XSell Logo
Privacy Policy

Your Privacy Matters to Us

We are committed to protecting your personal information and being transparent about how we collect, use, and safeguard your data.

Introduction

Welcome to XSell ("we," "us," or "our"). We are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered chatbot platform and related services.

By accessing or using XSell, you agree to the terms of this Privacy Policy. If you do not agree with our policies and practices, please do not use our services.

Last Updated: January 18, 2026

Information We Collect

We collect information to provide and improve our services

Personal Information
  • •Name and email address (when you create an account)
  • •Profile information (optional: company name, phone number)
  • •Authentication data (password, OAuth tokens)
  • •Billing information (processed securely through payment providers)
Chatbot Data
  • •Chatbot configurations and settings
  • •Training data and knowledge base content you upload
  • •Conversation logs and chat histories
  • •User interactions with your chatbots
Technical Information
  • •IP address and browser type
  • •Device information and operating system
  • •Cookies and similar tracking technologies
  • •Usage data and analytics (page visits, features used, time spent)
Integration Data
  • •Facebook OAuth tokens (for Page connections)
  • •Third-party platform credentials (encrypted)
  • •API keys and webhooks
  • •Integration settings and permissions

How We Use Your Information

We use collected data to deliver and enhance our services

Service Delivery

To provide, maintain, and improve our AI chatbot platform, including processing your requests and enabling chatbot functionality.

Security & Authentication

To verify your identity, secure your account, prevent fraud, and protect against unauthorized access using OAuth and other security measures.

Platform Improvement

To analyze usage patterns, optimize performance, develop new features, and enhance user experience across our platform.

Analytics & Insights

To generate analytics, understand user behavior, and provide you with insights about your chatbot performance and user interactions.

Communication: We may use your email address to send you service updates, security alerts, subscription information, and important notifications about your account. You can opt out of non-essential communications at any time.

Cookies & Tracking Technologies

Understanding how we use cookies to enhance your experience

Essential CookiesRequired

Purpose:

Required for authentication, security, and core functionality

Examples:

Session tokens, authentication cookies, security preferences

Functional CookiesOptional

Purpose:

Enable enhanced functionality and personalization

Examples:

Language preferences, chatbot settings, UI customizations

Analytics CookiesOptional

Purpose:

Help us understand usage patterns and improve our services

Examples:

Page views, feature usage, performance metrics

Third-Party CookiesOptional

Purpose:

Enable integrations with external services

Examples:

Facebook OAuth, payment processing, analytics providers

Managing Cookies

You can control and manage cookies through your browser settings. Most browsers allow you to refuse cookies or delete existing cookies. However, disabling essential cookies may affect the functionality of our platform.

To learn more about cookies and how to manage them, visit www.allaboutcookies.org

Third-Party Authentication & Integrations

How we handle external service connections

Facebook OAuth & Page Connections

What We Access:

  • • Basic profile information (name, email)
  • • Facebook Pages you manage
  • • Permissions to send and receive messages on connected Pages
  • • Page insights and analytics (when authorized)

How We Use It:

  • • Authenticate your identity for account creation/login
  • • Connect your chatbots to Facebook Messenger
  • • Send and receive messages on your behalf
  • • Provide analytics about chatbot performance

Your Control:

You can revoke our access to your Facebook account at any time through your Facebook settings. This will disconnect any linked Pages and stop message processing.

Token Storage & Security

OAuth tokens are encrypted at rest and in transit using industry-standard encryption protocols (AES-256).

Tokens are stored securely in our database with access limited to necessary system processes only.

We regularly rotate and refresh tokens according to security best practices and provider requirements.

Other Integrations

XSell may integrate with various third-party platforms including messaging apps, social media, and business tools. Each integration:

  • • Requires explicit user consent
  • • Accesses only necessary data for functionality
  • • Can be disconnected at any time
  • • Follows the third party's privacy policies

We recommend reviewing the privacy policies of any third-party services you connect to XSell.

Data Sharing & Disclosure

We do not sell your personal information to third parties

Important: We do not sell, rent, or trade your personal information to third parties for their marketing purposes. Your data is shared only in the following limited circumstances:

Service Providers

We share data with trusted third-party service providers who assist in operating our platform, conducting business, or serving our users. These providers are contractually obligated to keep your information confidential.

Examples:

  • •Cloud hosting services (AWS, Google Cloud)
  • •Payment processors (for billing)
  • •Email service providers (for notifications)
  • •Analytics services (anonymized data)
Legal Requirements

We may disclose your information when required by law, legal process, litigation, or requests from governmental authorities.

Examples:

  • •Comply with legal obligations
  • •Protect our rights and property
  • •Prevent fraud or security issues
  • •Protect user safety and rights
Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of the business transaction. We will notify you of any such change.

Examples:

  • •Merger or acquisition
  • •Asset sale or transfer
  • •Bankruptcy or similar proceedings
  • •Other business restructuring
With Your Consent
We may share your information with third parties when you explicitly consent or direct us to do so, such as when connecting integrations or sharing chatbot analytics with team members.

Data Security & Protection

How we safeguard your information

We implement industry-standard security measures to protect your information from unauthorized access, alteration, disclosure, or destruction. However, no method of transmission over the Internet or electronic storage is 100% secure, and we cannot guarantee absolute security.

Encryption
  • •All data transmitted using TLS/SSL encryption
  • •Database encryption at rest using AES-256
  • •Encrypted backups and secure storage
  • •End-to-end encryption for sensitive data
Infrastructure Security
  • •Secure cloud hosting with trusted providers
  • •Regular security audits and vulnerability assessments
  • •Firewalls and intrusion detection systems
  • •DDoS protection and network security
Access Controls
  • •Multi-factor authentication support
  • •Role-based access control (RBAC)
  • •Limited employee access to user data
  • •Audit logs for all data access
Operational Security
  • •Regular security training for staff
  • •Incident response procedures
  • •Regular software updates and patches
  • •Data backup and disaster recovery plans
Your Responsibility

You are responsible for maintaining the confidentiality of your account credentials. Please:

  • • Use a strong, unique password
  • • Enable multi-factor authentication
  • • Do not share your account credentials
  • • Log out after using shared devices
  • • Report any suspicious activity immediately

Your Rights & Choices

You have control over your personal information

Right to Access

Request a copy of the personal data we hold about you, including chatbot configurations and conversation logs.

Right to Rectification

Request correction of inaccurate or incomplete personal information we maintain about you.

Right to Deletion

Request deletion of your personal data, subject to legal and contractual obligations (Right to be Forgotten).

Right to Data Portability

Request a copy of your data in a structured, machine-readable format to transfer to another service.

Right to Object

Object to processing of your personal data for direct marketing or other purposes based on legitimate interests.

How to Exercise Your Rights

To exercise any of these rights, please contact us using the information provided in the Contact section below. We will respond to your request within 30 days.

Account Settings:

You can also manage many of your privacy preferences directly through your account settings, including:

  • • Updating your profile information
  • • Managing email notification preferences
  • • Viewing and deleting chatbot data
  • • Disconnecting third-party integrations
  • • Downloading your data

Note: Some rights may be limited by legal or contractual obligations. For example, we may need to retain certain data for legal compliance or to complete transactions you initiated.

Data Retention & Other Policies

Data Retention

We retain your personal information for as long as necessary to provide our services and fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required by law.

Retention Periods:

  • • Active accounts: Data retained while account is active
  • • Inactive accounts: Data may be deleted after 2 years of inactivity
  • • Deleted accounts: Most data deleted within 90 days
  • • Legal requirements: Some data retained longer for compliance
  • • Backups: May retain data in backups for up to 6 months
International Data Transfers

XSell is based in Bangladesh. Your information may be transferred to, stored, and processed in countries other than your country of residence, including but not limited to the United States and European Union.

We ensure appropriate safeguards are in place to protect your data in accordance with this Privacy Policy and applicable laws, including:

  • • Standard contractual clauses approved by regulators
  • • Adequacy decisions for data transfers
  • • Security measures to protect data in transit
Children's Privacy

Our services are not intended for children under the age of 13 (or equivalent minimum age in your jurisdiction). We do not knowingly collect personal information from children under 13.

If we become aware that we have collected personal information from a child under 13 without parental consent, we will take steps to delete that information as soon as possible.

If you believe we have collected information from a child under 13, please contact us immediately.

Updates & Contact Information

How we communicate changes and how to reach us

Policy Updates

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors.

When we make material changes, we will notify you by:

  • • Posting the updated policy on our website
  • • Updating the "Last Updated" date
  • • Sending you an email notification (for significant changes)
  • • Displaying a prominent notice in our application

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.

Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

General Support

support@xsell.com

Mailing Address

ZMark Ltd.
Dhaka, Bangladesh

Response Time

We will respond to your inquiries within 30 days. For urgent privacy concerns, please mark your communication as "Urgent Privacy Matter."

Your consent to this Privacy Policy

By using XSell, you consent to the collection, use, and disclosure of your information as described in this Privacy Policy. If you do not agree with this policy, please do not use our services.