Effective Date: April 7, 2026 · Last Updated: April 7, 2026
At Xenodrive, your privacy matters to us. This Privacy Policy describes how Xenodrive (“we,” “us,” or “our”) collects, uses, shares, and protects your personal information when you visit or make a purchase from xenodrive.com(the “Site”), use our mobile site, or otherwise interact with us.
By accessing or using the Site you agree to this Privacy Policy. If you do not agree, please do not use the Site.
1. Information We Collect
A. Information You Provide Directly
Account information— name, email address, password, and phone number when you create an account.
Purchase information— billing and shipping address, payment card details (processed securely by Stripe; we never store full card numbers), and order history.
Communications— messages you send through our contact or support channels.
Promotional participation— information you provide when you enter a promotion, referral program, or apply a promo code.
B. Information Collected Automatically
Device & browser data— IP address, browser type, operating system, device identifiers, and screen resolution.
Usage data— pages viewed, links clicked, time spent on pages, referring URL, and search queries on the Site.
Cookies & similar technologies — see Section 6 below.
C. Information from Third Parties
Social sign-in providers— if you log in with Google or another provider, we receive your name, email, and profile picture as permitted by that provider.
Payment processor— Stripe may share transaction status, fraud signals, and limited billing details with us to complete your order.
2. How We Use Your Information
We use the information we collect for the following purposes:
Fulfill orders— process payments, manufacture products through our print-on-demand partner, ship orders, and handle returns or exchanges.
Manage your account— create and maintain your account, authenticate your identity, and remember your shopping bag.
Customer support— respond to inquiries, troubleshoot issues, and manage disputes.
Improve our services— analyze usage trends, test new features, and optimize site performance and content.
Marketing & promotions— send promotional emails, referral program updates, and personalized product recommendations (only with your consent where required by law).
Fraud prevention & security — detect and prevent fraudulent transactions, abuse, and unauthorized access.
Legal compliance— comply with applicable laws, regulations, legal processes, and governmental requests.
3. How We Share Your Information
We do not sell your personal information. We may share it in the following circumstances:
Service Providers
We engage trusted third-party companies to perform services on our behalf. These providers only receive the data necessary to carry out their function and are contractually obligated to protect it:
Stripe— payment processing and fraud detection.
Printful— order fulfillment, printing, and shipping. Your name and shipping address are shared so your order can be delivered.
Supabase— database hosting and authentication services.
Vercel— website hosting and content delivery.
PostHog— product analytics (see Section 6).
Legal & Safety Reasons
We may disclose your information if required by law, subpoena, or court order, or if we believe in good faith that disclosure is necessary to protect our rights, your safety, or the safety of others, investigate fraud, or respond to a government request.
Business Transfers
If Xenodrive is involved in a merger, acquisition, or sale of assets, your personal information may be transferred as part of that transaction. We will notify you before your information becomes subject to a different privacy policy.
4. Data Retention
We retain your personal information for as long as your account is active or as needed to provide you services, comply with our legal obligations, resolve disputes, and enforce our agreements. Specifically:
Account data— retained until you delete your account or request deletion.
Order & transaction records — retained for up to 7 years to comply with tax and accounting obligations.
Analytics data— automatically anonymized or deleted after 24 months.
5. Data Security
We take reasonable technical and organizational measures to protect your personal information, including:
All data transmitted between your browser and our servers is encrypted using TLS (HTTPS).
Payment information is handled entirely by Stripe, a PCI DSS Level 1 certified payment processor. We never store your full card number.
Passwords are hashed and salted; they are never stored in plain text.
Access to personal data is restricted to authorized personnel on a need-to-know basis.
Row-level security policies protect your data at the database level.
While we strive to protect your information, no method of electronic storage or transmission is 100% secure. We cannot guarantee absolute security.
6. Cookies & Tracking Technologies
We use cookies and similar technologies to operate and improve the Site:
Type
Purpose
Essential
Authentication, session management, shopping bag persistence, and security (e.g., CSRF protection). These cannot be disabled.
Analytics
We use PostHog to understand how visitors interact with the Site (pages visited, click paths, feature usage). PostHog data is processed in compliance with applicable privacy laws.
Functional
Remember your preferences, such as language and region settings.
You can manage cookie preferences through your browser settings. Note that disabling essential cookies may affect the functionality of the Site.
We do not use third-party advertising cookies or participate in cross-site behavioral advertising networks.
7. Your Rights & Choices
Depending on your location, you may have some or all of the following rights regarding your personal information:
All Users
Access & update— view and edit your personal information in your account settings at any time.
Delete your account— request deletion of your account and associated data by contacting us.
Opt out of marketing— unsubscribe from promotional emails using the link in any email or by updating your communication preferences.
California Residents (CCPA / CPRA)
Right to know— request details about the categories and specific pieces of personal information we have collected about you.
Right to delete— request deletion of your personal information, subject to certain exceptions.
Right to opt out of sale— we do not sell personal information. No opt-out action is needed.
Non-discrimination— we will not discriminate against you for exercising any of your privacy rights.
European Economic Area, UK & Switzerland (GDPR)
Lawful basis— we process your data based on contract performance (order fulfillment), legitimate interests (fraud prevention, analytics), and consent (marketing).
Right to access, rectify, erase — request a copy of your data, correct inaccuracies, or request erasure.
Right to restrict or object — restrict or object to certain processing activities.
Data portability— receive your personal data in a structured, machine-readable format.
Withdraw consent— where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.
Lodge a complaint— you have the right to lodge a complaint with your local data protection authority.
To exercise any of these rights, please contact us at support@xenodrive.com. We will respond within 30 days (or as required by applicable law).
8. Children's Privacy
The Site is not directed to individuals under the age of 16. We do not knowingly collect personal information from children. If you believe a child under 16 has provided us with personal information, please contact us and we will take steps to delete such information promptly.
9. International Data Transfers
Your information may be transferred to and processed in countries other than your own, including the United States, where our servers and service providers operate. These countries may have different data protection laws. We take appropriate safeguards to ensure your information remains protected in accordance with this Privacy Policy and applicable law.
10. Third-Party Links
The Site may contain links to third-party websites or services that are not owned or controlled by Xenodrive. We are not responsible for the privacy practices of these third parties. We encourage you to read the privacy policies of any third-party sites you visit.
11. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will update the “Last Updated” date at the top of this page and, where required by law, notify you by email or a prominent notice on the Site. Your continued use of the Site after changes are posted constitutes your acceptance of the updated policy.
12. Contact Us
If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us: