X-Mode Privacy Policy

Last Updated: May 22, 2018

X-Mode Inc., a U.S. company with its headquarters at 45662 Terminal Drive, Dulles VA, 20164 ("X-Mode" "we," "us," and "our"), provides mobile advertising and data services to mobile application publishers ("Publishers") and advertisers ("Advertisers").

This privacy policy ("Privacy Policy") describes how we collect, use, store, and share information about two sets of people (referred to as "you," "your," and "yourself"): (a) visitors to our website located at www.X-Mode.io and any other website on which this Privacy Policy is posted (collectively, the "Site"), and (b) end users ("End Users") of third-party mobile applications ("Apps") that use the Services.  The Privacy Policy also describes certain choices you have regarding use, access to and correction of your information.

1. Background:  X-Mode's Services and Data Collection

X-Mode is a data aggregation and management platform that primarily focuses on the curation and use of precise location data to help a variety of organizations develop insights about aggregated human traffic patterns.  The information we provide, for instance, helps marketers and advertisers learn about their potential audiences and customers, and helps research organizations form insights for financial, market research, traffic and city planning, smart cities, educational or epidemiological purposes.  

We receive most of this location information either from an "SDK" that we provide to Apps, or (less often) from a server-to-server transfer and integration with mobile app partners.  (Please see Section 2 for more information about SDKs.)   We then provide the information in various forms to a variety of marketing and research companies that are interesting in inferences drawn from human location and traffic patterns.  We refer to these services, products and insights - as well as the SDKs and other technology we use to collect information - as our "Services."

2. The Information We Collect For the Services

We (and many of our clients and their own service providers) use or operate mobile SDKs (including our own SDK(s) in order to collect information, such as mobile identifiers (e.g., iOS IDFAs and Android Advertising IDs), location information (as we describe below) and other information related to how mobile devices of various types ("Devices") and their users interact with mobile advertising services and data platforms.  We (like others in the mobile advertising industry) provide our own SDK to Publishers to help them monetize their App and in many cases to provide significant amounts of free media, games, and other mobile services and activities.  We don't always obtain information through our SDK - sometimes we receive information through other interfaces, called "APIs," that connect to mobile applications and services - but most of the time we do collect information we use through our SDK (or sometimes, a business partner's SDK).

An SDK (which stands for "software development kit") is a string of computer code that Publishers can include in their apps to the collection of data, often related (as in our case) to the mobile advertising and data industry.  enable ads to be shown, data to be collected, and related services to be implemented.   Publishers can embed our SDK into their Apps in order to enhance their ability to show ads in their Apps, to target more relevant ads in their Apps, to analyze how well ads perform in their Apps (or to help or allow advertisers to do that), and to work with us to monetize their App content in other ways we describe in this Privacy Policy.  (If you would like to opt out from having ads tailored to you in this way on your mobile device, please follow the instructions in Section 6 below, entitled "Consumer Choices and Opt-Out Options.")

When you use an App that uses our Services (such as whose developer has licensed our SDK) the developer of the App may allow us to collect certain information (at limited intervals) about the Device, in particular:

We may on occasion use, or work with business partners who use, near field communication (NFC), Bluetooth LE sensors, or Bluetooth low-energy (BLE) beacon technology to send us signals about a Device's location.  We also may sometimes collect Device location data from third-party devices present at certain third-party locations, such as stores, shopping malls, stadiums, bars, restaurants, and other points of interest. This location data may be used for powering solutions in smart cities, fin-tech, real estate or advertising.  (If you are interested in how we collect, use and share information about our own customers and visitors to our corporate website, please go to Section 5.)

3. How We Use the Information We Collect and Receive in Our Services

We generally use the information that we collect from Apps, SDKs and APIs for purposes of providing the Services, including as follows:

The above is not an exhaustive description of all of the ways the information we collect may be used:  we may, for instance, sometimes customize uses of the information we have for certain customers.  But the above does describe the types of information that we collect, how we generally collect it, and what our company focuses on.  We provide more descriptions of those Services on our website, and we encourage you to review those descriptions.  If you are interested in how we collect, use and share information about our own customers and visitors to our corporate website, please go to Section 5.

4. How We Share the Information We Use and Collect In the Course of Our Services

We share the information we collect and receive both in order to operate our platform (such as with service providers), and in order to support the operations of our customers. Below is a more detailed list of how we share the information that we collect:

We may disclose information about you:

We also may share hashed email addresses (or other pseudonymous identifiers associated with those hashes), technical data that we collect about your browsing habits and your device (such as data relating to our cookies, tracking pixels and similar technologies) with other advertising companies in the digital advertising ecosystem. This enables them and our customers to better target ads to you.  (If you are interested in how we collect, use and share information about our own customers and visitors to our corporate website, please go to Section 5.)

5. Information For Visitors of the X-Mode Website  

X-Mode, and service providers and vendors we work with, also collect information from visitors ("Visitors") to our corporate website(s), including any website on which this Privacy Policy is posted (collective, the "Site"). This information includes information voluntarily and directly provided by Visitors, and information passively collected through automated means such as cookies and web pixels.

a. The information we collect from these Visitors to the Site.
b. How We Use the Above Information.
In addition to the purposes described above, we may use the information collected on our Sites to do the following:
c. How We Share the Information We Collect Through the Site.
In addition to the purposes described above, We sometimes share or otherwise disclose the Information we collect about you, as described in this Privacy Policy or otherwise disclosed to you when you provide us with the information, including as follows:

6. Consumer Choices and Opt-Out Options

There are several ways that you can manage the way that passively collected data, such as Device IDs and cookies, are used.   We describe these methods below.

You can manage certain collection and sharing of information in connection with the X-Mode Site and the Services as follows:

We also may share hashed email addresses (or other pseudonymous identifiers associated with those hashes), technical data that we collect about your browsing habits and your device (such as data relating to our cookies, tracking pixels and similar technologies) with other advertising companies in the digital advertising ecosystem. This enables them and our customers to better target ads to you.  (If you are interested in how we collect, use and share information about our own customers and visitors to our corporate website, please go to Section 5.)

7. Security

We employ administrative, technical, and physical safeguards for our physical facilities and in our computer systems, databases, and communications networks, which are designed to protect information contained within our systems from loss or wrongful acquisition.  However, no method of electronic transmission or storage is 100% secure. Therefore, we do not guarantee absolute security of your Information.  If you have any questions about the security of your information, please contact us through the contact information listed in Section 11.

8. International Transfers

We may store and process your Information in the European Union and the United States.  By accessing this website or our Services, you understand that information you provide to us may be stored in or (if applicable) transferred to the United States.  You should be aware that certain privacy laws in the United States and the other countries regarding processing the information may be less stringent than in your country.

9. The EU  (GDPR)

As of May 25, 2018, a new data privacy law known as the EU General Data Protection Regulation (or the "GDPR") will be in effect through the EEA countries and Switzerland.   The GDPR requires X-Mode and those using our services to provide users with certain information about the processing of their "Personal Data."  "Personal Data" is a term used in Europe that means, generally, data that identifies or can identify a particular unique user or device - for instance, names, addresses, cookie identifiers, mobile device identifiers, precise location data and biometric data.   

To comply with the GDPR, we provide the below representations and information, which are specific to persons located in EEA countries or Switzerland (so please don't rely on the below, if you're not):

a. Legal grounds for processing your Personal Data

The GDPR requires us to tell you about the legal basis we're relying on to process any Personal Data about you.  The legal basis for us processing your Personal Data for the purposes set out in Sections 2 and 3 above (and Section 5 as to our corporate customer data) will typically be because:

b. Transfers of Personal Data

When we transfer Personal Data outside of the EEA or Switzerland, we take steps to make sure that appropriate safeguards are in place to protect your Personal Data. In general, our data transfers of our Personal Data are safeguarded by European Standard Contractual Clauses and Data Processing Agreements where this is required by European Data Protection Law.  Feel free to contact us at the contact information below for more information about the safeguards we have put in place to protect your Personal Data and privacy rights in these circumstances.

As X-Mode works with global companies and technologies, we may need to transfer your Personal Data outside of the country from which it was originally provided. For instance, we may transfer your data to third parties that we work with who may be located in jurisdictions outside the EEA or Switzerland, and which have no data protection laws or laws that are less strict compared with those in Europe.

c. Personal Data Retention

As a general matter, we retain your Personal Data for as long as necessary to provide our Services, or for other important purposes such as complying with legal obligations, resolving disputes, and enforcing our agreements.  We generally retain Device IDs on the following schedule: we render Device IDs inactive for purposes of providing our services within 13 months from receipt of consent (or from any "refreshed" consent permitting us to continue to retain information), provided that we may retain data for longer periods, as needed, where we have fully de-identified such data in a manner so that it cannot be linked to Personal Data.  Please note that we may retain this (and other) Information whenever and so long as we have a significant legal or operational need to do so, such as for auditing, corporate record-keeping, compliance accounting or security and bug-prevention purposes.

If you are a customer of ours and thus have an account with us, we will typically retain your Personal Data for as long as required in order to serve the purpose for which it was collected, such as to provide you relevant information about our products and services. 

d. Your Rights as a Data Subject

The GDPR provides you with certain rights in respect of Personal Data that data controllers hold about you, including certain rights to access Personal Data, to request correction of the Personal Data, to request to restrict or delete Personal Data, and to object to our processing of your Personal Data (including profiling for online ad targeting).

  • Right to Access:  If you wish to exercise your right to access Personal Data we process as a data controller, you may do so by requesting access through the e-mail address privacy@xmodesocial.com.  When we receive your request, we will provide you with current, step-by-step instructions to follow in order to obtain access.  As we are required to verify a requestor's identity prior to providing Personal Data, we will assess requests to exercise certain data access rights on a case-by-case basis:  in doing so, we consider (a) the difficulty of verifying whether data that we hold and data we have linked to it truly and solely belongs to the data subject making the request, along with (b) the potential adverse affects on disclosure of personal data to the wrong individual.  Because such improper disclosure would likely adversely affect the privacy rights and freedoms of the data subject, we may limit the Personal Data we make available.  Please note that we will only grant requests for access for Personal Data for which we are a data controller, as explained further in sub-section (e) below.  Where we act as a processor for one of our customers, we will refer your request to that customer.   Please identify the customer your request refers to (if possible), to simplify this process.
  • Right to Correct: If you wish to exercise your right to correct Personal Data, you may do so by contacting us at the contact information below.
  • Right to Object to Processing or to Withdraw Consent:  By using the device-based "opt-out" signals described in Section 6 of this Privacy Policy, you may withdraw consent for processing on which we rely on consent. If you do so, we will cease processing your Personal Data for purposes of our services within 30 days or less. We either collect these opt-out signals ourselves or receive them from the mobile apps we work with.
  • Right to Erasure.  You also have the right to obtain the erasure of Personal Data concerning you that we hold as a controller. The above opt-out process satisfies this right. When a user opts-out through our partners (or through mobile device settings), and we receive this signal, we no longer use Personal Data to provide our advertising services. We will also manually delete your Personal Data if prefer that we do so; please contact us and email your device to privacy@xmodesocial.com for further instructions if you wish to exercise this right manually. Please note, however, that we may retain copies of certain Personal Data on inactive or back-up files, for our certain important internal and purposes, such as auditing, accounting and billing, legal or bug-detection, for as long as is necessary to fulfill those purposes.
  • Right to Lodge Complaints.  You have the right to lodge a complaint with a supervisory authority.  However, we hope that you will first consult with us, so that we may work with you to resolve any complaint or concern you might have.
e. X-Mode as a data controller and a data processor

EU data protection law makes a distinction between organisations that process Personal Data for their own purposes (known as "data controllers") and organisations that process Personal Data on behalf of other organisations (known as "data processors").  As noted above, we are not always a data controller of the data in our possession, but are sometimes a data processor for other companies such as our customers.  In such cases, we may direct your inquiry to the relevant data controller, since data controllers are the ones with primary responsibility for your Personal Data.

10. Changes to Privacy Policy  

If we make material changes to this Privacy Policy that may impact you, we will prominently post notice of the change on our website for a period of at least 30 days prior to the change becoming effective. We recommend that you check the Privacy Policy frequently so that you are informed of any changes. 

11. Contact Us 

If you have any questions about this Privacy Policy or how we use information, or if you seek to exercise any of the rights outlined in Section 9, please contact us at:



X-Mode, Inc, Privacy Officer,
45662 Terminal Drive,
Dulles VA, 20164,
Suite #200.


  1. X-Mode Social, Inc.
  2. Advan Research Company
  3. Adsquare
  4. AirSage
  5. AppNexus Inc.
  6. AreaMetrics
  7. Arrivalist
  8. Beaconinside
  9. Complementics
  10. Conversant Europe, Ltd.
  11. Cuebiq
  12. Drawbridge, Inc.
  13. Exterion
  14. Equifax
  15. Factual
  16. Freckle IoT Ltd.
  17. Generali
  18. GeoUniq
  19. Gravy Analytics
  20. GroundTruth
  21. Gyana
  22. Infinia Mobile
  23. Intersection
  24. InMobi
  25. JLL
  26. Kantar Media
  27. King
  28. Locomizer
  29. Narrative
  30. Ninth Decimal
  31. OpenX Software Ltd. and its affiliates
  32. Oracle
  33. Pitney Bowes
  34. Placed
  35. Place Dashboard
  36. Popertee
  37. PubMatic, Inc.
  38. PushSpring
  39. Reveal Mobile
  40. Roq.ad
  41. Smato
  42. Sito Mobile
  43. Skyhook Wireless
  44. Statiq
  45. Talon Outdoor
  46. Tamoco
  47. Teemo
  48. Telefonica
  49. The Floow
  50. The Singlespot
  51. The Trade Desk, Inc and affiliated companies
  52. The Rubicon Project, Limited
  53. UberMedia
  54. Unacast
  55. Vectaury
  56. Vistar Media
  57. Wireless Registry
  58. xAd, Inc. dba GroundTruth
  59. Zeotap