Privacy Policy

Xern AI (“Xern”, “we”, “us”, or “our”) operates the website xernai.com and the Xern AI platform — an AI-powered product discovery and spec generation tool.

This Privacy Policy describes the personal information we collect, how we use it, and your rights in relation to it. By using the Service, you agree to the practices described here. If you do not agree, please discontinue use.

This policy applies to all users of xernai.com regardless of their country of residence.

We may collect the following categories of information:

• Account information — your name and email address, provided when you register via Google OAuth or email/password.
• User-submitted content — feedback files, pasted text, and other data you upload to create product specs. This content may include customer feedback or proprietary business information that you choose to provide.
• Usage data — pages visited, features used, session timestamps, and actions taken within the platform.
• Technical data — IP address, browser type, device identifiers, and referral source, collected automatically when you access the Service.
• Billing information — subscription tier and billing status. Payment card details are handled directly by Stripe and are not stored on our servers. See Section 6.
• Communications — messages you send to us via email for support or other inquiries.

Where data protection law requires a legal basis for processing personal data, we rely on the following:

• Contract performance — processing necessary to provide you with the Service you signed up for (account management, running the AI pipeline on your content, billing).
• Legitimate interests — improving and securing the Service, detecting fraud or abuse, and maintaining product analytics, where these interests are not overridden by your rights.
• Legal obligation — complying with applicable laws, regulations, or valid legal requests.
• Consent — where we have asked for your consent for a specific purpose (e.g. optional marketing communications), and you have provided it. You may withdraw consent at any time.

• To create and maintain your account and authenticate your identity.
• To process uploaded content through our AI pipeline — including sending that content to AI subprocessors — in order to generate themes, quotes, and product spec proposals on your behalf.
• We do not use your uploaded content to train, fine-tune, or improve any AI or machine learning model. Your content is processed solely to produce outputs for you.
• To send transactional emails (e.g. account confirmation, password reset, billing receipts).
• To process payments and manage your subscription via Stripe.
• To monitor platform performance, detect abuse, and fix bugs.
• To improve the Service based on aggregate, anonymised usage patterns.
• To comply with legal obligations and enforce our Terms of Service.

We share data with the following third-party service providers (“subprocessors”) who process data on our behalf. Each is contractually bound to protect your data and may only use it to provide services to us.

We do not sell your personal data to third parties, and we do not share it with advertisers or data brokers.

Xern AI uses Stripe to process all subscription payments. When you enter payment card details, those details are submitted directly to Stripe’s secure servers and are never transmitted to or stored on Xern AI’s systems.

We receive from Stripe only non-sensitive billing metadata such as your subscription status, plan tier, billing interval, and a tokenised payment method identifier. We do not have access to your full card number, CVV, or expiry date.

Stripe’s privacy practices are governed by the Stripe Privacy Policy.

We use session cookies and local storage that are strictly necessary for the platform to function — specifically to maintain your authenticated session after login. We do not use advertising cookies, cross-site tracking cookies, or fingerprinting techniques.

Xern AI does not currently use third-party analytics services. If we introduce analytics in the future, this policy will be updated and you will be notified in accordance with Section 13.

You may configure your browser to block or delete cookies, but doing so may prevent you from remaining logged in to the Service.

We retain your data for the following periods:

• Account data — retained for as long as your account is active, plus a reasonable period after closure to handle any outstanding billing queries or legal obligations.
• Project content — retained until you delete the project or close your account, whichever is earlier.
• Backup and log data — system backups and server logs may retain copies of your data for up to 90 days after deletion, after which they are purged as part of our standard infrastructure rotation.
• Billing records — retained for the period required by applicable tax and financial regulations.

To request deletion of your account and all associated data, email xernai.app@gmail.com. We will process your request and confirm deletion within 30 days, subject to legal retention requirements.

Xern AI is operated from Singapore. Our subprocessors (Vercel, Supabase, Anthropic, and Stripe) are primarily based in the United States. When you use the Service, your personal data may be transferred to and processed in countries outside your country of residence, including the United States and other jurisdictions.

These countries may have data protection laws that differ from those in your country. We take reasonable steps to ensure that any cross-border data transfers are made subject to appropriate safeguards, and that subprocessors are bound by data protection obligations consistent with this policy.

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, please note that data transfers to subprocessors in the United States may be subject to Standard Contractual Clauses or other approved transfer mechanisms.

We apply reasonable technical and organisational safeguards to protect your personal data against unauthorised access, loss, or disclosure. These include TLS encryption for data in transit, access controls on our database, and limiting access to personal data to staff and subprocessors who require it to deliver the Service.

No method of data transmission or storage over the internet can be guaranteed to be 100% secure. While we take these measures seriously, we cannot provide an absolute guarantee against every security risk. If you believe your account has been compromised, please contact us immediately.

Depending on your country of residence and applicable law, you may have some or all of the following rights regarding your personal data:

• Access — request a copy of the data we hold about you.
• Correction — request that we correct inaccurate or incomplete data.
• Deletion — request erasure of your personal data, subject to legal retention requirements.
• Portability — receive your data in a structured, machine-readable format.
• Objection / restriction — object to or request restriction of certain processing activities.
• Withdraw consent — where processing is based on consent, withdraw it at any time without affecting prior processing.

To exercise any of these rights, contact us at xernai.app@gmail.com. We will respond within 30 days. We may need to verify your identity before processing certain requests.

The Service is intended for users who are 18 years of age or older. We do not knowingly collect personal data from individuals under 18. If you believe that a minor has provided us with personal data, please contact us and we will take steps to delete it promptly.

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or the Service. When we make material changes, we will post the updated policy on this page with a revised effective date, and — where practicable — notify you via email or an in-app notice.

Your continued use of the Service after the effective date of an updated policy constitutes your acceptance of the changes. If you do not agree to the updated policy, you should stop using the Service and request deletion of your account.