Legal

Privacy Policy

How we collect, use and protect your information — written in plain language.

Last updated: 9 June 2026

This Privacy Policy explains how XORLabs LLC ("XORLabs", "we", "us") collects, uses, discloses and safeguards your information when you visit xorlabs.com or engage our services. We are committed to handling personal data in line with the California Consumer Privacy Act (CCPA/CPRA), the EU/UK GDPR, and other applicable U.S. and international laws.

1. Who we are (Data Controller)

XORLabs LLC, 8690 East Villa Cassandra Dr., Scottsdale, AZ 85266, USA. For any privacy question or to exercise your rights, contact privacy@xorlabs.com.

2. Information we collect

  • Information you provide: name, work email, company, role, budget range and message when you submit our contact form or email us.
  • Usage data: IP address, browser type, pages viewed and referring URLs, collected via cookies and analytics.
  • Cookies & similar technologies: see the Cookies section below.

3. How we use your information

  • To respond to your enquiry and provide the services you request.
  • To send a single follow-up about your enquiry (we do not add you to marketing lists without consent).
  • To operate, secure and improve our website.
  • To comply with legal, accounting and regulatory obligations.

Our legal bases are your consent, the performance of a contract (or steps to enter one), and our legitimate interests in running and protecting our business.

4. AI & client data handling

When we build AI systems for clients, any data processed for those engagements is governed by a separate Data Processing Agreement (DPA). We do not use client or visitor data to train third-party foundation models, and we apply PII redaction, access controls and audit logging in line with SOC 2, HIPAA, ISO/IEC 42001 and EU AI Act-aligned practices where applicable.

5. Sharing your information

We do not sell your personal data. We share it only with trusted processors who help us operate (e.g. email, hosting, analytics and CRM providers) under contract, or where required by law. Some providers may process data outside your country under appropriate safeguards (e.g. Standard Contractual Clauses).

6. Cookies

We use essential cookies to run the site and, with your consent, analytics cookies to understand usage. You can control cookies through your browser settings or our cookie banner where shown. Disabling cookies may affect some features.

7. Data retention

We keep enquiry data for as long as needed to respond and for our legitimate business records, then delete or anonymise it. You can ask us to delete your data sooner (see your rights below).

8. Your rights

Subject to applicable law, you may request access, correction, deletion, restriction or portability of your data, and you may object to or withdraw consent for certain processing. To exercise any right, email privacy@xorlabs.com. You also have the right to complain to your data protection authority.

9. Security

We use technical and organisational measures — encryption in transit, access controls, least-privilege and monitoring — to protect personal data. No method of transmission is 100% secure, but we work to protect your information and review our controls regularly.

10. Children

Our site and services are intended for businesses and are not directed to children under 16. We do not knowingly collect data from children.

11. Changes to this policy

We may update this policy from time to time. The "last updated" date above reflects the latest revision. Material changes will be highlighted on this page.

12. Contact

Questions? Email privacy@xorlabs.com or write to the address in section 1.