Xpede
Legal

Privacy Policy

Your privacy matters to us. This policy explains what data we collect, how we use it, and the choices you have about your information.

Last updated: February 20, 2026  ·  Effective: February 20, 2026

1. Overview

Xpede Inc. (“Xpede,” “we,” “us,” or “our”) is committed to protecting your privacy. This Privacy Policy describes how we collect, use, share, and safeguard personal information when you use the Xpede Ad Platform (“Platform”), accessible at xpede.net, and any associated mobile applications or services (“Services”).

This Policy applies to all users of the Platform, including Advertisers, Driver Partners, platform Administrators, and visitors to our website. By using the Services, you agree to the collection and use of information in accordance with this Policy.

Summary: We collect only the information necessary to operate the Platform, improve our services, and pay Driver Partner commissions. We do not sell your personal data to third parties. We give you meaningful controls over your information.

2. Information We Collect

2.1 Information You Provide Directly

When you create an account, use the Platform, or communicate with us, we collect:

  • Account Information: Full name, email address, password (stored in hashed form), phone number, and user role (Advertiser or Driver Partner).
  • Business Information (Advertisers): Company name, business address, billing contact, and VAT or tax identification number where required.
  • Driver Information (Driver Partners): Driver’s licence details, vehicle registration information, insurance documentation, and payment account details for commission payouts.
  • Campaign Content (Advertisers): Creative assets, landing page content, campaign descriptions, target geography, and budget information you upload or enter.
  • Payment Information: Credit or debit card details are collected and processed by our payment processor (Stripe). Xpede does not store full card numbers on our servers.
  • Communications: Any messages, support tickets, or feedback you send to us.

2.2 Information Collected Automatically

When you use the Platform, we automatically collect:

  • Log Data: IP address, browser type and version, operating system, referring URL, pages viewed, and timestamps.
  • Device Information: Device type, unique device identifiers, and mobile network information.
  • QR Scan Data: When a consumer scans a campaign QR code, we record the scan timestamp, a hashed or anonymised device identifier, the geographic region of the scan (city/region level), and the campaign and driver associated with the code. We do not collect the scanner’s personal identity without their consent.
  • Usage Data: Features used, actions taken within the Platform, session duration, and interaction logs.
  • Cookies and Tracking Technologies: See Section 5 for details.

2.3 Information from Third Parties

We may receive information about you from third-party services such as payment processors (Stripe), email service providers (Brevo), and fraud detection services. We may also receive publicly available information to verify identity or business credentials.

3. How We Use Your Information

We use the information we collect for the following purposes:

Providing the Services

Creating and managing your account, processing campaign creation and delivery, attributing and calculating Driver Partner commissions, and processing payments and payouts.

Communications

Sending account verification and password reset emails, notifying you of campaign status changes, sending payout confirmations, and responding to support requests.

Analytics & Platform Improvement

Analysing usage patterns to improve the Platform's features, performance, and user experience. All analytics are conducted on aggregated or anonymised data where possible.

Fraud Prevention & Security

Detecting, investigating, and preventing fraudulent scan activity, account abuse, and security incidents. Validating commission eligibility and protecting advertiser budget integrity.

Legal & Compliance

Complying with applicable laws, regulations, and legal processes. Enforcing our Terms of Service and protecting the rights and safety of Xpede and our users.

Marketing (with consent)

Sending you newsletters, product updates, or promotional offers where you have opted in to receive such communications. You may opt out at any time via the unsubscribe link in any marketing email.

4. Information Sharing

We do not sell your personal data. We may share your information only in the following circumstances:

  • With Service Providers: We share information with trusted third-party service providers who assist us in operating the Platform, including payment processors (Stripe), email delivery providers (Brevo), cloud infrastructure providers (e.g., AWS or Vercel), and analytics services. These providers are contractually bound to process data only on our behalf and in accordance with this Policy.
  • Between Platform Participants: Advertisers can see aggregated scan and conversion data attributed to their campaigns. Driver Partners can see the campaigns they are assigned to and their own earnings. Neither Advertisers nor Driver Partners have access to each other’s personally identifiable account information.
  • For Legal Reasons: We may disclose your information if required by law, court order, or governmental authority, or if we reasonably believe disclosure is necessary to protect the rights, property, or safety of Xpede, our users, or the public.
  • Business Transfers: In the event of a merger, acquisition, financing, or sale of all or a portion of Xpede’s assets, your information may be transferred to the acquiring entity, subject to the same privacy protections described in this Policy.
  • With Your Consent: We may share your information with third parties when you have explicitly consented to such sharing.

5. Cookies & Tracking Technologies

We use cookies and similar tracking technologies (such as local storage and session tokens) to operate and improve the Platform. The types of cookies we use include:

TypePurposeDuration
EssentialRequired for authentication, session management, and Platform security. Cannot be disabled.Session / 30 days
FunctionalRemember your preferences, language settings, and dashboard configurations.Up to 1 year
AnalyticsCollect anonymised usage data to help us understand how users interact with the Platform.Up to 2 years

You can control non-essential cookies through your browser settings or our cookie preference centre (if available). Disabling essential cookies may affect your ability to use the Platform. For more information about managing cookies, visit allaboutcookies.org.

6. Data Retention

We retain your personal information for as long as is necessary to provide the Services, fulfil the purposes outlined in this Policy, and comply with our legal obligations. Specific retention periods include:

  • Account data: Retained for the duration of your account and for up to 3 years after account closure, to comply with financial and legal record-keeping obligations.
  • Transaction and commission records: Retained for a minimum of 7 years to comply with tax and accounting regulations.
  • Campaign content and analytics: Retained for 2 years following the end of a campaign, after which aggregate anonymised statistics may be retained indefinitely.
  • QR scan logs: Retained for 2 years for fraud detection and analytics purposes.
  • Support communications: Retained for 2 years following resolution of the support ticket.

When retention periods expire, data is securely deleted or anonymised in accordance with our data destruction policy.

7. Your Privacy Rights

Depending on your location, you may have the following rights regarding your personal data:

Right of Access

Request a copy of the personal data we hold about you.

Right to Rectification

Request correction of inaccurate or incomplete personal data.

Right to Erasure

Request deletion of your personal data, subject to legal retention obligations.

Right to Restriction

Request that we restrict processing of your data in certain circumstances.

Right to Data Portability

Receive your data in a structured, machine-readable format.

Right to Object

Object to processing of your data for direct marketing purposes.

California Residents (CCPA): California residents have additional rights under the California Consumer Privacy Act, including the right to know about personal information collected, the right to opt out of the “sale” of personal information (which we do not engage in), and the right to non-discrimination for exercising privacy rights.

To exercise any of these rights, please submit a request to privacy@xpede.net. We will respond to verified requests within 30 days. We may need to verify your identity before processing your request.

8. Data Security

We implement industry-standard technical and organisational security measures to protect your personal information against unauthorised access, loss, alteration, or destruction. These measures include:

  • Encryption of data in transit using TLS (Transport Layer Security).
  • Encryption of passwords using bcrypt hashing.
  • Role-based access control limiting employee access to personal data on a need-to-know basis.
  • Regular security assessments and vulnerability testing.
  • Secure payment processing via PCI-DSS compliant third-party providers (Stripe).

No method of transmission over the internet or electronic storage is 100% secure. While we strive to protect your personal data, we cannot guarantee absolute security. If you believe your account has been compromised, please contact us immediately at support@xpede.net.

9. Third-Party Services

The Platform integrates with the following categories of third-party services, each with their own privacy practices:

Stripe (Payment Processing)

Used to process advertiser payments and driver payouts. Stripe's privacy policy governs their handling of payment data. We never store full payment card numbers.

Brevo / Sendinblue (Email Delivery)

Used to send transactional and marketing emails. Your email address is shared with Brevo solely for email delivery purposes.

Cloud Infrastructure Providers

Our Platform runs on cloud infrastructure (e.g., Vercel, AWS) that processes and stores data on our behalf under appropriate data processing agreements.

Analytics Services

We may use analytics tools to understand aggregate Platform usage. We configure these tools to anonymise user data where possible.

The Platform may contain links to third-party websites or services. We are not responsible for the privacy practices of those third parties and encourage you to review their privacy policies before providing any personal information.

10. Children’s Privacy

The Platform is intended for users who are at least 18 years of age. We do not knowingly collect personal information from individuals under the age of 18. If we become aware that we have collected personal data from a child under 18 without verifiable parental consent, we will take steps to delete that information promptly. If you believe we may have inadvertently collected data from a minor, please contact us at privacy@xpede.net.

11. International Data Transfers

Xpede is based in the United States. If you are accessing the Platform from outside the United States, please be aware that your personal information may be transferred to, stored, and processed in the United States or other countries where our service providers maintain infrastructure.

Where we transfer data from the European Economic Area (EEA), United Kingdom, or Switzerland to countries not deemed to provide an adequate level of data protection, we rely on appropriate safeguards such as Standard Contractual Clauses (SCCs) approved by the European Commission. Contact us at privacy@xpede.net for more information about these safeguards.

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or for other operational reasons. When we make material changes, we will notify you by sending an email to the address associated with your account and by posting a notice on the Platform at least fourteen (14) days before the changes take effect.

We encourage you to review this Policy periodically. Your continued use of the Platform after the effective date of the updated Policy constitutes your acceptance of those changes.

13. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or how we handle your personal data, please contact our privacy team:

Xpede Inc. — Privacy Team

11752 Garden Grove Boulevard, Suite 123

Garden Grove, CA 92843

Privacy: privacy@xpede.net

Support: support@xpede.net

We aim to respond to all privacy-related enquiries within 30 business days. For urgent security concerns or data breach reports, please mark your email as “URGENT” in the subject line.