privacy

Privacy Policy

Effective 8 March 2025


Updated:

  • 28 Dec 2019 - added CCPA section
  • 02 Feb 2025 - added SMS section


This Privacy Policy describes the manner in which XaaSWare collects, uses, maintains, and discloses information collected from Users ("User") through all our websites ("Site") and a variety of team productivity, collaboration, and organizational tools available online, including via a mobile application, Gmail add-on, Outlook add-in, XaaSWare application - collectively, the (“Services”) by accessing our services.

This privacy policy applies to the Site and all products and services offered by XaaSWare, INC. If you do not agree with this policy, please do not access or use our Services or any aspect of our Business.  Updates in this Privacy Policy reflect recent changes in data protection law (eg. GDPR) and aims to provide Users a clearer understanding of how XaaSWare manages all User Data.


In Essence

  • XaaSWare doesn't have access to your password.
  • No one at XaaSWares reads your information.
  • XaaSWare is not in the business of selling your data to third parties.
  • We don't share your browsing data with third parties.
  • We don't share your email data with third parties.
  • You can delete the XaaSWare account at any time and it will also delete your data (see 'Date Deletion' section to learn more).


Applicability

This privacy policy applies to all products and Services (collectively, the “Services”) offered by XaaSWare, INC through XaaSWare #CastYourCloud (collectively, the “Sites”) and our Mobile Applications. In addition, this policy applies to personal data from the European Union that is collected and retained in the United States. This Privacy Policy does not apply to any third-party applications or software that integrate with XaaSWare’s Services or any other third-party products, services, or business.


Data Collected and Received by XaaSWare


Personal Identification Information

We may collect personally identification information from Users in a variety of ways, including, but not limited to, when Users visit our Sites, register on the Sites, and in connection with other activities, services, features, or resources we make available on our Sites. Users may be asked for, as appropriate, name, email address, billing information. We will collect personal identification information from Users only if they voluntarily submit such information to us. Users can always refuse to supply personally identification information, except that it may prevent them from engaging in certain Sites related activities. We will never sell your personal information to third parties and we won’t use your name or company name in any marketing statements without obtaining your permission in writing.


Non-Personal Identification Information

We may collect non-personal identification information about Users whenever they interact with our Sites. Non-personal identification information may include the browser name, the type of computer, and technical information about Users means of connection to our Sites, such as the operating system and the Internet service providers utilized and other similar information.


Other Information

Services Metadata – when Users interact with our Services, metadata is generated to help provide additional context regarding how Users interact with our Sites.

Log Data – Our services will automatically collect information when Users access or use our Sites or Services and records it in log files. Log data may include IP address, previously visited web page addresses, browser type, and settings, time and date when Services were used, browser configurations and plugins, language, and cookie data.


Device Information – XaaSWare collects information about your computer, phone, tablet, or other devices you use to access our Services. This device information includes your connection type and settings when you install, access, update or use our Services. We also collect information through your device about your operating system, browser type, IP address, URLs of referring/exit pages, device identifiers, and crash data. We use your IP address and/or country preference in order to approximate your location to provide you with a better Service experience. How much of this information we collect depends on the type and settings of the device you use to access the Services.

Location information - XaaSWare will receive this information from Users during our Account Registration as well as from our vendor partners to approximate your location.


Project information – XaaSWare is a work collaboration tool, therefore any User-generated data by use of our Services will be collected and stored by XaaSWare, and vendor partners. Collected data includes, but not limited to, data that Users post, send, receive, or share. These include any files or links that User upload to our Services. Project data will only be accessible through authorized accounts or the User's designated account and can only be viewed, or altered, by Users assigned to such projects. XaaSWare will never share, sell, or exploit any Project information unless requested by Project Admins. In addition, we may also inadvertently receive information about such Users from the same project members. For example, a specific User may be mentioned by one of their project members when using our Services.


Web Browser Cookies

Our Site, and/or vendors, may use "cookies" to enhance User experience. User`s web browser places cookies on their hard drive for record-keeping purposes and sometimes to track information about them. A user may choose to set their web browser to refuse cookies or to alert you when cookies are being sent. If they do so, note that some parts of the Site may not function properly.


How XaaSWare Use Collected Data

Users are the primary Controllers of User Data. XaaSWare is a processor of User Data and Controller of other certain data. Users who resume the role of Project Admins will have the right to grant or remove access to Project Data to any other Users. XaaSWare will never remove Users from any Projects unless specifically instructed by Project Admins or Users failed to provide payment for XaaSWare’s services (see Terms of Service for additional information). 

XaaSWare collects and uses Users personal information for the following purposes:


  1. To personalize User experience
  2. We may use information in the aggregate to understand how our Users as a group use the services and resources provided on our Site.
  3. To improve our Site
  4. We continually strive to improve our website offerings based on the information and feedback we receive from you.
  5. To improve customer service
  6. Your information helps us to more effectively respond to your customer service requests and support needs.
  7. To administer a content, promotion, survey, or other Site feature
  8. To send Users information they agreed to receive about topics we think will be of interest to them.
  9. The email address Users provide will only be used to respond to their inquiries, and/or other requests or questions. If User decides to opt-in to our mailing list, they will receive emails that may include company news, updates, related product or service information, etc. If at any time the User would like to unsubscribe from receiving future emails, we include detailed unsubscribe instructions at the bottom of each email.
  10. As required by applicable law, legal process or regulation
  11. For Billing, account management, and other administrative matters
  12. For investigative and preventive measures against Site abuse
  13. We use information about Users when granted consent for a specific purpose not listed above. For example, we may publish testimonials or feature customer stories to promote our Services. We will always ask for consent prior to posting any information for promotional purposes.


Sharing and Disclosure of Information

XaaSWare will only disclose or share User information for the following purposes:

  1. User’s Request: XaaSWare will share all User Data based on the User’s request and instructions.
  2. Project Collaboration: Users can create content, which may contain information about themselves or other Users, and grant permission to others to see, share, edit, copy, and download that content. Some of the collaboration features of the Services display some or all of your profile information to other Service Users when you share or interact with specific content. Similarly, when Users join a project, your name, profile picture, and contact information and will be displayed in a list for other project members so they can find and interact with you.
  3. Legal Compliance: If requested by legal Authority, XaaSWare may disclose User information that we determine to be in accordance or required by any applicable law
  4. Enforcement: XaaSWare also reserves the right to disclose User information to investigate, prevent, or take action against illegal activities, suspected fraud, or situations involving a physical threat to any such persons.
  5. Consent: XaaSWare may share User information with other 3rd parties in instances when we have Users’ consent to do so.
  6. Third-Party Service Providers and Partners: XaaSWare works with third-party service providers and partners to provide website and application development, hosting, maintenance, backup, storage, virtual infrastructure, payment processing, analysis, and other services for XaaSWare, which may require them to access or use User information. If a service provider needs to access information about Users to perform services on XaaSWare’s behalf, they do so under instruction from XaaSWare, including abiding by policies and procedures designed to protect User information. XaaSWare will have certain liability under the Privacy Shield (please see below) if both 1) the 3rd Party Partner processes any personal data in a manner inconsistent with the Privacy Shield and 2) XaaSWare is responsible for the event giving rise to the damage. Please check this page for a list of XaaSWare's partners.
  • Services Users link to their account: XaaSWare receives information when Users enable any 3rd party apps or integrate a 3rd party service with our Services. For example, if Users log into our Services using your Google credentials, XaaSWare will receive your name and email address as permitted by the User’s Google profile settings for authentication purposes. Users and project members may also integrate our Services with other 3rd party services to allow you to access, store, share and/or edit content from a 3rd party through our Services. For example, Users might authorize our Services to access and display files from a 3rd party document-sharing service within XaaSWare. Information that XaaSWare receives when Users link or integrate our Services with a 3rd party service depends on the settings, permissions, and privacy policy controlled by that 3rd party service. We strongly suggest that Users thoroughly review privacy settings and ToS from any 3rd party services in order to fully understand what type of data may be disclosed or shared with XaaSWare.
  • Operational Partners: XaaSWare works with 3rd parties who provide billing, support technical services to deliver and implement solutions to our Users. XaaSWare may share User information with these 3rd parties in connection with their services, such as to assist with billing cycles, to provide localized support, and to provide customizations work. XaaSWare may also share information with these 3rd parties where Users have granted Consent to share any information, for example, technical support services.
  • 3rd Party apps: Users may choose to add new functionality by enabling 3rd party apps to XaaSWare’s Services. In doing Users may be providing these 3rd party apps access to personal information about you such as name, email address, and project data you choose to use in connection with those apps. 3rd party app’s Privacy Policies and ToS are not controlled by XaaSWare, and XaaSWare’s Privacy Policy does not extend coverage for any 3rd party apps and how they handle your personal information. XaaSWare strongly encourages Users to review all 3rd Party Privacy Policies and ToS before connecting them to our Services. If Users object to information being shared with these 3rd parties, please disable the app immediately.
  • Links to 3rd Party Sites: XaaSWare’s Services may include links that direct you to other websites or services whose privacy practices may differ from ours. What you submit to these 3rd party sites are governed under their Privacy Policies and is not covered by XaaSWare’s Privacy Policies.
  • 3rd Party Widgets: Our Services may contain widgets and social media features, e.g. the Twitter "tweet" button. These widgets and features collect your IP address and may set a cookie to enable the feature to properly function. Widgets and social media features are either hosted by a 3rd party or hosted directly on our Services. User’s interactions with these features are governed by the privacy policy of the company providing it and not governed by XaaSWare’s Privacy Policy.


The operations of XaaSWare do require our employees to have access to systems which store and process User Data. This primarily serves the purpose of problem diagnostic or troubleshooting. For example, in order to diagnose a problem Users may have with XaaSWare services, our Employees may need access to your User Data. All employees are prohibited from viewing User Data for any reason unless absolutely necessary to do so.


Data Deletion

Here are different scenarios of how data deletion will be treated as described below:

  1. If you were not invited to any other projects owned by other XaaSWare then your data can no longer be accessed by you or any other Users that you invited to XaaSWare. Complete data deletion will occur post 30 days. Please see “Data Retention” below for additional details regarding 30-days data retention.
  2. If the account has been deactivated, client separation and/or no project are no longer tagged with client's names. Data deletion will occur post 30 days.
  3. If you own projects and were participating in other Users’ projects, then XaaSWare’s Data Deletion and Data Retention will apply to each category described in sections (1) and (2) above.

Users, at any time, may request a deletion of their personal data. If such request is made, data are deleted based on points 1, 2, or 3 as noted above and will remain in backups and life-cycle we maintain to ensures we do not store data inside backups for more than 30 days. Users may email GRC[at]XaaSWare.io to request data deletion.

IF Users fail to make payment for any fees, XaaSWare will remove all paid features. Please see section 7.5 of our ToS for User inactivity under the Free Plan. If XaaSWare deletes an account due to inactivity, the above scenarios will apply.


Data Retention


Information storage and security

XaaSWare uses data hosting service providers in the United States to host collected information, and we use technical measures to secure all data. Despite the thorough security measures and safeguards that XaaSWare implements to protect data, no security system is impenetrable and due to the inherent nature of the Internet, XaaSWare cannot guarantee that data, during transmission through the Internet or while stored on our systems or otherwise in our care, is absolutely safe from intrusion by others. XaaSWare has policies in place in case of such a situation and will respond to requests about this within a reasonable timeframe. XaaSWare also provides Enterprise customers who selected the 'private cloud' option to host their isolated and branded XaaSWare environment in any region supported by Amazon Web Services. Please contact GRC[at]XaaSWare.io for more information.


How long we keep information

How long we keep the information we collect about you depends on the type of information, as described in further detail below. After such time, we will make every effort to delete your information or, if this is not possible (for example, because the information has been stored in backup archives), then we will securely store your information and isolate it from any further use until deletion is possible.

  • User Account information: We retain User information until the User deletes their account(s), which then we will continue retaining the data for up to 30 days after account deletion. XaaSWare maintains this practice due to the following reason:
  • In the event that the User’s account has been compromised and purposely deleted. XaaSWare will help maintain and restore data once the situation is rectified
  • An account was mistakenly deleted by Users. In such an event, XaaSWare will be able to restore data for Users.
  • Various data storage systems and backups have different lifecycle policies which are held for a maximum of 30 days. For example, our database backups are encrypted, incremental, and full re-cycle in 30 days. It is impossible to erase User data inside up to 1-minute precision encrypted incremental backups.
  • If the User initially canceled their account and requested but later change their mind. A user will be able to have all data restored if an account is reactivated within 30 days after initial account cancellation.
  • XaaSWare may also retain some of the User data as necessary to comply with our legal obligations, to resolve disputes, to enforce our agreements, to support business operations and to continue to develop and improve our Services. Where we retain information for Service improvement and development, we take steps to eliminate information that directly identifies any specific Users, and we only use the information to uncover collective insights about the use of our Services, not to specifically analyze personal characteristics about any Users.
     
  • The information you share on the Services: If the User’s account is deactivated or disabled, some of the User information and the content that Users have provided will remain in order to allow other Project members or other Users to make full use of the Services. For example, we continue to display comments and content you provided to boards or cards. XaaSWare will hold User data up to 30 days after account cancellation in case Users will renew again within that time frame.
     
  • Marketing and Promotional information: If Users have elected and provided consent to receive marketing and promotional emails from XaaSWare, we retain information about Users' marketing preferences unless asked specifically to delete such information. XaaSWare retains information derived from cookies and other tracking technologies for a reasonable period of time from the date such information was created.


Security

We take the security of your data very seriously at XaaSWare. As transparency is one of the principles on which our company is built, we aim to be as clear and open as we can about the way we handle security. Our security practices are published here.


Age Limitation

XaaSWare does not allow the use of our Services or Sites to anyone younger than 16 years old unless Consent is provided in writing by a legal guardian. XaaSWare will make the utmost effort to prohibit the use of our Site by anyone not over the legal age. Should XaaSWare learn that anyone under 16 has unlawfully provided us with personal data, XaaSWare will take the necessary steps to delete such information.


Changes to Privacy Policy

XaaSWare has the discretion to update this privacy policy at any time. When we do make changes, we will post a notification on the main page of our Site and send you an email. We encourage Users to frequently check this page for any changes to stay informed about how we are helping to protect the personal information we collect. You acknowledge and agree that it is your responsibility to review this privacy policy periodically and become aware of modifications.


California Consumer Privacy Rights (CCPA)

XaaSWare complies with the California Consumer Privacy Act (referred to in this Privacy Policy as “CCPA”) as set forth by the State of California. If the CCPA applies to your personal information this Privacy Policy provides you with information regarding how to receive information about our privacy practices, as well as request access to, and deletion of, your personal information.

XaaSWare does not sell the personal information we collect. We only share your personal information as described in this Privacy Policy. For detailed information about the personal information we collect, and the categories of sources of such information, please see the “Data Collected and Received by XaaSWare”. We collect this information for business purposes set forth in the “How XaaSWare Use Collected Data”. We share this information with the categories of third parties as set forth in the “Sharing and Disclosure of Information” Please note that we do use third-party cookies as further set forth in the “Web Browser Cookies”

California consumers may make a request pursuant to their rights under the CCPA by contacting GRC@XaaSWare.io Upon receiving a request, we will verify your request using the information associated with XaaSWare Services, including your email address. Government identification may be required. A consumer can also designate an authorized agent to exercise these rights on the consumer’s behalf.


SMS Privacy


At XaaSware, we respect your privacy and are committed to transparent communication.  This section outlines how we handle SMS messaging, including how you can opt in or opt out of receiving text messages from us.


Opt-IN Consent

Explicit Consent: We will only send you SMS messages if you have explicitly opted in to receive them.  This may occur when you:

  • Check a box to agree to SMS communications during sign-up, checkout, or a promotional offer.
  • Text a keyword (e.g., “XAAS”) to a designated short-code or phone number.
  • Provide verbal or written consent via customer support, in-person interactions, or other channels.


Clear Disclosure: At the time of opt-in, we will disclose:

  • The purpose of the messages (e.g., alerts, promotions, or reminders).
  • The frequency of messages.
  • That message and data rates may apply (as governed by your carrier).


Opt-Out (Unsubscribe)

You may opt out of SMS communications at any time:

  • Text “STOP”: Reply STOP to any SMS message you receive from us. You will be unsubscribed immediately and receive a confirmation text.
  • Text "HELP":  Reply HELP to any SMS message you receive from us.  You will be reached immediately with a confirmation text + a phone call.
  • Contact Us: Email VITS[at]XaaSWare.io or call 844.247.XaaS to request removal from SMS lists.
  • Carrier Controls: You may also manage SMS preferences through your mobile carrier’s settings.

Once you opt out, we will cease SMS communications within 24 hours. Note: You may receive a final confirmation message confirming your opt-out status.


Data Handling for SMS

  • Information Collected: We collect and store your phone number, carrier, message content, and opt-in/opt-out status.
  • Use of Data: SMS data is used solely to deliver requested messages, improve service quality, and comply with legal obligations.
  • Retention: We retain SMS-related data only as long as necessary to fulfill the purpose of the communication or as required by law.  After opt-out, your phone number is suppressed from future campaigns.


Compliance

  • Regulatory Standards: We adhere to SMS privacy laws, including the Telephone Consumer Protection Act (TCPA) in the U.S., GDPR in the EU, and other applicable global regulations.
  • Carrier Guidelines: We comply with carrier-specific requirements (e.g., CTIA guidelines) to ensure responsible messaging practices.


Your Rights

You have the right to:

  • Access the SMS data we hold about you.
  • Correct inaccuracies in your phone number or preferences.
  • Request deletion of your SMS data (subject to legal limitations).

To exercise these rights, contact us at GRC@XaaSWare.io


Security

SMS data is secured using encryption and access controls. We never sell or share your phone number with third parties for marketing purposes without your explicit consent.


Privacy Shield


Compliance

XaaSWare Inc, a U.S. entity, complies with the EU-U.S. Privacy Shield Framework and Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union and Switzerland to the United States. XaaSWare Inc has certified to the Department of Commerce that it adheres to the Privacy Shield Principles. If there is any conflict between the terms in this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification, please visit XaaSWare's Privacy Shield Status.

In compliance with the Privacy Shield Principles, XaaSWare Inc commits to resolve complaints about our collection or use of your personal information. EU and Swiss individuals with inquiries or complaints regarding our Privacy Shield policy should first contact XaaSWare Inc at: 

GRC[at]XaaSWare.io or by mail at

XaaSWare, Inc.
One World Trade Center Suite 8500 New York, NY 10007
+1 (844) 247-9227


Dispute Resolution

XaaSWare Inc has further committed to refer unresolved Privacy Shield complaints to JAMs, an alternative dispute resolution provider located in the United States. If you do not receive timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your satisfaction, please contact or visit JAMS Complaint handling link () for more information or to file a complaint. The services of JAMs are provided at no cost to you.


U.S. Federal Trade Commission

XaaSWare’s Privacy Shield compliance is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission.


Arbitration

Users may invoke binding arbitration for any unresolved complaints/disputes, however, prior to initiating such arbitration, residents of a European country participating in Privacy Shield must first:

  1. Contact XaaSWare and give us a chance to resolve any issues;
  2. Seek assistance with JAMS, our independent recourse mechanism;
  3. Contact the U.S. Department and provide them adequate time to resolve the issue.

If the User invokes binding arbitration, each party will be responsible for its own legal fees. Please be advised that, pursuant to the Privacy Shield, the arbitrator(s) may only impose individual-specific, non-monetary, equitable relief necessary to remedy any violation of the Privacy Shield Principles with respect to the resident.


Data Protection Officer

Please contact XaaSWare's Data Protection Officer for any questions related to our Privacy Policy.

or by mail at GRC[at]XaaSWare.io

XaaSWare, Inc.
One World Trade Center Suite 8500 New York, NY 10007
+1 (844) 247-9227


User Rights

Users have certain statutory rights in relation to their personal data. Users may have the right to request or delete any personal information stored on XaaSWare.

 

XaaSWare will offer EEA and Swiss individuals whose personal information has been transferred to us the opportunity to choose whether the personal information it has received is to be used for a purpose other than the purpose for which it was originally collected or subsequently authorized by the individual. An individual may opt-out of such uses of their personal information by contacting us at the following:

GRC[at]XaaSWare.io or by mail at

XaaSWare, Inc.
One World Trade Center Suite 8500 New York, NY 10007
+1 (844) 247-9227


XaaSWare will provide Users an option to export their data.  XaaSWare does include this option on 3 of our paid plans(monthly, weekly, daily).  Users on plans which do not provide a data exportation tool can export to XLS whenever possible or start a trial on plans which include backup, wait for the backup to be completed, download it and delete their account afterward. Please email Legal[at]XaaSWare.io for assistance.


References

XaaSWare's Terms of Service

This document was last updated on March 8th, 2025

Share by: