Privacy Policy

1. Company Information

• Legal Name: Rebel LLC
• Trade Name: Xilo. Design
• Country: United States of America
• Contact Email: contact@xilo.design
• Website: https://xilo.design

2. Scope of This Policy

This Privacy Policy applies to: visitors to our website, clients and prospective clients, users of our client portal, individuals who communicate with us, users of hosted websites or support systems operated by Xilo Design, marketing and advertising interactions, and third-party integrations connected to our services.

This Policy applies regardless of geographic location, including users located in the United States, European Economic Area ("EEA"), United Kingdom ("UK"), and other jurisdictions where applicable privacy laws may apply.

3. Information We Collect

3.1 Information You Provide Directly
Including but not limited to: name, email address, phone number, business name, billing information, payment details, project requirements, uploaded files and documents, support requests, communication history, login credentials, scheduling information, and invoices and transaction records.

3.2 Automatically Collected Information
When you access our website or services, we may automatically collect: IP address, browser type, operating system, device identifiers, approximate location data, usage behavior, referral URLs, pages visited, interaction data, cookies and tracking information, and analytics data.

3.3 Client Website Data
For websites hosted or managed by Xilo Design, we may process: website analytics, visitor interaction data, forms submitted through client websites, support logs, technical hosting logs, backups, and server records. Clients remain responsible for ensuring their own website privacy compliance regarding end-user data collected through their websites.

4. How We Use Information

We may use personal information for purposes including: providing services, project management, account creation and authentication, payment processing, communication and customer support, hosting and technical operations, analytics and service improvements, security monitoring, fraud prevention, enforcing legal rights, marketing communications, service updates and notifications, and compliance with legal obligations.

We may also use aggregated or anonymized information for operational, statistical, and business purposes.

5. Legal Bases for Processing

For users located in the European Economic Area or United Kingdom, we process personal data under one or more of the following legal bases: performance of a contract, legitimate business interests, legal obligations, consent, and protection against fraud or abuse.

Legitimate interests may include operating our business, improving services, preventing fraud, securing systems, and communicating with clients.

6. Cookies & Tracking Technologies

We use cookies, pixels, analytics tools, session tracking, and similar technologies to operate our website, remember user preferences, analyze traffic and performance, improve user experience, support marketing campaigns, measure advertising effectiveness, and enhance security.

Third-party services such as Google Analytics, Meta Pixel, Stripe, hosting providers, and other integrations may also place cookies or tracking technologies. Users may disable cookies through browser settings; however, portions of the website or services may not function properly.

7. AI-Assisted Services

Xilo Design may use AI-assisted tools, automations, language models, and machine learning systems during portions of the design, development, copywriting, optimization, communication, support, and operational processes.

By using our services, you acknowledge and agree that:

• Information submitted through our systems may be processed using AI-assisted technologies.
• AI-generated outputs may require human review.
• AI systems may involve third-party providers.
• We do not guarantee that AI-generated outputs will be error-free, unique, or legally compliant.

Clients remain responsible for reviewing and approving all final deliverables.

8. Third-Party Services

We may share information with third-party service providers necessary for operating our business, including: payment processors, hosting providers, analytics providers, communication platforms, customer support tools, CRM systems, cloud storage providers, automation systems, AI providers, marketing platforms, and scheduling tools.

Third-party services operate under their own privacy policies and terms. Xilo Design does not control and is not responsible for the privacy, security, availability, or practices of third-party providers.

9. Payment Processing

Payments are processed through third-party payment providers such as Stripe. Xilo Design does not directly store full payment card information on its servers. Payment providers manage payment information according to their own security standards and privacy policies.

10. Data Retention

We retain information for as long as reasonably necessary to provide services, maintain records, comply with legal obligations, resolve disputes, enforce agreements, and maintain backups and security systems.

We reserve the right to delete, archive, anonymize, or permanently remove information, hosted files, backups, communications, or project materials after periods of inactivity, account termination, or hosting expiration. We are not responsible for maintaining indefinite backups or archived copies of client materials.

11. Data Security

We implement commercially reasonable technical, administrative, and organizational safeguards intended to protect information. However, no method of transmission, storage, hosting, or internet communication is completely secure.

Accordingly: we do not guarantee absolute security, users transmit information at their own risk, and we are not liable for unauthorized access, hacking, data breaches, or security incidents beyond our reasonable control.

Clients are responsible for: securing their own credentials, maintaining local backups, securing third-party accounts, and managing website administrator access.

12. International Data Transfers

Information may be transferred to, processed, or stored in the United States or other countries where our providers operate. By using our services, users acknowledge that data protection laws in those jurisdictions may differ from those in their country of residence. Where applicable, we may rely on contractual safeguards, provider agreements, or other lawful transfer mechanisms.

13. User Rights

Depending on applicable law, users may have rights including: access to personal data, correction of inaccurate information, deletion requests, restriction of processing, data portability, withdrawal of consent, objection to processing, and complaint rights with supervisory authorities.

Requests may be submitted to contact@xilo.design. We may require identity verification before processing requests. Certain legal exceptions, operational requirements, fraud prevention needs, or contractual obligations may limit our ability to comply fully with a request.

14. California Privacy Rights

California residents may have rights under applicable California privacy laws, including: right to know, right to delete, right to correct, right to access categories of collected information, right to limit certain uses of sensitive information, and right to non-discrimination for exercising privacy rights.

Xilo Design does not sell personal information as defined under applicable California privacy laws. Privacy requests may be submitted to contact@xilo.design.

15. Marketing Communications

We may send promotional emails, service announcements, newsletters, or marketing communications. Users may opt out of marketing emails at any time using unsubscribe links or by contacting us directly. Operational, billing, legal, or account-related communications may still be sent even if marketing communications are disabled.

16. Client Website Responsibility

Clients are solely responsible for the privacy compliance of their own websites, including: publishing their own privacy policies, cookie disclosures, consent banners, GDPR compliance, CCPA compliance, data collection practices, form disclosures, marketing consent management, and third-party integrations installed on their websites.

Unless explicitly agreed in writing, Xilo Design does not provide legal compliance services or guarantee compliance with privacy, accessibility, advertising, or consumer protection laws.

17. Children's Privacy

Our services are not directed to children under the age of 13. We do not knowingly collect personal information from children. If we become aware that information from a child has been collected, we may delete such information without notice.

18. Third-Party Links

Our website or services may contain links to third-party websites or platforms. We are not responsible for the content, practices, availability, or privacy policies of third-party websites. Users access third-party services at their own risk.

19. Limitation of Liability

To the maximum extent permitted by law, Xilo Design and Rebel LLC shall not be liable for: indirect damages, data loss, loss of profits, business interruption, unauthorized access, cyberattacks, third-party breaches, hosting failures, tracking technologies used by third parties, regulatory penalties suffered by clients, or privacy compliance failures on client-operated websites.

Users acknowledge that no internet-based service can guarantee complete privacy or security.

20. Changes to This Privacy Policy

We reserve the right to modify or update this Privacy Policy at any time. Updated versions become effective upon publication on our website. Continued use of our services after changes constitutes acceptance of the revised Policy.