Back to Legal

Privacy Policy

In Effect as of May 29, 2026

Welcome to the privacy operations framework for XiteAI Technologies. The protection of our users' personal data is foundational to our educational platform. This Policy applies across our corporate domain (xiteai.com), our AI platform (chat.xiteai.com), and all associated tools.

By accessing XiteAI, you consent to our practices surrounding data processing as outlined below.

A. Data Collection Framework

We collect multi-layered data to power our contextual AI models. This data falls into three distinct categories:

1. Data Provided Directly by You

  • Identity Provisioning: Email addresses, selected usernames, profile avatars, and secured passwords required to establish and authenticate your account.
  • Prompt & Knowledge Base Submissions: The real-time queries, chat histories, and any proprietary documents (such as PDFs, DOCX files, or historical exam metrics) you upload into the platform for analysis by our Exam Solver or PYQ Analyzer.
  • Commercial Data: For Premium subscribers, we collect necessary billing identities. Payment routing and credit card tokenization are exclusively handled by our certified third-party financial gateways (e.g., Stripe); we never store raw credit card numbers.

2. Automated Telemetry & Operations Data

We continuously monitor hardware/software telemetry, session duration, IP endpoints, general geographic location, and interaction heatmaps (such as utilization rates of the Cheat Sheet Studio). This is used strictly for capacity planning and diagnostic load-balancing.

3. External Data Accumulation

In scenarios where you authorize single-sign-on (SSO) via partners like Google, we ingest foundational profile data (name, email) granted by that provider to bridge your accounts securely.

B. Purpose and Utilization of Data

Your data acts as the structural foundation for XiteAI. We deploy this information to:

  • Execute Core Operations: To route your prompts intelligently across our model tiers, maintain session context, build customized Cheat Sheets, and synthesize interactive MCQs.
  • State Management: To persist your chat logs, enabling features like soft-deletion, archiving, branching, and historical context retrieval.
  • Continuous Refinement: To measure aggregate usage trends, enabling us to optimize response latencies, refine UI variants, and calibrate provider fallback chains.
  • Account Safety: To monitor rate-limits, prevent abuse, and enforce our multi-tenant security architecture.

C. Third-Party Data Transmission

Operating a cutting-edge LLM platform requires integration with specialized external processors. We do not sell your personal data to ad brokers. Information is transmitted strictly to facilitate service delivery:

  • Foundation Model Providers: Your prompts and parsed document context are securely pushed to aggregated AI logic endpoints (e.g., OpenRouter, Google, Anthropic) specifically to generate responses.
  • Live Web Augmentation: If your prompt requires real-time knowledge, the core query is securely relayed to search indexers.
  • Cloud Infrastructure: Your persistent data is encrypted at rest within enterprise-grade database networks, while session states and rate limits are managed via rapid in-memory data structures.

D. User Rights and Data Autonomy

In alignment with major international data privacy frameworks (including the GDPR and CCPA), XiteAI natively equips users with powerful data control mechanisms:

  • Permanent Purging (Right to Erasure): You maintain total authority to trigger a hard-delete of your account, permanently wiping your chat history and metadata from our primary clusters.
  • Structural Export (Data Portability): You may legally request and securely download a comprehensive digital ledger of your account usage and historical conversations.
  • Soft Deletion: Routine chat deletions are moved to a soft-delete queue to prevent accidental data loss before eventually being autonomously purged.

E. Minor & Educational Privacy

XiteAI is designed as an advanced academic tool, but it is not intended for unmonitored use by children under the minimum digital consent age established by their local jurisdiction (e.g., age 13 in the US, up to age 16 in the EU). We strictly mandate that minors operating below these thresholds must only use the platform under the verified supervision of a parent or guardian. We will promptly delete any unverified accounts found to bypass these restrictions.

Contacting Our Privacy Team

We are committed to total transparency. If you need to make manual privacy requests or have legal concerns regarding this document, please contact us: