Last updated: 28 September 2025
1. Data Controller
xlr8
Kollwitzstraße 30
10405 Berlin, Germany
Email: contact@getxlr8.ai
When we refer to "personal data", "we", "us" or "our" in this Privacy Policy, we mean xlr8, which is the data controller for the services described below unless otherwise stated.
2. Scope and Purpose
This Privacy Policy describes how we collect, use, disclose, transfer, and store personal data in connection with your use of our websites, applications, dashboards, APIs, marketing communications and other services (collectively, the "Service"). It applies to individuals who interact with us in their personal capacity (customers, prospects, website visitors, end users) and as appropriate, their employees or authorized representatives.
We collect and process personal data to (i) provide, maintain and improve our Service; (ii) communicate with you; (iii) secure our Service; (iv) comply with legal obligations; and (v) when required, for our legitimate interests. Research of competitor policies (e.g. Hootsuite Inc.) supports including legitimate interest basis.
3. Categories of Personal Data We Collect
We may collect the following categories of personal data:
- Identity & contact data: e.g. first name, last name, title, email address, phone number, company/organisation name when you provide them;
- Account & usage data: user name, password (hashed & encrypted), usage logs, account settings, device information, browser type, IP address, time zone, social network identifiers if you link them;
- Transaction & billing data: payment method (e.g. credit card or other), billing address, invoices, payment history;
- Communications data: support enquiries, feedback, chat logs, emails;
- Technical & analytics data: server logs, error reports, crash data, cookies, tracking data, device identifiers, unique IDs, geolocation (coarse) where permitted;
- Social media & integration data: when you link your social network accounts or use our multi-channel publishing functionality, we may process data from those services (subject to your authorization).
4. Legal Bases for Processing
We rely on the following legal bases under the EU General Data Protection Regulation ("GDPR") for processing your personal data:
- Contract performance (Art. 6(1)(b) GDPR): e.g. to provide the Service, invoices, support;
- Legitimate interests (Art. 6(1)(f) GDPR): e.g. to improve our Service, conduct analytics, prevent fraud, protect our rights;
- Consent (Art. 6(1)(a) GDPR): e.g. for non-essential cookies, marketing communications;
- Compliance with legal obligations (Art. 6(1)(c) GDPR): e.g. retention of accounting records, regulatory requirements.
If processing is based on consent, you may withdraw it at any time — future processing will cease but will not affect the lawfulness of processing prior to withdrawal.
5. How We Use Your Personal Data
We use personal data for the following purposes:
- To provide and maintain the Service (including account creation, administration, access, updates);
- To process your transactions, billing and payment;
- To communicate with you, including service announcements, newsletters (where you have opted in), support and operational messages;
- To carry out analytics and product improvement (including aggregated usage data);
- To secure the Service, detect and prevent fraud, abuse, security incidents;
- To comply with applicable laws, regulations, litigation/dispute obligations, and protect our rights and the rights of others;
- To facilitate integrations with social networks or third-party services, where you authorised those;
- To manage marketing activities (where permitted) and track their effectiveness.
6. Cookies and Tracking Technologies
We and our service providers use cookies, web beacons, pixel tags, local storage, and similar technologies to collect and store information when you visit our websites or use our Service. This includes items like: session cookies, preference cookies, security cookies, analytics/tracking cookies, advertising/retargeting cookies.
You may reject or disable cookies via your browser settings, but please note that some features of the Service may no longer function properly. Best practices from competitor policies emphasise transparency and consent for non-essential cookies (see e.g. competitor cookie sections).
7. Disclosure, Transfers & Sub-Processors
We may disclose or transfer personal data to:
- Affiliates and group companies;
- Service providers and subprocessors (hosting, payment processors, analytics providers, CDNs, cloud services) who act on our behalf and are contractually bound with appropriate safeguards;
- Third-party social networks or other linked services when you authorise such connection;
- Legal or regulatory authorities where required by law or to defend our rights;
- Business partners if you choose to share data or participate in promotions.
Where personal data is transferred outside the European Economic Area (EEA) or to a country without an adequacy decision, we will ensure appropriate safeguards are in place (e.g. Standard Contractual Clauses, binding corporate rules). Our own website uses Webflow, which participates in the EU-U.S. Data Privacy Framework and/or SCCs.
8. Data Retention
We retain your personal data for no longer than required for the purpose(s) for which it was collected, unless a longer retention period is required or permitted by law (e.g. tax, accounting, litigation). Specific retention policies include:
- Support inquiry data: until we have answered and closed your enquiry, then typically for a limited additional period to enable audit, regulatory compliance or dispute resolution;
- Server logs, analytics/crash data: retained for security and operational purposes, then anonymised or deleted when no longer needed;
- Billing and transaction records: retained in line with accounting/tax law (e.g. 10 years under German law).
At the end of the retention period, personal data will be securely deleted, anonymised or archived in accordance with our internal policy.
9. Your Rights
Under the GDPR you have the following rights (subject to limitations):
- Right of access: you may obtain a copy of personal data we hold about you;
- Right to rectification: you may ask us to correct inaccurate or incomplete personal data;
- Right to erasure ("right to be forgotten"): you may ask us to delete your personal data if we no longer need it, or you withdraw consent and no other legal basis applies, or you object and no overriding grounds apply;
- Right to restriction of processing: you may ask us to suspend processing in certain cases;
- Right to data portability: you may request transfer of your personal data to another controller in a structured, machine-readable format;
- Right to object: you may object to processing based on legitimate interests or direct marketing;
- Right to withdraw consent: if processing is based on consent, you may withdraw it at any time (future effect only) without affecting the legality of past processing;
- Right to lodge a complaint with a supervisory authority (in Germany: the Berlin Data Protection Authority or your local equivalent).
If you would like to exercise any of the above rights, please contact us at contact@getxlr8.ai. We may need to verify your identity before fulfilling such requests.
10. Security
We implement appropriate organisational and technical measures to protect personal data against unauthorised access, disclosure, alteration or destruction, in line with industry best practices (see e.g. competitor best-practice disclosures). We continuously monitor the security of our systems and review our controls. While we aim to guarantee security, no system is completely invulnerable, and we cannot guarantee absolute security.
11. Children & Minors
Our Service is not directed to children under the age of 16 (or higher where local law requires). We do not knowingly collect personal data from children under that age without parental or guardian consent. If you become aware that a child has provided us with personal data, please contact us so we can delete the data.
12. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by posting the new Privacy Policy on our website and updating the "Last updated" date above. If the changes are material, we may provide notice by email or in-product notification. Your continuing use of the Service after the effective date constitutes acceptance of the updated policy.
13. Contact Us
If you have any questions, concerns or complaints about our data protection practices, you may contact:
xlr8
Kollwitzstraße 30
10405 Berlin, Germany
Email: contact@getxlr8.ai
If only real cookies boosted productivity like this.
Required for the website to function properly. These cannot be disabled.
Help us understand how you interact with our website to improve your experience.
Used to deliver personalized ads and track campaign performance.