Privacy Policy

Xusmo ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website at xusmo.ai (the "Site"), use our AI-powered website builder, or subscribe to our WordPress hosting services (collectively, the "Services").

By accessing or using our Services, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree with the terms of this Privacy Policy, please do not access or use our Services.

We reserve the right to make changes to this Privacy Policy at any time and for any reason. We will alert you about any changes by updating the "Last updated" date of this Privacy Policy. You are encouraged to periodically review this Privacy Policy to stay informed of updates.

We collect information that you provide directly to us, information collected automatically when you use our Services, and information from third-party sources. The categories of personal information we collect include:

2.1 Information You Provide

• Account Information: When you create an account, we collect your name, email address, phone number, and password.
• Business Information: During the AI-guided interview process, we collect information about your business including your business name, industry, services offered, location, hours of operation, and any other details you provide to help us build your website.
• Payment Information: When you subscribe to a hosting plan, we collect billing information including your credit or debit card number, billing address, and transaction history. Payment processing is handled by our third-party payment processor, Stripe, and we do not store your full card number on our servers.
• Communications: When you contact us via email, support chat, or other channels, we collect the content of your messages and any attachments you provide.
• Content: Any text, images, logos, or other media you upload or provide for use on your website.

2.2 Information Collected Automatically

• Device and Usage Data: We automatically collect certain information when you access our Services, including your IP address, browser type and version, operating system, referring URL, pages visited, time and date of your visit, and time spent on each page.
• Analytics Data: We use analytics services to collect aggregated usage data to help us improve our Services, including feature usage, click patterns, and navigation flow.

Xusmo uses artificial intelligence (AI) and machine learning technologies as a core part of our Services. We believe in transparency about how AI is used to process your information:

• Website Generation: We use AI to analyze the business information you provide during the interview process and generate website content, design layouts, color schemes, and page structures tailored to your industry and business needs.
• Industry Classification: Our AI automatically classifies your business into an industry category and archetype to select the most appropriate website templates, features, and content strategies.
• Content Creation: AI generates written content for your website including page copy, service descriptions, calls to action, and meta descriptions based on the information you provide. All AI-generated content is available for your review and editing before publication.
• Ongoing Optimization: For subscribers on eligible plans, AI may be used to suggest content updates, blog posts, and SEO improvements over time.
• Data Handling: The business information you provide during the interview is sent to third-party AI providers (such as OpenAI) for processing. We have data processing agreements in place with these providers that prohibit them from using your data to train their models or for any purpose other than providing the requested service to Xusmo.

You retain full ownership of all information you provide and all content generated for your website. You may review, edit, or request deletion of AI-generated content at any time.

When you subscribe to a Xusmo hosting plan, we provision a managed WordPress installation on your behalf. The following applies to data stored in connection with your hosted website:

• Server Location: Your WordPress site is hosted on cloud infrastructure located in the United States. If you are located outside the United States, please be aware that your data will be transferred to and stored in the United States.
• Website Data: We store all data associated with your WordPress installation, including pages, posts, media files, plugins, themes, and database content.
• Visitor Data: Your hosted website may collect data from your own visitors (e.g., through contact forms, analytics, or e-commerce functionality). You are the data controller for any personal data collected through your website, and you are responsible for ensuring your own compliance with applicable privacy laws.
• Backups: We perform regular automated backups of your website data. Backup frequency depends on your subscription plan. Backups are encrypted and stored securely for disaster recovery purposes.
• Security: We implement industry-standard security measures including SSL/TLS encryption, firewalls, malware scanning, and automatic security updates to protect your hosted website.

We use cookies and similar tracking technologies to collect and track information about your activity on our Services and to hold certain information. The types of cookies we use include:

• Essential Cookies: These cookies are necessary for the Services to function properly. They enable core functionality such as authentication, session management, and security. You cannot opt out of essential cookies as they are required for the Services to operate.
• Analytics Cookies: We use analytics cookies to understand how visitors interact with our Services, which pages are visited most frequently, and how users navigate through the site. This data helps us improve user experience and site performance.
• Preference Cookies: These cookies remember your settings and preferences, such as language selection and display configurations, to provide a more personalized experience.
• Marketing Cookies: With your consent, we may use marketing cookies to deliver relevant advertisements and measure the effectiveness of our advertising campaigns. You can opt out of marketing cookies at any time through your browser settings or our cookie preferences center.

Most web browsers are set to accept cookies by default. You can usually choose to set your browser to remove or reject cookies. Please note that removing or rejecting cookies may affect the availability and functionality of our Services.

We use the following categories of third-party services to operate and improve our platform. Each third-party provider is bound by their own privacy policy and our contractual data processing agreements:

• Payment Processing: Stripe processes all payment transactions. Your payment information is transmitted directly to Stripe and is subject to Stripe's privacy policy.
• AI Services: OpenAI and similar providers process your business information to generate website content. Data is transmitted securely and is not used to train third-party models.
• Authentication: We may use third-party authentication providers (such as Google OAuth) to facilitate account creation and login.
• Cloud Infrastructure: Our Services are hosted on cloud infrastructure providers that maintain their own security certifications and compliance standards.
• Analytics: We use analytics services to understand usage patterns and improve our Services. These services may collect anonymized usage data.
• Email Communications: We use third-party email service providers to send transactional emails (account confirmations, billing receipts) and, with your consent, marketing communications.
• Domain Registration: If you register a domain through Xusmo, we work with accredited domain registrars who may collect information required for domain registration (including WHOIS data).

We retain your personal information for as long as necessary to fulfill the purposes for which it was collected, including to satisfy legal, accounting, or reporting requirements. Specific retention periods include:

• Account Data: We retain your account information for the duration of your account. If you delete your account, we will delete or anonymize your personal information within 30 days, except where retention is required by law.
• Interview Data: Business information collected during the interview process is retained as long as your account is active or as needed to maintain your website.
• Website Data: Your WordPress website data is retained for the duration of your hosting subscription. Upon cancellation, your website data is retained for 30 days to allow for reactivation or export, after which it is permanently deleted.
• Billing Records: Payment and billing records are retained for 7 years in accordance with accounting and tax requirements.
• Support Communications: Support tickets and communications are retained for 3 years after resolution for quality assurance and dispute resolution purposes.
• Analytics Data: Aggregated, anonymized analytics data may be retained indefinitely to improve our Services.

Depending on your location, you may have certain rights regarding your personal information under applicable data protection laws, including the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and other applicable legislation. These rights may include:

• Right of Access: You may request a copy of the personal information we hold about you.
• Right to Rectification: You may request that we correct any inaccurate or incomplete personal information.
• Right to Erasure: You may request that we delete your personal information, subject to certain legal exceptions.
• Right to Restrict Processing: You may request that we limit how we use your personal information.
• Right to Data Portability: You may request a machine-readable copy of your personal information to transfer to another service.
• Right to Object: You may object to the processing of your personal information for certain purposes, including direct marketing.
• Right to Withdraw Consent: Where processing is based on your consent, you may withdraw that consent at any time without affecting the lawfulness of prior processing.
• Right to Non-Discrimination: We will not discriminate against you for exercising any of your privacy rights.

To exercise any of these rights, please contact us using the information provided in the Contact section below. We will respond to your request within 30 days (or such shorter period as required by applicable law). We may require verification of your identity before processing your request.

Additionally, you have the right to export your WordPress website data at any time through your account portal. We provide standard WordPress export functionality, allowing you to download your complete site including content, media, themes, and plugins.

We implement appropriate technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. These measures include:

• Encryption of data in transit using TLS 1.2 or higher
• Encryption of sensitive data at rest
• Regular security assessments and penetration testing
• Access controls and authentication requirements for employees
• Secure software development practices
• Incident response procedures

While we strive to protect your personal information, no method of transmission over the Internet or method of electronic storage is 100% secure. We cannot guarantee absolute security of your data.

Our Services are not intended for individuals under the age of 18. We do not knowingly collect personal information from children under 18. If we learn that we have collected personal information from a child under 18, we will take steps to delete that information as quickly as possible. If you believe we have inadvertently collected information from a child under 18, please contact us immediately.

Our Services are operated in the United States. If you are located outside the United States, please be aware that any information you provide to us will be transferred to and processed in the United States. By using our Services, you consent to this transfer. We take appropriate safeguards to ensure that your personal information is treated securely and in accordance with this Privacy Policy, including the use of Standard Contractual Clauses where required by applicable law.

If you have any questions about this Privacy Policy, wish to exercise your rights, or have concerns about our data practices, you may contact us at:

We aim to respond to all legitimate requests within 30 days. Occasionally, it may take us longer if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated on the progress of your request.