Xilfy
XIL FY
Sign in Sign up
Xilfy
XILFY Professional Suite

Quick access

Onboard Business Sign in Sign up
Data Protection

GDPR Compliance

Last updated: April 30, 2026

The General Data Protection Regulation (GDPR) is a regulation in EU law on data protection and privacy in the European Union and the European Economic Area.

Xilfy is committed to ensuring that your privacy is protected and that we are fully compliant with the GDPR. This page explains how we comply with these regulations.

1. Why we collect your data

We collect and process your personal data only when we have a legal basis for doing so. This includes:

  • To provide you with the services you have requested.
  • For our legitimate interests, such as improving our tools and ensuring security.
  • With your explicit consent.

2. Data Processing Principles

We adhere to the following principles when processing your data:

  • Lawfulness, fairness, and transparency: We are clear about what data we collect and why.
  • Purpose limitation: We only use data for the purposes we've told you about.
  • Data minimization: We only collect the data we actually need.
  • Accuracy: We keep your data up to date.
  • Storage limitation: We only keep data as long as necessary.
  • Integrity and confidentiality: We use strong security measures to protect your data.

3. Your GDPR Rights

If you are a resident of the EEA, you have the following rights:

  • The right to be informed: You have the right to know how your data is being used.
  • The right of access: You can request a copy of the data we hold about you.
  • The right to rectification: You can ask us to correct inaccurate data.
  • The right to erasure: You can ask us to delete your data ("right to be forgotten").
  • The right to restrict processing: You can ask us to stop processing your data in certain ways.
  • The right to data portability: You can request your data in a machine-readable format.
  • The right to object: You can object to your data being used for direct marketing.

4. Data Transfers

Your information, including Personal Data, may be transferred to — and maintained on — computers located outside of your state, province, country or other governmental jurisdiction where the data protection laws may differ than those from your jurisdiction.

5. How to Exercise Your Rights

To exercise any of these rights, please contact our Data Protection Officer at [email protected]. We will respond to your request within 30 days.