Welcome to our privacy policy, where you can find the details on how we process data, what service providers we use and how we protect your privacy. The TLDR: We do not store your personal data. We do not retarget, and we do not sell or share any data.
For us, a privacy app is one that does not send any of the personal data (IP address, search requests, and so forth) from the app elsewhere for storage or processing. We achieve this with decentralized or device-level computing, making it unnecessary for our users' personal data to ever leave their own device.
Our News Reader is a news search assistant; it finds interesting articles from the internet and curates them for users in a personalised stream while protecting their privacy. To tailor the content stream to user preferences, we built an AI that learns from user interactions (likes, dislikes and time users spend with each document) directly on their device. Thus, all their personal data always stays only on their device and is never sent to us.
On each device, different AI models work together, creating an AI assistant that performs multiple jobs to search the Internet for content most relevant to a specific user:
We forward the user’s search requests which are generated automatically by the Xayn AI for the news feed between their app and our Xayn content index, and vice versa.The index only includes URL and title of the articles which we use for the reranking. Whenever a user clicks on a document, the reader mode is activated and processes locally.
We must do this to provide users with the respective content. This index does neither log, store nor even analyse any of the user´s personal data and acts as a stateless service. The user’s personal data is not used at all once forwarded between their app and the index, and vice versa. In addition, we encrypt the information that travels from the app to the index and back and only those endpoints can decrypt this. If you care to learn more about the legal basis for this data processing, please refer to Art. 6 (1) lit. b) GDPR.
We work with the following service providers who assist us in providing our services:
Cloud-Service: 1&1 Ionos SE, Germany
CDN: KeyCDN / proinity LLC, Switzerland (according to an EU Commission decision, Switzerland, although outside the EU, offers an adequate level of data protection) –
A CDN is a geographically distributed network of proxy servers which we use to provide high availability and performance by distributing the service spatially relative to our users. For example, if you are located in Brazil, your end device might want to connect to a server in Brazil instead of Germany for performance reasons. Your device will establish an internet connection with the CDN proxy servers when you use the App, and solely for this purpose KeyCDN for a few moments processes your IP address and other meta data. However, KeyCDN does not store your IP address or any personal data of you.
Hosting of our Website:
Webflow, Inc., USA
Your device will establish an internet connection with the Webflow servers when you access our website, and solely for this purpose Webflow for a few moments processes your IP address and other meta data. However, Webflow does not store your IP address or any personal data of you. We concluded so-called EU Standard Contractual Clauses with Webflow.
Bug Reporting and Logging:
Instabug, Inc, USA.
We use this service if you share a bug report with us. A bug report includes all information you include (screenshot where you can pixelate certain areas, your description of the bug, your e-mail address). We log certain performance metrics and the last 100 steps you took to allow for better bug reporting. This log data is stored on device and only shared with us when you decide to file a bug report. Any transfer of limited personal data to the US contained in your bug report is subject to contractual guarantees with Instabug (i.e., standard contractual clauses approved by the EU Commission).
Analytics:
Mixpanel Inc., USA.
Analytics may sound mystical, but it is an absolute essential part of our growth journey as a company. Only when we understand app usage patterns best can we build the best user experience for you, which helps to spread our cause even further! We therefore engage in product analytics such as understanding if parts of the app are not easy to use, which would require instant fixing.... Nevertheless, we do not associate usage data with any personal identifiers and we do not use any marketing tracking functionality (cross-site tracking, retargeting, etc). We have not activated IP and location tracking. Any necessary transfer of personal data to the US is subject to standard contractual clauses approved by the EU Commission but do not apply hereby, as we keep personal data on the device.
AppsFlyer Inc., USA
Efficient marketing allows us to spread our mission to more people, which is why we're using mobile attribution service Appsflyer. However, in order to protect your privacy throughout that process, we only use cryptographic strings instead of personal user data to match ad campaigns with actual installs and allows us to optimise for success. This is powered by Apple's SKAdNetwork library, an inherently privacy-safe mobile app install attribution that does not supply granular per-device data. A win-win for both users and us.
These service providers process data solely on behalf of and under the control of us and only for the purposes described in this privacy policy and with servers setup in Europe under EU subsidiaries.
Although we do not store any of your personal data, we must inform you that you may exercise your right to information, rectification, erasure and, if applicable, restriction of processing and data portability at the address mentioned below. If you as a data subject believe any of your rights have been infringed, you may file an appeal with the competent data protection authority.
This privacy policy is provided by us, Xayn AG, Unter den Linden 42, 10117 Berlin (Germany). The contact address is privacy@xayn.com (imprint).
Like most other companies, we are dependent on social media profiles in order to distribute and promote our products. We are aware of the critique social media platforms face with regard to data privacy. Therefore, we decided not to access any of the analytics data the platform operators provide to us. For example, we are not interested in knowing any demographic information of the users clicking on twitter links. We know that this might not be clever from a marketing perspective, but our decision has to be seen in the light of our goal to provide privacy preserving technologies.
This being said, we operate the following social media websites:
The operators of the social media platforms (e.g. Twitter) are involved in the operation of the websites just listed. They are also responsible (controllers) within the meaning of data protection law. We cannot influence the data processing carried out by the platform operators and are dependent on the information the respective providers give us. To the extent we can exert influence and have a part in determining data processing, we aim to ensure that the operators of the social media platforms treat the data in a manner appropriate to data protection.
Data processed by us
The data you disclose using our social media pages, such as comments, videos, pictures, likes, public news, and so forth are published by the social media platform. We may comment on or delete content if this is necessary (e.g., in case it violates laws). In some cases, we share your content on our site (e.g., when you compliment us publicly) and communicate with you through the social media platforms (e.g., when you contact us on such platforms). We use the social media platforms for marketing purposes. The legal basis for all those processing activities is our legitimate interest in operating a social media profile and to market our App (Art. 6 (1) lit. f) GDPR). If we process your personal data on the basis of our legitimate interests (Art. 6 (1) lit. f) GDPR), you may object to the processing and use of your data. In this case, we will no longer use your data unless our interests prevail.
Data processed by the operators of social media platforms
Social media platform operators use web tracking methods. Web tracking can be performed regardless of whether you are logged in or registered with the social media platform. We cannot influence the web tracking methods of the social media platform and, for example, cannot switch such tracking off. We cannot rule out that the provider of the social media platform may use data, for example to evaluate habits, personal relationships, preferences, etc. In this area of tracking, we have no influence on the processing of data by the platform operator.
Further information on data processing by the provider of the social media platform and further possibilities for objection can be found in the privacy policy of the operators:
Instagram: https://help.instagram.com/519522125107875/?maybe_redirect_pol=0
We have entered into an agreement with LinkedIn Ireland Unlimited Company regarding joint responsibility for the processing of data (a Controller Addendum). This agreement determines which data processing activities we are responsible for when you visit our LinkedIn website and which are the responsibility of LinkedIn. You can view the agreement under: https://legal.linkedin.com/pages-joint-controller-addendum
With regard to personal data processed by us through the social media platforms, you have the same rights as mentioned in our main privacy policy in section 1 above.
This privacy policy is provided by us, Xayn AG, Unter den Linden 42, 10117 Berlin (Germany), privacy@xayn.com (imprint).
This privacy policy was updated on July 2022. We made the following changes (which are related to moving from beta testing into production): We replaced our product analytics tool Amplitude with Mixpanel (while it does not store PII, the analytics data is hosted in an EU datacenter by Mixpanel). We also made changes to wording after a long internal review session on whether our privacy policy is comprehensible enough for users. This includes: In 1a. Processing activities, we tried to clarify the meaning of edge/ device-level computing and which data this would or would not effect. In 1b service providers, we explained what Apple's SKAdNetwork is and linked documentation. In the same section, we also tried to clarify how we engage in product analytics and how that distinguishes from the technical term 'tracking'. Please let us know if you find any of this unclear, be this the change log or the privacy policy, as such. Transparency is crucial to us and we always look for ways to improve.
This privacy policy was updated in March 2022. We re-wrote the chapters 2 and 1.a for better readability & understanding. We also updated chapter 1.b (removed Microsoft, as well as adding Instabug, Appsflyer & Amplitude) as well as merging our former section 2. How Our Privacy Preserving Search Engine Works in Detail into section 1 to simplify it.
This privacy policy was updated on Dec 3, 2021. To clarify, we refined technical developments reflecting the functionality of our edge AI in chapter 2. We also edited some copy for style.
This privacy policy was updated on Jul 22, 2021. To clarify, we added to 1.b: We specified how we use third-party crawlers.
This privacy policy was updated on April 12, 2021. To clarify, we added to 1.b: our CDN provider and Matomo (removed again, since).
This privacy policy was updated on Dec 11, 2020. To clarify, we added to 1.a.i: Our servers receive your meta data including your IP address because your device establishes a connection with them, but they delete this data immediately thereafter and do not log, store or even analyse any of this data and thus act as a stateless service.
Xayn is growing and we’re looking for you to join our mission. Find out how you can come work for us.
