Last updated: May 14, 2026
This Privacy Policy ("Policy") describes how Metasign Inc, a company incorporated in Wyoming, United States ("Metasign," "Company," "we," "our," or "us"), collects, uses, discloses, transfers, and retains personal data in connection with Xpptx websites, applications, APIs, and related services (collectively, the "Services").
This Policy applies to personal data processed in connection with:
website operations, including registration, account, pricing, and legal pages; account creation, authentication, and account management; product workflows, including content generation, editing, and export; subscription, payment, billing, and credit-ledger operations; customer support, security monitoring, fraud prevention, and legal compliance.
For contact details and request channels, see Section 13 (Contact).
account data, such as email, username, and profile details; authentication and identity-linkage data, including verification login data and third-party sign-in linkage data; content data, including prompts, uploaded files, generated or edited presentation content, and associated metadata; transaction and ledger data, including order IDs, plan type, subscription status, renewal and cancellation status, credit balances, credit usage records, and billing documents; support communications and attachments you submit to us.
device and network data, such as IP address, browser, operating system, device type, locale/language, and timestamps; usage and telemetry data, such as page views, feature interactions, request/response logs, diagnostics, and performance data; security and risk signals, including authentication outcomes, anti-abuse signals, anti-fraud indicators, and API/token risk events; cookie and local storage data, including session state, authentication state, and operational preferences.
identity providers (for social or federated sign-in); payment processors and anti-fraud providers (for example, Stripe and fraud-screening partners); analytics and measurement providers (for example, Google Analytics).
We process personal data to:
provide, operate, maintain, and improve the Services; authenticate users and secure accounts; process generation, editing, and export workflows; process subscriptions, payments, taxes, accounting, and credit-ledger operations; detect, investigate, and prevent abuse, fraud, unauthorized access, and security incidents; provide support and service communications; comply with legal obligations and enforce contractual or legal rights.
Where required by applicable law, we rely on one or more of the following legal bases:
performance of a contract; legitimate interests (such as platform security, fraud prevention, and service operations); consent (where legally required for specific cookie, analytics, or marketing activities); compliance with legal obligations; establishment, exercise, or defense of legal claims.
We use cookies and similar technologies (including local storage) for session continuity, authentication, service functionality, security controls, and analytics/performance measurement.
You may manage cookie preferences through browser settings and, where available, consent management tools.
Where required by applicable law, we obtain consent before using non-essential cookies (such as certain analytics or advertising cookies).
We may disclose personal data to:
payment and billing processors (for example, Stripe, to process payments, subscriptions, and related billing events); cloud hosting, storage, CDN, and infrastructure providers; analytics, monitoring, and observability providers (for example, Google Analytics for aggregate usage and performance measurement); customer support and communication service providers; legal, compliance, audit, and professional advisors; regulators, courts, law enforcement, and public authorities where required by law; counterparties and advisors involved in merger, acquisition, financing, restructuring, or asset transfer transactions; other parties at your direction or with your authorization.
We do not sell personal data for monetary consideration in the traditional sense.
When you purchase a subscription or paid feature, payment processing is performed by Stripe, Inc. and its affiliates ("Stripe"), acting as our payment processor.
For card payments, your full card number, CVC/CVV, and full payment credentials are collected and processed directly by Stripe under Stripe's own technical and compliance controls. We do not store or receive full card numbers or CVC/CVV in our systems.
We may receive and process limited payment and billing data from Stripe, such as:
customer and payment method identifiers (for example, Stripe customer/payment method IDs); card metadata (for example, brand, funding type, and last four digits); billing contact details and billing country/region; subscription status, invoice status, payment outcomes, and refund/chargeback events; risk, fraud, and dispute-related signals provided by Stripe.
We use this data to:
create and manage subscriptions and invoices; provide receipts, billing support, and account-level payment history; detect and prevent fraud, payment abuse, and unauthorized transactions; meet tax, accounting, audit, and legal obligations.
Stripe may process personal data as an independent controller for certain activities under its own privacy notice and legal obligations.
Because we use global infrastructure and vendors, personal data may be transferred to and processed in countries other than your country of residence. Where required, we implement recognized safeguards for cross-border transfers.
We retain personal data only for as long as reasonably necessary for service delivery, account and platform security, billing and compliance, dispute resolution, and legal obligations. When retention is no longer required, we delete, anonymize, or de-identify data in accordance with applicable law.
We implement reasonable administrative, technical, and organizational safeguards, including access controls, encryption in transit where appropriate, and security monitoring. No transmission or storage method is completely secure, and you are responsible for safeguarding your credentials and API tokens/keys.
Subject to applicable law and permitted exceptions, you may have rights to:
confirm whether we process your personal data and request access; request correction of inaccurate data; request deletion of personal data; request restriction of certain processing; object to processing based on legitimate interests; request data portability in a structured, commonly used format; withdraw consent where processing relies on consent; appeal a denial of a privacy request, where appeal rights are required by law.
To submit a request, contact us using the channel listed in Section 13 (Contact) with sufficient information for us to locate your records. We may verify your identity, including verification of account ownership or control of the relevant email address, before fulfilling your request.
Where permitted by law, you may designate an authorized agent to submit requests on your behalf. We may require proof of authorization and may separately verify your identity.
We respond to privacy requests within timeframes required by applicable law. Where legally required, if we deny all or part of a request, we will provide the basis for that decision and applicable appeal instructions.
Where applicable U.S. state privacy laws apply, you may have specific rights to know/access, correct, delete, and obtain portability of personal data, and to opt out of certain processing activities where required by law.
We do not sell personal data for monetary consideration in the traditional sense, and we do not process sensitive personal data for purposes requiring a separate opt-out right under applicable state law except as otherwise disclosed and legally permitted.
If your state law grants an appeal right, you may appeal by replying to our privacy request response or contacting us using the channel listed in Section 13 (Contact) with the subject line "Privacy Appeal." We will review and respond according to applicable legal timelines.
For users in jurisdictions with additional privacy requirements (including, where applicable, the EEA, UK, and Switzerland), the following also applies:
you may have additional rights under local law, such as the right to lodge a complaint with a competent supervisory authority; where required, we process personal data under recognized legal bases and apply appropriate transfer safeguards for cross-border data transfers; where consent is required under local law for specific processing activities, you may withdraw consent at any time for future processing; where local law provides stronger mandatory protections than this Policy, those mandatory protections control to that extent.
The Services are not directed to individuals under 18 years of age, or a higher age threshold where required by local law. We do not knowingly collect personal data from individuals under the applicable minimum age in violation of applicable law.
If you believe an individual under the applicable minimum age has submitted personal data improperly, contact us using the channel listed in Section 13 (Contact). Where required, we will take reasonable steps to delete relevant data.
The Services may include links to third-party websites, products, or services that are not controlled by Metasign. This Policy does not apply to those third-party services. Your use of third-party services is subject to their own terms and privacy policies.
We may update this Policy periodically to reflect operational, legal, or regulatory changes. When we make material changes, we will post the revised Policy with an updated "Last Updated" date and, where required by law, provide additional notice or obtain consent.
Continued use of the Services after a revised Policy becomes effective means the revised Policy applies prospectively to your continued use, to the extent permitted by law.
If you have questions about this Policy or want to submit a privacy request, contact:
Metasign Inc (Wyoming, United States)
Email: support@metasigncloud.com
For privacy requests, please include:
the email address associated with your account; the type of request (for example: access, correction, deletion, restriction, objection, portability, or appeal); enough detail for us to locate relevant records; and if using an authorized agent, proof of authorization as required by applicable law.
We may request additional information necessary to verify your identity and authority before fulfilling privacy requests involving personal data.
This Policy is intended to work together with applicable product notices, consent notices, and region-specific disclosures.
Where applicable law provides rights or protections that are stronger than this Policy, applicable law controls to that extent.
If any provision of this Policy is held invalid or unenforceable, the remaining provisions remain in full force and effect.
Any capitalized terms not defined in this Policy have the meanings given in the Terms of Use, where applicable.
