Privacy Policy for Xposer

Welcome to Xposer!

This Privacy Policy explains how Xposer ("We," "Us," or "Xposer") collects, uses, stores, and protects information in connection with your use of our website at https://xposer.io, our services, and our API (collectively, the "Services"). The Services include website technology detection, security monitoring, vulnerability alerts, API access, custom host reports, and tools to help clean up the internet. If you have questions or need more information, contact us at [email protected].

1. Our Role and Commitment

We are the Data Controller of your personal information under the General Data Protection Regulation (GDPR) and applicable laws in the Netherlands. We are committed to protecting your privacy and processing your data responsibly, transparently, and in compliance with legal requirements.

2. Information We Collect

We collect the following types of information:

• Personal Information: Data you provide directly, such as:

  • Name, email address, and contact details when you create an account, sign up for notifications, or contact us.

  • Billing or payment information (if applicable) to process transactions via third-party providers (e.g., Stripe).

• Usage Data: Automatically collected data when you use the Services, including:

  • Log files: Internet Protocol (IP) addresses, browser type, Internet Service Provider (ISP), date and time stamps, referring/exit pages, and number of clicks. This data is not linked to personally identifiable information.

  • Cookies and web beacons: Used to store preferences, track pages visited, and optimize your experience.

• Submitted Data: Information you submit for scanning or monitoring, such as:

  • URLs or host details of websites you request us to analyze for technology detection, monitoring, or vulnerability alerts.

• Scanned Data: Data collected from websites or hosts you authorize us to scan, including:

  • Software types, versions, and configurations (e.g., WordPress, Drupal, Laravel versions) derived from headers, files, and patterns.

  • Aggregated data on technology stacks and versions from over three million hosts for custom reports.

• Purpose: We collect this data to provide the Services, analyze trends, administer the site, track user movement, customize content, and improve our offerings.

3. Legal Basis for Processing

We process your personal information based on:

• Contract: To perform our Services as agreed (e.g., scanning websites, delivering reports, sending alerts).

• Consent: Where you explicitly agree, such as for cookies or email notifications.

• Legitimate Interests: To improve our Services, monitor usage, and ensure security, provided this does not override your rights.

• Legal Obligation: To comply with laws, resolve disputes, or enforce our policies.

4. How We Use Your Information

We use your information to:

• Provide and maintain the Services, including technology detection, continuous monitoring, and vulnerability alerts.

• Generate custom host reports and outreach email templates for your use.

• Process API requests and deliver webhook notifications.

• Send you updates, security alerts, and communications about the Services.

• Analyze trends, usage, and demographics to improve our platform.

• Comply with legal obligations, resolve disputes, and protect the security of our Services.

5. Cookies and Web Beacons

• We use cookies and similar technologies to store preferences, track visited pages, and customize content based on browser type or other information.

• Cookies enhance functionality and user experience. You can disable cookies via your browser settings, but this may affect the Services.

• For details on cookie management, consult your browser’s documentation. Third-party partners (e.g., analytics providers) may also use cookies, subject to their privacy policies.

6. Data From Scanned Websites

• You may submit websites or hosts for scanning or monitoring. You represent and warrant that you have all necessary rights, consents, or legal authority to submit such data.

• We collect and process data (e.g., software versions, configurations) from scanned sites solely to provide the Services, such as detecting technologies, identifying vulnerabilities, and generating reports.

• We may aggregate and anonymize scanned data to create custom host reports or improve our Services, ensuring no personally identifiable information is included.

7. Data Retention

• We retain personal information only as long as necessary for the purposes in this Privacy Policy, such as fulfilling our contract, providing the Services, or meeting legal obligations.

• Usage and scanned data are retained for a reasonable period to support monitoring, reporting, and analysis, then deleted or anonymized.

• We may keep data longer to comply with legal requirements, resolve disputes, or enforce our policies.

8. Your Data Protection Rights

If you are a resident of the European Economic Area (EEA) or subject to GDPR, you have the following rights:

• Right to Access: Request details of the personal information we hold about you.

• Right to Rectification: Correct inaccurate or incomplete data.

• Right to Erasure: Request deletion of your personal information from our systems.

• Right to Object: Object to processing based on legitimate interests.

• Right to Restriction: Restrict processing of your data in certain cases.

• Right to Data Portability: Receive your data in a structured, machine-readable format.

• Right to Withdraw Consent: Revoke consent where processing relies on it (e.g., for cookies or notifications).

• To exercise these rights, contact us at [email protected]. We will respond within 30 days, subject to legal exceptions.

9. Data Sharing and Third Parties

• Service Providers: We may share data with trusted third parties (e.g., hosting providers, payment processors like Stripe, analytics tools) to support the Services. These parties are bound by contracts to protect your data.

• Legal Requirements: We may disclose data if required by law, to comply with legal processes, or to protect the rights, safety, or property of Xposer, our users, or others.

• No Sale: We do not sell your personal information to third parties.

• Our Privacy Policy does not apply to third-party websites or services. Consult their privacy policies (e.g., Stripe’s) for details on their practices and opt-out options.

10. Data Security

• We implement reasonable technical and organizational measures to protect your data from unauthorized access, loss, or alteration.

• However, no online system is 100% secure. We cannot guarantee absolute security but strive to safeguard your information.

11. Online Privacy Policy Only

• This Privacy Policy applies only to data collected through our website, Services, and API. It does not cover offline activities or data collected via other channels.

12. International Data Transfers

• If you use the Services from outside the Netherlands, your data may be transferred to and processed in the Netherlands or other jurisdictions.

• We ensure such transfers comply with GDPR and applicable laws, using safeguards like standard contractual clauses where necessary.

13. Changes to This Privacy Policy

• We may update this Privacy Policy to reflect changes in our practices or legal requirements.

• Updates will be posted at https://xposer.io with the effective date. Your continued use of the Services after changes constitutes acceptance of the revised policy.

14. Consent

• By using our Services, you consent to this Privacy Policy and our collection, use, and processing of your information as described.

15. Contact Us

• For questions, concerns, or to exercise your rights, contact us at:

  • Email: [email protected]

  • We aim to respond promptly and address your inquiries.

Last Updated: June 04, 2025