Privacy Policy
XENVIO SL ("XENVIO", "we", "our", or "us") is committed to protecting the privacy and personal data of our users, customers, and visitors. This Privacy Policy describes how we collect, use, store, and protect your personal data in accordance with the General Data Protection Regulation (GDPR) and applicable data protection laws.
1. Data Controller
The data controller responsible for your personal data is:
- Company: XENVIO SL
- Address: [Company Address]
- Email: privacy@xenvio.com
2. Data We Collect
We collect and process the following categories of personal data:
- Account data: name, email address, company name, role, and password (hashed).
- Billing data: payment method details processed via our secure payment provider (we do not store full card numbers).
- Usage data: log files, IP addresses, browser type, pages visited, and feature interactions.
- Operational data: shipment records, carrier configurations, warehouse data, and order information you input into the platform.
- Communication data: messages sent through our support system or contact forms.
3. Legal Basis for Processing
We process your personal data based on the following legal grounds under Article 6 GDPR:
- Contract performance: to provide the XENVIO platform and services you have subscribed to.
- Legitimate interests: to improve our services, prevent fraud, and ensure platform security.
- Legal obligation: to comply with applicable laws and regulations.
- Consent: for marketing communications, which you may withdraw at any time.
4. How We Use Your Data
- Providing, maintaining, and improving the XENVIO platform.
- Processing payments and managing your subscription.
- Sending transactional emails (account alerts, billing receipts, system notifications).
- Sending marketing communications (only with your consent).
- Detecting, investigating, and preventing fraudulent or unauthorized activity.
- Complying with legal and regulatory obligations.
5. Data Sharing and Third Parties
We do not sell your personal data. We may share it with:
- Carrier APIs: to generate shipping labels (only shipment-relevant data is transmitted).
- Payment processors: Stripe or equivalent, under their own GDPR-compliant privacy policies.
- Cloud infrastructure providers: AWS or equivalent, acting as data processors under a Data Processing Agreement (DPA).
- Analytics tools: anonymized, aggregated data only.
- Legal authorities: when required by law or court order.
6. Data Retention
We retain your personal data for as long as your account is active or as needed to provide services. After account termination:
- Account data is deleted within 90 days.
- Billing records are retained for 7 years to comply with tax obligations.
- Anonymized usage statistics may be retained indefinitely.
7. Your Rights (GDPR)
Under GDPR, you have the following rights regarding your personal data:
- Right of access: request a copy of the data we hold about you.
- Right to rectification: request correction of inaccurate or incomplete data.
- Right to erasure: request deletion of your personal data ("right to be forgotten").
- Right to restriction: request that we limit processing of your data.
- Right to portability: receive your data in a structured, machine-readable format.
- Right to object: object to processing based on legitimate interests or for direct marketing.
- Right to withdraw consent: at any time, without affecting prior processing.
To exercise any of these rights, contact us at privacy@xenvio.com. We will respond within 30 days.
8. Cookies
XENVIO uses strictly necessary cookies for session management and authentication. We do not use third-party tracking cookies without your consent. You may control cookie preferences through your browser settings.
9. Data Security
We implement industry-standard security measures including TLS encryption in transit, AES-256 encryption at rest, role-based access control, and regular security audits. In the event of a data breach affecting your rights and freedoms, we will notify you and the relevant supervisory authority within 72 hours as required by Article 33 GDPR.
10. International Transfers
If your data is transferred outside the European Economic Area (EEA), we ensure adequate protection through Standard Contractual Clauses (SCCs) approved by the European Commission.
11. Changes to This Policy
We may update this Privacy Policy periodically. When we make material changes, we will notify you by email or via a prominent notice on the platform. The "Last updated" date at the top of this page reflects the most recent revision.
12. Contact & Complaints
For privacy-related questions, contact our Data Protection Officer at privacy@xenvio.com. You also have the right to lodge a complaint with your local supervisory authority (e.g., the AEPD in Spain or the ICO in the UK).
© 2026 XENVIO SL. All rights reserved. · Terms of Use