Privacy Policy

Information You Provide Directly

• Account registration: Name, email address, company name, job title, and password when you create an account
• Tool submissions: Information about AI tools you submit to the directory, including tool name, description, website, and your contact details
• Profile claims: Business verification information when you claim a vendor profile
• Contact forms: Name, email, company, and message content when you contact us
• Newsletter subscriptions: Email address and preferences
• Chatbot interactions: Queries and conversation history with our AI assistant

Information Collected Automatically

• Log data: IP address, browser type, operating system, referring URLs, pages visited, and timestamps
• Device information: Device type, screen resolution, and browser settings
• Usage data: Search queries, filters applied, tools viewed, comparisons made, and time spent on pages
• Cookies and tracking technologies: See our Cookies Policy for details

Information from Third Parties

• Analytics providers (e.g., Google Analytics, Plausible)
• Authentication providers if you sign in with Google or LinkedIn
• Payment processors for any paid features (we do not store payment card data)

We use the information we collect to:

• Provide, operate, and improve the Service
• Process tool submissions and profile claims
• Respond to your inquiries and support requests
• Send transactional emails (account confirmations, submission updates)
• Send newsletter and marketing communications (with your consent)
• Analyze usage patterns to improve the directory and user experience
• Detect and prevent fraud, abuse, and security incidents
• Comply with legal obligations
• Enforce our Terms of Service

We do not sell your personal information to third parties. We do not use your data to train AI models without your explicit consent.

For users in the European Economic Area (EEA) and United Kingdom, we process your personal data under the following legal bases:

• Contract performance: Processing necessary to provide the Service you've requested
• Legitimate interests: Analytics, security, fraud prevention, and improving the Service
• Consent: Marketing communications, non-essential cookies, and chatbot data retention
• Legal obligation: Compliance with applicable laws and regulations

We may share your information in the following circumstances:

• Service providers: Trusted third-party vendors who assist us in operating the Service (hosting, analytics, email delivery, payment processing), subject to confidentiality agreements
• Business transfers: In connection with a merger, acquisition, or sale of assets, with notice to affected users
• Legal requirements: When required by law, court order, or governmental authority
• Safety: To protect the rights, property, or safety of Xither, our users, or the public
• With your consent: For any other purpose with your explicit consent

We do not share your personal information with AI tool vendors listed in our directory, except where you explicitly initiate contact through a "Get in Touch" feature.

We retain your personal information for as long as necessary to provide the Service and fulfill the purposes outlined in this policy. Specifically:

• Account data: Retained until you delete your account, plus 30 days for backup purposes
• Log data: Retained for 90 days for security and debugging purposes
• Analytics data: Retained in aggregated, anonymized form indefinitely
• Marketing preferences: Retained until you unsubscribe or request deletion
• Legal hold: Data subject to legal proceedings may be retained longer as required

Depending on your location, you may have the following rights regarding your personal data:

For all users:

• Access: Request a copy of the personal data we hold about you
• Correction: Request correction of inaccurate or incomplete data
• Deletion: Request deletion of your personal data (subject to legal obligations)
• Opt-out: Unsubscribe from marketing communications at any time

For EEA/UK users (GDPR):

• Portability: Receive your data in a structured, machine-readable format
• Restriction: Request restriction of processing in certain circumstances
• Objection: Object to processing based on legitimate interests
• Withdraw consent: Withdraw consent at any time where processing is consent-based

For California residents (CCPA/CPRA):

• Know: Know what personal information we collect and how it is used
• Delete: Request deletion of your personal information
• Opt-out of sale: We do not sell personal information
• Non-discrimination: We will not discriminate against you for exercising your rights

To exercise any of these rights, use our contact form and select “Legal / DMCA”. We will respond within 30 days (or as required by applicable law).

We use cookies and similar tracking technologies to enhance your experience on the Service. For detailed information about the cookies we use and your choices, please see our Cookies Policy.

Our AI assistant processes your queries to provide directory recommendations and answer questions about enterprise AI tools. Conversation data is:

• Processed in real time to generate responses
• Not used to train our AI models without your explicit consent
• Retained for up to 30 days for quality improvement and debugging purposes
• Not shared with third-party AI tool vendors

Please do not share sensitive personal, financial, or confidential business information in chatbot conversations.

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include:

• TLS/SSL encryption for all data in transit
• Encryption of sensitive data at rest
• Access controls limiting data access to authorized personnel
• Regular security assessments and penetration testing
• Incident response procedures for data breaches

However, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security of your data.

Xither is based in the United States. If you access the Service from outside the US, your information may be transferred to, stored, and processed in the US or other countries where our service providers operate.

For transfers from the EEA or UK, we rely on Standard Contractual Clauses (SCCs) approved by the European Commission to ensure adequate protection of your personal data.

The Service is not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If you believe we have inadvertently collected information from a child, please contact us immediately via our contact form.

We may update this Privacy Policy from time to time. We will notify you of material changes by updating the "Last updated" date and, where appropriate, sending an email notification to registered users. Your continued use of the Service after changes become effective constitutes your acceptance of the revised policy.

For privacy-related inquiries, requests, or complaints: