we collect certain personal and technical information. When you place an order or opt into our marketing communications, we collect your name, email address, and shipping address. Payment details, while necessary to process transactions, are handled through Shopify’s integrated systems, and XbooK does not directly access or store complete credit card numbers or sensitive financial data.

We also collect data related to your purchases, including order history, product selections, and fulfillment details. This allows us to process and ship your order, confirm delivery, and offer customer support.

In addition to information you provide directly, we automatically collect technical data through tracking technologies such as cookies and UTM tags. This includes your IP address, browser type, device information, referral sources, and your behavior on our website—such as which pages you view, how long you stay, and where you click. This data is primarily reviewed through tools like Klaviyo and Meta Ads to help us understand how users interact with our site, measure campaign performance, and personalize content or offers.

If you subscribe to receive emails from us, we may also collect information about how you interact with those communications—for example, whether you open them or click on links—so we can better tailor our outreach.

XbooK does not collect or process sensitive personal data such as health records, government ID numbers, or financial details beyond what is processed through secure third-party systems. We aim to collect only the information necessary to fulfill orders, provide customer support, and improve the overall shopping experience.

HOW WE COLLECT DATA.

We collect information in a few key ways, depending on how you interact with the XbooK website. Most of the personal information we gather—such as your name, email address, and shipping address—is provided directly by you during the checkout process or when you subscribe to our marketing communications. All transactions and related details are processed through Shopify’s secure infrastructure, which handles payment data and order logistics on our behalf.

In addition to information you provide manually, we also collect certain data automatically through the use of cookies and tracking technologies. When you visit our website, tools such as UTM tags, embedded analytics, and advertising platforms like Meta Ads allow us to track where you came from, what content you engage with, and how you move through the site. This behavioral data is analyzed primarily through Klaviyo to help us improve the shopping experience, measure the effectiveness of advertising campaigns, and send relevant follow-up emails.

These technologies allow us to identify patterns such as which products are popular, how long visitors stay on a page, and which emails lead to purchases. While we do not collect sensitive data or personal identifiers through these tools, they help us understand general usage trends and refine our communication strategies.

We do not collect data from brokers, nor do we purchase data from third-party sources. All information is collected either through your voluntary interactions with the website or through automated tools that support performance, marketing, or customer engagement.

HOW WE USE DATA.

We use the information we collect to operate our business efficiently, fulfill orders, and deliver a seamless user experience. The primary purpose of collecting personal data—such as your name, email address, and shipping information—is to process transactions, ensure timely delivery of products, and communicate with you regarding your purchase. This includes order confirmations, shipping updates, and customer support inquiries.

Beyond transactional purposes, we use your data to support marketing and engagement efforts. When you opt into email communications, we use tools like Klaviyo to send follow-up emails, discount offers, product updates, and other promotional messages tailored to your interests. We track engagement with these communications to measure effectiveness and improve future messaging.

We also use behavioral and technical data—collected through cookies, UTM parameters, and ad tracking platforms like Meta Ads—to understand how users arrive at our site and how they interact with our content. This helps us refine our advertising strategies, optimize the website experience, and identify which products or campaigns generate the most interest. These insights support both short-term marketing effectiveness and long-term business growth.

Importantly, we do not use your data for profiling or automated decision-making that would have legal or significant consequences for you. All data use is grounded in legitimate business purposes and aligned with your expectations as a customer. We do not sell your information to third parties, and we ensure that any vendors or partners who support our operations are contractually required to handle your data securely and only for authorized purposes.

Ultimately, our use of your information is limited to what is necessary to provide you with a smooth, personalized, and secure shopping experience, maintain operational integrity, and build meaningful customer relationships.

LAWFUL BASIS FOR COLLECTION.

At XbooK, we collect and process your personal data in accordance with applicable privacy laws and regulations. The lawful basis for our data collection and processing activities depends on the nature of the information and the specific context in which it is collected. We rely on the following lawful bases:

  • Consent: Your consent is the foundation for many of our data collection practices. For instance, when you voluntarily provide your information during a transaction, you explicitly agree to the collection and use of this data for the purposes outlined in this Privacy Policy. You can withdraw your consent at any time by adjusting your settings or contacting us, although this may limit your access to certain features of the Platform.
  • Contractual Necessity: The processing of your personal data is essential for the performance of the contract between you and XbooK. For example, we require your data to place an order. Without this information, we would be unable to fulfill our contractual obligations to you.
  • Legitimate Interests: We process certain data to pursue our legitimate business interests in providing a secure, high-quality, and personalized user experience. These interests include Platform optimization, fraud prevention, and system security. When processing your data based on legitimate interests, we ensure that your privacy rights are not overridden by our operational needs.
  • Legal Obligations: In some cases, we are required to collect, retain, or disclose personal data to comply with applicable laws, regulations, or legal processes. For example, we may process your data to respond to a court order or government request.
  • User Protection: We may process your data when necessary to protect your vital interests or the interests of others, such as ensuring the safety and security of the Platform or addressing unauthorized access.

By relying on these lawful bases, we ensure that our data collection and processing activities are conducted responsibly, transparently, and in compliance with all applicable legal requirements. If you have questions about the lawful basis for a specific data processing activity, please contact us using the details provided in the Contact Us section of this Privacy Policy.

HOW WE SHARE DATA.

We take your privacy seriously and only share your personal data when it is necessary to operate our business, fulfill your orders, or support essential services connected to the XbooK Platform. We do not sell, rent, or trade your personal information to data brokers, advertising networks, or third-party marketers.

Your data may be shared with third-party service providers who assist us in delivering a seamless and secure customer experience. For example, we share order and transaction-related information with Shopify, which hosts our storefront, processes payments, and manages order fulfillment workflows. We also use Klaviyo to manage and send marketing emails, track user engagement, and analyze performance metrics. These providers only receive the information required to perform their functions and are contractually obligated to keep it confidential and secure.

In some cases, we may also share technical or engagement data with advertising platforms such as Meta Ads to track the effectiveness of our marketing campaigns. This includes anonymized or aggregated information used to measure referral sources, conversions, and user engagement trends. This data does not include sensitive personal identifiers.

Internally, access to personal information is restricted to authorized team members who require it to perform customer service, manage orders, or carry out operational tasks. Our marketing team may access customer records strictly for the purpose of sending product updates, follow-up communications, or promotional offers you’ve opted into.

We may disclose your information if required to comply with applicable laws, legal processes, or lawful requests from governmental authorities. In the unlikely event of a business transition—such as a merger, acquisition, or sale of assets—user data may be transferred as part of that transaction, provided that the recipient agrees to continue honoring the commitments set forth in this Privacy Policy.

At all times, we ensure that any data sharing is done with your privacy in mind and only for the limited purposes outlined in this policy. Any third party with access to user data is required to adhere to strict data protection obligations and may not use the information for any unauthorized purposes.

DATA SECURITY.

At XbooK, we are committed to protecting the security and confidentiality of your personal information. We implement commercially reasonable technical, administrative, and organizational safeguards designed to prevent unauthorized access, loss, misuse, alteration, or disclosure of the data we collect.

All transactional and customer information is stored within Shopify and Klaviyo, two platforms known for their enterprise-level security standards. Shopify handles all payment processing through encrypted connections and PCI-compliant infrastructure. XbooK does not store or have direct access to your complete payment card information. Similarly, Klaviyo is used to manage marketing communications and customer engagement data within a secure, access-controlled environment.

Access to customer information is limited to authorized personnel who need the information to perform specific duties, such as order processing, customer service, or marketing. We follow role-based access controls, implement password protections, and restrict system access to ensure that data is only handled by individuals with a legitimate need.

Our website and systems utilize HTTPS encryption for all data transmissions, helping ensure that any information you share with us remains secure while in transit. Additionally, we regularly monitor the performance and security posture of the tools we use and rely on the built-in controls and safeguards provided by Shopify, Klaviyo, and our other vendors to maintain data integrity.

Despite these precautions, no system or method of electronic transmission over the internet is entirely immune to risk. While we do not currently maintain a formal breach response policy, we are prepared to act swiftly in the event of a security incident. Should a data breach occur that affects your personal information, we will notify you promptly in accordance with applicable legal requirements and take appropriate steps to mitigate the impact and prevent recurrence.

By using the XbooK Platform, you acknowledge and accept these inherent risks and agree to notify us promptly of any suspected unauthorized activity.

DATA RETENTION.

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, to comply with our legal and contractual obligations, and to support essential business operations. This includes processing your orders, managing customer service interactions, and maintaining records for accounting, marketing, and system security.

Customer information such as your name, email address, order history, and shipping details is stored within Shopify and Klaviyo for the duration of your relationship with us or until you request its removal. If you opt into our marketing communications, your engagement history—such as email opens and clicks—may be retained by Klaviyo in order to help us understand preferences and refine future messaging.

We do not currently maintain a formal data deletion policy or automated purge system, but we are committed to honoring valid data removal requests. If you no longer wish to have your information retained, you may contact us to request deletion of your data from our active systems. Once verified, we will initiate the removal of your personal information from both our Shopify and Klaviyo environments, unless retention is required for tax, legal, or fraud-prevention purposes.

In some cases, certain order or transaction-related information may be retained for a period of time as required by law or standard bookkeeping practices. During this period, access to such data will be limited and handled only for legitimate operational or compliance purposes.

We periodically review stored data to identify records that are no longer needed and take reasonable steps to ensure that outdated information is securely deleted or anonymized. Backup systems operated by third-party providers may retain limited copies of data for a finite period, but these are not accessible for routine business use and are maintained solely for disaster recovery and system continuity purposes.

COOKIE POLICY.

The XbooK Platform uses cookies and other tracking technologies to improve functionality, personalize the user experience, and support our marketing and analytics efforts. Cookies are small data files stored on your browser or device that allow us to recognize you when you return to the site, track your activity, and measure the performance of our campaigns.

We use a range of cookies and similar technologies in connection with our website. These include essential cookies, which are necessary for core site functionality such as shopping cart management and secure checkouts; functional cookies, which help remember your preferences and enhance user experience; performance and analytics cookies, which track how visitors use the site and help us improve it; and advertising-related cookies, which allow us to measure the effectiveness of ads, understand where users are coming from, and support interest-based advertising strategies.

These technologies are used in conjunction with third-party services such as Shopify, Klaviyo, and Meta Ads. Through these platforms, we can view aggregated insights regarding how users interact with our site, what brought them there, and how they respond to specific content or promotions. While this data may include general location, device type, or browsing behavior, it does not include sensitive or personally identifying information unless you have voluntarily submitted it.

Although we do not currently display a cookie consent banner, use of the site constitutes your agreement to our use of cookies as described in this Privacy Policy. Most web browsers are set to accept cookies by default, but you can adjust your browser settings to decline or remove cookies at any time. However, disabling cookies may affect the functionality of certain features or prevent you from completing purchases or accessing saved preferences.

At this time, XbooK does not respond to Do Not Track (DNT) signals transmitted by browsers, as there is no consistent industry standard for how those signals should be interpreted.

We may update our use of cookies and tracking technologies as our Platform evolves. Any material changes will be reflected in this Privacy Policy, and we encourage you to review it periodically to stay informed about how we collect and use data.

INTERNATIONAL USERS AND DATA TRANSFERS.

The XbooK Platform is currently operated and maintained in the United States, and all data collected through the Platform is stored and processed using infrastructure located in the United States. By using our services, you understand and agree that your personal data may be transferred to, stored in, and processed in the United States, where data protection laws may be different from those in your country of residence.

We do not actively market or provide services to users located in the European Union (EU), United Kingdom (UK), or other jurisdictions with data protection laws such as the General Data Protection Regulation (GDPR). We also do not currently track the online behavior of individuals in those regions or maintain an appointed Data Protection Officer (DPO). However, international users who choose to access or use the Platform from outside the U.S. do so at their own initiative and are responsible for ensuring their use complies with local laws.

All personal data, including any sensitive information submitted through the Platform, is stored using cloud-based services hosted on Amazon Web Services (AWS) in U.S. regions and is processed through other U.S.-based third-party service providers, such as Stripe, Agora, Firebase, and Google APIs. These providers may access your information solely to provide services on our behalf and are contractually bound to handle data securely and in accordance with applicable law.

By accessing or using the Platform from outside the United States, you expressly consent to the transfer, storage, and processing of your personal data in the United States and to the application of U.S. law as it relates to data privacy and usage, regardless of the jurisdiction in which you reside.

If we expand operations into jurisdictions with differing privacy laws—such as the EU, UK, Canada, or others—we will update this Privacy Policy accordingly and provide additional disclosures, rights, and controls as required under applicable local regulations.

CHILDREN’S PRIVACY.

Our Platform is committed to protecting the privacy of children. Consistent with the Children's Online Privacy Protection Act (COPPA) and other applicable laws and regulations, we do not knowingly collect, use, or disclose personal information from children under the age of 18.

  • Age Restriction: Our services are not directed to children under the specified age. We do not knowingly engage in transactions or communications with children under this age. Our Terms and Conditions prohibit users under this age from accessing our Platform and services.
  • Deletion: If we learn that we have collected personal information from a child under the specified age without parental consent, we will take steps to delete the information as soon as possible.
  • Commitment to Data Security: We understand the importance of safeguarding children’s privacy and security online. We implement stringent security measures to protect children's personal information and comply with relevant legal requirements pertaining to data protection and privacy.
  • Updates to our Children’s Privacy Policy: This policy may be updated periodically to reflect changes in our practices or legal requirements. We encourage parents and guardians to review this policy regularly.
  • Reporting Concerns: We take concerns about children's privacy seriously. If you have any questions or concerns about our Children's Privacy Policy or our practices concerning children’s personal data, please contact us using the information provided in the "Contact Us" section.

USER RIGHTS.

At XbooK, we respect your privacy and are committed to giving you meaningful control over your personal information. While privacy laws vary by jurisdiction, we strive to provide all users with clear and accessible options for managing their data. The rights described below apply to all users of the Platform, to the fullest extent permitted by applicable law.

You have the right to access the personal information we hold about you. This may include your contact details, order history, and communication preferences. You may request access to this information by contacting us directly.

You have the right to correct or update your personal information if it is inaccurate or outdated. If you believe the information we hold about you is incorrect or incomplete, you can contact us to request a correction.

You have the right to request deletion of your personal data. If you would like us to remove your information from our systems, please contact us using the details provided in the “Contact Us” section of this Privacy Policy. Once verified, we will delete your personal data within 30 days, unless retention is required for legal, regulatory, or legitimate business purposes (such as tax reporting or fraud prevention). If certain information must be retained, we will inform you of the basis and duration of that retention.

You also have the right to restrict the processing of your personal data in certain circumstances, such as if you object to our use of it for specific purposes. Please note that restricting the use of certain data may affect your ability to complete purchases or receive communications.

If we ever introduce promotional or marketing communications, you will have the right to opt out of such messages at any time. While we do not currently engage in promotional email marketing, your right to object to such processing will remain in place if practices change in the future.

You may request a copy of your personal data in a structured, commonly used, and machine-readable format. Requests for data access or portability will be fulfilled subject to identity verification to protect your privacy and security.

To exercise any of these rights, please contact us directly at the email address provided in the “Contact Us” section of this Privacy Policy. We are committed to responding to valid data-related requests in a timely manner and in accordance with applicable privacy laws.

THIRD-PARTY LINKS.

Our Platform may contain links to third-party websites or services that are not operated or controlled by us. These third-party links are provided for your convenience and reference only. Please note that we have no control over the content, policies, or practices of these third-party websites or services.

By clicking on these third-party links, you acknowledge and agree that we are not responsible for the privacy practices or the content of such websites or services. This Privacy Policy applies solely to the information collected by our Platform. We encourage you to read the privacy policies of any third-party websites you visit to understand their data collection, use, and disclosure practices.

While we strive to include only reputable and trusted third-party links on our Platform, we cannot guarantee the accuracy, completeness, or quality of the information, products, or services provided on these external sites. The inclusion of any third-party link on our Platform does not imply our endorsement, sponsorship, or recommendation of the linked website or its content.

Please be aware that when you leave our Platform and access a third-party website, your interactions and any information you provide are subject to the terms and policies of that website. We encourage you to exercise caution and review the privacy policies of any website you visit.

DATA BREACH RESPONSE.

At XbooK, we are committed to protecting your personal data and have implemented robust measures to ensure its security. In the unlikely event of a data breach, we have a structured response plan in place to manage the situation promptly and effectively while complying with all legal obligations.

If a breach occurs, we will act immediately to identify and contain the issue. This includes isolating affected systems to prevent further unauthorized access or data loss. Once contained, we will conduct a thorough investigation to determine the cause, scope, and impact of the breach. Our goal is to assess the risks posed to affected individuals and ensure appropriate remediation measures are implemented.

We will notify affected users as required by applicable laws. Notifications will include relevant details about the breach, such as the nature of the incident, the type of data affected, potential risks, and steps users can take to protect themselves. Regulatory authorities will also be informed when necessary, following prescribed timelines and reporting requirements.

Following a breach, we will enhance our security measures to address any identified vulnerabilities and prevent similar incidents in the future. Our response plan undergoes regular reviews and updates to align with evolving industry standards and best practices.

If you suspect a security incident involving your personal data or need additional information about our response procedures, please contact us through the details provided in the Contact Us section of this Privacy Policy.

HOW TO EXERCISE YOUR RIGHTS.

We are committed to ensuring that users can exercise their privacy rights in a clear, accessible, and secure manner. Because XbooK does not require users to create personal accounts on the Platform, all data-related requests must be submitted directly to us via email or another available contact method listed in this Privacy Policy.

If you would like to access, correct, update, delete, or restrict the use of your personal data, please contact us at [Insert Email Address]. Upon receiving your request, we may ask for additional information to verify your identity and confirm that the request is being made by the individual to whom the data pertains. This helps us protect your information from unauthorized access or fraudulent activity.

Once a valid request is received and verified, we will process your request in accordance with applicable data protection laws. For deletion requests, we will permanently remove your personal data from our active systems within 30 days unless legal, financial, or regulatory obligations require us to retain certain information for a longer period. If such obligations apply, we will notify you of the limited data we must retain and the reason for doing so.

You may also request that we restrict the processing of your data or object to certain types of processing, such as the use of your data for email marketing or analytics. If we rely on your consent as the legal basis for any data processing activity, you have the right to withdraw your consent at any time by contacting us. Please note that withdrawal of consent does not affect the legality of processing conducted prior to your request and may affect your ability to receive certain services, such as follow-up emails or promotions.

If you would like a copy of the personal data we hold about you in a portable, machine-readable format, we will provide it upon request, subject to verification.

To exercise any of your privacy rights or submit a related inquiry, please contact us using the contact information provided in the “Contact Us” section of this Privacy Policy. We are committed to responding to all legitimate requests in a timely and transparent manner.

DO NOT TRACK SIGNALS.

Our Platform currently does not respond to "Do Not Track" (DNT) signals from web browsers. DNT is a privacy preference that you can set in your web browser to indicate your preference regarding the tracking of your online activities.

While many web browsers support the DNT feature, there is no standard interpretation or industry consensus regarding the meaning of DNT signals. As a result, our Platform does not currently recognize or respond to DNT signals.

Please note that even if you have enabled the DNT feature in your web browser, certain third-party services integrated into our Platform may still collect and track your online activities in accordance with their own privacy policies. We encourage you to review the privacy policies of these third-party services for more information on their tracking practices.

MODIFICATION.

We reserve the right to modify or update this Privacy Policy at any time. Any changes we make will be effective immediately upon posting the revised Privacy Policy on our Platform. We encourage you to review this Privacy Policy periodically to stay informed about how we collect, use, and protect your information.

By continuing to use our Platform after any changes to this Privacy Policy, you acknowledge and agree to the updated terms. It is your responsibility to review this Privacy Policy periodically and ensure that you are aware of any modifications. If you disagree with any changes, you should discontinue your use of our Platform and contact us if you would like to request the deletion of your personal information.

Please note that any provision of this Privacy Policy that imposes an obligation on you or grants us a right will survive the termination or expiration of this Privacy Policy or your use of our Platform.

WEB BEACONS.

Web beacons are small graphic images or other web programming code that can be included in our web pages and e-mail messages. Invisible to the user, these beacons are typically as small as a single pixel and function in a similar manner to cookies. Web beacons are used to track online movements of web users or to access cookies. They help us understand how users interact with our Platform by transmitting information back to us or our partners. Web beacons track user behavior on our Platform, such as page views and email interaction. This information helps us understand user preferences and improve the content and functionality of our Platform.

In our email communications, web beacons allow us to determine whether our emails are opened and if the links within them are clicked. This data assists us in making our communications more relevant and informative for our users.

We use web beacons to gauge the effectiveness of our advertising campaigns. By understanding user interactions and responses to our marketing efforts, we can tailor our strategies to better meet user interests and needs.

While web beacons are inherently anonymous, you have the option to control their use through various browser settings and third-party tools. Disabling cookies in your browser will also limit the functionality of web beacons associated with those cookies.

CONTACT US.

We value open communication with our users and welcome any questions, concerns, or feedback regarding this Privacy Policy or our data handling practices. Our dedicated team is committed to addressing your inquiries and providing timely and clear responses. Please find below the various channels through which you can reach us:

  • Email Communication: For direct and convenient communication, you can email us at [Insert Email]. We aim to respond to all email inquiries within 48 hours during business days.
  • Accessibility: We are committed to ensuring that our communication channels are accessible to all our users, including those with disabilities. If you require any special accommodations, please let us know, and we will do our best to assist you.
  • Language Support: Our customer service team is capable of handling inquiries in multiple languages. If you require assistance in a language other than English, please indicate this in your communication, and we will endeavor to accommodate your needs.

We are dedicated to providing a prompt response to all inquiries. If your issue requires more in-depth investigation, we will keep you informed about the status of your query and provide a timeframe for resolution.