Xentropy
Sign upSign in

Privacy Policy

Last updated: June 25, 2026

1. Overview

Xentropy (“we,” “our,” or “us”) provides a personal knowledge workspace (“Xen”) that helps you capture, organize, and act on your ideas. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you use our website (xentropy.ai) and services (collectively, the “Service”).

By using the Service, you agree to our Terms of Service and the collection and use of information in accordance with this policy. If you do not agree, please do not use the Service.

2. Information We Collect

We collect the following categories of personal information (“PII”):

  • Account Information: Email address, name (when provided), and authentication credentials (stored as hashed values).
  • Workspace Content: Notes, chat messages, voice memos, projects, and other content you create or upload to Xen.
  • Device & Usage Information: Browser type, operating system, IP address, pages visited, and interaction data collected through first-party cookies and error monitoring.
  • Marketing Attribution Data: Click identifiers (e.g., UTM parameters, referrer URLs) collected through first-party cookies when you arrive from marketing channels.
  • Payment Information: When you subscribe to a paid plan, our payment processor (Polar) collects your payment card details and billing address. We do not store full payment card numbers on our servers.

3. How We Use Your Information

We use your personal information for the following purposes:

  • Authentication & Account Management: To create and maintain your account, verify your identity, and provide access to the Service.
  • AI Features: To generate embeddings, provide semantic search, and power AI-assisted features. Your workspace content is processed by our AI subprocessor (OpenAI) after PII redaction.
  • Payments & Billing: To process subscription payments and manage your plan.
  • Marketing Measurement: To measure the effectiveness of our marketing efforts through first-party attribution (click IDs, UTM parameters). This data is only processed when you provide consent via our cookie banner.
  • Service Improvement: To diagnose errors, monitor performance, and improve the Service.
  • Legal Compliance: To comply with applicable laws, regulations, and legal processes.

4. Legal Bases for Processing

We process your personal information on the following legal bases:

  • Consent:For marketing measurement and attribution cookies. You may withdraw consent at any time through the “Your Privacy Choices” link in the site footer.
  • Contractual Necessity: To provide the Service you have requested, including account creation, authentication, and AI features that are core to the product.
  • Legitimate Interest: For service improvement, error monitoring, and security — balanced against your privacy rights and expectations.

5. Data Retention

  • Account Data: Retained until you delete your account. You may delete your account at any time from the Settings page, which triggers a full cascade deletion of all associated data.
  • Workspace Content: Retained for the lifetime of your account. Deleted when you remove content or delete your account.
  • Marketing Attribution Data: Retained for up to 12 months from the date of collection, or until you withdraw consent (whichever occurs first).
  • Error Logs: Retained for up to 90 days in our error monitoring system (Sentry).

6. Subprocessors & Third-Party Services

We use the following third-party services to operate the Service. Each subprocessor has access to personal information only as necessary to perform their function and is contractually bound to protect it.

  • Supabase — Authentication, database hosting, and file storage. All user data is stored in Supabase-managed infrastructure.
  • OpenAI — AI embeddings and language model inference. Workspace content sent to OpenAI is PII-scrubbed before transmission (emails, phone numbers, and other identifiers are redacted).
  • Polar — Payment processing and subscription management. Polar collects and processes payment card information directly; we do not store full card numbers.
  • Sentry — Error monitoring and diagnostics. Configured with sendDefaultPii: false; does not collect personal identifiers.

Marketing Platforms (Controller-to-Controller): Google Ads, TikTok, and LinkedIn may receive hashed email addresses or click identifiers for marketing attribution. These platforms act as independent data controllers for their own processing. Data is only shared when you provide marketing consent via our cookie banner.

7. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal information:

  • Access:You may access your personal data at any time through the Service. For a structured export, use the “Export My Data” feature in Settings.
  • Deletion: You may delete your account and all associated data from the Settings page. Account deletion triggers a complete cascade removal of all your data including workspace content, AI usage records, marketing attribution, and stored files.
  • Portability:You may export your data in a machine-readable format using the “Export My Data” feature in Settings (GDPR Art. 20).
  • Opt-Out of Sale/Sharing:Under the CCPA, you have the right to opt out of the sale or sharing of your personal information for cross-context behavioral advertising. Use the “Your Privacy Choices” link in the site footer, or enable the Global Privacy Control (GPC) signal in your browser.
  • Withdraw Consent:You may withdraw marketing consent at any time by clicking “Your Privacy Choices” in the footer and resetting your preferences.
  • Rectification: You may update your account information (email, name) through the Settings page.

To exercise any of these rights, contact us at support@xentropy.ai. We will respond within 30 days as required by applicable law.

8. Cookies & Tracking

We use only first-party cookies for the following purposes:

  • Authentication: Session cookies to keep you signed in.
  • Consent: A cookie storing your marketing consent preference (accepted or declined).
  • Attribution: A first-party cookie storing click identifiers for marketing measurement — only set when you provide consent.

We do not use third-party tracking cookies, analytics cookies (e.g., Google Analytics, PostHog), or advertising cookies. You may clear your consent preference at any time through the “Your Privacy Choices” link in the footer.

9. Global Privacy Control (GPC)

We honor the Global Privacy Control (GPC) browser signal as a request to opt out of the sale or sharing of personal information under the CCPA. If your browser sends the GPC signal and you have not previously provided explicit marketing consent, we automatically set your preference to opted-out without showing the consent banner.

10. Data Security

We implement appropriate technical and organizational measures to protect your personal information, including encryption in transit (TLS), encrypted storage, and PII redaction before AI processing. However, no method of transmission or storage is 100% secure, and we cannot guarantee absolute security.

11. Children's Privacy

The Service is not intended for individuals under the age of 16. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us and we will delete it promptly.

12. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence, including the United States where our subprocessors (Supabase, OpenAI) are based. We ensure appropriate safeguards are in place for such transfers, including Standard Contractual Clauses where applicable.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the new policy on this page and updating the “Last updated” date. Your continued use of the Service after such changes constitutes acceptance of the updated policy.

14. Contact Us

If you have questions about this Privacy Policy or wish to exercise your data rights, contact us at:

Email: support@xentropy.ai

Website: xentropy.ai