Privacy Policy
Last Updated: July 2026
Welcome to XiTech (“we,” “our,” or “us”). XiTech is a business platform that helps online sellers and businesses (“Business Owners”) manage their storefront, orders, and customer conversations — including AI-assisted replies on Facebook Messenger. We value your privacy and are committed to protecting your personal information.
This Privacy Policy explains how we collect, use, disclose, and safeguard information when you use our platform, connect your Facebook Page, or interact with a business that uses our services.
By using XiTech, you agree to the terms of this Privacy Policy. If you do not agree, please discontinue use of our platform.
1. Who This Policy Covers
This policy covers two groups of people:
- Business Owners — business owners who create a XiTech account to manage their store and AI Agent.
- Customers — people who message a Business Owner’s Facebook Page or purchase from a Business Owner’s storefront. If you are a Customer, the Business Owner you interacted with is responsible for their own business practices; this policy explains only how the XiTech platform processes data.
2. Information We Collect
2.1 Information from Business Owners
When you register or use our platform, we may collect:
- Full name
- Email address
- Login credentials (securely managed; passwords are never stored in plain text)
- Business/store information (store name, products, pricing, payment details you choose to display to your customers)
- Subscription and billing information (plan type, payment confirmation screenshots)
2.2 Information from Facebook (with your permission)
If you sign in with Facebook or connect a Facebook Page, we collect only the data needed to provide our services:
- Facebook Login: your name and email address (to create/access your XiTech account)
- Page Connection: your Page’s name, Page ID, and a Page access token (to allow our platform to receive and respond to messages sent to your Page, on your behalf)
We request only the minimum Facebook permissions required: public_profile, email, pages_show_list, pages_messaging, and pages_manage_metadata.
2.3 Information from Customers (via Messenger and Storefront)
When a Customer messages a connected Facebook Page or orders from a Business Owner’s storefront, we process:
- Messenger messages sent to the connected Page (message text and sender ID, used to generate replies)
- Order details submitted at checkout (name, contact number, delivery address, items ordered)
- Payment confirmation screenshots uploaded by the Customer
2.4 Non-Personal Information
We may collect non-identifiable data such as browser type, device information, IP address, and pages visited, to analyze performance and improve user experience.
3. How We Use Information
We use collected information to:
- Create and manage Business Owner accounts
- Operate each Business Owner’s storefront and order management
- Generate automated (AI-assisted) replies to Customer messages on connected Facebook Pages. Message content is processed by our AI service provider solely to generate a reply on the Business Owner’s behalf — it is not used to build advertising profiles and is not sold.
- Send automated follow-up messages within Facebook’s 24-hour messaging window, where the Business Owner has configured them
- Track subscription usage (e.g., number of AI replies used) and process plan upgrades
- Improve our platform, prevent abuse, and comply with legal obligations
4. How We Share Information
We do not sell, rent, or trade personal information. We share data only with:
- Service Providers — infrastructure and processing partners necessary to operate the platform:
- Supabase (database, authentication, and file storage)
- Vercel (application hosting)
- Anthropic (AI processing of Messenger message content, solely to generate replies)
- Resend (transactional email delivery, e.g. renewal and account notifications)
- Meta Platforms (to send and receive Messenger messages via the Messenger Platform APIs)
- PayMongo (payment processing, where enabled)
- Legal Authorities — if required by law, subpoena, or to protect our rights and users.
All service providers are bound by their own data protection obligations, and we share only what is necessary for each service to function.
Our use of data received from Meta’s APIs complies with the Meta Platform Terms and Developer Policies.
5. Data Storage and Security
We implement industry-standard security measures, including encrypted connections (HTTPS), row-level access controls on our database, and secure credential storage. However, no online platform is 100% secure. Business Owners are responsible for maintaining the confidentiality of their login credentials.
6. Data Retention
We retain personal information only as long as necessary to:
- Provide the services described in this policy
- Comply with legal obligations
- Resolve disputes or enforce agreements
Messenger conversation history is retained to provide conversation continuity (so the AI can respond in context) and may be periodically cleaned up. When data is no longer needed, it is securely deleted or anonymized.
7. Your Rights and Data Deletion
7.1 Your Rights (Philippines)
Under the Data Privacy Act of 2012 (Republic Act No. 10173), you have the right to:
- Access the personal data we hold about you
- Request correction of inaccurate or outdated information
- Withdraw consent or request deletion of your data
- Object to data processing for marketing purposes
7.2 How to Request Data Deletion
We provide a dedicated Data Deletion page with full instructions: xitechapp.online/data-deletion
In summary:
For Business Owners: You may request deletion of your account and all associated data (store, products, orders, conversation history, connected Page records) by emailing us at support@xitechapp.online with the subject “Data Deletion Request.” We will confirm completion within 30 days. Disconnecting your Facebook Page from the AI Agent page also immediately stops all message processing for that Page.
For Customers: If you have messaged a business that uses XiTech and want your conversation data deleted, you may either contact that business directly, or email us at support@xitechapp.online with the Page name and approximate date of your conversation, and we will process the deletion.
Facebook Data Deletion: If you used Facebook Login or connected a Page and want the data we received from Facebook deleted, removing the XiTech app from your Facebook Settings (Settings → Apps and Websites) will trigger our deletion process for your Facebook-sourced data. You may also email us directly at support@xitechapp.online.
8. Cookies and Tracking Technologies
We use cookies and similar technologies to keep you signed in, remember preferences, and analyze traffic. You can manage cookies in your browser settings, but this may affect certain features.
9. Children’s Privacy
XiTech is a business tool and is not directed at children under 18. We do not knowingly collect personal information from children.
10. Third-Party Links
Business Owner storefronts and our website may contain links to external sites (e.g., a Business Owner’s social media). We are not responsible for the privacy practices of third-party websites.
11. Updates to This Policy
We may update this Privacy Policy periodically. Updates will be posted on this page with a revised “Effective Date.” Continued use of our platform constitutes acceptance of any changes.
12. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us:
📧 Email: support@xitechapp.online
🌐 Website: https://xitechapp.online