Privacy Policy

This Privacy Policy explains how Rebel LLC, doing business as Xilo.Design ("Xilo.Design," "we," "us," or "our"), collects, uses, discloses, and protects personal information when you visit or use https://xilo.design (the "Site") and our related services (collectively, the "Services").

By using the Site or Services, you acknowledge that you have read and understood this Privacy Policy.

1. Scope and Key Concepts

This Policy applies to information we collect:

• When you visit our Site;
• When you purchase Services (including subscriptions);
• When you contact us or otherwise communicate with us.

Certain third parties (for example, payment processors) may collect information directly from you under their own privacy policies.

2. Information We Collect

We collect information in the following ways:

2.1 Information you provide directly

Depending on how you interact with us, we may collect:

• Identifiers and contact information (e.g., name, email address, company name);
• Account and service information (e.g., plan selections, project details, communications);
• Billing information (e.g., billing name, billing address, and transaction metadata). Payment card details are processed by our payment processor (Stripe) and are not stored by us.

2.2 Information collected automatically

When you visit the Site, we may collect:

• Device and usage data (e.g., browser type, device identifiers, operating system, pages viewed, time spent);
• Network data (e.g., IP address, general location derived from IP);
• Referral data (e.g., referring URLs).

We collect this information using cookies and similar tracking technologies.

2.3 Information from third parties

We may receive limited information from service providers that support our Services (e.g., hosting providers, analytics providers, payment processors), such as transaction status or fraud signals.

3. Cookies and Tracking Technologies

We use cookies and similar technologies to:

• Operate and improve the Site;
• Understand usage and performance;
• Support marketing and communications.

3.1 Cookies we use

Below is a summary of the primary cookies and tracking tools currently in use:

Google Analytics and Meta Pixel may use cookies or similar technologies to collect information across websites over time for analytics and advertising purposes.

You can control cookies through your browser settings and, where required by applicable law, through cookie consent tools. You may also opt out of certain Google Analytics data collection by using Google's opt-out mechanisms and manage ad preferences through Meta's ad settings. Some cookies are necessary for the Site to function.

4. How We Use Personal Information

We use personal information for business and commercial purposes such as:

• Providing and operating the Site and Services;
• Processing payments and subscriptions (including through Stripe);
• Communicating with you about your account, purchases, support requests, and updates;
• Marketing (subject to your choices—see Section 9);
• Security and fraud prevention;
• Legal and compliance purposes (e.g., to comply with lawful requests or enforce agreements).

5. How We Share Personal Information

We may share personal information with:

• Service providers that help us operate our business (e.g., hosting, analytics, customer support tools, email delivery); these providers process information on our behalf;
• Payment processors (e.g., Stripe) to process transactions;
• Professional advisors (e.g., legal, accounting) when necessary;
• Authorities or other parties when required by law, to protect rights and safety, or to prevent fraud.

5.1 We do not sell personal information

We do not sell personal information for monetary consideration.

5.2 "Do Not Sell or Share" (California)

California law grants certain consumers the right to opt out of the sale or sharing of personal information (including for certain advertising purposes) and to use signals such as the Global Privacy Control (GPC), when applicable.

At this time, we do not sell personal information. If we ever change our practices in a way that constitutes a "sale" or "sharing" under applicable California law, we will provide an appropriate "Do Not Sell or Share My Personal Information" mechanism as required.

6. Sensitive Personal Information

We do not intentionally collect "Sensitive Personal Information" as that term is defined under California privacy law (for example, government ID numbers, precise geolocation, or certain financial account credentials).

If we ever collect Sensitive Personal Information, we will use it only for permitted purposes and will provide any additional notices and controls required by law, including the right to limit use and disclosure where applicable.

7. Data Retention

We retain personal information only for as long as reasonably necessary to:

• Provide the Services;
• Maintain business records (including billing and transaction records);
• Resolve disputes and enforce agreements; and
• Comply with legal obligations.

Retention periods vary depending on the type of information and the purpose for which it was collected.

8. Data Security

We use reasonable administrative, technical, and organizational safeguards designed to protect personal information. However, no method of transmission or storage is 100% secure, and we cannot guarantee absolute security.

9. Email Marketing and Your Choices (CAN‑SPAM)

If you subscribe to marketing communications, we may send you promotional emails. You can opt out at any time by using the unsubscribe link in our emails or by contacting us at contact@xilo.design.

We process unsubscribe requests consistent with applicable law.

10. Your Privacy Rights

Depending on your location, you may have rights to:

• Request access to personal information we maintain about you;
• Request correction of inaccurate personal information;
• Request deletion of certain personal information;
• Opt out of certain uses of personal information (where applicable);
• Not be discriminated against for exercising your rights.

10.1 California Residents (CCPA/CPRA)

If you are a California resident, you may have additional rights under the CCPA as amended by the CPRA, including the right to know how personal information is collected, used, and shared; the right to delete; the right to correct; the right to opt out of sale/sharing; and the right to limit certain uses of Sensitive Personal Information (if applicable).

How to submit a request: Email us at contact@xilo.design with the subject line "Privacy Request".

Verification: To protect your information, we may take reasonable steps to verify your identity before responding.

Response timing: We aim to respond within the timeframes required by applicable law (often within 45 days, with extensions where permitted).

11. Third‑Party Services and Links

Our Site may include links to third-party websites or services (e.g., plugins, analytics tools, payment processing). Their privacy practices are governed by their own policies, and we are not responsible for their practices.

Stripe: Payments are processed by Stripe. Stripe's privacy practices are described in Stripe's privacy materials.

12. International Users

We operate from the United States. If you access the Site from outside the U.S., you understand that your information may be transferred to and processed in the United States.

13. Children's Privacy

The Site and Services are not directed to children under 13, and we do not knowingly collect personal information from children under 13.

14. Changes to This Policy

We may update this Privacy Policy from time to time. Updates will be posted on this page with a revised "Last Updated" date.

15. Contact Us

If you have questions about this Privacy Policy or our data practices, contact:

contact@xilo.design