Privacy Policy

This privacy policy applies to every person and organisation that visits our websites, uses the Xten platform, engages with our marketing materials, or communicates with our team. That includes coaching-centre owners, administrators, tutors, parents, students, recruitment professionals, job applicants, and general site visitors.

If you use Xten on behalf of an organisation, you confirm that you have the authority to accept this policy on that organisation’s behalf. Where we process data that a coaching centre or employer uploads about their own clients or candidates, that organisation remains the data controller and we act as a data processor under their instructions.

The data we collect depends on how you interact with us. Below is a summary of the main categories.

• ›Account information — name, email, phone number, business name, job title, and password when you create or manage an account.
• ›Communications — messages, support requests, live-chat transcripts, and feedback you send to us through any channel.
• ›Platform usage — features accessed, pages viewed, clicks, session duration, device type, browser, IP address, and approximate location.
• ›Marketing signals — email opens, link clicks, form submissions, ad interactions, and referral sources that help us measure campaign performance.
• ›Customer data — student records, family contacts, class schedules, attendance logs, and candidate profiles uploaded by organisations that use our platform.
• ›Payment information — billing address and payment-method details, processed and stored by our PCI-compliant payment partners; we do not store full card numbers.

We process personal data only when we have a lawful basis: to fulfil a contract with you, to comply with a legal obligation, to protect legitimate interests, or where you have given consent.

• ›Deliver and improve the platform — provision accounts, run features, fix bugs, and ship enhancements based on aggregated usage data.
• ›Communicate with you — send transactional emails, system alerts, support replies, and product updates you need to use the service.
• ›Process payments — issue invoices, collect subscription fees, and reconcile transactions through our payment partners.
• ›Market our services — send newsletters, run ads, and personalise content where you have opted in or where we rely on legitimate interest with an easy opt-out.
• ›Ensure security — detect fraud, prevent abuse, monitor for intrusions, and enforce our terms of service.
• ›Meet legal obligations — comply with tax laws, respond to lawful requests from authorities, and maintain records required by regulation.

We do not sell personal data. We share information only in the limited circumstances described below.

• ›Service providers — hosting, email delivery, payment processing, analytics, and customer-support tools that operate under strict data-processing agreements.
• ›Legal requirements — when we are required by law, regulation, or valid legal process to disclose information.
• ›Business transfers — in connection with a merger, acquisition, or sale of assets, where personal data may be among the transferred assets.
• ›Safety and fraud prevention — to protect the rights, property, or safety of Xten, our users, or the public.
• ›With your consent — in any other situation where you have given us explicit permission to share your data.

We retain data only as long as it is needed for the purposes described in this policy, after which it is securely deleted or anonymised. Specific retention periods depend on the type of data and applicable law.

• ›Active accounts — data is retained for the lifetime of the account and for 30 days after closure to allow recovery.
• ›Marketing data — kept until you unsubscribe or withdraw consent, then purged within 30 days.
• ›Billing records — retained for a minimum of seven years to satisfy tax and accounting regulations.
• ›Server logs — automatically rotated and deleted after 90 days unless required for an ongoing investigation.

Depending on where you live, data-protection law grants you specific rights over the personal data we hold about you. We honour these rights regardless of your location wherever it is practical to do so.

• ›Access — request a copy of the personal data we hold about you.
• ›Correction — ask us to correct inaccurate or incomplete data.
• ›Deletion — ask us to erase your personal data when it is no longer needed.
• ›Portability — receive your data in a structured, machine-readable format.
• ›Restriction — ask us to limit how we process your data while a dispute is resolved.
• ›Opt-out — unsubscribe from marketing communications at any time via the link in every email.

To exercise any of these rights, email privacy@xten.pro. We will respond within 30 days. If we need more time, we will let you know and explain why.

We use cookies, local storage, and pixel tags to remember your preferences, keep you signed in, measure traffic, and evaluate the effectiveness of our marketing. Strictly necessary cookies are set automatically; analytics and advertising cookies are set only after you give consent through our cookie banner.

You can change your cookie preferences at any time through the banner or your browser settings. Disabling non-essential cookies will not affect core platform functionality, but it may limit personalised content and the accuracy of our analytics.

We implement industry-standard technical and organisational measures to protect your data, including encryption in transit (TLS 1.2+) and at rest, multi-tenant data isolation, role-based access controls, regular vulnerability scanning, and automated intrusion detection. Our infrastructure is hosted in SOC 2-compliant data centres.

No system is perfectly secure. If we become aware of a data breach that is likely to result in a risk to your rights, we will notify you and the relevant supervisory authority without undue delay, in accordance with applicable law.

Xten operates across Southeast Asia, Australia, and the Gulf. Your data may be processed in a country other than your own. When we transfer data across borders, we rely on Standard Contractual Clauses, adequacy decisions, or other approved safeguards to ensure your data receives an equivalent level of protection.

Our primary infrastructure is hosted in Singapore and Australia. Sub-processors may operate in other jurisdictions; a current list is available on request by emailing privacy@xten.pro.

Our marketing site and account registration are not directed at children under 16. We do not knowingly collect personal information directly from children. Where coaching centres upload student records that include minors, the centre acts as the data controller and is responsible for obtaining the necessary parental or guardian consent.

We treat all student data as sensitive. It is stored in tenant-isolated databases, encrypted at rest, and accessible only to authorised staff within the relevant coaching centre. We never use student data for advertising or profiling purposes.

We may update this privacy policy from time to time to reflect changes in our practices, technology, legal requirements, or business operations. When we make material changes, we will post the revised policy on this page, update the “Last Updated” date, and — where required — notify you by email or through an in-app banner before the changes take effect.

We encourage you to review this page periodically. Your continued use of the platform after a revised policy is published constitutes your acceptance of the changes. If you disagree with any update, you may close your account by contacting support.