XplorientXtell
    RolesIndustriesPartnersData API
    Posting data from cache · Refreshing soon
    Get your report →

    Privacy Policy

    Last updated: 28 March 2026

    1. Who we are

    Xtell is operated by Xplorient Limited, a company registered in the United Kingdom. When we say "we", "us" or "our" in this policy, we mean Xplorient Limited.

    2. Age restriction

    Xtell is intended for users aged 16 and over, in line with the minimum age for data processing consent under UK GDPR. We do not knowingly collect personal data from anyone under 16. If we learn that we have collected data from a child under 16, we will delete it promptly.

    3. What data we collect

    • Account data — If you sign up, we store your email address and a hashed password. We never store passwords in plain text.
    • Profile data — When you complete your profile, we collect information you provide including: job title, industry, organisation size, organisation type, seniority level, years of experience, career goal, risk appetite, selected career roles, venture stage and industry, board sector and type, investment focus areas, study level and subject, and freelance specialism. This data is used solely to personalise your dashboard and career intelligence.
    • Subscription data — If you subscribe to Xtell Pro, payment is processed by Stripe. We do not store your card details.
    • Analytics data — See Section 6 below.
    • Session data — We use your browser's local storage to maintain your authentication session. This is not a cookie and does not track you across websites. It is cleared when you log out.

    4. How and why we use your data

    We process your personal data for the following purposes:

    • Providing the service — To deliver personalised career intelligence, dashboard content, and recommendations based on your profile and active context.
    • Processing payments — To manage your Pro subscription via Stripe.
    • Improving the platform — To understand usage patterns and enhance features.

    Our legal basis for processing is legitimate interest (providing and improving the service) and, where applicable, contractual necessity (fulfilling your subscription). We do not sell your personal data to third parties.

    5. Automated decision-making

    Xtell uses algorithms to generate career insights, role evolution analysis, and risk assessments based on your profile data and publicly available market information. These are provided as informational guidance only and do not constitute automated decisions with legal or similarly significant effects as defined under GDPR Article 22. You are free to disregard any recommendation.

    6. Use of Artificial Intelligence and Third-Party AI Processing

    Xtell Pro uses artificial intelligence to generate personalised career intelligence for subscribers. This section explains exactly how your data is processed when AI features are used.

    What AI processes

    When you generate a personalised career briefing, Xtell sends the following profile data to Anthropic's Claude API (a third-party AI provider):

    • Your job title, industry, seniority level, and years of experience
    • Your career goal and risk appetite
    • Your selected career roles and skills
    • Aggregated UK vacancy data (not personal data)

    We never send your name, email address, or any other directly identifying information to AI providers.

    How Anthropic handles your data

    • Anthropic's commercial API terms explicitly exclude API inputs and outputs from being used to train their AI models.
    • API data may be retained by Anthropic for up to 7 days for safety and abuse monitoring, after which it is deleted. This retention period was reduced from 30 days in September 2025.
    • Since August 2025, Anthropic routes API processing through multiple regions including the EU. For UK and EU-based API calls, processing is likely to occur within the EU. Data storage remains in the United States. Standard Contractual Clauses are in place for any US data transfers.

    Your control

    • AI-powered features are opt-in only — available exclusively to Pro subscribers who choose to generate insights.
    • Free tier features do not involve any AI processing of your personal data.
    • You can use Xtell's market data, vacancy trends, and role tracking without any AI processing of your information.

    For more information, see Anthropic's Privacy Policy and Usage Policy.

    7. Analytics — Plausible (cookieless)

    We use Plausible Analytics to understand how visitors use Xtell. Plausible is a privacy-focused analytics tool that:

    • Does not use cookies — no cookie banner is required.
    • Does not collect personal data — no IP addresses, fingerprints, or cross-site tracking.
    • Is fully GDPR, CCPA, and PECR compliant.
    • All data is processed in the EU.

    We track aggregate page views and custom events (e.g. which roles are most explored) to improve the platform. None of this data can be used to identify you personally.

    8. Third-party services and data processors

    Xtell uses the following third-party services to operate the platform. Where these services process personal data on our behalf they act as data processors under UK GDPR.

    • Supabase — Database, authentication and backend infrastructure. Supabase stores your account data, profile data, and platform usage data. Data is hosted in the EU. Supabase Privacy Policy.
    • Stripe — Payment processing for Xtell Pro subscriptions and Career Intelligence Reports. We do not store your card details. Stripe Privacy Policy.
    • Anthropic — AI processing for Pro features. See Section 6 above for full details of how Anthropic processes your data. Processing occurs in the EU for UK and EU-based API calls. Data storage is in the United States.
    • LovableHTML (operated by Modern Tech Solutions LLC, USA) — Content delivery and SEO optimisation service. LovableHTML acts as a reverse proxy for crawler and bot traffic only, ensuring search engines and social platforms can correctly index and preview Xtell pages. LovableHTML processes web request data — IP addresses, URLs visited, and browser information — for crawler requests only. Regular user sessions are routed directly to our servers and never processed by LovableHTML. Data may be processed in the United States. LovableHTML Privacy Policy.
    • Plausible — Privacy-first, cookieless analytics hosted in the EU. Plausible does not collect personal data, use cookies, or track users across websites. See Section 7 for full details. Plausible Data Policy.
    • Cloudflare — Content delivery network and DDoS protection. Cloudflare processes network-level request data including IP addresses as part of serving the Xtell platform globally. Cloudflare Privacy Policy.
    • Adzuna — Live UK job market vacancy data. No personal data is shared with Adzuna. Adzuna Privacy Policy.

    9. International data transfers

    Some of our third-party processors operate outside the UK and European Economic Area. Here is where each service processes data:

    • Supabase — EU. No international transfer.
    • Plausible — EU. No international transfer.
    • Anthropic — Processing in the EU for UK and EU-based API calls. Data storage in the United States. Standard Contractual Clauses are in place.
    • LovableHTML — United States. LovableHTML processes only crawler request data (IP addresses and browser information) and not user personal data. Standard Contractual Clauses apply.
    • Cloudflare — Global edge network. Standard Contractual Clauses are in place.
    • Stripe — United States and EU. Stripe is certified under the EU-US Data Privacy Framework.

    Where international transfers occur, we ensure appropriate safeguards are in place in accordance with UK GDPR Article 46, including Standard Contractual Clauses or equivalent mechanisms approved under UK GDPR.

    10. Security

    We take the security of your data seriously. Measures we employ include:

    • Passwords are cryptographically hashed — never stored in plain text.
    • All data is encrypted in transit (TLS/HTTPS) and at rest.
    • Row-level security policies ensure users can only access their own data.
    • Server-side rate limiting and input validation protect against abuse.
    • Pro subscription status is verified server-side to prevent unauthorised access.

    No system is 100% secure. If you believe your account has been compromised, please contact us immediately.

    11. Data retention

    Account and profile data is retained for as long as your account is active. If you delete your account, we will remove your personal data — including all profile information — within 30 days. Analytics data is anonymised and retained indefinitely.

    12. Data breach notification

    In the event of a personal data breach that poses a risk to your rights and freedoms, we will notify the Information Commissioner's Office (ICO) within 72 hours and inform affected users without undue delay, in accordance with UK GDPR.

    13. Your rights

    Under UK GDPR, you have the right to:

    • Access your personal data.
    • Rectify inaccurate or incomplete data.
    • Erase your data ("right to be forgotten").
    • Port your data — receive a copy of your profile data in a structured, machine-readable format.
    • Object to processing based on legitimate interest.
    • Restrict processing in certain circumstances.

    To exercise any of these rights, contact us at the email below. We will respond within one month.

    14. Changes to this policy

    We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email (if you have an account) or by displaying a prominent notice on the platform. We encourage you to review this page periodically.

    15. Contact

    If you have questions about this policy or wish to exercise your data rights, please contact us at support@xplorient.com.