39 0461 710 710 info@xtalk.cloud

Privacy Policy

Privacy Policy – XTalk AI (Xtremecloud Srl)

This Privacy Policy is provided pursuant to Article 13 of EU Regulation 2016/679 (GDPR) and describes how Xtremecloud Srl processes users’ personal data through its website, platform, mobile apps, and Artificial Intelligence services.

I. Data Controller

The data controller is Xtremecloud Srl, represented by Joshua Colombo, with registered office at Via Giovanni Prati, 14 – 38056 Levico Terme (TN), Italy.
📧 Contact email: info@xtalk.it

II. Types of Data Collected

A. Data collected via registration or use of the platform

  • First and last name
  • Email
  • Company / VAT number
  • Tax code
  • Address
  • Date of birth

B. Data collected via contact forms
Data entered into forms on the website (e.g., name, email, subject, message) is processed solely to respond to the user’s request and will not be used for promotional purposes without prior consent.

C. Data collected automatically
When browsing the website, the following technical data may be collected:

  • IP address
  • Browser type
  • Pages visited
  • Date and time of access

III. Use of Cookies

The website may use:

  • Technical cookies: necessary for proper website functioning
  • Analytical cookies (e.g., Google Analytics): collected anonymously, only with user consent
  • No third-party marketing cookies

Users may manage or withdraw their consent via the cookie banner or browser settings.
For further details, please refer to our Cookie Policy.

Personal data is processed to:

  • Provide the services requested by the user
  • Create and manage a user account
  • Respond to inquiries and contact requests
  • Send technical and operational communications
  • Provide customer support
  • Send newsletters or offers (only with consent)

Legal basis: contract performance, consent, legal obligations.

V. Processing Methods and Data Location

  • Automated and manual processing with appropriate technical and organizational measures
  • Data stored on secure servers located within the EU
  • Access limited to authorized personnel and suppliers bound by confidentiality agreements

VI. Data Sharing with Third Parties

Data may be shared with:

  • EU telecom operators (for number provisioning)
  • Cloud providers (e.g., Google Cloud, AWS)
  • AI and transcription service providers (e.g., OpenAI, Google, Anthropic)

AI data processing:

  • Data sent to AI providers is pseudonymized to remove directly identifying elements
  • Processing occurs in real-time; providers retain data only as necessary for processing unless otherwise required by law
  • Some processing may occur outside the EU, subject to Standard Contractual Clauses (SCC) or equivalent safeguards

No personal data is shared with third parties for advertising purposes.

VII. Voice Data and Audio Processing

  • Audio from calls may be processed for transcription and routing purposes
  • Unless required for service delivery (e.g., voicemail), voice recordings are deleted immediately after transcription
  • If recordings are retained for troubleshooting or legal compliance, retention will not exceed 90 days unless otherwise required by law

VIII. Logs and Diagnostic Data

  • Application logs may contain partial conversation data for technical troubleshooting
  • Crash and error logs are retained for a maximum of 6 months
  • Access is restricted to technical staff under confidentiality agreements

IX. Data Retention Periods

  • Account data: retained until account deletion
  • Contact form data: deleted after request resolution (max 12 months)
  • Billing data: retained for 10 years (legal requirement)
  • Anonymized data: may be kept indefinitely for statistical purposes

X. Mobile App Data Processing (Android and iOS)

A. Data collected

  • Device ID (Android ID, IDFA)
  • Logs and crash reports
  • Microphone (for voice features)
  • Contacts / call metadata (only with consent)
  • Location data (optional)

B. Permissions required
Android: microphone, contacts (optional), phone state, storage, location (optional)
iOS: microphone, contacts (optional), push notifications

Note: XTalk AI does not use IDFA for advertising or profiling.

C. Purpose

  • Call management, voice assistance, chat, and routing
  • Synchronization with calendar or contacts
  • Service quality improvement

XI. AI and Conversational Intelligence Services

A. Data processed

  • Written text
  • Transcribed voice data
  • Contextual data
  • Reference documents (e.g., FAQs, CRM)

B. Purpose

  • Understanding natural language
  • Generating appropriate responses
  • Routing requests
  • Summarizing conversations

C. AI models used

  • OpenAI
  • Google Cloud AI
  • Anthropic Claude

D. Security measures

  • Transient and anonymized processing
  • Limited human access
  • No commercial profiling

E. User rights related to AI

  • Right to request human review of automated decisions
  • Right to object to automated processing

XII. Data Subjects’ Rights

Under Articles 15–21 GDPR, users may:

  • Access their data
  • Rectify or update it
  • Request deletion (right to be forgotten)
  • Restrict or object to processing
  • Request data portability
  • Withdraw consent at any time
  • Lodge a complaint with the Data Protection Authority

Requests can be sent to info@xtalk.it – we reply within 36 hours.

XIII. Children’s Privacy

The app and services are not intended for children under 13 years of age. We do not knowingly collect data from minors.

XIV. Changes to this Privacy Policy

Any changes will be communicated to users and made available in the updated version of this page.

XV. Contact

For any inquiries regarding personal data processing:
📧 info@xtalk.it