Xceed Imagination
Get in touch →

Privacy Policy – Xceed

Last updated: June 2, 2026

Last updated: 2 June 2026

Privacy Policy

Xceed ("we," "us," "our," or "Company") is committed to protecting your privacy. This Privacy Policy explains what information we collect, how we use it, and your rights regarding your data. We operate globally from our headquarters in Pune, India, and comply with applicable data protection laws in all jurisdictions where we conduct business.

1. Information We Collect

We collect information in the following ways:

1.1 Information You Provide Directly

  • Contact Information: Name, email address, phone number, company name, job title, and location when you submit enquiry forms, request project consultations, or contact us via our website.
  • Project Information: Technical requirements, project scope, timelines, budget parameters, and industry context you share during initial discussions or proposal requests.
  • Account Information: If you create a portal account or client dashboard, we collect login credentials, communication preferences, and project history.
  • Payment Information: Billing address, invoice details, and payment method information. Payment processing is handled by third-party payment processors (see Section 4); we do not store full credit card numbers.
  • Communications: Content of emails, messages, meeting notes, and documentation you exchange with our team.

1.2 Information Collected Automatically

  • Website Analytics: IP address, browser type, operating system, device type, pages visited, time spent on pages, referral source, and click patterns via Google Analytics 4.
  • Cookies and Tracking Technologies: As detailed in Section 3.
  • Server Logs: Access logs, error reports, and system performance data generated during your interactions with our website and services.

1.3 Information from Third Parties

  • Business contact information from publicly available professional networks (LinkedIn) to improve our client outreach.
  • Information from your company's public channels when you reference Xceed or our work.

2. How We Use Your Information

We use collected information for the following purposes:

  • Service Delivery: To understand your software development and AI solution requirements, prepare proposals, execute projects, and provide ongoing support.
  • Communication: To respond to enquiries, send project updates, share documentation, and maintain client relationships.
  • Business Development: To identify potential clients, tailor our service offerings, and send relevant industry insights or case studies (where we have your consent).
  • Website Improvement: To analyze user behaviour, identify technical issues, optimize site performance, and enhance user experience.
  • Compliance: To maintain records required by law, respond to regulatory requests, and prevent fraud or misuse of our services.
  • Legal Obligations: To comply with Indian tax regulations (Income Tax Act 1961), employment law, and contractual obligations.

3. Cookies and Tracking Technologies

3.1 Types of Cookies We Use

Our website uses the following categories of cookies:

  • Essential Cookies:
    • xceed_session – Maintains your browsing session.
    • csrf_token – Protects against cross-site request forgery attacks.
    • language_preference – Remembers your language selection.
  • Performance & Analytics Cookies:
    • _ga, _gid, _gat – Google Analytics 4 cookies that track page views, session duration, and user flow (no personally identifiable information is sent to Google unless you voluntarily provide it).
    • _ga_[ID] – Enhanced Google Analytics tracking.
  • Marketing Cookies:
    • fbp, fbc – Facebook Pixel for measuring conversions and retargeting (used only if you have engaged with our ads).
    • utm_source, utm_medium, utm_campaign – Campaign tracking parameters.
  • Third-Party Cookies:
    • LinkedIn Insight Tag for measuring campaign effectiveness and audience insights.

3.2 Cookie Consent

On your first visit, we display a cookie consent banner. Essential cookies are deployed automatically; performance, analytics, and marketing cookies require your explicit consent. You can manage your preferences at any time via the 'Cookie Settings' link in our website footer.

4. Third-Party Services and Data Processors

We use the following third-party service providers who may process your data:

  • Google Analytics 4 – Website analytics and user behaviour tracking. Privacy policy: https://policies.google.com/privacy
  • Stripe / Razorpay – Payment processing for invoices and service fees. We transmit only transaction amount, order ID, and billing address; payment processors handle full payment card data in compliance with PCI DSS standards.
  • HubSpot – CRM and email communication management. Your contact information and project enquiry details may be stored here for relationship management.
  • Slack – Internal team communication. Client communication summaries may be logged (we do not share your communications with Slack).
  • AWS / Azure Cloud Infrastructure – Hosting and storage of project files, documentation, and backups.
  • Zoom – Video conferencing for client meetings and demos. Zoom's privacy policy applies to meeting recordings: https://zoom.us/en/privacy
  • LinkedIn Ads – Audience measurement and conversion tracking.
  • Meta (Facebook) Pixel – Conversion measurement and website analytics.

All third-party processors are contractually bound to process data only on our instruction and to maintain confidentiality. We ensure processors meet or exceed our data protection standards.

5. Data Sharing

We do not sell or rent your personal data. We share information only in these circumstances:

  • With Your Consent: If you explicitly approve sharing with partners, subcontractors, or vendors involved in delivering your project.
  • Legal Requirement: To comply with court orders, regulatory investigations, or Indian law enforcement requests.
  • Service Providers: With third-party processors listed in Section 4, under data processing agreements.
  • Business Transfer: In the event of merger, acquisition, or sale of assets, your data may transfer to the acquiring entity under equivalent privacy protections.

6. Data Retention

6.1 Retention Periods

  • Project Data: Retained for the duration of the engagement plus 7 years for tax, audit, and dispute-resolution purposes (as required by Indian law).
  • Enquiry Data: Retained for 3 years unless you request deletion or opt out of marketing communications.
  • Website Analytics: Aggregated analytics data retained indefinitely; individual user data automatically deleted after 26 months in Google Analytics.
  • Marketing Communications: Retained until you unsubscribe; suppression lists maintained for 2 years to avoid re-contact.
  • Cookies: Session cookies expire upon browser closure; persistent cookies expire as detailed in Section 3.

6.2 Deletion Process

To request deletion of your data, contact us at privacy@xceedtech.in with "Data Deletion Request" in the subject line. Include your name, email, and specific information to be deleted. We will:

  • Acknowledge your request within 5 business days.
  • Verify your identity (for security purposes).
  • Delete retrievable data within 30 days, except where retention is required by law.
  • Confirm completion and provide a deletion certificate if requested.

Note: Anonymised and aggregated data may be retained indefinitely as it cannot identify you.

7. Your Rights Under Data Protection Laws

7.1 Rights Under the Digital Personal Data Protection Act, 2023 (India)

If you are located in India or your data is processed in India, you have the following rights under the DPDP Act 2023:

  • Right to Access: You can request a copy of personal data we hold about you.
  • Right to Correction: You can request correction of inaccurate or incomplete information.
  • Right to Erasure: You can request deletion of your data where it is no longer necessary for the purpose collected, subject to legal retention obligations.
  • Right to Grievance Redressal: You can lodge a complaint with our Grievance Officer (contact below) or escalate to the Data Protection Board of India if unsatisfied.

To exercise these rights, contact our Data Protection Officer at dpo@xceedtech.in.

7.2 Rights Under the General Data Protection Regulation (GDPR) – EU and UK

If you are located in the European Union or United Kingdom, the GDPR grants you the following rights:

  • Right of Access: Obtain confirmation of whether we process your data and access a copy.
  • Right to Rectification: Correct or complete inaccurate personal data.
  • Right to Erasure ("Right to Be Forgotten"): Request deletion of personal data where:
    • The data is no longer necessary for its original purpose.
    • You withdraw your consent.
    • You object and we have no overriding legitimate interest.
    • The data has been unlawfully processed.
  • Right to Data Portability: Receive your data in a structured, machine-readable format (CSV, JSON) and transmit it to another controller.
  • Right to Object: Object to processing for direct marketing, profiling, or automated decision-making.
  • Right to Restrict Processing: Request we limit use of your data pending a decision on your other rights.
  • Rights Related to Automated Decision-Making: You have the right not to be subject to fully automated decision-making with legal effect (we do not use such systems).

To exercise GDPR rights, contact us at privacy@xceedtech.in with "GDPR Request" in the subject line. We will respond within 30 days. If you believe we violate GDPR, you have the right to lodge a complaint with your national data protection authority.

7.3 Rights Under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA) – USA

If you are a California resident, you have the following rights under CCPA / CPRA:

  • Right to Know: Request what personal information we collect, use, share, and sell.
  • Right to Delete: Request deletion of personal information (with limited exceptions for legal compliance and fraud prevention).
  • Right to Correct: Request correction of inaccurate personal information.
  • Right to Opt-Out of Sale/Sharing: Direct us not to "sell" or "share" your personal information for cross-context behavioural advertising. (Note: We do not currently sell or share consumer data as defined by CCPA/CPRA.)
  • Right to Limit Use and Disclosure: Limit how we use sensitive personal information (health data, financial information, precise location).
  • Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights.

To submit a CCPA/CPRA request, contact privacy@xceedtech.in with "California Privacy Request" in the subject line and include your name, email, and a description of your request. We will verify your identity before fulfilling your request and respond within 45 days (extendable by 45 additional days if necessary). You may designate an authorised agent to submit requests on your behalf; we will request proof of authorisation.

8. International Data Transfers

Xceed is based in India. If you are located in the EU, UK, or other jurisdictions with data protection laws restricting transfers outside their borders, note that:

  • We process personal data in India as part of our normal business operations.
  • Where required by GDPR or UK Data Protection Act 2018, we rely on Standard Contractual Clauses (SCCs) or Binding Corporate Rules approved by your data protection authority to ensure adequate safeguards.
  • We ensure adequate security measures, encryption, and access controls to protect your data during transfer and storage.
  • You may request details of our transfer mechanisms and safeguards by contacting our DPO.

9. Children's Privacy

Our services are intended for businesses, enterprises, and professionals (B2B). We do not knowingly collect personal data from individuals under 18 years of age. If we become aware that a minor has provided personal data, we will take steps to delete such information and terminate the minor's engagement with our services. Parents or guardians who believe a child has provided data to us should contact us immediately at privacy@xceedtech.in.

10. Security

We implement industry-standard technical and organisational security measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction, including:

  • SSL/TLS encryption for all data in transit.
  • AES-256 encryption for data at rest in cloud storage.
  • Regular security audits and penetration testing.
  • Role-based access controls limiting employee access to data.
  • Secure password policies and multi-factor authentication for staff.
  • Incident response procedures to detect and address data breaches.

Important: While we strive to protect your data, no security system is 100% impenetrable. Transmission of data over the internet carries inherent risks. You are responsible for maintaining confidentiality of any login credentials you create.

11. Changes to This Policy

We may update this Privacy Policy from time to time to reflect legal changes, new service features, or operational improvements. The "Last updated" date at the top of this policy indicates the most recent revision. Material changes (e.g., new data uses, new categories of recipients, or expanded data collection) will be notified via email to your registered address, and your continued use of our website or services signifies your acceptance of updated terms.

12. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us:

  • Email: privacy@xceedtech.in
  • Data Protection Officer: dpo@xceedtech.in
  • Grievance Officer (DPDP Act 2023): grievance@xceedtech.in
  • Company Name: Xceed
  • Address: Pune, India
  • Website: www.xceedtech.in

For EU/UK GDPR complaints, you may also contact your national data protection authority. For California residents, you may file a complaint with the California Attorney General.