exa Privacy

🤖 Transparent by Design

Privacy Policy

We protect your data like it's our own. This policy explains what data we collect, how we use it, and your rights.

1. Information We Collect

We collect essential information including (1) IP addresses for security monitoring, (2) device metadata for feature optimization, and (3) anonymized usage patterns for system improvement.

  • Security logs for threat detection
  • Anonymous session analytics
  • Public IP addresses (retained for 30 days)

2. How We Use Data

Collected data powers three core functions: (1) security features, (2) system optimization, and (3) anonymous analytics. We never use personal data for commercial purposes or targeted advertising.

🔒 Zero-Party Data Policy

We collect only data you explicitly provide. All collection is opt-in, transparent, and revocable at any time through account settings.

3. Data Sharing & Control

Data is stored in EU-hosted servers with GDPR compliance. We share data only when (1) required by law enforcement, (2) to protect our systems' security, or (3) with your explicit consent.

Encryption

  • • 256-bit AES encryption at rest
  • • TLS 1.3 in transit
  • • Key rotation every 90 days

User Rights

  • • Right to access
  • • Right to erasure
  • • Right to portability
  • • Right to opt out
🔙 Data Retention Policy

Data is automatically purged after 180 days of inactivity. Secure deletion follows NIST 800-185 standards with confirmation emails sent to users.

🛡️ Compliance & Certifications

Full compliance with GDPR, SOC 2 Type II, ISO 27001, and HIPAA standards. Quarterly audits verify compliance.