world's first and only privacy-preserving 1-step data-rich payments provider with end-to-end encrypted smart receipts and all-customers-inclusive rewards.
Xiippy is committed to client service and this policy outlines our ongoing
obligations to you in respect of how we manage your Personal Information
or your business' data.
Xiippy sits between retailers, consumers, POS developers and banks and delivers
value to all these parties in unique ways. The most inherent difference
we are making is the fact that we make it possible for real owners of information
to benefit from such information without having to share them with us or
with 3rd parties and that's what forms the core philosophy behind privacy-by-design
and regulative frameworks like GDPR and CCPA.
We have designed and
built the Xiippy platform to materialize what these regulative frameworks
intend to achieve on a zero-trust setting, which means, we have designed
this platform in such a way that you, as our users, clients or customers,
will not need to trust us to have access to your personal or protected information
but yet, our platform will remain capable of adding value to all owners
of information. This, however, has not been easy at all. We have had to
invest new concepts along the way and go through complex cryptography to
reach this goal, adopting edge computing and client-side encryption and
decryption of data to deprive ourselves, and hence the entire universe,
of having access to your personal information or your business' private
data.
For consumers, Xiippy only maintains purchase history and
receipts on users' private devices, with encryption-at-rest applied to
the local databases of all our apps. No consumer purchase history is
EVER saved on our servers and infrastructure in plain and readable
format to us. If the user chooses to, for the purpose of portability and
multi-device access, a copy of receipts are first encrypted with keys
only known to the user and unknown to us and then uploaded to our
infrastructure, which in return, can be downloaded by our apps on other
devices and decrypted with keys that are only accessible to the real
owner of the data.
For business owners, Xiippy only mains an
encrypted version of seller's copy of the receipts on its servers to
make them available in our Business Owner's dashboard. The keys used for
this encryption process are unknown to us too. These keys are generated
by the POS stations and derived from private keys only know to the
business owners. All processing and demonstration of data is done at
client side through our web-based Business Owner's dashboard without us
maintaining any plain format data on our servers.
These aspects are the unique characteristics of our platform; a zero-knowledge fashion of providing service to data owners without having access to the data ourselves. In this sense, this policy mostly outlines what happens with the information we DO maintain from you, not the information we maintain zero knowledge of.
There are three basic ways we collect information:
When you interact with our services, we collect the information that
you choose to share with us. For example, most of our services require you
to set up a basic Xiippy account, so we may optionally need to collect a
few important details about you, such as: a unique user name you’d like
to go by, a password, an email address, a phone number, and your date of
birth. Xiippy also allows you to start using our apps by choosing to sign
up anonymously which in return will create an account using random identifiers
and maintaining registration details on your private devices. If chosen
to start using our apps anonymously, you bear the risk of being dependent
on your current device to maintain registration and should you change your
device, we may not be able to identify you again unless you do go through
a proper process to get an account based on your real personal details like
email address or phone numbers.
To make it easier for others to identify
you anynomously, e.g. a retailer to become aware that you are a returning
customer or an existing loyalty card to be linked to you, we may calculate
anonymised transaction or user identifiers that can remain the same in future
interactions between you and the same entities but they remain almost impossible
to be linked back to your real identity. This means, if you choose to not
use our payment option and only use Xiippy to receive your receipts and
rewards points, it will remain nearly impossible even for Xiippy to identify
you the real owner of such anynomised identifiers is. The fundamental method
used by Xiippy is to make such identifiers dependent upon private cryptographic
keys that it securely saves in the Key Chain storage of your private device
without having access to them on our infrastructure. This in return protects
your privacy even in unlikely data breach incidents. One important aspect
of our innovation and patents relates to these calculations.
At the
moment, the Xiippy payment platform does not receive your personal credit
card or bank card numbers directly from you and in return, it receives a
card token from
ApplePay
or
GooglePay
on your personal device, should you choose to use our payment
platform. These tokens are random looking strings that are meaningless and
are not your real credit card numbers and in most cases, they are temporary
and once-off, which means they won't be usable for more than one transaction,
and that is the transaction-at-hand, the one for them such tokens are generated.
Tokens make it possible to avoid having to handle real credit card and financial
information and our payment platform uses them to protect your information
and avoid having to handle financial details fundamentally.
It probably goes without saying, but we’ll say it anyway: When you contact
Xiippy Support or communicate with us in any other way, we’ll collect whatever
information you volunteer.
When you use our services, we collect information about which of those
services you’ve used and how you’ve used them. We might know, for instance,
that you saw a specific ad for a certain period of time. Here’s a fuller
explanation of the types of information we collect when you use our services
(to learn about how you can control some of this information, be sure to
read the aptly titled Control over Your Information section below):
We collect information about your activity through our services. For
example, we may collect information about:
We collect information about the content you provide us, such as the
feedback you may provide a retailer as a result of having a transaction
with them.
We collect device-specific information, such as the hardware model, operating system version, advertising identifiers, unique application identifiers, unique device identifiers, browser type, language, wireless network, and mobile network information (including the mobile phone number should you choose to provide it to us).
When you use our services we may collect information about your location.
With your consent, we may also collect information about your precise location
using methods that include GPS, wireless networks, cell towers, Wi-Fi access
points, and other sensors, such as gyroscopes, accelerometers, and compasses.
This information may be used to generate personalized relevant contents
(e.g. applicable offers you have be eligible to) and reminders (e.g. warranty
reminders if you are close-by to a certain retail outlet).
In almost
all cases, we do not maintain such information on our infrastructure (having
used edge computing on your phone to drive personalization, i.e. your phone
only receiving contents from our infrastructure) but if such information
is saved on our infrastructure, we inform you and get your consent before
we do so.
Like most online services and mobile applications, we may use cookies and other technologies, such as web beacons, web storage, and unique advertising identifiers, to collect information about your activity, browser, and device with the purpose of providing personalized experiences for you. We may also use these technologies to collect information when you interact with services we offer through one of our partners, such as commerce partners. Most web browsers are set to accept cookies by default. If you prefer, you can usually remove or reject browser cookies through the settings on your browser or device. Keep in mind, though, that removing or rejecting cookies could affect the availability and functionality of our services.
We also collect log information when you use our website. That information
includes, among other things:
We may collect information that other users provide about you or your
business when they use our services. We may also obtain information from
other companies that are owned or operated by us, or any other third-party
sources, and combine that with the information we collect through our services.
The data we collect is used to provide you with an amazing set of products
and services that we are always trying to improve. But we do a lot more
as well, such as:
We do also store some information locally on your device. For example,
private cryptographic keys, that are under NO CIRCUMSTANCES sent to our
infrastructure in form or shape readable and accessible to us.
We may share information about you in the following ways:
We may share the following information with all Xiippy users as well
as the general public:
We may share information with entities within the Xiippy family of companies.
We may share your information with the following third parties:
If Xiippy gets involved in a merger, asset sale, financing, liquidation or bankruptcy, or acquisition of all or some portion of our business to another company, we may share your information with that company before and after the transaction closes.
We may also share with third parties, such as advertisers, aggregated or de-identified information that cannot reasonably be used to identify you.
We want you to be in control of your information, so we provide you with
the following tools.
We strive to let you access and update most of the personal information that we have about you. There are limits though to the requests we’ll accommodate. We may reject a request for a number of reasons, including, for example, that the request risks the privacy of other users, requires technical efforts that are disproportionate to the request, is repetitive, or is unlawful. You can access and update most of your basic account information right in the apps or dashboards by visiting the app’s or dashboard's Settings pages. If you need to access, update, or delete any other personal information that we may have, you can put in a request when contacting us. Because your privacy is important to us, we may ask you to verify your identity or provide additional information before we let you access or update your personal information. We will try to update and access your information for free, but if it would require a disproportionate effort on our part, we may charge a fee. We will of course disclose the fee before we comply with your request.
If you change your mind about our ongoing ability to collect information
from certain sources that you have already consented to, such as your location
services, you can simply revoke your consent by changing the settings on
your device if your device offers those options. Of course, if you do that,
certain services may lose full functionality.
While we hope you’ll remain a lifelong Xiippy user, if for some reason
you ever want to delete your account, contact us and inform us of your intention.
During this period of time, your account will not be visible to other parties.
We may let other companies use cookies, web beacons, and similar tracking
technologies on the services. These companies may collect information about
how you use the services and other websites and online services over time
and across different services. This information may be used to, among other
things, analyze and track data, determine the popularity of certain content,
and better understand your online activity.
Additionally, some companies may use the information they collect on our
services to deliver targeted advertisements on behalf of us or other companies,
including on third-party websites and apps. Xiippy does not currently respond
to do-not-track signals that may be sent from your device. If we do so in
the future, we will provide information about that practice in an updated
version of this privacy policy.
Although we welcome Xiippy users from all over the world, keep in mind
that no matter where you live or where you happen to use our services, we
operate our services from Australia. This means that we may collect your
personal information from, transfer it to, and store and process it in Australia
and/or other countries whose local data-protection and privacy laws may
offer fewer protections than those in your country of residence or from
any country where you use or access the services.
Our services are not intended for—and we don’t direct them to—anyone
under 13. And that’s why we do not knowingly collect personal information
from anyone under 13.
We may change this privacy policy from time to time and the latest effective
date of any new version of the policy is always visible on this page.