Logo
Legal & Compliance

Privacy Policy

Our commitment to transparency, security, and your data rights in the digital age.
Last Updated
October 26, 2024

This policy outlines how XPACE Technologies collects, uses, and protects your information across our digital ecosystem.

Quick Navigation

Important Notice

By using our services, you acknowledge that you have read and understood this Privacy Policy.

1. Introduction

Our commitment to protecting and respecting your privacy

XPACE Technologies ("XPACE," "we," "us," or "our") is committed to protecting and respecting your privacy. In today's digital-first world, trust is built on transparency, accountability, and security.

This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you:

Your Consent & Compliance

By accessing or using our services, you acknowledge that you have read and understood this Privacy Policy and agree to the data practices described herein. This policy is designed to align with applicable global data protection regulations, including:

GDPR
General Data Protection Regulation
CCPA
California Consumer Privacy Act

2. Information We Collect

Types of data we collect for secure, reliable, and high-quality services

A. Personal Information You Provide

When you contact us, request a proposal, download resources, register for events, or apply for a role at XPACE Technologies, we may collect:

Identity Data: Full name, job title, company/organization name
Contact Data: Business email address, phone number, mailing address
Professional Data: CV/Resume, portfolio details, LinkedIn profile URL
Account Data: Login credentials for client or partner portals

B. Technical & Usage Data (Automatically Collected)

When you interact with our websites or platforms, we may automatically collect:

Device Information:

IP address, browser type, operating system, device identifiers

Usage Data:

Pages viewed, time spent on pages, navigation paths, and interaction logs

Cookies & Tracking Technologies:

Used to enhance user experience, analyze performance, and remember preferences (refer to our Cookie Policy for details)

C. Client Data (B2B Engagements)

While delivering services such as Cloud Solutions, AI Implementations, ERP, IoT, or Custom Software Development, XPACE may process data on behalf of its clients.

Important Distinction:

In such cases, XPACE acts as a Data Processor, and the client remains the Data Controller. All processing is conducted strictly in accordance with applicable contracts, including our Master Services Agreement (MSA) and Data Processing Addendum (DPA).

3. How We Use Your Information

Legitimate business purposes for data processing

We process personal and technical data only for legitimate business purposes, including:

Service Delivery

Designing, deploying, operating, and improving our software solutions and consulting services

Communication

Responding to inquiries, RFPs, proposals, invoices, service updates, and customer support requests

Marketing & Engagement

Sharing newsletters, insights, case studies, and event invitations (only where consent has been provided)

AI & Platform Improvement

Using anonymized and aggregated data to enhance system performance and AI-driven capabilities

Security & Risk Management

Detecting, preventing, and responding to fraud, cyber threats, and unauthorized access

Legal & Regulatory Compliance

Meeting obligations related to taxation, corporate governance, export controls, and regulatory reporting

AI Training Notice

We do not use client or proprietary business data for public or external model training without explicit written consent. Any internal analysis or improvement activities rely on anonymized or aggregated data only.

4. Data Sharing and Disclosure

When and how we share your information

XPACE Technologies does not sell personal data.

We may share information only in the following circumstances:

Trusted Service Providers

Third-party vendors supporting our operations (e.g., cloud hosting, CRM, billing, payment processing). These providers are contractually obligated to maintain confidentiality and security.

Affiliates & Global Offices

Limited data sharing within XPACE group entities to ensure seamless global service delivery.

Legal & Regulatory Authorities

Where disclosure is required by law, regulation, court order, or lawful government request.

Business Transactions

In the event of a merger, acquisition, restructuring, or asset sale, information may be transferred as part of the business continuity process.

5. International Data Transfers

Global operations with data protection safeguards

As a global IT consulting and technology company, XPACE Technologies may process and store data in multiple jurisdictions.

For EEA Residents

Standard Contractual Clauses (SCCs) Protection

For individuals located in the European Economic Area (EEA), data transfers outside the EU are conducted using Standard Contractual Clauses (SCCs) or other legally approved safeguards to ensure continued protection of personal data.

6. Technology-Specific Clauses

Special considerations for advanced technologies

Artificial Intelligence (AI)

Secure AI-enabled solutions

Where XPACE provides AI-enabled solutions (such as automation, analytics, or intelligent applications):

  • We process data strictly for agreed business purposes defined with our clients
  • We do not use client or proprietary business data for public or external model training without explicit written consent
  • Any internal analysis or improvement activities rely on anonymized or aggregated data only

7. Data Security

Enterprise-grade security controls

XPACE Technologies applies enterprise-grade security controls to safeguard information, including:

🔐

Encryption

AES-256 encryption for data at rest and TLS 1.3 for data in transit

👥

Access Management

Role-Based Access Control (RBAC) and Multi-Factor Authentication (MFA)

🛡️

Operational Controls

Secure development practices, monitoring, and incident response protocols

📋

Compliance & Governance

Security controls aligned with industry-recognized information security standards

Security Limitation Notice

While we continuously strengthen our security posture, no digital system can be guaranteed 100% secure.

8. Your Data Protection Rights

Control over your personal information

Subject to applicable laws, you may exercise the following rights:

Right of Access

Obtain confirmation and a copy of your personal data

Right to Rectification

Correct inaccurate or incomplete information

Right to Erasure

Request deletion of data, subject to legal retention requirements

Right to Restriction

Limit how your data is processed

Right to Data Portability

Receive your data in a structured, commonly used format

Right to Opt-Out

Withdraw consent for marketing communications at any time

Exercise Your Rights

Requests may be submitted to our Data Protection Officer (DPO)

Contact DPO

9. Data Retention

How long we keep your information

We retain data only for as long as necessary to fulfill legitimate business and legal purposes:

Client & Contractual Data

7 Years

Retained for the duration of the agreement plus up to 7 years for compliance and audit purposes

Marketing & Engagement Data

24 Months

Retained until opt-out or after 24 months of inactivity

10. Contact Information

Get in touch with our privacy team

Contact Details

XPACE Technologies Pvt. Ltd.

Attn: Data Protection Officer

Registered Office

Office No. 406, 4th floor, Ceasers tower, Shahra-e-Faisal, opposite ayesha bawany school, Fowler Lines Karachi, Pakistan

Need Immediate Assistance?

For urgent privacy concerns or data breach notifications, please contact our 24/7 security team.

Policy Updates

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last Updated" date.

You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.