Xinpun
Xinpun

XINPUN.COM PRIVACY POLICY

At Xinpun ("We," "Us"), transparency is fundamental. This Privacy Policy describes how we collect, use, process, and share your personal information when you use our platform. This policy is designed to comply with the EU General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA).

1. OUR ROLE: CONTROLLER VS. PROCESSOR

To ensure clarity in data processing, Xinpun operates under two distinct roles:

  • As Controller: We are responsible for the data you provide directly to us to create and manage your account (e.g., your name, email, billing information).
  • As Processor: We act as technical processors of the data coming from your social media profiles (e.g., follower comments, audience metrics), which we manage under your strict instructions.

2. INFORMATION WE COLLECT

2.1 Information Provided by the User

  • Registration Data: Name, email address, password (stored via secure hash).
  • Billing Data: If you purchase a paid plan, our payment processor (e.g., Stripe) collects your financial information. Xinpun DOES NOT store full credit card numbers.

2.2 Social Media Information (Via APIs)

By connecting your social profiles (Facebook, Instagram, X, etc.), you authorize Xinpun to access certain information through the official APIs of those platforms:

  • Access Tokens: Encrypted credentials that allow us to act on your behalf.
  • Profile Information: Name, avatar, user ID.
  • Content and Metrics: Posts, comments, direct messages (if the feature is enabled), "Likes," and performance statistics.

2.3 Information Collected Automatically

  • Usage and Device Data: IP address, browser type, operating system, pages visited, session duration.
  • Cookies and Tracking: We use essential cookies (to maintain your session), functional cookies (preferences), and analytical cookies. You can manage your cookie preferences through our consent banner.

3. HOW WE USE YOUR INFORMATION

We use your data for the following legitimate purposes:

  • Service Provision: To authenticate your identity, publish your scheduled content, and generate analysis reports.
  • Communication: To send you technical notices, security updates, invoices, and support alerts.
  • Product Improvement: To analyze usage trends and improve platform functionality.
  • Security: To verify accounts, prevent fraud, and detect API abuse.
  • Legal Compliance: To comply with legal and regulatory obligations.

4. INFORMATION SHARING AND SUBPROCESSORS

We do not sell your personal information. We share your data with:

  • Social Networks: When scheduling a post, you explicitly instruct us to transfer your content and metadata to the corresponding social network (e.g., Meta, X). Once transferred, this data is governed by the social network's privacy policy.
  • Authorities: When required by law, court order, or to protect legal rights.

5. INTERNATIONAL DATA TRANSFERS

If you are located in the European Economic Area (EEA), your data may be transferred to servers in the United States or other jurisdictions. Xinpun guarantees that such transfers are carried out under appropriate protection mechanisms, such as Standard Contractual Clauses (SCCs) approved by the European Commission or current adequacy frameworks.

6. YOUR PRIVACY RIGHTS (GDPR AND CCPA)

Depending on your jurisdiction, you have the right to:

  • Access your personal data and request a portable copy.
  • Rectify inaccurate or incomplete data.
  • Delete (Right to be Forgotten): Request the deletion of your account. Note: Xinpun will remove your data from our systems, but we cannot remove content that has already been published on social networks; this must be managed directly on the social platform.
  • Object to the processing of your data for marketing purposes.
  • Non-discrimination for exercising your privacy rights (CCPA).

To exercise these rights, contact us at: sup@xinpun.com.

7. DATA RETENTION

We retain your personal data while your account is active or as necessary to provide the Service. If you cancel your subscription, we may retain certain data during a grace period (e.g., 30 days) to allow for reactivation, after which it will be deleted or anonymized, unless the law requires its preservation (e.g., tax records).

8. DATA SECURITY

We implement robust technical and organizational security measures (including SSL/TLS encryption in transit and at rest) to protect your data. However, no system is 100% invulnerable, and we cannot guarantee the absolute security of information transmitted over the Internet.

9. CHANGES TO THIS POLICY

We may update this Privacy Policy occasionally. We will notify you of any material changes through the Service or via email. Continued use of the Service following such changes implies your acceptance.