Privacy Policy

Last updated: 9 April 2026

1. Introduction

XGX AI LIMITED ("XGX.AI", "we", "us", "our") is committed to protecting your privacy. This policy explains how we collect, use, store, and protect your personal data when you use our website at xgx.ai.

XGX AI LIMITED is a company registered in England and Wales (Company Number: 15019133) with its registered address at Whyfield, Truro Business Park, Threemilestone, Truro, England, TR4 9LF.

For the purposes of UK data protection legislation (UK GDPR and the Data Protection Act 2018), XGX AI LIMITED is the data controller.

2. Information We Collect

We collect information you voluntarily provide through our website:

• Contact form: first name, last name, company name, email address, and message content
• Discovery call bookings (via Calendly): name, email address, and any information you choose to provide when scheduling a call

We also collect limited technical data automatically:

• Analytics data via PostHog including page views, device type, browser type, and approximate geographic location
• By default, analytics operates in cookieless mode and no personally identifiable information is collected
• If you accept cookies via our consent banner, we may set analytics cookies to improve your experience, enable session recordings, and track return visits. You can decline at any time
• Your cookie preference is stored in your browser's local storage and can be changed by clearing your browser data

3. How We Use Your Information

We use the information we collect to:

• Respond to your enquiries submitted through our contact form
• Schedule and deliver discovery calls booked via our third-party calendar provider (Calendly)
• Send confirmation emails for form submissions
• Understand how visitors use our website to improve our services
• Comply with legal obligations

We do not sell, rent, or share your personal data with third parties for marketing purposes.

4. Legal Basis for Processing

Under UK GDPR, we process your personal data on the following lawful bases:

• Consent: When you submit a form, you consent to us processing your data for the stated purpose
• Legitimate interests: Website analytics to improve our services, provided this does not override your rights
• Legal obligation: Where we are required to retain data by law

5. Data Sharing

We may share your data with the following categories of service providers who assist in operating our website:

• SendGrid (Twilio Inc.): Email delivery service, used to send confirmation and notification emails. Data is processed in accordance with Twilio's privacy policy.
• Calendly: Scheduling service used for booking discovery calls. When you book a call, your name, email address, and any information you provide are processed by Calendly in accordance with their privacy policy.
• PostHog: Analytics platform operating in cookieless mode. No personally identifiable data is shared.
• Deno Deploy / Cloudflare: Hosting and CDN infrastructure. Standard server logs may include IP addresses.

All service providers are contractually bound to protect your data and process it only as instructed.

6. Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected:

• Contact form submissions: retained for 12 months after the last communication
• Discovery call booking data: retained by Calendly in accordance with their privacy policy, and by us for 12 months after the last communication
• Analytics data: aggregated and anonymised, retained indefinitely

7. Your Rights

Under UK GDPR, you have the right to:

• Access the personal data we hold about you
• Request correction of inaccurate data
• Request deletion of your data ("right to be forgotten")
• Object to or restrict processing of your data
• Data portability (receive your data in a structured format)
• Withdraw consent at any time

To exercise any of these rights, contact us at the details provided below.

8. Data Security

We implement appropriate technical and organisational measures to protect your personal data, including:

• Encrypted data transmission (HTTPS/TLS)
• Secure hosting infrastructure
• Limited access to personal data on a need-to-know basis
• Regular review of security practices

9. International Transfers

Some of our service providers may process data outside the United Kingdom. Where this occurs, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses or adequacy decisions, to protect your data in accordance with UK GDPR.

10. Children's Privacy

Our website and services are not directed at individuals under the age of 18. We do not knowingly collect personal data from children.

11. Changes to This Policy

We may update this privacy policy from time to time. Any changes will be posted on this page with an updated "Last updated" date. We encourage you to review this policy periodically.

12. Contact Us

If you have questions about this privacy policy or wish to exercise your data rights, please contact us:

• Email: gregg@xgx.ai
• Address: XGX AI LIMITED, Whyfield, Truro Business Park, Threemilestone, Truro, England, TR4 9LF

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk if you believe your data protection rights have been violated.