Privacy Policy

Last updated: 09/01/2021

xFanatical ("we" or "us" or "our") respects the privacy of our users ("user" or "you"). We operate the xfanatical.com website (or "site") and offer Software Services, including free or paid products (Foresight, Safe Doc, Form Merger etc.) and custom software development services.

This privacy policy explains to you how we collect, use, disclose, and safeguard you Personal Information when you visit our website or use our services. The Personal Information that we collect are used for providing and improving the services. We will not use or share your information with anyone except as described in this Privacy Policy. Please read this privacy policy carefully.

If you choose to visit our websites or use our services, then you agree to the collection and use of information in relation with this policy. If you do not agree with the terms of this privacy policy, please do not access the site or use our Services.

COLLECTION OF YOUR INFORMATION

We have different data security and privacy policies for our https://xfanatical.com site and Services. This section describes the general data collection policy and our https://xfanatical.com site. The Product Specific Privacy Policy section describes specific policies for each service.

Data collected by our https://xfanatical.com site

This website collects various types of information, such as:

  • Voluntarily provided information when you provide user-generated content or when you contact us, which may include
    • Your name
    • Your email address
    • Your replies to a post
    • Your likes to a post or others' comment
  • Information automatically collected when visiting our https://xfanatical.com website with cookie technology. Cookies are text files placed on your computer to collect standard internet log information and visitor behavior information. To learn more about cookies, visit https://www.allaboutcookies.org. The automatically collected information includes
    • Your computer’s Internet Protocol ("IP") address
    • Your operating system type and version
    • Browser type and version
    • Data collected from third party tracking technologies
      • reCAPTCHA (privacy policy). This technology is for us to limit spamming when you submit forms or comments.
      • Google Analytics (privacy policy). The data may include pages of our site that you visit, the time and date of your visit, the time spent on those pages, and other statistics.
      • Akismet Anti-spamming plugin (privacy policy). The Akismet plugin protects our site from spamming with automatic collection and analysis of your browser's information etc. Akismet keeps the visitor information for a short term.
      • Wordfence plugin (privacy policy). Wordfence may collect the IP address and set tracking Cookies temporarily to protect our site.
      • wpDiscuz plugin (privacy policy). The plugin may set tracking Cookies to recognize you when you leave comments on our site.
  • Information automatically collected when you conduct searching in our website. We use Relevanssi to provide article search feature. You agreed the privacy policy inherited from Relevanssi plugin before conducting search.

Please rest assured that this site shall only collect personal information that you knowingly and willingly provide by way of comments, surveys, completed application forms, and emails. It is the intent of this site to use personal information only for the purpose for which it was requested and any additional uses specifically provided on this site.

It is highly recommended and suggested that you review the privacy policies and statements of any website you choose to use or frequent as a means to better understand the way in which other websites garner, make use of and share information collected.

Financial data

When you choose to purchase, order, return, exchange or request information about our Services, you may be required to provide financial data. We partner with Stripe and Paypal to process payment information you voluntarily provided or automatically collected. The payment pages are hosted by our payment partners, so they have their own data collection policies. You are encouraged to review Stripe's privacy policy and Paypal's privacy policy.

The data may include but not limited to

  • Your credit card information. Securely protected by Stripe under PCI compliance.
  • Your billing address
  • Your bill-to name
  • The time, the IP address, the operating system type and version and browser version when you make payments

Data from social networks

If you interact with us on social networks (e.g. Facebook, Twitter or LinkedIn), your social network information may be available to us. The information may include

  • Your social network username
  • Your social network profile picture
  • Your public shared contacts or messages

USE OF YOUR INFORMATION

For our Services

We may collect and may make use of personal information to assist in the operation of our website and/or services and to ensure delivery of the services you need and request. These business activities include but not limited to

  • Confirm your requests and comments
  • Create and manage your account
  • Inform essential changes to your account using our services
  • Fulfill and manage purchases, orders, payments, refunds and other transactions related to our services
  • Prevent fraudulent transactions, monitor again theft, and protect against criminal activity
  • Respond to support or sales questions
  • Increase the efficiency, operation, user experience of our site and services with your anonymous usage data
  • Troubleshoot problems in our services
  • Enable user-to-user communications, e.g. joining our communities, receiving replies from other users.

For marketing and events-related communications

We may be occasionally in contact with you with optional marketing related messages. We usually communicate with you via emails. You have the rights to stop marketing communications by contacting us. The topics may include

  • Completing surveys or newsletters
  • Our site or service updates
  • Discounts, price change and other information regarding promotions
  • New products, tips, free tools etc.

DISCLOSURE OF YOUR INFORMATION

We do not now, nor will it in the future, sell, rent or lease any of our customer data to any marketers or unaffiliated third parties. We may share information we have collected about you in certain situations. Your information may be disclosed as follows.

By Law or to Protect Rights

We may disclose your personal information, without prior notice to you, only if required to do so in accordance with applicable laws and/or in a good faith belief that such action is deemed necessary or is required in an effort to:

  • Comply with applicable law, rule, or regulation
  • Respond to requests from courts, law enforcement agencies, regulatory agencies, and other public and government authorities
  • Maintain, safeguard and/or preserve all the rights and/or property of xFanatical
  • Perform under demanding conditions in an effort to safeguard the personal safety, privacy, property and rights of you and/or the general public.
  • Enforce our contractual rights

Service providers

We share Personal Data with third party service providers that provide necessary services on our behalf, including

  • payment processing
  • identity verification
  • website hosting
  • data storage
  • data processing
  • information security
  • data analysis
  • emailing delivery
  • customer service
  • marketing assistance
  • auditing

We authorize such service providers to use or disclose the Personal Data only as necessary to perform services on our behalf or comply with legal requirement. We require service providers to protect the security and confidentiality of our users' Personal Data.

Public Postings

If you interact with other users of the site or our services, those users may see your name, profile photo, signature, title or affiliations from your posts. If your posts are public, the information may be also be publicly visible and indexed by search engines. For example, if you post comments on our site, social network accounts, or our communities of services, it's your responsibility to manage your own data.

Business Partners

With your consent, we may refer you to our business partners who can provide the correct services you demanded.

CHILDREN UNDER AGE OF 13

We do not knowingly collect personal identifiable information from children under the age of thirteen (13) without verifiable parental consent. If it is determined that such information has been inadvertently collected on anyone under the age of thirteen (13), we shall immediately take the necessary steps to ensure that such information is deleted from our system's database. Anyone under the age of thirteen (13) must seek and obtain parent or guardian permission to use this website.

DATA TRANSFERS

We maintain our site and services in the US, so your personal information may be transferred outside of the country where you live. Different countries have different data protection regulations. We take measures to ensure that any such transfers are safeguarded from unauthorized access, disclosure, loss or alternation.

UNSUBSCRIBE OR OPT-OUT OR DELETE PERSONAL INFORMATION

All users and/or visitors to our website have the option to discontinue receiving communication from us and/or reserve the right to discontinue receiving communications by way of email or newsletters. To discontinue or unsubscribe to our website please send an email that you wish to unsubscribe to [email protected] If you wish to unsubscribe or opt-out from any third party websites, you must go to that specific website to unsubscribe and/or opt-out.

You also have the rights to erase personal data in our website and services, such as website comments, product usage records or community posts etc. To delete your personal information from the service you use, please first follow the instructions in the service to terminate your account. Then please email us at [email protected] to request a complete removal of your data.

However, we typically retain personal information related to our contract and business transactions with you for seven years after you last interaction with us for legal and tax purposes. We may also keep certain personal information, such as fraudulent users or malicious IP addresses, for legitimate business purposes (e.g. fraud and abuse prevention or security).

LINKS TO OTHER WEBSITES

Our website does contain links to affiliate and other websites. We do not claim nor accept responsibility for any privacy policies, practices and/or procedures of other such websites. Therefore, we encourage all users and visitors to be aware when they leave our website and to read the privacy statements of each and every website that collects personally identifiable information. The aforementioned Privacy Policy Agreement applies only and solely to the information collected by our website.

SECURITY

We shall endeavor and shall take every precaution to maintain adequate physical, procedural and technical security with respect to our offices and information storage facilities so as to prevent any loss, misuse, unauthorized access, disclosure or modification of the user's personal information under our control. We also use Secure Socket Layer (SSL) for authentication and private communications in an effort to build users' trust and confidence in the internet and website use by providing simple and secure access and communication of credit card and personal information. But remember that no method of transmission over the internet, or method of electronic storage is 100% secure and reliable, and we cannot guarantee its absolute security.

In the rare case of personal data breach, email notifications will be sent to you within 72 hours of learning of the breach. We will provide you specific details of the breach and instruction to help you minimize the lost.

CONTROLS FOR DO-NOT-TRACK FEATURES

We do not currently respond to Do-Not-Track ("DNT") web browser signals or any other mechanism that automatically communicates your choice not to be tracked online, since no uniform technology standard for recognizing and implementing DNT signals has been finalized.

CALIFORNIA PRIVACY RIGHTS

The California Consumer Privacy Act (CCPA) permits our users who are California residents more control over personal information that we collected.

As a user of our site or services, a California consumer and subject to certain limitations under the the CCPA, you have choices regarding our use and disclosure of your personal information.

Exercise the rights to know. You may request up to twice in a 12-month period, the following information about the personal information we collected about you during the past 12-month.

  • The categories and specific pieces of personal information we have collected about you
  • The categories of sources from which we collected the personal information
  • The business or commercial purposes for which we collected the personal information
  • The categories of third parties with whom we shared the personal information
  • The categories of information that we disclosed to third parties

Exercise the right to delete. You may request that we delete the personal information we have collected from you, subject to certain limitations under applicable law.

Exercise the right to opt-out from a sale. You may request to opt out of any sales of your personal information. As described in Disclosure of your information section, we do not sell or rent the Personal Data of our users' data for profitability.

Exercise the right to non-discrimination. The CCPA provides that you may not be discriminated against for exercising these rights.

If you are a California resident and would like to make such a request, please submit your request by emailing us ([email protected]). We may need to verify your email identity before responding to your request against the record in our system. We may also request a government-issued valid ID to verify your California residency.

EU PRIVACY RIGHTS

The General Data Protection Regulation (GDPR) is a regulation in EU law on data protection and privacy in the European Union (EU) and the European Economic Area (EEA). As an EU resident, you are entitled to the following rights.

The right to access. You have the right to request us for copies of your personal data. We may charge you a small fee for this service.

The right to rectification. You have the right to request that we correct any information you believe is inaccurate. You also have the right to request us to complete information you believe is incomplete.

The right to erasure. You have the right to request us to erase your personal data collected by our site or services you use, under certain conditions. You understand erasure of essential user data could mean terminating the service.

The right to restrict processing. You have the right to request us to restrict processing of your personal data, under certain conditions. You understand restrict processing for essential user data for the service you use could mean terminating the service.

The right to data portability. You have the right to request us to transfer the data that we have collected to another organization, or directly to you, under certain conditions.

If you are an EU resident and would like to make such a request, please submit your request by emailing us ([email protected]). We may need to verify your email identity before responding to your request against the record in our system. We may also request a government-issued valid ID to verify your EU residency.

CHANGES TO PRIVACY POLICY AGREEMENT

We reserve the right to update and/or change the terms of our privacy policy at any time and for any reason. Any changes or modifications will be effective immediately upon posting the updated Privacy Policy on this site, and you waive the right to receive specific notice of each such change or modification.

You are encouraged to periodically review this Privacy Policy to stay informed of updates. You agree that we are not obligated to alert you by any means about the changes in this Privacy Policy.

ACCEPTANCE OF TERMS

Through the use of this website, you are hereby accepting the terms and conditions stipulated within the aforementioned Privacy Policy Agreement. If you are not in agreement with our terms and conditions, then you should refrain from further use of our sites and services. In addition, your continued use of our website following the posting of any updates or changes to our terms and conditions shall mean that you are in agreement and acceptance of such changes.

HOW TO CONTACT US

If you have any questions or concerns regarding the Privacy Policy Agreement related to our website and services, please feel free to contact us at the following email, telephone number or mailing address.

Email: [email protected]

Phone: +1 (909)833-0188

Mailing Address:

xFanatical, Inc.
8780 19th St, Ste 458
Rancho Cucamonga, CA 91701 USA

PRODUCT SPECIFIC PRIVACY POLICIES

Foresight

Permissions to access your information

When you use Foresight product, you will be prompted with accessing permissions to retrieve and modify certain information based on your on-demand in-app services. The permissions may include but not limited to:

  • Your Google Workspace domain information, including user names, emails, and other personal information.
  • Permission to send emails on behalf of you.
  • Access and modify your Google Drive files.
  • Update your Gmail settings.
  • Read your Google Calendars.

At anytime, you can cancel these permissions at Your Google Account Permission Page so no further data is shared with Foresight.

Data security

Due to the nature of SaaS (Software as a Service), all transaction data is stored and secured on the Google Cloud Platform (GCP) in the US. All data is encrypted during network transition between you and our server and never shared with outsiders. Your Google service access permission is granted via OAuth2 protocol on the minimum basis. Other than the data needed to perform automation for you, we do not retrieve and store excess information from your Google account. High sensitive information like passwords are encrypted.

We maintain organizational, technical and administrative measures to protect your personal data from unauthorized use, alternation, disclosure or destruction.

Nonessential data collected by Foresight

We use Google Analytics (privacy policy) to collect anonymous product activity in Foresight, which helps us improve features and quality of the product. The information we collect includes but not limits to

  • Triggers and actions you used
  • Product pages you visited
  • Buttons you clicked

We also use Sentry (privacy policy) to collect error reports encountered in the application for service troubleshooting and improvement. We instruct Sentry to log basic user data when an error occurs, including but not limited to

  • Your operating system type and version
  • Your browser type and version
  • Your IP address
  • The context of error, e.g. buttons clicked or pages visited within the application before the error occurs.

You are able to opt out these data collection in the Settings > Privacy page within Foresight.

Delete your data

We do not automatically delete your Foresight account data as long as you have an active Professional subscription.

You have rights to erase your personal data. To delete your Personal Data in Foresight, please follow the instructions in close my Foresight account. Your data will be permanently deleted from Foresight, logs and backups in 30 days.

Form Merger

When you use Form Merger product, you granted permissions for the application to access and modify information, as below

  • Read and write Google Forms in your Google Drive

Your personal assets in Google Drive will not be stored in our server.

We collect error reporting information using our service provider Sentry (privacy policy) for researching and fixing issues. If you disagree with the error reporting, please stop using Form Merger and revoke your permissions granted to Form Merger in your Google Account.

Safe Doc

Safe Doc is a chrome extension that manages inappropriate features in Google Workspace for Education to protect K-12 students from harmful content.

No Student Personal Data is collected

Safe Doc is compliant with COPPA, FERPA, PPRA and SOPIPA. We do NOT transmit, process, collect and sell any personally identifiable information (PII) of your students. All student data required by Safe Doc is encrypted and cached locally in students' school managed devices. By uninstalling Safe Doc from your students' managed devices, all cached data is deleted.

De-identified data (e.g. crash reporting) may be collected for Safe Doc troubleshooting and improvement. We ensure NO PII will be included in the de-identified data. We also do not attempt to re-identify de-identified data and do not disclose or transfer any of the de-identified data to third parties. As school officials, you may opt out such de-identified data collection using the Safe Doc configuration policy OptOutAnonymousErrorReporting.

For school accounts, we only store your students' domain name to verify your school license keys.

School Representative Data

If you're the school representative who applied for the trial or annual license, the information you provided is stored in our system for service purposes. We do not disclose, sell or rent your Personal Data to any unaffiliated third parties. Personal data collected from you may include but not limit to

  • Your full name
  • Your contact email
  • Your school's student email domain(s)
  • Your school's billing address
  • Your school's purchase orders

To remove your Safe Doc account data from our system, you need to request us ([email protected]) in writing from the email account you used in the trial or annual license application. We do not accept unauthorized requests.

Free Apps Scripts

When you download and use free apps scripts, you granted permissions for the applications to perform their work. Depending on the functionalities of apps scripts, these permissions may include but not limited to:

  • Read and write Google Drive files
  • Read and write Google Docs files, Docs, Sheets, Slides, Forms etc.
  • Read your profile's information
  • Access external services

Since apps scripts run on your end, we collect no information from you.