← Back to XOCOACH.AI
Privacy Policy
Last Updated: December 22, 2025
1. Introduction
XOAI LTD ("we", "us", or "our") operates XOCOACH.AI. This Privacy Policy explains how we collect, use, and protect your information when you use our Service.
We are committed to protecting your privacy and complying with:
- UK GDPR: General Data Protection Regulation as incorporated into UK law
- UK Data Protection Act 2018
- Children's Code (Age-Appropriate Design Code): ICO standards for services used by children
Important Notice for Parents and Guardians:
XOCOACH.AI can be used by children from age 5 upwards. We take children's privacy very seriously and have implemented enhanced protections in accordance with UK law. Please review this policy carefully and our
Safeguarding Policy before allowing your child to use the Service.
2. Information We Collect
2.1 Account Information
When you create an account using Google, Microsoft, or Apple authentication, we collect:
- Email address: For account identification and communication
- Name: From your authentication provider
- Profile photo: If provided by your authentication provider (optional)
- User ID: A unique identifier from your authentication provider
2.2 Usage Data
We collect information about how you use XOCOACH.AI:
- Activity requests: Sport, topic, age level, skill level selected
- Generated content: Lessons you create (stored temporarily for your access)
- Feature usage: Which features you use (PDF download, audio playback, save lesson)
- Login history: When you log in and from which device type
- Subscription status: Your current plan (Free, Starter, or Pro) and activity limits
2.3 Payment Information
When you upgrade to a paid plan:
- Payment processing: Handled securely by Stripe (we do not store your card details)
- Transaction records: Date of purchase, amount, payment status
- Billing email: For receipts and subscription management
Important: We NEVER see or store your full credit card number. Stripe handles all payment security.
2.4 Technical Data
- Browser information: Type and version (e.g., Chrome, Safari)
- Device information: Device type, operating system
- IP address: For security and approximate location (country level)
- Session data: How long you use the Service
2.5 AI-Generated Content
When you generate coaching content:
- Your prompts: The subject, topic, and age level you specify
- Generated coaching content: Stored in your account for your access
- Saved coaching content: Content you choose to save (can be deleted by you anytime)
3. How We Use Your Information
3.1 To Provide the Service
- Create and manage your account
- Generate personalized AI coaching content using Google Gemini
- Process premium subscriptions
- Provide customer support
- Remember your preferences and saved coaching content
3.2 To Improve the Service
- Analyze usage patterns to improve features
- Identify and fix technical issues
- Develop new features based on user needs
- Optimize lesson quality and relevance
3.3 To Communicate With You
- Send important service updates
- Respond to your support requests
- Send subscription and payment confirmations
- Notify you of significant changes to the Service or policies
3.4 To Ensure Safety and Security
- Prevent fraud and unauthorized access
- Enforce our Terms of Service
- Filter inappropriate content requests
- Monitor for safeguarding concerns
4. Children's Privacy (Under 18)
XOCOACH.AI can be used by children aged 5 and above with appropriate parental consent and supervision. We provide enhanced privacy protections for children in compliance with the UK Children's Code.
4.1 Parental Consent
- Required: For users under 18, parental consent is required before account creation
- Verification: Parents/guardians must review this Privacy Policy and our Safeguarding Policy
- Control: Parents can request access to, correction of, or deletion of their child's data at any time
4.2 Data Minimization for Children
For users under 18, we:
- Collect only the minimum data necessary to provide the Service
- Do NOT collect location data beyond country level
- Do NOT use children's data for marketing or profiling
- Do NOT share children's data with third parties for advertising
- Apply default privacy settings that prioritize children's privacy
4.3 Content Safety for Children
- All content is filtered for age-appropriateness
- AI responses are monitored for harmful content
- Safeguarding measures prevent inappropriate activity generation
- See our Safeguarding Policy for full details
4.4 Parental Rights
Parents and guardians of users under 18 have the right to:
- Access their child's personal data
- Request correction of inaccurate data
- Request deletion of their child's account and data
- Object to processing of their child's data
- Withdraw consent at any time
To exercise these rights, contact us at info@xoai.cloud
5. Data Storage and Security
5.1 Where We Store Your Data
Your data is stored using secure cloud infrastructure:
- Google Cloud Platform: For hosting and database (Firebase Firestore)
- UK/EU data centers: Your data is stored in UK or EU regions where possible
- Encryption: All data is encrypted in transit (HTTPS) and at rest
5.2 How We Protect Your Data
- Authentication: Secure OAuth2 authentication via Google, Microsoft, Apple
- Access control: Only authorized personnel can access user data
- Monitoring: Automated security monitoring for unusual activity
- Regular updates: Software and security patches applied promptly
- Secure payments: PCI-compliant payment processing via Stripe
5.3 Data Retention
| Data Type |
Retention Period |
Reason |
| Account information |
Until account deletion |
Account management |
| Generated coaching content |
Until deleted by user or account deletion |
User access to their content |
| Payment records |
7 years |
Legal/tax requirements |
| Support requests |
3 years |
Customer service records |
| Usage analytics |
2 years (anonymized) |
Service improvement |
6. Data Sharing
6.1 We DO NOT Sell Your Data
We do not and will never sell your personal information to third parties.
6.2 Third-Party Services We Use
We share limited data with trusted service providers who help us operate the Service:
| Service |
Purpose |
Data Shared |
| Google Cloud |
Hosting, database, AI |
All user data (stored securely) |
| Google Gemini |
AI activity generation |
Lesson prompts only (no personal data) |
| Google Imagen |
Diagram generation |
Diagram descriptions only |
| Stripe |
Payment processing |
Email, payment amount, subscription status |
| Authentication providers |
Account login |
Email, name, user ID (via OAuth) |
All third-party services are required to protect your data and use it only for the purposes we specify.
6.3 Legal Requirements
We may disclose your information if required to:
- Comply with legal obligations or court orders
- Protect the rights, property, or safety of XOAI LTD, our users, or the public
- Prevent fraud or security threats
- Respond to safeguarding concerns involving children
7. Your Rights Under UK GDPR
You have the following rights regarding your personal data:
7.1 Right to Access
You can request a copy of all personal data we hold about you.
7.2 Right to Rectification
You can request correction of inaccurate or incomplete data.
7.3 Right to Erasure ("Right to be Forgotten")
You can request deletion of your account and personal data. Note: We may retain some data for legal obligations (e.g., payment records for tax purposes).
7.4 Right to Restrict Processing
You can request that we limit how we use your data in certain circumstances.
7.5 Right to Data Portability
You can request your data in a structured, machine-readable format to transfer to another service.
7.6 Right to Object
You can object to processing of your data for marketing purposes (though we do not currently use data for marketing).
7.7 Right to Withdraw Consent
You can withdraw consent for data processing at any time by deleting your account.
7.8 How to Exercise Your Rights
8. Cookies and Tracking
8.1 What Cookies We Use
XOCOACH.AI uses minimal cookies and local storage:
- Essential cookies: Required for login and account functionality (cannot be disabled)
- Authentication tokens: To keep you logged in securely
- Preference cookies: To remember your settings
8.2 What We Don't Use
We do NOT currently use:
- Analytics cookies (may be added in future with notice)
- Marketing cookies
- Third-party advertising cookies
- Social media tracking pixels
9. International Data Transfers
Your data is primarily stored in UK/EU data centers. If data is transferred outside the UK/EU:
- We ensure adequate safeguards are in place (e.g., Standard Contractual Clauses)
- Google Cloud provides UK GDPR-compliant data protection
- Children's data receives enhanced protection for international transfers
10. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. When we do:
- We will update the "Last Updated" date at the top of this page
- We will notify you via email for significant changes
- We will give you notice before changes take effect
- Continued use of the Service after changes means you accept the updated policy
11. Data Protection Officer
For any questions about data protection or privacy:
12. Complaints and Supervisory Authority
If you believe we have not handled your data properly, you have the right to lodge a complaint with:
However, we encourage you to contact us first so we can try to resolve your concern directly.
13. Contact Us