Skip to Content

Privacy Policy 

Effective Date: July 20, 2025

IntroductionScope and ApplicabilityContact InformationData We CollectHow We Collect DataLegal Basis for ProcessingUse of Personal DataCookies and Tracking TechnologiesSharing With Third Party ProvidersInternational TransfersData RetentionIndividual RightsSecurity MeasuresData Breach ResponseMarketing CommunicationsDo Not TrackChildren’s PrivacyPolicy UpdatesContact UsAddendum – United States of America

Introduction

Xthings Inc. (“we”, “us”, “our”, or “Data Controller”) is committed to protecting your privacy and handling your personal data with transparency and care.  

Scope and Applicability

This Privacy Policy explains how we collect, use, share, process and protect your personal information when you interact with our products and services, including our website (xthings.com). This policy applies globally, including but not limited to the United States, Canada, Spain, Greece, Argentina, Mexico, Philippines, Malaysia, Italy, Dominican Republic, Colombia, United Arab Emirates, and over 190 countries where we operate. 

Contact Information

  • Company Name: Xthings Inc.
  • Address: 47703 Fremont Blvd, Fremont, CA 94538, United States
  • Website: xthings.com
  • Privacy Contact Email: privacy@xthings.com 

Data We Collect

We collect the following categories of personal data:

  • Identifiers: Full name, Business email address, Personal email address, IP address
  • Contact Information: Shipping address, business phone number, personal phone number
  • Financial Data: Payment details, like your financial account number, credit card information (processed via secure third-party providers)
  • Device/Browser Data: Device type, browser type, operating system, unique device identifiers
  • Location Data: Approximate location information based on IP address and precise location data to enable our products and services, where users provide consent.
  • Biometric Data: Only where necessary for product functionality (e.g., biometric access devices)
  • Cookies and Tracking Data: As detailed in our Privacy Policy, “Cookies and Other Tracking Technologies.”
  • Other Data: Any information you provide during registration, customer support, or product use.

How We Collect Data

  • Directly from you: When you register, make a purchase, contact customer support, or use our products and services.
  • Automatically: Through cookies, analytics tools, and similar technologies on our website and apps.
  • From third parties: Such as cloud providers, payment processors, advertising partners, customer support providers and analytics providers.

Legal Basis for Processing

Depending on your location, we process your data under one or more of the following legal bases:

  • Consent: Where required, we obtain your explicit consent (e.g., for marketing, cookies);
  • Contract Performance: To provide products or services you have requested;
  • Legal Obligation: To comply with applicable laws and regulations; and
  • Legitimate Interests: For purposes such as improving our services, fraud prevention, and security.

Use of Personal Data

We use your personal data for a variety of purposes to ensure effective delivery and continuous improvement of our products and services. Below are the purposes for which your personal data may be processed:

Account Creation and Management: We collect and use your personal data, such as your name, email address, and contact details, to create and manage your user account. For example, when you register on our website, you are required to provide certain identifiers to set up your profile and access our services.

Order Processing and Fulfilment: Your personal data, including shipping address and payment information, is used to process and fulfil your orders. For instance, when you purchase a smart lock, we use your details to confirm your order, process payment, and arrange delivery.

Customer Support and Communication We use your contact information and relevant account details to provide customer support and respond to your inquiries. For example, if you contact our support team regarding a product issue, we may access your order history and contact details to assist you efficiently.

Marketing Communications (Email, SMS, Push Notifications): With your consent or where there is a legitimate interest from our Company , we may use your email address and phone number to send you promotional materials, updates, and special offers via email, SMS, or push notifications. For example, you may receive an email about a new product launch or a limited-time discount, or a push notification about an upcoming feature.

Analytics and Service Improvement: We process data such as device/browser information, usage statistics, and cookies to analyze how our services are used and to improve their performance. For example, we use Google Analytics to understand website traffic patterns and user behaviour, which helps us enhance user experience and develop new features.

Fraud Detection and Prevention: Your personal data may be used to detect and prevent fraudulent activities and unauthorized access to your account. For example, we may monitor login attempts and payment transactions for suspicious activity to protect your account and our systems.

Legal Compliance: We process your personal data as necessary to comply with applicable laws and regulations. This may include retaining transaction records for tax purposes or responding to lawful requests from regulatory authorities.

Cookies and Tracking Technologies

We use cookies and similar tracking technologies on our website and digital platforms to enhance your experience, ensure the proper functioning of our services, and support our business operations. Below, we provide further detail on each category of cookies and how they are utilized:

Essential Website Functionality: These cookies are strictly necessary for the operation of our website and the provision of core services. They enable basic functions such as page navigation, secure login, and access to protected areas of the site. Without these cookies, our website cannot function properly. For example, essential cookies are used to maintain your session when you log in to your account or to remember items in your shopping cart as you browse our site.

Preferences and Personalization: Preference cookies allow our website to remember information that changes the way the site behaves or looks, such as your preferred language, region, or other customizable elements. These cookies help us tailor your experience to your individual needs and preferences. For instance, if you select a specific language or region on your first visit, preference cookies will ensure that your choice is remembered for future visits, providing a more seamless and personalized experience.

Analytics and Performance Measurement: We use analytics cookies to collect information about how visitors interact with our website, including which pages are visited most frequently, how users navigate the site, and any errors encountered. This data is aggregated and anonymized, and it helps us understand user behaviour, measure the effectiveness of our content, and identify areas for improvement. For example, we use Google Analytics and similar tools to monitor website traffic and user engagement, enabling us to optimize our services and enhance overall performance.

Marketing and Advertising: Marketing cookies are used to track visitors across websites and deliver relevant advertisements based on your interests. These cookies may be set by us or by third-party partners such as Google, Meta, and other advertising networks. For example, we may use cookies to show you targeted ads for our products on other platforms, or to measure the effectiveness of our marketing campaigns. These cookies also help us limit the number of times you see an advertisement and assess the impact of our promotional activities.

Cookie Management and User Consent: We provide clear information about our use of cookies and obtain your consent before placing non-essential  cookies on your device. When you visit our website, you will be presented with a cookie banner that allows you to accept or reject different categories of cookies according to your preferences. You can also adjust your cookie settings at any time via the cookie management option available.

You have the right to withdraw your consent to non-essential cookies at any time and to request further information about the cookies we use.

Details of Third-Party Cookies

  • Google Analytics and Google Ads: These cookies help us understand how visitors interact with our website, measure the effectiveness of our advertising campaigns, and deliver personalized advertisements across the web. Google Analytics cookies may remain on your device for up to 13 months, while marketing cookies from Google Ads typically have shorter retention periods, ranging from 1 day to 3 months.
  • Facebook Pixel: Facebook Pixel cookies are used to track user interactions and conversions from Facebook ads, enabling us to optimize our advertising and deliver more relevant content to users.
  • LinkedIn: LinkedIn cookies support analytics and advertising, helping us reach relevant audiences and measure the impact of our campaigns on the LinkedIn platform.
  • Sharethis: Sharethis cookies facilitate social sharing features and may be used to track engagement with content shared via social media.
  • Zendesk: Zendesk cookies are used to provide customer support functionalities, such as live chat and helpdesk services, and may also collect data to improve user support experiences.
  • Klaviyo: Klaviyo cookies are used for email marketing and automation, helping us manage subscription preferences and deliver targeted communications.
  • Microsoft: Microsoft cookies may be used for analytics, advertising, and website performance monitoring.
  • Cloudflare: Cloudflare cookies are primarily used for security and performance optimization, such as protecting against malicious traffic and ensuring reliable website access.

Cookie Retention Periods

The duration for which cookies remain on your device varies: primary marketing tracking cookies may last from 1 day to 3 months, while certain analytics cookies (such as those set by Google) may persist for up to 13 months. We also use third-party cookies from providers including Google Analytics, Facebook Pixel, LinkedIn, Sharethis, Zendesk, Klaviyo, Microsoft, and Cloudflare, each serving specific functions as described above.

Managing and Opting Out of Third-Party Cookies

In accordance with data protection laws, we provide you with the ability to manage your cookie preferences and opt out of non-essential third-party cookies at any time. When you first visit our website, you will be presented with a cookie banner (Cookiebot) that allows you to accept or reject different categories of cookies, including those set by third parties. You can also revisit your cookie preferences at any time via the cookie management option available.

Additionally, most third-party providers offer their own mechanisms for opting out of tracking and targeted advertising. For your convenience, you can find opt-out information for the main providers below:

  • Google Analytics and Google Ads: Users can opt out of Google Analytics tracking by using the Google Analytics Opt-out Browser Add-on. Google Ads settings can be managed via Google’s Ad Settings page.
  • Facebook Pixel: Facebook users can manage their ad preferences and opt out of certain tracking via Facebook’s Ad Preferences settings.
  • LinkedIn: LinkedIn members can control advertising preferences through their LinkedIn account settings.
  • Sharethis: Sharethis provides an opt-out mechanism on their website for interest-based advertising.
  • Zendesk, Klaviyo, Microsoft, and Cloudflare: These providers generally respect browser-level cookie controls and privacy settings. You can manage cookies through your browser settings to block or delete cookies from these and other providers.

You have the right to withdraw your consent to non-essential cookies at any time and to request further information about the cookies we use. For more details or to exercise your rights, please contact us at privacy@xthings.com.

Sharing With Third Party Providers

We engage trusted third-party service providers to support the delivery and improvement of our products and services. These providers may process your data for purposes such as website hosting, analytics, marketing, and customer support.

For the purposes of this privacy policy, a "service provider" is a business or legal entity that processes personal information on behalf of another business for a specific business purpose, pursuant to a written contract.

In addition, under data protection laws, a "data processor" is any person or organization that processes personal data on behalf of the data controller (the entity that determines the purposes and means of processing personal data).

Advertising Partners: We may share certain website data, such as cookies and browsing information, with advertising partners including Google, Meta (Facebook), LinkedIn, and Sharethis. This sharing is strictly limited to non-sensitive data (such as cookie identifiers and website usage information) and is used solely for the purposes of delivering targeted advertising and measuring campaign effectiveness. We do not share biometric or other sensitive personal data with advertising partners. Your consent for the use of non-essential cookies and the sharing of data with advertising partners is obtained via our cookie management tool and you may withdraw your consent at any time.

Legal Authorities: We may disclose your personal data to legal authorities or regulatory bodies if required to do so by law, or in response to valid legal requests. Such disclosures are made only when necessary to comply with legal obligations, protect our rights, or safeguard the safety of our users and the public.

All service providers and data processors are required to process your data only on our instructions and in compliance with data protection laws. We do not allow our processors or service providers to make onward transfers of your data to other countries or third parties without our explicit authorization.

International Transfers

Some of your personal data may be transferred internationally, since we are a global organization.. We are committed to ensuring that appropriate safeguards are in place in accordance with applicable data protection laws.

Data Retention

We retain your personal data only as long as necessary for the purposes described in this policy or as required by law. We have measures in place that trigger data deletion in accordance with our internal policies and procedures.

Individual Rights

Depending on your jurisdiction, you may have specific rights regarding your personal data under applicable privacy laws.

This may include:

  • The right to be informed: You have the right to be informed about the collection and use of your personal data. This includes details about what data is collected, the purposes for which it is processed, the legal basis for processing, the categories of recipients, and your rights in relation to your data. We provide this information in our privacy policy and will notify you of any material changes via the email address specified in your user account.
  • The right to access your personal data: You have the right to request confirmation as to whether we process your personal data and, if so, obtain a copy of the data we hold about you. This includes information about the categories of data processed, the purposes of processing, and the recipients or categories of recipients to whom your data has been disclosed.
  • The right to rectify inaccurate data: If you believe that any personal data we hold about you is inaccurate or incomplete, you have the right to request that we correct or update this information without undue delay.
  • The right to request erasure ("Right to be Forgotten"): You may request the deletion of your personal data in certain circumstances, such as where the data is no longer necessary for the purposes for which it was collected, or if you withdraw your consent (where consent is the legal basis for processing). We will comply with such requests unless we are required to retain the data for legal or legitimate business reasons.
  • The right to restrict or object to processing: You have the right to request that we restrict the processing of your personal data in certain situations, for example, if you contest the accuracy of the data or object to our processing based on legitimate interests. In some cases, you may also object to the processing of your data for direct marketing purposes or other specific grounds.
  • The right to data portability: Where processing is based on your consent or the performance of a contract, and carried out by automated means, you have the right to receive your personal data in a structured, commonly used, and machine-readable format. You may also request that we transmit this data directly to another controller, where technically feasible.
  • The right to withdraw consent at any time: Where we rely on your consent to process your personal data, you have the right to withdraw that consent at any time. Withdrawing consent will not affect the lawfulness of processing based on consent before its withdrawal. You can withdraw your consent by contacting us or, for certain types of data (such as cookies), by adjusting your preferences in our cookie management tool.
  • The right to control processing in relation to automated decision-making and profiling: You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. We do not currently conduct any processing of personal data that is subject to profiling or automated decision-making without human intervention. Should this change, you will be informed and provided with the means to exercise your rights in relation to such processing.

How to Exercise Your Rights

To exercise your rights, you may contact us at privacy@xthings.com or send mail to our address at 47703 Fremont Blvd, Fremont, CA 94538, United States complete our ​Webform. Upon receiving your request, we will acknowledge receipt within 5 days and may ask you to complete an identity verification form to protect your privacy and security. Once your identity is verified, we will process your request—such as providing, deleting, or correcting your personal information—typically within 30 days. In complex cases, this period may be extended in accordance with applicable data protection laws, but you will be informed of the reason for any delay within the initial 30 days.

Additional Rights for California Residents

If you are a California resident, you may also have the right to:

  • Know what personal information is collected, used, disclosed, or sold
  • Request deletion of your personal information
  • Opt-out of the sale or sharing of your personal information
  • Not be discriminated against for exercising your privacy rights

Security Measures

We are committed to safeguarding personal data through the implementation of robust technical and organizational measures, as required by all applicable data protection laws. Our security framework is designed to ensure the ongoing confidentiality, integrity, availability, and resilience of our processing systems and services. Some of the measures we have in place are:

Encryption in Transit: We employ encryption protocols to protect personal data during transmission across networks. This ensures that data is safeguarded from unauthorized access or interception while being transferred between systems.

Access Controls and Authentication: Access to personal data is strictly limited to authorized personnel only. We utilize robust authentication mechanisms and access controls to ensure that only individuals with a legitimate business need can access personal data. This minimizes the risk of unauthorized access, disclosure, or alteration.

Network Security (Firewalls and Intrusion Detection): Our network infrastructure is protected by advanced firewalls and intrusion detection systems. These tools are designed to monitor, detect, and prevent unauthorized access, cyberattacks, and other security threats, thereby supporting the security of personal data as required by data protection laws.

Our technical and organizational measures are regularly reviewed and updated to ensure compliance with data protection laws. We are dedicated to maintaining a high standard of data protection for all individuals whose data we process.

Data Breach Response

We maintain a comprehensive Cybersecurity Incident Response Plan designed to address and manage data breaches in accordance with global legal requirements. In the event of a data breach involving personal data, we will assess the incident and, where required by applicable law, notify affected individuals and relevant regulatory authorities.

Our approach to data breach notification is guided by the specific obligations and timelines set out in the data protection laws of each jurisdiction in which we operate.

We regularly review and update our incident response procedures to ensure ongoing compliance with evolving global data protection and privacy regulations.

Marketing Communications

We may send you marketing communications by email, SMS, and, from time to time, push notifications, in accordance with applicable laws and your stated preferences. Where required by law, such as in certain jurisdictions, we will only send you marketing communications if you have provided your explicit consent (opt-in). You have the right to withdraw your consent or opt out of receiving marketing communications at any time.

To unsubscribe from marketing emails, you can use the unsubscribe link included in each message. For SMS communications, you may follow the instructions provided in the message to opt out. If you wish to stop receiving push notifications, you can adjust your preferences within the relevant application or device settings. Alternatively, you may contact our customer service team to request removal from our marketing lists.

We will process your opt-out request promptly and in accordance with applicable laws and other global privacy regulations. After you opt out, you will no longer receive marketing communications from us, but we may still send you non-marketing messages where permitted by law (for example, service or transactional communications). We do not send marketing communications to individuals who have not provided the necessary consent where required.

Do Not Track

At this time, our website and services do not respond to “Do Not Track” (DNT) signals or similar mechanisms transmitted by web browsers. While some browsers offer a DNT option to indicate your preference regarding online tracking, there is currently no universally accepted standard for how websites should interpret and respond to these signals. As such, we do not alter our data collection or usage practices when we receive a DNT signal from your browser. We will continue to monitor developments in this area and update our practices and this Privacy Policy as appropriate if a standard is established.

Children’s Privacy

We do not knowingly collect or process personal data from children under the age of 18. Our services are not intended for use by children. If we become aware that we have inadvertently received personal information from a child under the age of 18, we will take appropriate steps to delete such information promptly in accordance with applicable data protection laws. If you believe that a child under the age of 18 has provided us with personal data, please contact us so that we can address the matter in line with our legal obligations.

Policy Updates

We review this Privacy Policy annually and update it as necessary to reflect changes in our business practices, legal requirements, and applicable privacy regulations across all regions in which we operate. If we make material changes to this Privacy Policy, we will notify you by appropriate means as required by local laws. Depending on your jurisdiction, you may also receive notice via prominent website banners or other communication channels.

We encourage you to review any updates carefully. Your continued use of our website, products, or services after such changes have been communicated will constitute your acceptance of the revised Privacy Policy, except where otherwise required by law. If you do not agree with the updated terms, you should discontinue use of our website, products, and services. Where required by applicable law, you may also have the right to object to certain changes or to exercise additional rights in relation to your personal data.

Contact Us

For any questions or concerns about this Privacy Policy or your personal data, please contact us at privacy@xthings.com or use our Webform here.

Addendum – United States of America

This Addendum supplements the Privacy Policy of Xthings Inc. and applies to individuals located in the United States of America (USA), including specific provisions for residents of California, Colorado, Connecticut, Delaware, Florida, Indiana, Iowa, Kentucky, Maryland, Minnesota, Montana, Nebraska, New Hampshire, New Jersey, Nevada, Oregon, Rhode Island, Tennessee, Texas, Utah, and Virginia.

  1. Data Controller and Contact Information: Xthings Inc. is the data controller for your personal data.
  2. Categories of Personal Information Collected: We collect the categories of personal information described in the main Privacy Policy, including identifiers, contact information, financial data, device/browser data, location data, biometric data (where necessary and with consent), cookies, and other information you provide.
  3. Use and Disclosure of Personal Information: We use and disclose your personal information for the purposes outlined in the main Privacy Policy, including account management, order fulfilment, customer support, marketing (with consent or as permitted by law), analytics, fraud prevention, and legal compliance.
  4. Sale or Sharing of Personal Information: We do not sell your personal information as defined under applicable US state laws. We may share certain website data (such as cookies and browsing information) with advertising partners for targeted advertising, but only with your consent where required.
  5. Your Rights under US Law: Depending on your state of residence, you may have the following rights:
    • The right to know what personal information is collected, used, disclosed, or sold;
    • The right to request access to your personal information;
    • The right to request deletion of your personal information;
    • The right to opt out of the sale or sharing of your personal information;
    • The right to correct inaccurate personal information; and
    • The right to non-discrimination for exercising your privacy rights.
      To exercise your rights, contact us at privacy@xthings.com or via our Webform. We will verify your identity before processing your request and respond within the timeframes required by law.
  7. California Residents (CCPA/CPRA): If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA), including:
    • The right to request information about the categories and specific pieces of personal information we have collected about you; and
    • The right to limit the use and disclosure of sensitive personal information.
  9. Policy Updates: We will notify you of material changes to this Addendum as required by US law, including via prominent website banners or other appropriate means.

For further information or to exercise your rights, please contact us at privacy@xthings.com or use our Webform.