Who we are
Xinsto, LLC dba Xinsto, LLC (referred to as “Xinsto, LLC” throughout this document and website). Our website address is: https://www.xinsto.com
What personal data we collect and why we collect it
New customer registration
When new customers sign up, we collect personally identifiable information including full name, address, phone number, information about your device (IP address, ISP, whether or not you’re using a proxy or VPN service, GEOIP data about your physical location, operating system, web browser version, screen resolution, type of device used such as desktop, laptop, mobile phone, or tablet), email address, and payment transaction IDs from third party payment processors.
We require this information in order to prevent fraud and abuse of services and so we can properly bill you for services used.
When you contact us for support or submit a general inquiry to our ticket system, we automatically collect your name, email address, associated services and products, IP address used at the time of submission (only through our web portal), and full email headers (when you respond or open a ticket via email).
This information is used to link your accounts between our systems as well as to prevent spam abuse of our support ticket system.
Our support tickets also have fields that may be used to collect sensitive information such as access usernames and passwords. These fields are encrypted when stored in our support database and then when the ticket is closed, this information is automatically purged.
When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.
If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.
If you submit information via a contact form, we collect your full name, email address, IP address, and optionally your telephone number. We use this information to contact you regarding our services.
If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.
If you have an account and you log in to this site, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.
When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days to a maximum of 90 days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for 90 days. If you log out of your account, the login cookies will be removed.
Embedded content from other websites
Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.
In order to optimize our website traffic, understand traffic patterns, demographics about who visits our website, and to understand how our website is found, we utilize Matomo. Matomo does not have access to any PII data on our website.
Matomo may place a tracking cookie on your computer which may be used by Xinsto to track your access to our site. To opt-out of all of Matomo, simply turn on your web browser’s “Do Not Track” feature.
Who we share your data with
We share your data with our payment processors – Stripe and PayPal – in order to process your payments. For new customers without any existing services, we share all the data collected during the signup process with our anti-fraud vendor, FraudLabsPro.
We also utilize FraudRecord to screen new orders for previous fraudulent activity and report existing clients who violate our Terms of Service. In case of a violation, you may be reported to FraudRecord for misbehaviour using one-way hashed information.
We do not share your data with any other company outside of Xinsto, LLC and the companies mentioned above in this section.
How long we retain your data
If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue.
For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.
Customers who retain active status (one or more product or service is being actively used), all data is retained for as long as you are an active user.
Former customers who are marked as inactive status (all services cancelled, terminated, or expired), all data is retained for two years from the point of account closure. Once the two-year point is reached, all data regarding your account is purged. Former customers who left us in poor standing will only have minimal information removed from our services. This is so that we may identify users who owe unpaid invoices on previously used services.
What rights you have over your data
If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.
Where we send your data
Visitor comments may be checked through an automated spam detection service. Data regarding the purchases of products and services or payments of invoices will be sent to Stripe and PayPal. Customers who have never been with us before will have all their information sent to FraudLabsPro for verification and processing.
Your contact information
We collect your contact information. We ask that you keep your contact information up-to-date so that we have a method of contacting you. You may update your contact information at any time through our customer portal.
How we protect your data
We use SSL/TLS security using, at minimum, 2048-bit RSA keys. Sensitive customer information is salted and hashed, before being stored in our databases. This makes the data completely unusable to anyone without our secret code.
What data breach procedures we have in place
In the event of a data breach, we will notify you within five days of discovery via a non-marketing email as well as a prominently displayed notice on our website, https://www.xinsto.com.
Questions about our privacy and your data
You can contact our Data Privacy Office at firstname.lastname@example.org.
LAST UPDATED: July 4, 2020