Privacy Policy
How we handle and protect your data.
1. Introduction
XylaWorks, Inc., a Texas corporation (“XylaWorks,” “we,” “us,” or “our”), operates the XylaWorks career development platform at https://www.xylaworks.com and any related web applications, mobile-optimized interfaces, APIs, or cloud-hosted features (collectively, the “Platform”).
This Privacy Policy explains how we collect, use, disclose, retain, and protect your personal information when you visit our website or use the Platform. It also describes your rights regarding your personal information and how you can exercise them.
By accessing or using the Platform, you acknowledge that you have read and understood this Privacy Policy. This Privacy Policy should be read together with our Terms of Service.
If we make material changes to this Privacy Policy, we will notify you by updating the “Effective Date” above and, where required, by email or notice on the Platform.
2. Information We Collect
We collect information in three ways: information you provide directly, information collected automatically, and information received from third parties.
2.1 Information You Provide
- Account Information — When you create an account, we collect your name, email address, and password. You may optionally provide a phone number, bio, or profile photo.
- Career and Resume Data — When you use the Platform, you may provide resume content, work history, education, skills, certifications, awards, community involvement, professional summaries, career goals, assessment responses, and other career-related information.
- Payment Information — When you make a purchase, your payment details (credit card number, billing address) are collected and processed directly by our third-party payment processor, Stripe. XylaWorks does not receive or store your full credit card number, expiration date, or CVV. We receive only a transaction confirmation, last four digits of your card, and billing address.
- Communications — When you contact us via email, forms, or support channels, we collect the content of your communications along with your name and contact information.
- Feedback and Surveys — If you submit feedback, reviews, or participate in surveys, we collect the information you provide.
2.2 Information Collected Automatically
When you access the Platform, we automatically collect certain technical and usage information:
- Device and Browser Data — IP address, browser type and version, operating system, device type, screen resolution, and language preferences.
- Usage Data — Pages visited, features used, click patterns, time spent on pages, navigation paths, referring URLs, and session duration.
- Cookies and Similar Technologies — We use cookies, web beacons, and similar tracking technologies as described in Section 8 below.
- Log Data — Server logs that record requests to our Platform, including timestamps, URLs, and error information.
2.3 Information from Third Parties
- Payment Processor — Stripe may provide us with transaction status, payment confirmations, and limited billing details.
- Analytics Providers — Third-party analytics services may provide aggregated usage data about Platform traffic and performance.
3. How We Use Your Information
We use the information we collect for the following purposes:
| Purpose | Data Used |
|---|---|
| Platform Operations — Creating and managing your account, authenticating your identity, and providing access to Platform features | Account information, credentials |
| AI-Powered Career Processing — Generating career assessments, resume analyses, career plans, and other Platform outputs through our AI systems | Career and resume data, assessment responses |
| Payment Processing — Processing purchases and maintaining transaction records | Payment information (via Stripe), transaction history |
| Quality Assurance — Conducting system-level quality reviews of Platform outputs to maintain accuracy and consistency | Career data, Platform outputs |
| Platform Improvement — Analyzing usage patterns, diagnosing technical issues, and improving Platform functionality and user experience | Usage data, device data, aggregated analytics |
| AI Model Improvement — Using anonymized and aggregated data to train, refine, and improve our AI models and algorithms | Anonymized/aggregated career data and outputs |
| Communications — Sending order confirmations, account notifications, security alerts, and responding to your inquiries | Account information, communication content |
| Legal and Safety — Enforcing our Terms of Service, protecting against fraud and abuse, and complying with legal obligations | All categories as necessary |
4. How AI Processes Your Data
Transparency about our AI data practices is important to us. Here is how your information interacts with our AI systems:
- Input Processing — When you submit career data (resumes, work history, goals, assessment responses), this information is transmitted to our AI processing pipeline, which is hosted on Microsoft Azure cloud infrastructure.
- Third-Party AI Services — Our AI pipeline utilizes third-party large language model APIs to analyze your data and generate outputs. Your data is sent to these services under data processing agreements that restrict the provider from using your data for their own training purposes or for any purpose other than processing your request.
- Output Generation — AI-generated career plans, assessments, and other outputs are stored in your account and associated with your user profile.
- Model Improvement — We may use anonymized and aggregated data derived from Platform usage to improve our AI models. Before being used for this purpose, data is stripped of personally identifiable information so it cannot reasonably be linked back to you. You may opt out of this use by contacting us at privacy@xylaworks.com.
- Quality Assurance Data — Human quality-assurance processes may involve reviewing AI outputs at a system level. These reviews are conducted to audit overall output quality and consistency, not to provide individualized services.
5. How We Share Your Information
We do not sell your personal information. We share information only in the following limited circumstances:
5.1 Service Providers
We share personal information with trusted third-party service providers who perform functions on our behalf, subject to contractual obligations to protect your data:
| Provider Category | Purpose | Data Shared |
|---|---|---|
| Cloud Hosting (Microsoft Azure) | Platform infrastructure and data storage | All Platform data (encrypted at rest and in transit) |
| AI Processing Services | Career data analysis and output generation | Career and resume data for processing |
| Payment Processing (Stripe) | Transaction processing | Payment credentials, billing address |
| Email Delivery | Transactional and notification emails | Email address, name |
| Analytics | Platform usage analysis | Anonymized usage data |
5.2 Legal Requirements
We may disclose your information if required to do so by law, regulation, legal process, or governmental request, or when we believe in good faith that disclosure is necessary to: (a) comply with applicable law; (b) protect our rights, property, or safety, or that of our users or the public; (c) detect, prevent, or address fraud, security, or technical issues; or (d) enforce our Terms of Service.
5.3 Business Transfers
If XylaWorks is involved in a merger, acquisition, reorganization, asset sale, or bankruptcy, your personal information may be transferred as part of that transaction. We will notify you of any such change in ownership or control of your personal information.
5.4 With Your Consent
We may share your information for purposes not described in this Privacy Policy if we obtain your explicit consent.
6. Data Retention
We retain your personal information only as long as necessary to fulfill the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law.
| Data Category | Retention Period |
|---|---|
| Account information | Duration of your active account, plus 30 days after deletion request |
| Career and resume data | Duration of your active account, plus 30 days after deletion request |
| Platform-generated outputs | Duration of your active account, plus 30 days after deletion request |
| Payment and transaction records | 7 years (tax and legal compliance) |
| Usage and analytics data | 24 months from collection |
| Support communications | 3 years from resolution |
| Anonymized/aggregated data | Indefinitely (cannot be linked to you) |
When personal data is no longer needed, we securely delete or anonymize it in accordance with our data management procedures.
7. Your Rights and Choices
Depending on your location, you may have the following rights regarding your personal information:
- Access — Request a copy of the personal information we hold about you.
- Correction — Request correction of inaccurate or incomplete personal information. You can also update most account information directly through the Platform.
- Deletion — Request deletion of your personal information and account, subject to the retention exceptions described above.
- Data Portability — Request an export of your personal data and Platform-generated outputs in a commonly used electronic format.
- Opt Out of AI Model Training — Request that your data (even in anonymized form) not be used for AI model improvement purposes.
- Withdraw Consent — Where processing is based on consent, you may withdraw consent at any time. Withdrawal does not affect the lawfulness of processing that occurred before withdrawal.
To exercise any of these rights, contact us at privacy@xylaworks.com or support@xylaworks.com. We will verify your identity before processing your request and respond within 30 days (or as required by applicable law). We will not discriminate against you for exercising your rights.
7.1 California Residents (CCPA/CPRA)
If you are a California resident, you have additional rights under the California Consumer Privacy Act, as amended by the California Privacy Rights Act:
- Right to Know — You may request details about the categories and specific pieces of personal information we have collected, the sources of collection, the business purposes for collection, and the categories of third parties with whom we share information.
- Right to Delete — You may request deletion of personal information we have collected from you, subject to certain exceptions.
- Right to Opt Out of Sale/Sharing — We do not sell your personal information and do not share it for cross-context behavioral advertising. As such, there is no need to opt out, but we honor any “Do Not Sell or Share” requests received.
- Right to Non-Discrimination — We will not deny you access to the Platform, charge different prices, or provide a different level of quality based on your exercise of CCPA rights.
To make a CCPA request, email privacy@xylaworks.com with the subject line “CCPA Request.”
7.2 Texas Residents
Under the Texas Data Privacy and Security Act (effective July 1, 2024), Texas residents have rights to access, correct, delete, and obtain a portable copy of their personal data. You may also opt out of the processing of personal data for targeted advertising, sale, or profiling. XylaWorks does not engage in the sale of personal data or targeted advertising based on personal data.
8. Cookies and Tracking Technologies
We use cookies and similar technologies to operate the Platform, remember your preferences, and understand how you interact with our content.
8.1 Types of Cookies We Use
| Cookie Type | Purpose | Duration |
|---|---|---|
| Essential | Required for Platform functionality, authentication, and security. Cannot be disabled. | Session or up to 12 months |
| Functional | Remember your preferences and settings (e.g., language, display options). | Up to 12 months |
| Analytics | Help us understand how users interact with the Platform, which pages are visited, and where errors occur. | Up to 24 months |
We do not use advertising or cross-site tracking cookies.
8.2 Managing Cookies
You can control cookies through your browser settings. Most browsers allow you to block or delete cookies. Note that disabling essential cookies may prevent certain Platform features from functioning properly.
8.3 Do Not Track
Some browsers transmit “Do Not Track” (DNT) signals. There is no universally accepted standard for how to respond to DNT signals. At this time, we do not respond to DNT signals but do not engage in cross-site tracking.
9. Data Security
We implement industry-standard technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction, including:
- Encryption — All data is encrypted in transit (TLS 1.2+) and at rest using AES-256 encryption on our cloud infrastructure.
- Access Controls — Role-based access controls restrict who within our organization can access personal data, following least-privilege principles.
- Infrastructure Security — Our Platform is hosted on Microsoft Azure, which maintains SOC 2 Type II, ISO 27001, and other industry certifications.
- Payment Security — All payment processing is handled by Stripe, a PCI-DSS Level 1 certified processor. We never store full payment card details on our systems.
- Monitoring — Continuous monitoring and logging of system access and security events.
While we take reasonable precautions, no method of electronic storage or transmission is 100% secure. We cannot guarantee absolute security of your data. If you become aware of a security vulnerability, please notify us immediately at security@xylaworks.com.
10. Children’s Privacy
The Platform is not intended for individuals under the age of 18. We do not knowingly collect, use, or disclose personal information from anyone under 18. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at privacy@xylaworks.com. If we learn that we have collected personal information from a minor, we will take immediate steps to delete that information and terminate the associated account.
11. International Data Transfers
The Platform is operated from the United States. If you access the Platform from outside the United States, your personal information will be transferred to and processed in the United States, where data protection laws may differ from those in your jurisdiction.
By using the Platform, you consent to the transfer of your personal information to the United States. We take appropriate measures to ensure your data is treated securely and in accordance with this Privacy Policy regardless of where it is processed.
As XylaWorks expands to additional jurisdictions, we will implement appropriate data transfer mechanisms (such as Standard Contractual Clauses) and publish jurisdiction-specific supplements to this Privacy Policy as required.
12. Third-Party Links
The Platform may contain links to third-party websites or services that are not operated by XylaWorks. We are not responsible for the privacy practices of these third parties. We encourage you to review the privacy policies of any third-party site you visit. This Privacy Policy applies only to information collected through the XylaWorks Platform.
13. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. When we make material changes, we will:
- Update the “Effective Date” at the top of this page
- Post a notice on the Platform
- Where required by law, notify you by email
Your continued use of the Platform after any changes become effective constitutes your acceptance of the revised Privacy Policy. We encourage you to review this page periodically.
14. Contact Us
If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:
XylaWorks, Inc.
Attn: Privacy
675 Town Center Blvd, Suite 200, Bldg 1A
Garland, TX 75040
Email: privacy@xylaworks.com
General Support: support@xylaworks.com
Web: https://www.xylaworks.com
Questions?
If you have questions about this policy or how your data is handled, we're here to help.