world's first and only privacy-preserving 1-step data-rich payments provider with end-to-end encrypted smart receipts and all-customers-inclusive rewards.
Xiippy is committed to client service and this policy outlines our ongoing
obligations to you in respect of how we manage your Personal Information
or your business' data.
Xiippy sits between retailers, consumers, POS developers and banks and delivers value to all these parties in unique ways. The most inherent difference we are making is the fact that we make it possible for real owners of information to benefit from such information without having to share them with us or with 3rd parties and that's what forms the core philosophy behind privacy-by-design and regulative frameworks like GDPR and CCPA.
We have designed and built the Xiippy platform to materialize what these regulative frameworks intend to achieve on a zero-trust setting, which means, we have designed this platform in such a way that you, as our users, clients or customers, will not need to trust us to have access to your personal or protected information but yet, our platform will remain capable of adding value to all owners of information. This, however, has not been easy at all. We have had to invest new concepts along the way and go through complex cryptography to reach this goal, adopting edge computing and client-side encryption and decryption of data to deprive ourselves, and hence the entire universe, of having access to your personal information or your business' private data.
For consumers, Xiippy only maintains purchase history and receipts on users' private devices, with encryption-at-rest applied to the local databases of all our apps. No consumer purchase history is EVER saved on our servers and infrastructure in plain and readable format to us. If the user chooses to, for the purpose of portability and multi-device access, a copy of receipts are first encrypted with keys only known to the user and unknown to us and then uploaded to our infrastructure, which in return, can be downloaded by our apps on other devices and decrypted with keys that are only accessible to the real owner of the data.
For business owners, Xiippy only mains an encrypted version of seller's copy of the receipts on its servers to make them available in our Business Owner's dashboard. The keys used for this encryption process are unknown to us too. These keys are generated by the POS stations and derived from private keys only know to the business owners. All processing and demonstration of data is done at client side through our web-based Business Owner's dashboard without us maintaining any plain format data on our servers.
These aspects are the unique characteristics of our platform; a zero-knowledge fashion of providing service to data owners without having access to the data ourselves. In this sense, this policy mostly outlines what happens with the information we DO maintain from you, not the information we maintain zero knowledge of.
There are three basic ways we collect information:
When you interact with our services, we collect the information that
you choose to share with us. For example, most of our services require you
to set up a basic Xiippy account, so we may optionally need to collect a
few important details about you, such as: a unique user name you’d like
to go by, a password, an email address, a phone number, and your date of
birth. Xiippy also allows you to start using our apps by choosing to sign
up anonymously which in return will create an account using random identifiers
and maintaining registration details on your private devices. If chosen
to start using our apps anonymously, you bear the risk of being dependent
on your current device to maintain registration and should you change your
device, we may not be able to identify you again unless you do go through
a proper process to get an account based on your real personal details like
email address or phone numbers.
To make it easier for others to identify you anynomously, e.g. a retailer to become aware that you are a returning customer or an existing loyalty card to be linked to you, we may calculate anonymised transaction or user identifiers that can remain the same in future interactions between you and the same entities but they remain almost impossible to be linked back to your real identity. This means, if you choose to not use our payment option and only use Xiippy to receive your receipts and rewards points, it will remain nearly impossible even for Xiippy to identify you the real owner of such anynomised identifiers is. The fundamental method used by Xiippy is to make such identifiers dependent upon private cryptographic keys that it securely saves in the Key Chain storage of your private device without having access to them on our infrastructure. This in return protects your privacy even in unlikely data breach incidents. One important aspect of our innovation and patents relates to these calculations.
At the moment, the Xiippy payment platform does not receive your personal credit card or bank card numbers directly from you and in return, it receives a card token from ApplePay or GooglePay on your personal device, should you choose to use our payment platform. These tokens are random looking strings that are meaningless and are not your real credit card numbers and in most cases, they are temporary and once-off, which means they won't be usable for more than one transaction, and that is the transaction-at-hand, the one for them such tokens are generated. Tokens make it possible to avoid having to handle real credit card and financial information and our payment platform uses them to protect your information and avoid having to handle financial details fundamentally.
It probably goes without saying, but we’ll say it anyway: When you contact Xiippy Support or communicate with us in any other way, we’ll collect whatever information you volunteer.
When you use our services, we collect information about which of those
services you’ve used and how you’ve used them. We might know, for instance,
that you saw a specific ad for a certain period of time. Here’s a fuller
explanation of the types of information we collect when you use our services
(to learn about how you can control some of this information, be sure to
read the aptly titled Control over Your Information section below):
We collect information about your activity through our services. For
example, we may collect information about:
We collect information about the content you provide us, such as the
feedback you may provide a retailer as a result of having a transaction
We collect device-specific information, such as the hardware model, operating system version, advertising identifiers, unique application identifiers, unique device identifiers, browser type, language, wireless network, and mobile network information (including the mobile phone number should you choose to provide it to us).
When you use our services we may collect information about your location.
With your consent, we may also collect information about your precise location
using methods that include GPS, wireless networks, cell towers, Wi-Fi access
points, and other sensors, such as gyroscopes, accelerometers, and compasses.
This information may be used to generate personalized relevant contents
(e.g. applicable offers you have be eligible to) and reminders (e.g. warranty
reminders if you are close-by to a certain retail outlet).
In almost all cases, we do not maintain such information on our infrastructure (having used edge computing on your phone to drive personalization, i.e. your phone only receiving contents from our infrastructure) but if such information is saved on our infrastructure, we inform you and get your consent before we do so.
We also collect log information when you use our website. That information
includes, among other things:
We may collect information that other users provide about you or your
business when they use our services. We may also obtain information from
other companies that are owned or operated by us, or any other third-party
sources, and combine that with the information we collect through our services.
The data we collect is used to provide you with an amazing set of products
and services that we are always trying to improve. But we do a lot more
as well, such as:
We do also store some information locally on your device. For example,
private cryptographic keys, that are under NO CIRCUMSTANCES sent to our
infrastructure in form or shape readable and accessible to us.
We may share information about you in the following ways:
We may share the following information with all Xiippy users as well
as the general public:
We may share information with entities within the Xiippy family of companies.
We may share your information with the following third parties:
If Xiippy gets involved in a merger, asset sale, financing, liquidation or bankruptcy, or acquisition of all or some portion of our business to another company, we may share your information with that company before and after the transaction closes.
We may also share with third parties, such as advertisers, aggregated or de-identified information that cannot reasonably be used to identify you.
We want you to be in control of your information, so we provide you with
the following tools.
We strive to let you access and update most of the personal information that we have about you. There are limits though to the requests we’ll accommodate. We may reject a request for a number of reasons, including, for example, that the request risks the privacy of other users, requires technical efforts that are disproportionate to the request, is repetitive, or is unlawful. You can access and update most of your basic account information right in the apps or dashboards by visiting the app’s or dashboard's Settings pages. If you need to access, update, or delete any other personal information that we may have, you can put in a request when contacting us. Because your privacy is important to us, we may ask you to verify your identity or provide additional information before we let you access or update your personal information. We will try to update and access your information for free, but if it would require a disproportionate effort on our part, we may charge a fee. We will of course disclose the fee before we comply with your request.
If you change your mind about our ongoing ability to collect information
from certain sources that you have already consented to, such as your location
services, you can simply revoke your consent by changing the settings on
your device if your device offers those options. Of course, if you do that,
certain services may lose full functionality.
While we hope you’ll remain a lifelong Xiippy user, if for some reason
you ever want to delete your account, contact us and inform us of your intention.
During this period of time, your account will not be visible to other parties.
technologies on the services. These companies may collect information about
how you use the services and other websites and online services over time
and across different services. This information may be used to, among other
things, analyze and track data, determine the popularity of certain content,
and better understand your online activity.
Although we welcome Xiippy users from all over the world, keep in mind
that no matter where you live or where you happen to use our services, we
operate our services from Australia. This means that we may collect your
personal information from, transfer it to, and store and process it in Australia
and/or other countries whose local data-protection and privacy laws may
offer fewer protections than those in your country of residence or from
any country where you use or access the services.
Our services are not intended for—and we don’t direct them to—anyone
under 13. And that’s why we do not knowingly collect personal information
from anyone under 13.
date of any new version of the policy is always visible on this page.