This Privacy Policy describes how your personal information is collected, used, and shared when you visit or make a purchase from galite.io (the “Site”) owned and operated by Xiaolong Software.

In this policy, we lay out: what data we collect and why; how your data is handled; and your rights with respect to your data. We promise we never sell your data: never have, never will.

When you sign up for a Company product, we ask for identifying information such as your name, email address, and maybe a company name. That’s so you can personalize your new account, and we can send you product updates and other essential information. We may also send you optional surveys from time to time to help us understand how you use our products and to make improvements. With your consent, we will send you our newsletter and other updates.

We use and transfer to any other app of information received from Google APIs will adhere to Google API Services User Data Policy, including the Limited Use requirements.

We’ll never sell your personal information to third parties, and we won’t use your name or company in marketing statements without your permission either.

If you subscribe to a paid product, you will be required to provide payment information and a billing address. Your credit card information is submitted directly to our payment processor and we do not store it. We store payment transaction records for account history, invoicing, and billing support. We store your billing address to charge you for the service, calculate applicable sales tax, send you invoices, and detect fraudulent credit card transactions. We may occasionally use aggregated billing information to guide our marketing efforts.

For most of our products, we log the full IP address used to sign up a product account and retain that for use in mitigating future spammy signups. We also log all account access by full IP address for security and fraud prevention purposes, and we keep this login data for as long as your product account is active.

We collect information about your browsing activity for analytics and statistical purposes such as conversion rate testing and experimenting with new product designs. This includes, for example, your browser and operating system versions, your location, which web pages you visited and how long they took to load, and which website referred you to us. The web analytics we use are described further in the Advertising and Cookies section.

We use third-party CAPTCHA services across our applications to mitigate brute force logins and as a means of spam protection. We have a legitimate interest in protecting our apps and the broader Internet community from credential stuffing attacks and spam. When you log into your Company accounts, the CAPTCHA service evaluates various information (e.g., IP address, how long the visitor has been on the app, mouse movements) to try to detect if the activity is from an automated program instead of a human. We retain these data via our subprocessor indefinitely for use in spam mitigation.

We do not run any ads from third-party platforms

We do not use third-party cookies or send any information to third-parties

We use persistent first-party cookies to store certain preferences and make it possible for you to use our applications.

A cookie is a piece of text stored by your browser. It may help remember login information and site preferences. It might also collect information such as your browser type, operating system, web pages visited, duration of visit, content viewed, and other click-stream data. You can adjust cookie retention settings and accept or block individual cookies in your browser settings, although our apps won’t work and other aspects of our service may not function properly if you turn cookies off.

When you email Company with a question or to ask for help, we keep that correspondence, including your email address, so that we have a history of past correspondence to reference if you reach out in the future.

We also store information you may volunteer, for example, written responses to surveys. If you agree to a customer interview, we may ask for your permission to record the conversation for future reference or use. We will only do so with your express consent.

All data is encrypted via SSL/TLS when transmitted from our servers to your browser.

If you choose to cancel your account, your content will become immediately inaccessible and should be purged from our systems in full within 60 days. This applies both for cases when an account owner directly cancels and for auto-cancelled accounts.

The European Data Protection Board (EDPB) has issued guidance that personal data transferred out of the EU must be treated with the same level of protection that is granted under EU privacy law. UK law provides similar safeguards for UK user data that is transferred out of the UK. Accordingly, Company has adopted a data processing addendum with Standard Contractual Clauses to help ensure this protection.

There are also a few ad hoc cases where EU personal data may be transferred to the U.S. in connection with Company operations, for instance, if an EU user signs up for our newsletter or participates in one of our surveys or buys swag from our company online store. Such transfers are only occasional and data is transferred under the Article 49(1)(b) derogation under GDPR and the UK version of GDPR.

For any questions about these Terms, please contact us via the email: [email protected]