Home Privacy Privacy Policy

Privacy Policy

Last updated on Mar 22, 2024

Introduction

Our privacy policy (the “Privacy Policy”) explains the information we collect, how we use and share it, how to manage your privacy controls and your rights in connection with our websites and the related mobile applications and services (collectively, the “Services”). Please also read our Terms of Service which sets out the terms governing the Services.

Our Services are provided to you by XOSS Hong Kong Co., Limited. If you are a resident of the European Economic Area (“EEA”), XOSS Hong Kong Co., Limited is the controller of your personal data for the purposes of EEA data protection law.

This policy was written in English. To the extent a translated version conflicts with the English version, the English version controls. Unless indicated otherwise, this Privacy Policy does not apply to third party products or services or the practices of companies that we do not own or control, including other companies you might interact with on or through the Services.

Questions or comments about this Privacy Policy may be submitted by mail to the address below or via https://www.xoss.co/#/product/contact

Information XOSS Collects

XOSS collects information about you, including information that directly or indirectly identifies you, if you or your other members choose to share it with XOSS. We receive information in a few different ways, including when you track, complete or upload activities using the Services. XOSS also collects information about how you use the Services. There are also several opportunities for you to share information about yourself, your friends, and your activities with XOSS. For example:

Account, Profile, Activity, and Use Information

We collect basic account information such as your name, email address, date of birth, gender, username and password that helps secure and provide you with access to our Services.

Profile, activity and use information is collected about you when you choose to upload a picture, activity (including date, time and geo-location information as well as your speed and pace and perceived exertion) or post, join a challenge, add your equipment usage, view others’ activities, or otherwise use the Services.

We use your contact information so we can respond to your support requests and comments.

Location Information

We collect and process location information when you sign up for and use the Services. We do not track your device location while you are not using XOSS, but in order to provide XOSS’s core Services, it is necessary for us to track your device location while you use XOSS in the foreground and background. If you would like to stop the device location tracking, you may do so at any time by adjusting your device settings.

Content You Share

We gather information from the photos, posts, comments, kudos, ratings, reviews, and other content you share on the Services, including when you participate in partner events or create segments or routes.

Contacts Information

You can choose to add your contacts’ information by connecting your contacts from your mobile device or social networking accounts to XOSS. If you choose to share your contacts with XOSS, XOSS will, in accordance with your instructions, access and store your contacts’ information in order to identify connections and help you connect with them.

Connected Devices and Apps

XOSS collects information from devices and apps you connect to XOSS. For example, you may connect your Cycplus M1 to XOSS and information from these devices and apps will be passed along to XOSS.

Health Information

XOSS may collect or infer health information. Certain health information may be inferred from sources such as heart rate or other measurements, including power, cadence, and weight or other indicators. Before you can upload health information to XOSS, you must give your explicit consent to the processing of that health information by XOSS. You can withdraw your consent to XOSS processing your health information at any time.

Third-Party Accounts

XOSS allows you to sign up and log in to the Services using accounts you create with third-party products and services, such as Facebook, Google, or Apple (collectively, “Third-Party Accounts”). If you access the Services with Third-Party Accounts we will collect information that you have agreed to make available such as your name, email address, profile information and preferences. This information is collected by the Third-Party Account provider and is provided to XOSS under their privacy policies. You can generally control the information that we receive from these sources using the privacy controls in your Third-Party Account.

Technical Information and Log Files

We collect information from your browser, computer, or mobile device, which provide us with technical information when you access or use the Services. This technical information includes device and network information, cookies, log files and analytics information.

The Services use log files. The information stored in those files includes IP addresses, browser type, internet service provider (ISP), referring/exit pages, platform type, date/time stamp, and number of clicks. This information is used to analyze trends, administer, protect and secure the Services, track member movement in the aggregate, and gather broad demographic information for aggregate use. IP addresses may be linked to session IDs, athlete IDs and device identifiers.

Other Information

We may collect information from you through third parties, such as when we collect your feedback through surveys.

We may also collect information about you from other members such as when they give you kudos or comment on your activities.

How XOSS Uses Information

XOSS uses the information we collect and receive to operate the Services and to customize them for you. For example, with your consent we use your heart rate information to provide you with interesting and useful performance analysis.Certain information (e.g., your name, and some profile information) is also available to non-members on the web. Your precise location information, such as a route or segment, may also be shared on XOSS or to non-members, in accordance with your privacy controls.

We use the information we collect about you, your followers, and your activities to customize your experience. For example, we may suggest segments, routes, challenges, or clubs that may interest you, or athletes that you may want to follow. We also use the information we collect to process payments, provide support related to the Services, protect members and enforce our Terms of Service, promote safety, and to communicate with you (including to send marketing and push communications) where you have not opted out of receiving such messages and notifications.

We also use the information we collect to analyze, develop and improve the Services. To do this, XOSS may use third-party analytics providers to gain insights into how our Services are used and to help us improve the Services.

We may also use the information we collect to market and promote the Services, activities on XOSS, and other commercial products or services. This includes customizing your XOSS experience. For example, if we know that you like to run, we may tell you about new running activities or show you sponsored content related to running. If we see that you run in a certain area, we may suggest a race in that area. Subject to your settings, we may also mention that you have used our partners’ products or services as part of your activities.

Aggregate Information

We do not sell your personal information. XOSS may aggregate the information you and others make available in connection with the Services and post it publicly or share it with third parties. Examples of the type of information we may aggregate include information about equipment, usage, demographics, routes and performance. XOSS may use, sell, license, and share this aggregated information with third parties for research, business or other purposes XOSS also uses aggregated data to generate our Heatmap.

How Information is Shared

In addition to sharing aggregated data about our members as described above, we also share personal information in accordance with your preferences, as needed to run our business and provide the Services, and where required for legal purposes, as set forth below.

Service Providers

We may share your information with third parties who provide services to XOSS such as supporting, improving, promoting and securing the Services, processing payments, or fulfilling orders. These service providers only have access to the information necessary to perform these limited functions on our behalf and are required to protect and secure your information. We may also engage service providers to collect information about your use of the Services over time on our behalf so that we or they may promote XOSS or display information that may be relevant to your interests on the Services or other websites or services.

Publicly Available Information

When you join the XOSS community, your profile and your activities are set to be viewable by everyone by default. Your name and other profile information is viewable by other XOSS members and the public and, subject to your privacy controls, additional information and content you share may also be viewable. For example, your photos and routes may be accessed by other XOSS members and non-members or viewable on publicly accessible XOSS pages.

Affiliates and Acquirors of our Business or Assets

We may share your information with affiliates under common control with us, who are required to comply with the terms of this Privacy Policy with regard to your information. If XOSS becomes involved in a business combination, securities offering, bankruptcy, reorganization, dissolution or other similar transaction, we may share or transfer your information in connection with such transaction.

Legal Requirements

We may preserve and share your information with third parties, including law enforcement, public or governmental agencies, or private litigants, within or outside your country of residence, if we determine that such disclosure is allowed by the law or reasonably necessary to comply with the law, including to respond to court orders, warrants, subpoenas, or other legal or regulatory process. We may also retain, preserve or disclose your information if we determine that this is reasonably necessary or appropriate to prevent any person from death or serious bodily injury, to address issues of national security or other issues of public importance, to prevent or detect violations of our Terms of Service or fraud or abuse of XOSS or its members, or to protect our operations or our property or other legal rights, including by disclosure to our legal counsel and other consultants and third parties in connection with actual or potential litigation.

DMCA Notices

We may share your information with third parties when we forward Digital Millennium Copyright Act (DMCA) notifications, which will be forwarded as submitted to us without any deletions.

How We Protect Information

We take several measures to safeguard the collection, transmission and storage of the data we collect. We employ reasonable protections for your information that are appropriate to its sensitivity. The Services use industry standard Secure Sockets Layer (SSL) technology to allow for the encryption of personal information and credit card numbers. XOSS engages providers that are industry leaders in online security, including Services verification, to strengthen the security of our Services. The Services are registered with site identification authorities so that your browser can confirm XOSS’s identity before any personal information is sent. In addition, XOSS’s secure servers protect this information using advanced firewall technology.

Updating Account Information

You may correct, amend or update profile or account information at any time by adjusting that information in your account settings.

Deleting Information and Accounts and Downloading Your Data

You can delete your account or download your data using our self-service tools. Click here to download your data, including your activity files. To request that your account is deleted, click here.

After you make a deletion request, we permanently and irreversibly delete your personal data from our systems, including backups. Once deleted, your data, including your account, activities and place on leaderboards cannot be reinstated. Following your deletion of your account, it may take up to 90 days to delete your personal information and system logs from our systems.

Note that content you have shared with others, such as photos, or that others have copied may also remain visible after you have deleted your account or deleted specific information from your own profile. Your public profile may be displayed in search engine results until the search engine refreshes its cache.

XOSS also provides you the option to remove individual activities you have posted from view on the Services without deleting your account. The activities will typically remain on XOSS’s systems.

Your Rights and Our Legal Bases

We provide the same suite of privacy tools and controls to all of our members worldwide. Particular rights may be available to you if you reside in certain locations, such as the EEA or California.

Your Legal Rights in the EEA

If you are habitually located in the EEA, you have the right to access, rectify, download or erase your information, as well as the right to restrict and object to certain processing of your information. Learn more.

Our Legal Bases

XOSS relies on a number of legal bases to collect, use, share, and otherwise process the information we have about you for the purposes described in this Privacy Policy, including:

  • as necessary to provide the Services and fulfill our obligations pursuant to the Terms of Service. For example, we cannot provide the Services unless we collect and use your location information;

  • where you have consented to the processing;

  • where necessary to comply with a legal obligation, a court order, or to exercise and defend legal claims;

  • to protect your vital interests, or those of others, such as in the case of emergencies; and

  • where necessary for the purposes of XOSS’s or a third party's legitimate interests, such as our interests in protecting our members, our partners’ interests in collaborating with our members, and our commercial interests in ensuring the sustainability of the Services.

Transfers

The Services are operated from the United States. If you are located outside of the United States and choose to use the Services or provide information to us, you acknowledge and understand that your information will be transferred, processed and stored in the United States, as it is necessary to provide the Services and perform the Terms of Service. United States privacy laws may not be as protective as those in your jurisdiction.

Retention of Information

We retain information as long as it is necessary to provide the Services to you and others, subject to any legal obligations to further retain such information. Information associated with your account will generally be kept until it is no longer necessary to provide the Services or until your account is deleted. In addition, you can delete some items of information (e.g., profile information) and you can remove individual activities from view on the Services without deleting your account. For example, where you withdraw your consent to XOSS processing your health-related information, XOSS will delete all health-related information you uploaded. Following your deletion of your account, it may take up to 90 days to fully delete your personal information and system logs from our systems. Additionally, we may retain information where deletion requests are made to comply with the law, prevent fraud, collect fees, resolve disputes, troubleshoot problems, assist with investigations, enforce the Terms of Service and take other actions permitted by law. The information we retain will be handled in accordance with this Privacy Policy.

Information connected to you that is no longer necessary and relevant to provide our Services may be de-identified or aggregated with other non-personal data to provide insights which are commercially valuable to XOSS, such as statistics of the use of the Services. For example, we may retain publicly available segments or routes and other depersonalized geolocation information to continue to improve the Services and we use aggregated information in XOSS Metro and our Global Heatmap. This information will be de-associated with your name and other identifiers.

Other XOSS Sites

XOSS maintains certain websites that can be accessed outside of https://www.xoss.co, such as https://xoss.co(the “Other Sites”). The Other Sites maintain the look and feel of the Services, but are hosted by outside service providers with their own terms and privacy policies. If you interact with the Other Sites, your information may be stored, processed, or shared outside of the Services. If you interact with the Other Sites, you acknowledge that you may be subject to the terms and conditions and policies applicable to such Other Site. Please be aware that any personal information you submit to the Other Sites may be read, collected, or used by other users of these forums indefinitely, and could be used to send you unsolicited messages. XOSS is not responsible for the personal information you choose to submit via the Other Sites.

Information connected to you that is no longer necessary and relevant to provide our Services may be de-identified or aggregated with other non-personal data to provide insights which are commercially valuable to XOSS, such as statistics of the use of the Services. For example, we may retain publicly available segments or routes and other depersonalized geolocation information to continue to improve the Services and we use aggregated information in XOSS Metro and our Global Heatmap. This information will be de-associated with your name and other identifiers.

Privacy Policy Information

XOSS reserves the right to modify this Privacy Policy at any time. Please review it occasionally. If XOSS makes changes to this Privacy Policy, the updated Privacy Policy will be posted on the Services in a timely manner and, if we make material changes, we will provide a prominent notice.