Last Updated: November 20th, 2020

X-Mode Privacy Policy

California Users: If you are located in California, then under the CCPA, you have a right to opt-out of the sale of your information. To do this, please head over to X-Mode’s “Do Not Sell My Personal Information” Form.
X-Mode Inc., a U.S. company with its headquarters at 11955 Freedom Drive, Reston, VA 20190, Suite 780 (“X-Mode” “we,” “us,” and “our”), provides mobile advertising and data services to mobile application publishers (“Publishers”) and advertisers (“Advertisers”).

This privacy policy (“Privacy Policy”) describes how we collect, use, store, and share information about three sets of people (referred to as “you,” “your,” and “yourself”): (a) visitors to our website located at www.xmode.io and any other website on which this Privacy Policy is posted (collectively, the “Site”), (b) end users (“End Users”) of third-party mobile applications (“Apps”) that use the Services, and (c) End Users of X-Mode’s owned and operated mobile applications (“X-Mode Apps”).  The Privacy Policy also describes certain choices you have regarding use, access to and correction of your information.

If you are a user located in the European Union and would like to view your rights under the GDPR, please go to Section 9 of this Policy. If you are a user located in California, and would like to view your rights under the CCPA, please click here. If you would like to learn more about out Trusted Partners, please click here.

Key Terms
Here are some terms that will come in handy when reading this Privacy Policy:

  • SDK, or Software Development Kit: An SDK is a string of computer code that Publishers can include in their apps to collect data, often related (as in X-Mode’s case) to the mobile advertising and data industry.
  • XDK: X-Mode’s internally created mobile SDK.
  • Services: X-Mode’s Services refer to the products and insights we provide in the form of location data and/or advertising IDs to marketing and research companies, generally to enable their research and personalized advertising. The Services can also mean the XDK and other technology we use to collect information.
  • Site: X-Mode’s website located at www.xmode.io, and any other website on which this Privacy Policy is posted.
  • Visitors: Individuals who voluntarily and directly provide information to X-Mode via website Contact Us form, Careers page, support@xmodesocial.com, or hello@xmodesocial.com –Individuals who visit our Site.
  • Publishers: Mobile app developers who have integrated our XDK into their Apps.
  • Apps: The third-party mobile applications created by Publishers that have integrated our XDK.
  • Server to Server App / Server to Server Partner: X-Mode has partnered with two app developer companies who do not use the XDK, but send us data they collect from their apps using their own SDKs. The information we receive from Server to Server is equivalent to the information the XDK collects.
  • Devices: Apple and Google phones (such as an iPhone or Samsung Galaxy).
  • X-Mode Apps: X-Mode owned and operated apps.
  • System Location Services: The ability to allow Apps to access your location on iOS and Android Devices.
  • Advertising ID: A unique 32-character string of numbers and letters randomly assigned to a Device. Advertisers may use this ID to serve your Device more personalized advertising.
  • Limit Ad Tracking/Opt-Out of Interest Based Ads: A feature on iOS/Android Devices that allows the user to disable their Advertising ID. Once disabled the Device is opted-out from our Services. On iOS phones, Limiting Ad Tracking zeroes out the Advertising ID.
  • Trusted Partners: Third party companies that have partnered with X-Mode to receive our Services.


1. Background: What Does X-Mode Do?
X-Mode is a data aggregation and management platform that focuses on the curation and use of precise location data to help a variety of organizations develop insights about aggregated human traffic patterns. The information we provide helps marketers and advertisers learn about their potential audiences and Trusted Partners, and helps research organizations form insights for financial, market research, traffic and city planning, smart cities, or educational purposes. We also may work with government agencies or health organizations interested in traffic patterns for purposes of disease prevention and research, security, anti-crime and law enforcement, or civic and traffic planning.


2. What Information Do We Collect?
Services
We use our XDK to collect information, including mobile advertising IDs (e.g., iOS IDFAs and Android Advertising IDs), location information (as described below), and other information related to how different types of Devices and their users interact with mobile advertising services. We also receive this same information from Server to Server partners. We provide our XDK to Publishers to help them monetize their Apps using location in order for them to provide free media, games, and other mobile services and activities such as weather forecasts or traffic updates. We also use our XDK in our X-Mode Apps.

Advertisers use the location data collected by the XDK in Apps and X-Mode Apps, and received from Server to Server partners, to enhance their ability to show ads in mobile apps, to target more relevant ads in mobile apps, and to analyze how well ads perform in mobile apps. (If you would like to opt-out from having ads tailored to you in this way on your mobile device, please follow the instructions in Section 6 below, entitled “Consumer Choices and Opt-Out Options”). Some advertisers may use location data or “interest segments” across devices or browsers (e.g., tablets, mobile devices, browsers, or televisions).

An SDK (which stands for “software development kit”) is a string of computer code that Publishers can include in their apps to collect data, often related (as in our case) to the mobile advertising and data industry. Publishers can embed our SDK into their apps in order to help or allow advertisers to enhance their ability to show ads in their Apps, to target more relevant ads in their Apps, and to analyze how well ads perform in their Apps Publishers work with us to monetize their App content in other ways we describe in this Privacy Policy. (If you would like to opt-out from having ads tailored to you in this way on your mobile device, please follow the instructions in Section 6 below, entitled “Consumer Choices and Opt-Out Options”).

When you download and use an App or X-Mode App that uses our Services (the XDK) and have System Location Services “On” and Limit Ad Tracking “OFF”, the XDK can collect certain information through or about the Device, in particular:

  1. Precise Location Data:
    • Geolocation of the Device, usually expressed by latitude-longitude coordinates obtained through GPS features of our XDK, WiFi data, cell tower triangulation and other techniques.
    • Dwell time near points of interest (or how long your device stayed at one place).
  2. Relative Location Data:
    • Bluetooth Low-Energy (BLE) sensors, or beacons,
    • Signals from the Internet of Things (IoT) devices.
    • Near-field Communication (NFC)
    • The GPS capabilities of our XDK allow it to receive signals from each of these technologies that show when a Device is close by. For example, many retail stores have beacons that detect when a Bluetooth-enabled Device passes by or goes into the store. Shopping malls, stadiums, restaurants, museums and other similar points of interest may also use beacons.
  3. Advertising IDs, or Unique Device Identifiers for Advertising (Android ID or iOS IDFA)
  4. Time and Date Information
  5. Event information about your Device, which means:
    • Any crashes
    • System activity
    • Hardware settings
  6. Usage Data is automatically collected and cannot identify an individual user, which means:
    • Device type (i.e. iPhone 7)
    • Operating system version and type (i.e. iOS 13.2)
    • Device settings (for example whether or not you have enabled Location Services)
    • Device time zone
    • Device carrier
    • Current IP address
    • Applications on which our XDK is embedded

Visitors
X-Mode, and service providers and vendors we work with, also collect information from visitors (“Visitors”) to our corporate website including any website on which this Privacy Policy is posted (collective, the “Site”) and information voluntarily and directly provided by Visitors on our contact forms or sent to our support email addresses, including hello@xmodesocial.com and support@xmodesocial.com. This information includes information voluntarily and directly provided by Visitors and information passively collected through automated means such as cookies and web pixels as follows:

  1. Voluntarily Submitted Information: Information such as your name, address, phone number, and email address if you provide it to us. For instance, you might provide us this information to register for an event, to obtain information about our services, or to set up an account on our system (in which case you might provide additional information to us, such as about your employer or in some cases, your payment information). You may opt-out of this type of collection by emailing privacy@xmodesocial.com.
  2. Device or Browser-based Information: Information from your desktop computer, laptop, mobile phone, tablet, or other consumer electronic devices that you use to access the Site. This may include technical information about your Device (such as the Device type, operating system, settings, and system configurations, IP address, Advertising ID and other unique Device identifiers, and mobile network information) and your activity using the X-Mode Site (such as data about the webpages you access, traffic to and from websites, the dates and times associated with transactions, web log data, and other event information, including crashes and system activity). You may opt-out of this type of collection by adjusting your device or browser’s sharing settings to limit such sharing.
  3. Cookies: We and our service providers may place cookies on our Visitors’ browsers. Click here to view our full cookie policy. You may opt-out of this type of retargeting and other types of interest-based advertising by exercising the opt-out choices described in Section 6.
  4. Web Beacons: Web beacons or “pixels” are electronic images that may be used on the Site or in emails we send to you. We use web beacons to deliver cookies, count visits, understand usage and effectiveness of offers, and tell whether you open an email and act upon it. You may opt-out of this type of re-targeting and other types of interest-based advertising by exercising the opt-out choices described in Section 6.


3. How Do We Use The Information We Collect From Our Services?
When you share data with us, both X-Mode and our Trusted Partners may use the data collected for any of the following purposes:

  1. Inferences from Aggregated Data, such as Traffic Patterns and Research:
    • Aggregated Traffic Patterns: We use the information we collect and receive to make inferences about human location and traffic patterns. For instance, we might notice groups of Devices at certain types of locations or venues over time, like concerts, soccer or baseball stadiums, cafes or gyms and spas, and we might include these observations in the services.
    • Data Products: We curate these insights into data products which we provide to our Trusted Partners. We may append other fields such as venue name, category, dwell timed or ticker symbols to an aggregate group of Advertising IDs to build consumer profiles or to make financial-based decisions such as trading on the stock market.
    • Marketing and Research: We also share this information with Trusted Partners in the marketing and research industry, including advertising platforms, who use the information to provide similar services. The information helps these companies to better predict and draw insights about consumer, market or scientific trends related to human movement patterns.
    • Smart Cities and Security: We also license the information to Trusted Partners involved with real estate, city planners or smart city companies and augment it with relevant fields to create more specific segments for their needs. We also license the information to Trusted Partners to power solutions in government planning, security, and law enforcement.
  2. Interest-Based Segments and Ad Targeting:
    • Interest Based-Segments: We also use these observations to categorize Device users into “interest segments” (for instance, that a device is associated with an interest in attending sporting events, or department stores) that the Trusted Partners we license information to can use to send ads to users when the same users appear on their own mobile platforms.
    • Ad Targeting: By using interest segments, marketers are more likely to be able to send an offer that a consumer is more likely to want and less likely to find annoying.
  3. Attribution:
    • Attribution Analysis: We use some of the information we collect and receive (including location information and Advertising IDs) to help advertisers analyze aggregate ad performance – such as by measuring whether or how Devices that saw a particular ad tended to engage with a particular product or visit a particular venue; this practice is sometimes called “attribution” analysis.
    • For instance, if numerous Devices were sent an ad or offer for “X-Mode Pizza” on Tuesday, and the Device “traffic” at X-Mode Pizza on Wednesday or Thursday was particularly high, an advertiser might conclude that the ad campaign was successful.
  4. Publisher Insights:
    • Insights and Compliance: We help the Publishers that we work with understand more about the users of their own apps – using the same types of interest segments we have described above.
    • We can also use that information to inform Publishers of compliance options with applicable laws and guidelines where applicable.

If you are interested in how we collect, use and share information about our own Trusted Partners and visitors to our corporate website, please go to Section 5.


4. How Do We Use The Information We Collect From Our Visitors?
We also use information we collect and receive from Visitors for corporate and internal purposes as follows:

  1. Internal analytics, such as to understand what products and services Visitors may be interested in, which pages of our Site are most (and least) popular, and to help us understand how people interact with our Site in other ways. If you have provided your personal contact information to us (such as your email address), we may combine this information with the above information described in Section 2.Visitors to understand how better to serve you.
  2. To communicate with Visitors directly, such as to provide customer or Visitor support for the Site or the Services. For example, when you use the “Contact Us” form of the Site or send us an email at hello@xmodesocial.com, your personal information may be processed by X-Mode for the sole purpose of replying to your queries.
  3. Market research and electronic direct marketing in accordance with applicable law.
  4. Improve, operate, and customize X-Mode’s Site.
  5. For human resource purposes.


5. Who Else Do We Share Information We Collect With?
We share the information we collect and receive both in order to operate our platform (such as with service providers) and in order to support the operations of our Trusted Partners. We may share the following information we collect from your Device:

  1. With Our Customers:
    • We share Advertising IDs, Location Information, Usage Data, and interest segments created using that information, with our Trusted Partners
    • Our Trusted Partners may include brands, data platforms, online advertising networks, and companies that perform research about consumer behavior, targeted or customized advertising, or human traffic patterns. You can learn more about our Trusted Partners here.
  2. With Our Service Providers:
    • We contract with companies who help us with our business operations (for example, website and data hosting, fraud prevention, verification and reporting, data hygiene, recruiting, marketing, and email delivery), as well as billing, collections, tech, Trusted Partner and operational support.
  3. With Our Subsidiaries and Related Companies:
    • We currently do not have subsidiaries or corporate affiliates, but if we do we may share any information that we hold with them. Any future subsidiaries or affiliates will be listed in this Privacy Policy.
  4. In Connection with Legal Proceedings or Process:
    • When we are under a legal obligation to do so, for example, to comply with a binding order of a court, or where disclosure is necessary to exercise, establish or defend the legal rights of X-Mode, our Trusted Partners or any other third party or to satisfy in good faith any applicable law, legal process.
    • We likewise may disclose any information in response to a proper governmental request, a subpoena (whether civil or criminal) or a similar process.
  5. To Investigate Wrongdoing and Protect Ourselves or Third Parties:
    • To enforce our rights and Terms of Service or other policies, or to investigate any potential violation of those Terms and policies, any potential violation of the law, or to protect ourselves, our Trusted Partners, or any third party from any potential harm (whether tangible or intangible).
  6. In Connection with a Sale of Our Business:
    • If a third party acquires some or all of our business or assets, we may disclose your information in connection with the sale (including during due diligence in preparation for the sale).


6. Consumer Choices & Opt-Out Options
There are several ways that you can manage the way that passively collected data, such as Advertising IDs and cookies, are used. We describe these methods below. You can manage certain collection and sharing of information in connection with the X-Mode Site and the Services as follows:

  1. Browser Settings: You may control how your browser responds to cookies by adjusting the privacy and security settings of your web browser.
  2. Interest-Based Advertising Opt-Out: You can opt-out of information collected for web-based interest-based advertising (for instance, by tailoring ads based on activities tracked across websites, over time), by those companies that participate in the Network Advertising Initiative or the Digital Advertising Alliance, by visiting the NAI’s opt-out page or the DAA’s Consumer Choice Page. EEA and Swiss residents, please refer to http://www.youronlinechoices.com. The “opt-out” methods on these industry web portals generally are cookie-based, so if you delete your cookies (or change or update your browser) you will need to opt-out again. We provide the above information because — although our services are not focused on cookie-based advertising — we may work with companies to target ads for our own services (such as to retarget Visitors of our own website). In addition, some third-party platforms may employ our Information to connect user identities across devices – such as to inferentially “match” a mobile device by common IP address to a web browser.
  3. Device-based Opt-out (for Cross-App Advertising): You may limit the disclosure of certain Information by your mobile device to us and Publishers by adjusting the settings on your mobile Device. For iOS mobile devices, go to “Settings” from your Device’s home screen; scroll down to “Privacy”; select “Advertising”; and turn on “Limit Ad Tracking.” For Android mobile devices, go to “Google Settings” on your device; select “Ads”; and check the box labeled “Opt Out of Interest-Based Ads.” For additional instructions or information about how these opt outs work, go to the NAI’s Mobile Choice page, here. We honor these “limit” or “opt-out” instructions or “flags” by removing recognized devices from our cross-app advertising or ad delivery and reporting solutions, on a going forward basis.
  4. X-Mode-based Opt-out: You may limit the use of certain information by submitting an opt-out request here.
  5. Our Promotional Emails: You may opt not to receive promotional emails from us by contacting us as indicated below, or by following the “unsubscribe” instructions in any promotional email you receive from us, or by contacting us at privacy@xmodesocial.com. Please note that, however, we may still send you non-promotional, transactional, or service-related emails about your relationship with us.


7. Security
We employ administrative, technical, and physical safeguards for our physical facilities and in our computer systems, databases, and communications networks, which are designed to protect information contained within our systems from loss, wrongful acquisition, use, alteration or disclosure. No method of electronic transmission or storage is 100% secure, which means we cannot guarantee absolute security of your information. However, we limit access to Location Data or Advertising IDs we collect to specific employees and third parties who have a business need to know and who are bound by a duty of confidentiality. If you have any questions about the security of your information, please contact us through the contact information listed in Section 13.


8. International Transfers
We may store and process your information in the European Union and the United States. By accessing this website or our Services, you understand that the information you provide to us may be stored in or (if applicable) transferred to the United States. You should be aware that certain privacy laws in the United States and the other countries regarding processing the information may be less stringent than in your country.


9. The E.U. (GDPR)
The GDPR requires X-Mode and those using our services to provide users with certain information about the processing of their “Personal Data”. “Personal Data” is a term used in Europe that means, generally, data that identifies or can identify a particular unique user or device – for instance, names, addresses, cookie identifiers, mobile device identifiers, precise location data, and biometric data.

If you have any questions about X-Mode’s data practices in the context of the GDPR, you may contact our Data Protection Officer at privacy@xmodesocial.com.

To comply with the GDPR, we provide the below representations and information, which are specific to persons located in EEA countries or Switzerland (so please don’t rely on the below, if you’re not):

  1. Legal grounds for processing your Personal Data: The GDPR requires us to tell you about the legal basis we’re relying on to process any Personal Data about you. The legal basis for us processing your Personal Data for the purposes set out in Section 2 and Section 3 above (and Section 5 as to our corporate Trusted Partner data) will typically be because:
    • You provided your consent. In order to provide our services that involve use of precise location information related to other Personal Data, (and to store and gain access to information stored on your device such as Advertising IDs), we rely on your consent. To obtain this consent, we rely on our own compliance steps and our web and mobile partners’ compliance steps, designed to ensure that consent is collected and passed on to partners, and to ensure that we only facilitate the collection of legally obtained data. We may choose to obtain consent in other cases as well, in which case we will adhere to applicable laws relating to such consent and its withdrawal. We also seek to obtain consent for certain partners with whom we work, who are often independent data controllers. We list these partners in our List of Partners, below.
    • The processing is in our legitimate interest. In some cases, we use legitimate interest as a legal basis for processing Personal Data. We rely on legitimate interest when we use Personal Data to maintain the security of our services, such as to detect fraud or to ensure that bugs are detected and fixed. We also rely on legitimate interest when we use our own Trusted Partners’ data (or Visitors’ data) to communicate with them about our Services or analyze our own Site activity.
    • Contractual Relationships: Sometimes, we process certain data as necessary under a contractual relationship we have (such as our Trusted Partner records and contact information).
    • Legal Obligations: Finally, some processing of data may be necessary for us to comply with our legal or regulatory obligations.
  2. Transfers of Personal Data: When we transfer Personal Data outside of the EEA or Switzerland, we take steps to make sure that appropriate safeguards are in place to protect your Personal Data. In general, our data transfers of our Personal Data are safeguarded by European Standard Contractual Clauses and Data Processing Agreements where this is required by European Data Protection Law. Feel free to contact us at the contact information below for more information about the safeguards we have put in place to protect your Personal Data and privacy rights in these circumstances.
    • Personal Data Retention: As a general matter, we retain your Personal Data for as long as necessary to provide our Services, or for other important purposes such as complying with legal obligations, resolving disputes, and enforcing our agreements. We generally retain Advertising IDs on the following schedule: we render Advertising IDs inactive for purposes of providing our services within 13 months from receipt of consent (or from any “refreshed” consent permitting us to continue to retain information), provided that we may retain data for longer periods, as needed, where we have fully de-identified such data in a manner so that it cannot be linked to Personal Data, Please note that we may retain this (and other) Information whenever and so long as we have a significant legal or operational need to do so, such as for auditing, corporate record-keeping, compliance accounting or security and bug-prevention purposes.
  3. Your Rights as a Data Subject: The GDPR provides you with certain rights in respect of Personal Data that data controllers hold about you, including certain rights to access Personal Data, to request correction of the Personal Data, to request to restrict or delete Personal Data, and to object to our processing of your Personal Data (including profiling for online ad targeting). More specifically,
    • Right to Access: If you wish to exercise your right to access Personal Data we process as a data controller, you may do so by requesting access through the e-mail address privacy@xmodesocial.com. When we receive your request, we will provide you with current, step-by-step instructions to follow in order to obtain access. As we are required to verify a requestor’s identity prior to providing Personal Data, we will assess requests to exercise certain data access rights on a case-by-case basis: in doing so, we consider (a) the difficulty of verifying whether data that we hold and data we have linked to it truly and solely belongs to the data subject making the request, along with (b) the potential adverse effects on disclosure of personal data to the wrong individual. Because such improper disclosure would likely adversely affect the privacy rights and freedoms of the data subject, we may limit the Personal Data we make available. Please note that we will only grant requests for access for Personal Data for which we are a data controller, as explained further in sub-section (e) below. Where we act as a processor for one of our Trusted Partners, we will refer your request to that Trusted Partner. Please identify the Trusted Partner your request refers to (if possible), to simplify this process.
    • Right to Correct: If you wish to exercise your right to correct Personal Data, you may do so by contacting us at the contact information below.
    • Right to Object to Processing or to Withdraw Consent: By using the device-based “opt-out” signals described in Section 6 of this Privacy Policy, you may withdraw consent for processing on which we rely on consent. If you do so, we will cease processing your Personal Data for purposes of our services within 30 days or less. We either collect these opt-out signals ourselves or receive them from the mobile apps we work with.
    • Right to Erasure: You also have the right to obtain the erasure of Personal Data concerning you that we hold as a controller. The above opt-out process satisfies this right. When a user opts-out through our partners (or through mobile device settings), and we receive this signal, we no longer use Personal Data to provide our advertising services. We will also manually delete your Personal Data if prefer that we do so; please contact us and email your device to privacy@xmodesocial.com for further instructions if you wish to exercise this right manually. Please note, however, that we may retain copies of certain Personal Data on inactive or back-up files, for our certain important internal and purposes, such as auditing, accounting and billing, legal or bug-detection, for as long as is necessary to fulfill those purposes.
    • Right to Lodge Complaints: You have the right to lodge a complaint with a supervisory authority. However, we hope that you will first consult with us, so that we may work with you to resolve any complaint or concern you might have.
  4. X-Mode sometimes is a data controller and sometimes is a data processor. EU data protection law makes a distinction between organizations that process Personal Data for their own purposes (known as “data controllers”) and organizations that process Personal Data on behalf of other organizations (known as “data processors”). As noted above, we are not always a data controller of the data in our possession but are sometimes a data processor for other companies such as our Trusted Partners (for instance, when we receive or process personal data on behalf of our Trusted Partners). In such cases, we may direct your inquiry to the relevant data controller, since data controllers are the ones with primary responsibility for your Personal Data.


10. Children’s Data
Our Services are not intended for (and we do not intentionally collect data from) minors under the age of 16. If you are aware of any such data that we may have inadvertently collected or had transferred to us, please contact us at the contact information provided in Section 13 below.


11. Addendum for California Residents’ Privacy Rights
The California Consumer Privacy Act of 2018 (“CCPA”) provides certain rights to residents of California. This section of the Privacy Policy applies if you are a natural person who is a resident of California (“California Consumer”) and we have collected information from (or sell information about) you. This Addendum supplements the information in the Privacy Policy. However, this Addendum is intended solely for, and is applicable only as to, California Consumers: if you are not a California Consumer (or a resident of California), this does not apply to you and you should not rely on it.

We describe in the following sections (as required by the CCPA) the information we collect and the purposes for which we may use California Consumers’ Personal Information:

  1. Categories of Personal Information We Collect, Use, and Share with Third Parties
  2. Our Business Purposes for Collecting and Sharing Personal Information
  3. California Privacy Rights and Choices (Section 3)

1. Categories of Personal Information We Collect, Use, and Share with Third Parties
Depending on how you interact with us, we may collect about you the categories of information summarized in the table below. “Personal Information” means information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household. The table also summarized the categories of third-parties with whom we may share the specified categories of Personal Information. All of the Personal Information Categories in the table below are subject to your Right to Access.