Privacy Policy
Last updated: September 16, 2025
This policy describes how Xirsys, LLC handles client personal data and operational information connected to its websites, dashboard, support channels, billing, and WebRTC infrastructure services.
1. Scope and audience
This policy applies to clients who contract with Xirsys, visitors to Xirsys websites and dashboards, and end users who use client applications that rely on Xirsys STUN/TURN infrastructure. End users should contact the client application provider for privacy requests tied to that application.
2. Data Xirsys handles
- Client personal data: account names, email addresses, business details, credentials, billing information handled through payment providers, support communications, and account-level usage metrics.
- Service traffic: WebRTC media and related relay traffic is transmitted through STUN/TURN infrastructure and is not stored as communications content by Xirsys.
- Metrics data: aggregated account-level metrics such as session counts, transferred bytes, regional capacity, uptime, and error rates may be stored for billing, operations, security, and planning.
3. How data is collected
Information is collected directly during signup, billing, support, and account administration; automatically through secure session cookies or dashboard tokens; and through service providers used for support, analytics, and payments.
4. How data is used
Xirsys uses data to provide and secure the services, administer accounts, process billing, prevent abuse, diagnose service issues, improve infrastructure, communicate service updates, and comply with legal obligations.
5. Cookies and similar technologies
Xirsys uses cookies and browser storage for authentication, secure sessions, preferences, and analytics. Browser controls may limit cookies, though some dashboard features may require them.
6. Third-party providers
Xirsys may use providers for payments, support, product analytics, web analytics, hosting, and related operations. These providers are used under confidentiality and security obligations appropriate to the service they provide.
7. Sharing and disclosure
Xirsys may share client personal data with service providers, professional advisors, successors in a corporate transaction, or authorities when legally required or necessary to protect rights, safety, or service security. Xirsys does not sell personal data.
8. Security
Xirsys uses safeguards such as encryption in transit, access controls, least-privilege permissions, monitoring, logging, and vulnerability management to protect client personal data and service operations.
9. Retention
Client personal data is retained while an account is active and for a limited period after closure unless a longer period is required for legal, tax, accounting, security, or dispute-resolution purposes. Xirsys does not store communications content from service traffic.
10. Your rights
Depending on jurisdiction, clients may have rights to access, correct, delete, port, object to, or restrict certain personal data processing. Privacy requests may be sent to privacy@xirsys.com.
11. International transfers
Xirsys is based in the United States and operates globally. Where required, international transfer mechanisms such as standard contractual clauses or related addenda may apply. See the SCC Addendum for additional transfer terms.
12. Children
Xirsys services are not directed to children under 13, and Xirsys does not knowingly collect data from children.
13. Contact
Custodian of Records - Privacy
Xirsys, LLC
25350 Magic Mountain Parkway, Suite 300, Santa Clarita, CA 91355
privacy@xirsys.com
14. Changes
Xirsys may update this policy from time to time. Material updates will be posted with reasonable notice, and continued use of the services after the effective date indicates acceptance.