X-Mode Privacy Policy

Last Updated: May 18, 2020

California Users: If you located in California, then under the CCPA, you have a right to opt-out of the sale of your information. To do this, please head over to X-Mode’s “Opt-out/Do Not Sell” Form.

X-Mode Inc., a U.S. company with its headquarters at 11955 Freedom Drive, Reston, VA 20190, Suite 780 (“X-Mode” “we,” “us,” and “our”), provides mobile advertising and data services to mobile application publishers (“Publishers”) and advertisers (“Advertisers”).

This privacy policy (“Privacy Policy”) describes how we collect, use, store, and share information about three sets of people (referred to as “you,” “your,” and “yourself”): (a) visitors to the Site, (b) end users of Apps that use the Services, and (c) End Users of X-Mode’s applications.  The Privacy Policy also describes certain choices you have regarding use, access to and correction of your information.

If you are a user located in the European Union and would like to view your rights under the GDPR, please go to Section 9 of this Policy. If you are a user located in California, and would like to view your rights under the CCPA, please click here.


Key Terms

  • SDK, or Software Development Kit: An SDK is a string of computer code that Publishers can include in their apps to collect data, often related (as in X-Mode’s case) to the mobile advertising and data industry.
  • XDK: X-Mode’s internally created mobile SDK.
  • Services: X-Mode’s Services refer to the products and insights we provide in the form of location data and/or advertising IDs to marketing and research companies, generally to enable their research and personalized advertising. The Services can also mean the XDK and other technology we use to collect information.
  • Site: X-Mode’s website located at www.xmode.io, and any other website on which this Privacy Policy is posted.
  • Publishers: Mobile app developers who have integrated our XDK into their Apps.
  • Apps: The third-party mobile applications created by Publishers that have integrated our XDK.
  • Server-to-Server App / Server-to-Server Partner: X-Mode has partnered with two app developer companies who do not use the XDK, but send us data they collect from their apps using their own SDKs. The information we receive from Server to Server is equivalent to the information the XDK collects.
  • Devices: Apple and Google phones (such as an iPhone or Samsung Galaxy).
  • X-Mode Apps: X-Mode owned and operated apps.
  • System Location Services: The ability to allow Apps to access your location on iOS and Android Devices.
  • Advertising ID: A unique 32-character string of numbers and letters randomly assigned to a Device. Advertisers may use this ID to serve your Device more personalized advertising.
  • Limit Ad Tracking/Opt-Out of Interest Based Ads: A feature on iOS/Android Devices that allows the user to disable their Advertising ID. Once disabled the Device is opted-out from our Services. On iOS phones, Limiting Ad Tracking zeroes out the Advertising ID.
  • Trusted Partners: Third party companies that have partnered with X-Mode to receive our Services.

1. Background: What Does X-Mode Do?

X-Mode is a data aggregation and management platform that focuses on the curation and use of precise location data to help a variety of organizations develop insights about aggregated human traffic patterns. The information we provide helps marketers and advertisers learn about their potential audiences and Trusted Partners, and helps research organizations form insights for financial, market research, traffic and city planning, smart cities, or educational purposes. We also may work with government agencies or health organizations interested in traffic patterns for purposes of disease prevention and research, security, anti-crime and law enforcement, or civic and traffic planning.

We receive most of this location information either from our XDK that we provide to Apps, or from other means of transfers and integrations occurring at the “server” side with mobile app partners (often called “server to server” transfers. We then provide that information in various formats to a variety of marketing and research companies as part of our Services. (Please see our Trusted Partners for a list of companies we provide information to).

2. What Information Do We Collect?

We use our XDK to collect information, including mobile advertising IDs (e.g., iOS IDFAs and Android Advertising IDs), location information (as described below), and other information related to how different types of Devices and their users interact with mobile advertising services. We also receive this same information from Server to Server partners. We provide our XDK to Publishers to help them monetize their Apps using location in order for them to provide free media, games, and other mobile services and activities such as weather forecasts or traffic updates. We also use our XDK in our X-Mode Apps.

Advertisers use the location data collected by the XDK in Apps and X-Mode Apps, and received from Server to Server partners, to enhance their ability to show ads in mobile apps, to target more relevant ads in mobile apps, and to analyze how well ads perform in mobile apps. (If you would like to opt-out from having ads tailored to you in this way on your mobile device, please follow the instructions in Section 6 below, entitled “Consumer Choices and Opt-Out Options”). Some advertisers may use location data or “interest segments” across devices or browsers – such as to try to “find” a particular consumer on multiple devices (e.g., tablets, mobile devices, browsers, or televisions).

When you download and use an App or X-Mode App that uses our Services (the XDK) and have System Location Services “On” and Limit Ad Tracking “OFF”, the XDK can collect certain information through or about the Device, in particular:

  1. Precise Location Data, which means:
    • Geolocation of the Device, usually expressed by latitude-longitude coordinates obtained through GPS features of our XDK, WiFi data, cell tower triangulation and other techniques permitted by the Device’s operating system.
    • Dwell time near points of interest (or how long your device stayed at one place).
  2. Relative Location Data, which means:
    • Bluetooth Low-Energy (BLE) sensors, or beacons.
    • Signals from the Internet of Things (IoT) devices.
    • Near-field Communication (NFC).
    • The GPS capabilities of our XDK allow it to receive signals from each of these technologies that show when a Device is close by. For example, many retail stores have beacons that detect when a Bluetooth-enabled Device passes by or goes into the store. Shopping malls, stadiums, restaurants, museums and other similar points of interest may also use beacons. The Relative Location Data we collect can be used for powering solutions in smart cities, government planning, security and law enforcement, financial or market research and technology (“Fin-tech”), or targeted advertising.
  3. Advertising IDs (Android ID or iOS IDFA).
  4. Time and Date Information.
  5. Event information about your Device, which means:
    • Any crashes
    • System activity
    • Hardware settings.
  6. Usage Data is automatically collected and cannot identify an individual user, which means:
    • Device type (i.e. iPhone 7).
    • Operating system version and type (i.e. iOS 13.2).
    • Device settings (i.e. whether or not you have enabled Location Services).
    • Device time zone.
    • Device carrier.
    • Current IP address.
    • Applications on which our XDK is embedded.
  7. Site Information, which means:
    • Additionally, each time you use the Site we automatically collect the type of web browser you use, your operating system, your Internet Service Provider, your IP address, the pages you view, and the time and duration of your visits to the Site. We use this information to enhance the services we offer, provide targeted advertising, and to help us understand how people use the Site and Services.

If you are interested in how we collect, use and share information about our own customers and visitors to our corporate website, please go to Section 5.

3. How Do We Use the Information We Collect?

When you download and use an App that uses our Services and have Location Services “On” and Limit Ad Tracking “OFF”, both X-Mode and our Trusted Partners can use the information collected by the XDK or received from Server to Server partners for any of the following purposes:

  1. Inferences from Aggregated Data, such as Traffic Patterns and Research:
    • We use the information we collect and receive to make inferences about human location and traffic patterns. For instance, we might notice groups of Devices at certain types of locations or venues over time, like concerts, soccer or baseball stadiums, cafes or gyms and spas, and we might include these observations in the services.
    • We curate these insights into data products which we provide to our Trusted Partners. We may append other fields such as venue name, category, dwell timed or ticker symbols to an aggregate group of Advertising IDs to build consumer profiles or to make financial-based decisions such as trading on the stock market.
    • We also share this information with Trusted Partners in the marketing and research industry, including advertising platforms, who use the information to provide similar services. The information helps these companies to better predict and draw insights about consumer, market or scientific trends related to human movement patterns.
    • We also license the information to Trusted Partners involved with real estate, city planners or smart city companies and augment it with relevant fields to create more specific segments for their needs.
  2. Interest-Based Segments and Ad Targeting:
    • We also use these observations to categorize Device users into “interest segments” (for instance, that a device is associated with an interest in attending sporting events, or department stores) that the Trusted Partners we license information to can use to send ads to users when the same users appear on their own mobile platforms.
    • By using interest segments, marketers are more likely to be able to send an offer that a consumer is more likely to want and less likely to find annoying.
  3. Attribution:
    • We use some of the information we collect and receive (including location information and Advertising IDs) to help advertisers analyze aggregate ad performance – such as by measuring whether or how Devices that saw a particular ad tended to engage with a particular product or visit a particular venue; this practice is sometimes called “attribution” analysis.
    • For instance, if numerous Devices were sent an ad or offer for “X-Mode Pizza” on Tuesday, and the Device “traffic” at X-Mode Pizza on Wednesday or Thursday was particularly high, an advertiser might conclude that the ad campaign was successful.
  4. Publisher Insights:
    • We help the Publishers that we work with understand more about the users of their own apps – using the same types of interest segments we have described above.
    • We can also use that information to inform Publishers of compliance options with applicable laws and guidelines where applicable.

The above is not an exhaustive description of every single unique ways the information we collect and receive may be used by X-Mode and our Trusted Partners: we may, for instance, sometimes customize uses of the information we have for certain Trusted Partners. But the above does describe the types of information that we collect and receive, how we generally collect it, and what our company focuses on.

If you are interested in how we collect, use and share information about our own customers and visitors to our corporate website, please go to Section 5.

4. Who Else Do We Share Information We Collect With?

We share the information we collect and receive both in order to operate our platform (such as with service providers) and in order to support the operations of our Trusted Partners. We may share the following information we collect from your Device:

  1. With Our Trusted Partners:
    • We share Advertising IDs, Location Information, Usage Data, and interest segments created using that information, with our Trusted Partners.
    • Our Trusted Partners may include brands, data platforms, online advertising networks, and companies that perform research about consumer behavior, targeted or customized advertising, or human traffic patterns. You can learn more about our Trusted Partners here.
  2. With Our Service Providers:
    • We contract with companies who help us with our business operations (for example, website and data hosting, fraud prevention, verification and reporting, data hygiene, marketing, and email delivery), as well as billing, collections, tech, Trusted Partner and operational support.
  3. With Service Providers to Our Trusted Partners:
    • Our Trusted Partners may contract with companies who handle data (such as managing Trusted Partners’ proprietary data, including Ad IDs).
  4. With Our Subsidiaries and Related Companies:
    • We currently do not have subsidiaries or corporate affiliates, but if we do we may share any information that we hold with them. Any future subsidiaries or affiliates will be listed in this Privacy Policy.
  5. In Connection with Legal Proceedings or Process:
    • When we are under a legal obligation to do so, for example, to comply with a binding order of a court, or where disclosure is necessary to exercise, establish or defend the legal rights of X-Mode, our Trusted Partners or any other third party or to satisfy in good faith any applicable law, legal process.
    • We likewise may disclose any information in response to a proper governmental request, a subpoena (whether civil or criminal) or a similar process.
  6. To Investigate Wrongdoing and Protect Ourselves or Third Parties:
    • To enforce our rights and Terms of Service or other policies, or to investigate any potential violation of those Terms and policies, any potential violation of the law, or to protect ourselves, our Trusted Partners, or any third party from any potential harm (whether tangible or intangible).
  7. In Connection with a Sale of Our Business:
    • If a third party acquires some or all of our business or assets, we may disclose your information in connection with the sale (including during due diligence in preparation for the sale).

5. Cookies & the X-Mode Website

X-Mode, and service providers and vendors we work with, also collect information from visitors to our corporate website(s), including any website on which this Privacy Policy is posted (collective, the “Site”). This information includes information voluntarily and directly provided by Visitors, and information passively collected through automated means such as cookies and web pixels. The information we collect from visitors to the website is as follows:

  1. We collect voluntarily submitted information. This includes information such as your name, address, phone number, and email address if you provide it to us. For instance, you might provide us this information to register for an event, to get information about our services, or to set up an account on our system (in which case you might provide additional information to us, such as about your employer or in some cases, your payment information.
  2. Other Information is collected automatically from your device or browser. We also collect device or browser-based information from your desktop computer, laptop, mobile phone, tablet, or other consumer electronic devices that you use to access the Site. This may include technical information about your Device (such as the Device type, operating system, settings, and system configurations, IP address, Advertising ID and other unique Device identifiers, and mobile network information) and your activity using the X-Mode Site (such as data about the webpages you access, traffic to and from websites, the dates and times associated with transactions, web log data, and other event information, including crashes and system activity). We sometimes use this information for our internal, analytics purposes, such as to understand what products and services Visitors may be interested in, which pages of our Site are most (and least) popular, and to help us understand how people interact with our Site in other ways. If you have provided your personal contact information to us (such as your email address), we may combine this information with the above information, such as to understand how better to serve you.
  3. We and our service providers may place cookies on our Visitor’s browsers. Cookies are small data files that have unique identifiers and reside on your browser files. Among other things, cookies help us improve and personalize your use of the X-Mode Site. We may permit certain third parties to place cookies through the Site to provide us with better insights into the use of the Site and user demographics and to provide relevant advertising to you. Using cookies, these third parties, such as online advertising platforms, may collect information about your online activities over time and across different websites, including when you use the Site. For instance, if we visit a page on our website that describes our Services, we might “retarget” (through a third party advertising platform) with an ad for our Services when you are on another website. You may opt-out of this type of retargeting and other types of interest-based advertising by exercising the opt-out choices described in Section 6.
  4. Another example of how we use cookies is that we use Google Analytics to analyze usage patterns for the X-Mode Site. Google Analytics generates a cookie to capture information about your use of the Site that Google uses to compile reports on website activity for us and to provide other related services. Google may use all or a portion of your IP address to identify its cookie and for its commercial purposes.
  5. Web beacons or “pixels” are electronic images that may be used on the Site or in emails we send to you. We use web beacons to deliver cookies, count visits, understand usage and effectiveness of offers, and tell whether you open an email and act upon it.

6. Consumer Choices & Opt-Out Options

There are several ways that you can manage the way that passively collected data, such as Advertising IDs and cookies, are used. We describe these methods below. You can manage certain collection and sharing of information in connection with the X-Mode Site and the Services as follows:

  1. Browser Settings: You may control how your browser responds to cookies by adjusting the privacy and security settings of your web browser.
  2. Interest-Based Advertising Opt-Out: You can opt-out of information collected for web-based interest-based advertising (for instance, by tailoring ads based on activities tracked across websites, over time), by those companies that participate in the Network Advertising Initiative or the Digital Advertising Alliance, by visiting the NAI’s opt-out page or the DAA’s Consumer Choice Page. EEA and Swiss residents, please refer to www.youronlinechoices.com. The “opt-out” methods on these industry web portals generally are cookie-based, so if you delete your cookies (or change or update your browser) you will need to opt-out again. We provide the above information because — although our services are not focused on cookie-based advertising — we may work with companies to target ads for our own services (such as to retarget Visitors of our own website). In addition, some third-party platforms may employ our Information to connect user identities across devices – such as to inferentially “match” a mobile device by common IP address to a web browser.
  3. Device-based Opt-out (for Cross-App Advertising):You may limit the disclosure of certain Information by your mobile device to us and Publishers by adjusting the settings on your mobile Device. For iOS mobile devices, go to “Settings” from your Device’s home screen; scroll down to “Privacy”; select “Advertising”; and turn on “Limit Ad Tracking.” For Android mobile devices, go to “Google Settings” on your device; select “Ads”; and check the box labeled “Opt Out of Interest-Based Ads.” For additional instructions or information about how these opt outs work, go to the NAI’s Mobile Choice page. We honor these “limit” or “opt-out” instructions or “flags” by removing recognized devices from our cross-app advertising or ad delivery and reporting solutions, on a going forward basis.
  4. Our Promotional Emails: You may opt not to receive promotional emails from us by contacting us as indicated below, or by following the “unsubscribe” instructions in any promotional email you receive from us, or by contacting us at privacy@xmodesocial.com. Please note that, however, we may still send you non-promotional, transactional, or service-related emails about your relationship with us.

7. Security

We employ administrative, technical, and physical safeguards for our physical facilities and in our computer systems, databases, and communications networks, which are designed to protect information contained within our systems from loss, wrongful acquisition, use, alteration or disclosure. No method of electronic transmission or storage is 100% secure, which means we cannot guarantee absolute security of your information. However, we limit access to Location Data or Advertising IDs we collect to specific employees and third parties who have a business need to know and who are bound by a duty of confidentiality. If you have any questions about the security of your information, please contact us through the contact information listed in Section 13.

8. International Transfers

We may store and process your information in the European Union and the United States. By accessing this website or our Services, you understand that the information you provide to us may be stored in or (if applicable) transferred to the United States. You should be aware that certain privacy laws in the United States and the other countries regarding processing the information may be less stringent than in your country.

9. The E.U. (GDPR)

The GDPR requires X-Mode and those using our services to provide users with certain information about the processing of their “Personal Data”. “Personal Data” is a term used in Europe that means, generally, data that identifies or can identify a particular unique user or device – for instance, names, addresses, cookie identifiers, mobile device identifiers, precise location data, and biometric data.

If you have any questions about X-Mode’s data practices in the context of the GDPR, you may contact our Data Protection Officer at privacy@xmodesocial.com.

To comply with the GDPR, we provide the below representations and information, which are specific to persons located in EEA countries or Switzerland (so please don’t rely on the below, if you’re not):

  1. Legal grounds for processing your Personal Data: The GDPR requires us to tell you about the legal basis we’re relying on to process any Personal Data about you. The legal basis for us processing your Personal Data for the purposes set out in Sections 2 and 3 above (and Section 5 as to our corporate customer data) will typically be because:
    • You provided your consent. In order to provide our services that involve use of precise location information related to other Personal Data, (and to store and gain access to information stored on your device such as Advertising IDs), we rely on your consent. To obtain this consent, we rely on our own compliance steps and our web and mobile partners’ compliance steps, designed to ensure that consent is collected and passed on to partners, and to ensure that we only facilitate the collection of legally obtained data. We may choose to obtain consent in other cases as well, in which case we will adhere to applicable laws relating to such consent and its withdrawal. We also seek to obtain consent for certain partners with whom we work, who are often independent data controllers. We list these partners in our List of Partners, below.
    • The processing is in our legitimate interest. In some cases, we use legitimate interest as a legal basis for processing Personal Data. We rely on legitimate interest when we use Personal Data to maintain the security of our services, such as to detect fraud or to ensure that bugs are detected and fixed. We also rely on legitimate interest when we use our own customers’ data (or Visitors’ data) to communicate with them about our Services or analyze our own Site activity.
    • Contractual Relationships. Sometimes, we process certain data as necessary under a contractual relationship we have (such as our customer records and contact information).
    • Legal Obligations. Finally, some processing of data may be necessary for us to comply with our legal or regulatory obligations.
  2. Transfers of Personal Data: When we transfer Personal Data outside of the EEA or Switzerland, we take steps to make sure that appropriate safeguards are in place to protect your Personal Data. In general, our data transfers of our Personal Data are safeguarded by European Standard Contractual Clauses and Data Processing Agreements where this is required by European Data Protection Law. Feel free to contact us at the contact information below for more information about the safeguards we have put in place to protect your Personal Data and privacy rights in these circumstances.
    • Personal Data Retention: As a general matter, we retain your Personal Data for as long as necessary to provide our Services, or for other important purposes such as complying with legal obligations, resolving disputes, and enforcing our agreements. We generally retain Advertising IDs on the following schedule: we render Advertising IDs inactive for purposes of providing our services within 13 months from receipt of consent (or from any “refreshed” consent permitting us to continue to retain information), provided that we may retain data for longer periods, as needed, where we have fully de-identified such data in a manner so that it cannot be linked to Personal Data. Please note that we may retain this (and other) Information whenever and so long as we have a significant legal or operational need to do so, such as for auditing, corporate record-keeping, compliance accounting or security and bug-prevention purposes.
  3. Your Rights as a Data Subject: The GDPR provides you with certain rights in respect of Personal Data that data controllers hold about you, including certain rights to access Personal Data, to request correction of the Personal Data, to request to restrict or delete Personal Data, and to object to our processing of your Personal Data (including profiling for online ad targeting).
    • Right to Access: If you wish to exercise your right to access Personal Data we process as a data controller, you may do so by requesting access through the e-mail address privacy@xmodesocial.com. When we receive your request, we will provide you with current, step-by-step instructions to follow in order to obtain access. As we are required to verify a requestor’s identity prior to providing Personal Data, we will assess requests to exercise certain data access rights on a case-by-case basis: in doing so, we consider (a) the difficulty of verifying whether data that we hold and data we have linked to it truly and solely belongs to the data subject making the request, along with (b) the potential adverse effects on disclosure of personal data to the wrong individual. Because such improper disclosure would likely adversely affect the privacy rights and freedoms of the data subject, we may limit the Personal Data we make available. Please note that we will only grant requests for access for Personal Data for which we are a data controller, as explained further in sub-section (e) below. Where we act as a processor for one of our customers, we will refer your request to that customer. Please identify the customer your request refers to (if possible), to simplify this process.
    • Right to Correct: If you wish to exercise your right to correct Personal Data, you may do so by contacting us at the contact information below.
    • Right to Object to Processing or to Withdraw Consent: By using the device-based “opt-out” signals described in Section 6 of this Privacy Policy, you may withdraw consent for processing on which we rely on consent. If you do so, we will cease processing your Personal Data for purposes of our services within 30 days or less. We either collect these opt-out signals ourselves or receive them from the mobile apps we work with.
    • Right to Erasure: You also have the right to obtain the erasure of Personal Data concerning you that we hold as a controller. The above opt-out process satisfies this right. When a user opts-out through our partners (or through mobile device settings), and we receive this signal, we no longer use Personal Data to provide our advertising services. We will also manually delete your Personal Data if prefer that we do so; please contact us and email your device to privacy@xmodesocial.com for further instructions if you wish to exercise this right manually. Please note, however, that we may retain copies of certain Personal Data on inactive or back-up files, for our certain important internal and purposes, such as auditing, accounting and billing, legal or bug-detection, for as long as is necessary to fulfill those purposes.
    • Right to Lodge Complaints. You have the right to lodge a complaint with a supervisory authority. However, we hope that you will first consult with us, so that we may work with you to resolve any complaint or concern you might have.
  4. X-Mode sometimes is a data controller and sometimes is a data processor. EU data protection law makes a distinction between organizations that process Personal Data for their own purposes (known as “data controllers”) and organizations that process Personal Data on behalf of other organizations (known as “data processors”). As noted above, we are not always a data controller of the data in our possession but are sometimes a data processor for other companies such as our Trusted Partners (for instance, when we receive or process personal data on behalf of our Trusted Partners). In such cases, we may direct your inquiry to the relevant data controller, since data controllers are the ones with primary responsibility for your Personal Data.

10. Children’s Data

Our Services are not intended for (and we do not intentionally collect data from) minors under the age of 16. If you are aware of any such data that we may have inadvertently collected or had transferred to us, please contact us at the contact information provided below.

11. Addendum for California Resident’s Privacy Rights

The California Consumer Privacy Act of 2018 (“CCPA”) provides certain rights to residents of California. This section of the Privacy Policy applies if you are a natural person who is a resident of California (“California Consumer”) and uses our Services. This Addendum supplements the information in the Privacy Policy. However, this Addendum is intended solely for, and is applicable only as to, California Consumers: if you are not a California Consumer (or a resident of California), this does not apply to you and you should not rely on it.

We describe in the following categories (as required by the CCPA) the information we collect and the purposes for which we may use California Consumers’ Personal Information:

  • Categories of Personal Information We Collect, Use, and Share with Third Parties
  • Our Business Purposes for Collecting and Sharing Personal Information

1. Categories of Personal Information We Collect, Use, and Share with Third Parties

Depending on how you interact with us, we may collect about you the categories of information summarized in the table below. The following tables describe:

      1. Our Collection of Personal Information: the types of Personal Information that we collect and the types of sources we collect it from. “Personal Information” means information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household.
      2. Our Collection of Personal Information: the types of recipients and/or Third Parties to whom we disclose or sell Personal Information and have disclosed or sold Personal Information to within the past 12 months.
      3. Our Business Purposes: our business purposes for (a) collecting and (b) sharing Personal Information, which are generally the same.

All of the Personal Information Categories below are subject to your Right to Access:

Category: Identifiers (e.g., online identifiers; IP address; mobile ad identifiers, other online or advertising platform identifiers)

We currently collect/use this category of Personal Information: YES

      • The sources we collect this category from:
      • Data analytics providers and data compilers
      • Third party mobile applications and websites
      • X-Mode owned and operated mobile applications and websites

We have “sold” this category of Personal Information in the past 12 months: YES

    • This category was shared with the following categories of third parties for business purpose(s):
    • Advertising networks (e.g., demand-side platforms, agency trading platforms)
    • Agencies and advertisers
    • Data compilers and resellers
    • Data analytics and providers
    • Financial institutions
    • Government entities and information services
    • App publishers (“customer categories”)

Category: Identifiers (e.g., For our own marketing and customer contact purposes: name, address, e-mail address, phone number)

We currently collect/use this category of Personal Information: YES

      • The sources we collect this category from:
      • Data analytics providers and data compilers
      • X-Mode owned and operated mobile applications and websites

We have “sold” this category of Personal Information in the past 12 months: NO

    • This category was shared with the following categories of third parties for business purpose(s):
    • Operating systems and platforms

Category: Internet or Other Electronic Network Activity Information (e.g., information on a consumer’s interaction with a website or application)

We currently collect/use this category of Personal Information: YES

      • The sources we collect this category from:
      • Third party mobile applications and websites
      • X-Mode owned and operated mobile applications and websites
      • Data compilers

We have “sold” this category of Personal Information in the past 12 months: YES

    • This category was shared with the following categories of third parties for business purpose(s):
    • Customer categories

Category: Geolocation Data

We currently collect/use this category of Personal Information: YES

      • The sources we collect this category from:
      • Third party mobile applications and websites
      • X-Mode owned and operated mobile applications and websites
      • Data compilers
      • US Postal Service

We have “sold” this category of Personal Information in the past 12 months: YES

    • This category was shared with the following categories of third parties for business purpose(s):
    • Customer categories

Category: Inferenced Data (e.g., inferences based on a device’s location or traffic history)

We currently collect/use this category of Personal Information: YES

      • The sources we collect this category from:
      • Third party mobile applications and websites
      • X-Mode owned and operated mobile applications and websites
      • Data compilers
      • US Postal Service

We have “sold” this category of Personal Information in the past 12 months: YES

    • This Category was shared with the following Categories of Third Parties for Business Purpose(s):
    • Customer categories

We also may share any of the personal information we collect as follows:

  • Sharing for Legal Purposes:In addition, we may share personal information with third parties in order to: (a) comply with an official legal process or a regulatory investigation (e.g. a subpoena or court order); (b) enforce our Terms of Service, this Privacy Policy, or other contracts with you, including investigation of potential violations thereof; (c) respond to claims that any content violates the rights of third parties; and/or (d) protect the rights, property or personal safety of us, our platform, our Trusted Partners, our agents and affiliates, its users and/or the public. We likewise may provide information to other companies and organizations (including law enforcement) for fraud protection, and spam/malware prevention, and similar purposes.
  • Sharing In Event of a Corporate Transaction: We may also share personal information in the event of a major corporate transaction, including for example a merger, investment, acquisition, reorganization, consolidation, bankruptcy, liquidation, or sale of some or all of our assets, or for purposes of due diligence connected with any such transaction.
  • Sharing With Service Providers: We share any personal information we collect with our service providers, which may include (for instance) providers involved in tech or Trusted Partner support, operations, web or data hosting, billing, accounting, security, marketing, data management, validation, enhancement or hygiene, or otherwise assisting us to provide, develop, maintain and improve our services.
  • Sharing of Aggregate Information: We may aggregate and/or de-identify any information collected so that such information can no longer be linked to you or your device (“Aggregate/De-Identified Information”). We may use Aggregate/De-Identified Information for any purpose, including without limitation for research and marketing purposes, and may also share such data with any third parties, including advertisers, promotional partners, and sponsors, in our discretion.

2. Our Business Purposes for Collecting and Sharing Personal Information

Generally speaking, we collect and share the Personal Information for the following purposes (examples included), as we also have described in our Privacy Policy:

  • Online targeting:
    1. Assisting advertisers, agencies and the platforms that they access (a) to deliver advertising and marketing to send, tailor, optimize and analyze advertising, in mobile apps and across other advertising channels and platforms and (b) to measure and analyze such advertising and marketing.
    2. Assisting Clients by creating “identity” graphs, to help locate users across various channels, such as connecting identities based on common personal, device-based, or network-based identifiers (e.g., IP address, email address).
  • Marketing and other research:
    1. Providing information for research purposes related to human traffic patterns, disaster recovery, and including for purposes of market, health, financial or consumer research.
  • Operating our services:
    1. Improving, testing, updating, and verifying our own data and data services.
    2. Developing new products.
    3. Operating, analyzing, improving, and securing our services.
  • Other internal purposes:
    1. For internal research, internal operations, auditing, detecting security incidents, debugging, short-term and transient use, quality control, and legal compliance. We use the information collected from our own website, our owned and operated mobile apps, and third party mobile apps for the above, as well as for our own marketing purposes.

3. California Rights and Choices

When we act as a “business” under the CCPA (as opposed to another business’s “service provider”), California residents have the right to request that we disclose what personal information we collect from you, to delete that information, and to opt-out of the sale of your personal information, subject to certain restrictions without being discriminated against for exercising any of these rights. You also have the right to designate an agent to exercise these rights on your behalf. This section describes how to exercise those rights and our process for handling those requests, to the extent as act as a “business” (as opposed to a “service provider”) for purposes of handling personal information. (To the extent permitted by applicable law, we may charge a reasonable fee to comply with your request.)

    1. Right to Opt-out of the Sale of Your Personal Information:
      • California residents may opt out of the “sale” of their personal information. California law broadly defines what constitutes a “sale” – including in the definition making available a wide variety of information in exchange for “valuable consideration.”
      • You may “opt-out” of our “sale” of your personal information (as those terms are defined by the CCPA) by following the directions set forth in Section 6 of our Privacy Policy or:
        1. At the NAI (Network Advertising Initiative) page that addresses how consumers may opt out of cross-app advertising through their device settings.
        2. By using X-Mode’s “Do Not Sell My Info” link web-form located here.
        3. You may also submit a manual request to opt-out by emailing privacy@xmodesocial.com with the subject line “CCPA Opt-out”.
    2. Right to Request Deletion of Your Personal Information:
      • You may also request that we delete any personal information that we collected from you, such as if you have been a Trusted Partner of ours (Note that this is different from your right to “opt out” of us selling your personal information, which is described above). If you wish to exercise this right, you may email privacy@xmodesocial.com or by calling toll-free +1 (866)-236-8370 – however, for most consumers, we recommend pursuing the “opt out” option (above), which will generally prevent us from receiving (and potentially selling) your information at a later date.
      • Should you nonetheless select the “delete” option, please note that we may retain personal information for certain important purposes, such as:
        1. To protect our business, systems, and users from fraudulent activity.
        2. To address technical issues that impair existing functionality (such as de-bugging purposes).
        3. As necessary for us, or others, to exercise their free speech or other rights.
        4. To comply with law enforcement requests pursuant to lawful process.
        5. For scientific or historical research for our own internal purposes reasonably related to your relationship with us, or
        6. to comply with legal obligations.
        7. Additionally, we need certain types of information so that we can provide our Services to you. If you ask us to delete it, you may no longer be able to access or use our Services.
    3. Right to Request Access to Your Personal Information:
      • California residents also have the right to request that we disclose what categories or specific pieces of your personal information we collect, use, or sell, provided such a request can be verified to a legally sufficient degree. You may request access to the categories personal information that we have collected from you by going emailing privacy@xmodesocial.com. While we may be able verify such requests for certain details we have collected, in line with guidance issues by the California Attorney General, we do not believe we are able to provide location data in response to such a request because we are not able to verify to a reasonably high degree that the personal information we have collected pertains to the person who has submitted the request, or whether either the person in possession of a device or the person requesting the information is the actual device owner. For instance, a number of people may be temporarily in possession of another person’s phone – e.g., a partner, friend or work colleague – whether consensually or not. We seek to avoid (and believe California law requires us to avoid) a situation where such a person might obtain potentially detailed and sensitive records pertaining to the phone’s owner. (A recent study concluded that one half of mobile phones were not password protected, making the possibility of “spoofing” a very real concern.). Moreover, because we do not collect information such as name, address or email address (which we avoid, to protect consumer privacy), we do not have other, more conventional ways to verify the identify of an actual device owner. Thus, if you are uncomfortable with your device information being used in the ways described above, we recommend that you request an “opt out” your information as described above. As noted, comprehensive information about how to opt out can be found here, on the website of the Network Advertising Initiative, a leading self-regulatory organization of which we are a member.
    4. Exercising Your Rights & Submitting a Verifiable Consumer Request:
      • California residents may exercise their California privacy rights or learn more how to exercise any of these rights by:
        1. Sending an email to privacy@xmodesocial.com.
        2. By using X-Mode’s “Do Not Sell My Info” link web-form located here.
        3. By contacting us through our toll free number: +1 (866)-236-8370.
      • However, we may withhold some personal information where the risk to you or our business is too great to disclose the information, or where we cannot verify your identity in relation to such personal information.
      • Thus, for security purposes (and as required under California law), we will verify your identity – in part by requesting certain information from you — when you request to exercise certain of your California privacy rights. For instance, if you request categories or specific pieces of personal information we have received about you associated with a particular mobile ad identifiers, you may need to confirm your possession of that identifier.
      • When we receive a verifiable consumer request from you, we will send you additional instructions for verification. Upon completion of the verification process, we will send you a notice that explains the categories of personal information we were able to locate about you, whether we (1) deleted, (2) de-identified, or (3) retained the information we collected from you. Certain information may be exempt from such requests under applicable law.
      • We encourage you to review and, as desired, employ the industry tools listed in our privacy policy and on the NAI (Network Advertising Initiative) page addressing how consumers may opt out of cross-app advertising. as we believe they may be more efficient, immediate and uniform – and easier to instantly access – than a more manual “opt out” process.
      • If we are unable to complete your requests fully for any of the reasons above, we will provide you additional information about the reasons that we could not comply with your request.
      • Right to Non-Discrimination:
        • We do not deny, charge different prices for, or provide a different level of quality of goods or services if you choose to exercise these rights.
      • Information About Persons Under 16 Years of Age:
        • We do not knowingly collect personal information from minors under 16 years of age in California unless we have received legal consent to do so. If we learn that personal information from such California residents has been collected, we will take reasonable steps to remove their information from our database (or to obtain legally required consent).
      • Authorized Agents:
        • You may also designate an agent to make requests to exercise your rights under CCPA as described above. We will take steps both to verify the identity of the person seeking to exercise their rights as listed above, and to verify that your agent has been authorized to make a request on your behalf through providing us with a signed written authorization or a copy of a power of attorney.

12. Changes to Our Privacy Policy

If we make material changes to this Privacy Policy that may impact you, we will prominently post notice of the change on our website for a period of at least 30 days prior to the change becoming effective. We recommend that you check the Privacy Policy frequently so that you are informed of any changes.

13. How to Contact Us

If you have any questions about this Privacy Policy or how we use information, or if you seek to exercise any of the rights outlined in Section 9, please contact us at:

privacy@xmodesocial.com

OR

X-Mode Social, Inc, Privacy Officer

11955 Freedom Drive

Suite #780

Reston, VA 20190