Privacy

Everything you'd like to know about your data and how it is being used

All devices that have either the XFA Web Extension, XFA Native Client or the XFA Mobile App installed will send their device status to the XFA servers, identified by a unique device ID.
The device status includes the checks as seen in the interface and varies from device to device, but may include information such as OS version, disk encryption status, available updates, ...
Only when a user accepts an invitation by an organization will this device ID be linked to the email address on which they were invited.
Organization administrators that use the XFA Dashboard will also have to submit basic details of their organization alongside creating an account with username & password.
When an organization administrator connects "Discovery" with their Microsoft or Google account, XFA will collect device information from the sign-in logs in the respective organizational account. This device data will be linked to the company email address of the user, similar to the information collected from the device.
Currently all applications send the device status regardless if a user is added to an organization. This information is used for general user statistics & optimization of the XFA ecosystem.
The device status is locally available by the user at any time. When a user is a added to an organization, the device status will also be available to the administrators of that organization, identified by the email address on which they were invited.
Organizational data are used for billing purposes.
At no point will any device information of either a user or organization be shared without prior permission.
Billing information and administrative details (invoices, contact information, ...) will be kept as long as required, as instructed by the law of Belgium (which is the operating country of XFA BV).
Individual device information will remain in the system unless requested to be deleted with the device ID and corresponding token. This information guarantees we can support devices that are offline for a long time & maintain accurate statistics. Organizational statistics will be deleted when the account has been deleted.
We utulize privacy-friendly tracking on our website and collect emails for marketing purposes at (online) events (e.g. LinkedIn Live) and through our website. We do not share this information with any third parties (outside of co-organizers of events) unless specified otherwise. You can opt-out at any time with the 'unsubscribe' link at the bottom of the email or by contacting us at [email protected]
XFA has been founded by privacy-aware security professionals & built from the ground up with privacy and security by design in mind. Modern development & infrastructure practices have been adopted such as the principle of least privilege, encryption (both at rest and in transit) and a layered security model. These practices guarantee that the highest level of availability, confidentiality & integrity is kept at all times.
Development of XFA is based in Belgium and data is stored on Amazon Web Services (AWS) in the Ireland region. At no point will we move any data without prior disclosure of planning so.
Any questions or requests can be sent to [email protected]