Legal
Privacy Policy
Last updated: June 2, 2026
At Xenode, privacy isn't a feature — it's the foundation. As an open-source project, we believe transparency is the strongest form of trust. This Privacy Policy explains what data we collect, how we use it, and the lengths we go to in order to protect your information. You don't just have to take our word for it — our entire codebase is publicly available on GitHub for anyone to audit and verify.
1. Our Commitment to Your Privacy
We do not use your personal information. Your name, email address, and any other personally identifiable information you provide is used solely for account authentication and service operation. We will never sell, rent, or share your personal data with third parties for their marketing purposes.
2. Information We Collect
2.1 Account Information
When you create an account, we collect the minimum information necessary to provide the Service, such as your email address and authentication credentials. This information is used solely for:
- Account creation and authentication
- Communicating with you about your account
- Providing customer support
2.2 File Data
All files stored on Xenode are protected with end-to-end encryption (AES-256). Your files are encrypted on your device before being transmitted to our servers. This means:
- We cannot read your files. Not even Xenode employees can access the contents of your stored data.
- We cannot share what we don't have. Since your encryption keys never leave your device, your data remains yours alone.
- Zero-knowledge architecture. We store only encrypted blobs with no knowledge of their contents.
2.3 Usage & Technical Data
We may collect basic, anonymized usage data to improve the Service, such as browser type, operating system, and general interaction patterns. This data is aggregated and cannot be used to identify individual users.
3. How We Use Your Information
We use the limited information we collect exclusively for the following purposes:
- Operating the Service: Account management, authentication, and customer support.
- Service improvements: Analyzing aggregated, anonymized usage patterns to enhance performance, reliability, and user experience.
- Security & compliance: Preventing fraud, abuse, and unauthorized access to the Service.
4. Promotional Communications
From time to time, we may use your email address to send you information about promotional campaigns, special offers, product updates, or new features related to Xenode. These communications are intended to keep you informed about improvements and value we can offer.
Your choice: You can opt out of promotional emails at any time by clicking the unsubscribe link included in every promotional email, or by contacting our support team. Opting out of promotional emails will not affect essential service communications (e.g., billing confirmations, security alerts).
5. Data Sharing & Third Parties
We do not sell or rent your personal information to third parties. We may share limited information only in the following circumstances:
- Payment processors: To process payments securely (e.g., Razorpay). Payment processors handle your billing information directly and are bound by their own privacy policies.
- Legal requirements: If required by law, regulation, or legal process, we may disclose information to comply with valid legal obligations. However, due to our zero-knowledge architecture, file contents remain encrypted and inaccessible even in such cases.
6. Data Retention
We retain your account data for as long as your account is active or as needed to provide the Service. If you choose to delete your account:
- Your encrypted files will be permanently deleted from our servers.
- Account-related data will be removed within 30 days of account deletion.
- Some anonymized, aggregated data may be retained for analytical purposes.
7. Data Security
We implement industry-standard security measures to protect your information, including:
- End-to-end encryption (AES-256): All file data is encrypted before leaving your device.
- TLS encryption: All data in transit is protected with TLS encryption.
- Zero-knowledge architecture: We structurally cannot access your encrypted file contents.
- Open-source transparency: Our entire codebase is publicly available on GitHub. You can independently verify every security claim we make.
- Secure infrastructure: Our servers employ robust security practices, regular audits, and access controls.
8. Your Rights
Depending on your jurisdiction, you may have the following rights regarding your personal data:
- Access: Request a copy of the personal data we hold about you.
- Correction: Request correction of inaccurate personal data.
- Deletion: Request deletion of your personal data and account.
- Portability: Request your data in a portable format.
- Opt-out: Opt out of promotional communications at any time.
To exercise any of these rights, please contact us at the email address provided below.
10. Children's Privacy
The Service is not intended for users under the age of 18. We do not knowingly collect personal information from children. If we become aware that a child under 18 has provided us with personal data, we will take steps to delete such information promptly.
11. Changes to This Policy
We may update this Privacy Policy from time to time. When we make significant changes, we will notify you by updating the “Last updated” date at the top of this page and, where appropriate, through in-app notifications or email. As an open-source project, all changes to our codebase — including those related to data handling — are publicly tracked on our GitHub repository. Your continued use of the Service after changes are posted constitutes your acceptance of the revised policy.
12. Contact Us
If you have any questions or concerns about this Privacy Policy or our data practices, please contact us:
Email: privacy@xenode.io