XIRA

Privacy Policy

Effective April 2026

Who We Are

XIRA is an AI compliance platform operated from Colorado. Our public website is xira-ai.com. We help teams understand which AI and algorithmic decision making rules may apply to them, starting with a free exposure scan. Rules for using the site and scanner are in our Terms of Service.

What We Collect

When you use the scanner or related flows, we only collect what you choose to give us and what we need to run the product. Today that includes:

  • Email address if you voluntarily submit it to receive scan results or related messages.
  • Company name if you optionally provide it. You do not have to.
  • Scan parameters: the states you select, the AI tools you pick, your industry, company size, and how you describe your role (deployer, developer, both, or not sure).
  • Basic analytics, such as page views and referral source, so we can see how people find and use the site.

We do not collect passwords, payment card data, uploaded documents or files, or other sensitive business records through the scanner. If that changes in the future, we will update this page and the effective date at the top.

How We Use It

Email: we use it to send your scan results PDF when you ask for it, and occasionally to share product updates if you have agreed to hear from us that way.

Scan data: we use it to generate your compliance style report and to improve how we match scans to obligations in our database.

Analytics: we use it to understand traffic patterns and improve the site experience.

We do not sell your personal data. We do not share it with third parties for their own marketing. We do not send your scan answers or free text to a large language model to produce results. The scanner works against a pre-classified regulation database. No customer input is sent to an LLM for that matching today.

Where Your Data Lives

The website is hosted on Vercel, which publishes SOC 2 Type II reports for its platform. Our application database is hosted on Supabase, which runs on AWS and encrypts data at rest. Transactional email is delivered through Resend, which sends mail using Amazon SES. All browser connections to the site use HTTPS.

Email Communications

If you receive product or newsletter style messages, you can unsubscribe at any time using the link in those emails. You can also use our unsubscribe page where that applies.

Delivery of a scan results PDF you requested is a one-time transactional email. It is not the same thing as signing up for ongoing marketing.

If you join our newsletter separately, you can leave that list at any time with the same kind of link.

Your Rights

You can ask us to delete personal data we hold about you by writing to privacy@xira-ai.com. We will respond in line with applicable law and what we can verify about your request.

If you live in Colorado, the Colorado Privacy Act gives you rights that include access, correction, and deletion of certain personal data, subject to exceptions in the law.

If you live in California, the CCPA and related rules give you rights that include knowing what categories of personal information we collect and requesting deletion, again subject to legal limits.

Cookies

We use essential cookies so the site can function, for example keeping a session or preference where needed. We use analytics cookies to understand how the site is used. We do not use advertising cookies or cross-site tracking cookies for ad retargeting.

Changes

When our practices change in a material way, we will update this page. The effective date under the title at the top reflects the latest revision.

When we change product rules or disclaimers, we post those in our Terms of Service.

Contact

Questions about this policy: privacy@xira-ai.com

Ready to see your exposure?

Start your free scan

Free scan. No account required.

or

Get monthly regulatory updates