Privacy Policy

XERON Engine — xeron-labs.com

Stand: May 2026 — Version 1.0

1. What Data We Collect

1.1 Account Data

• —Email address (for authentication and account management)
• —Password (hashed with bcrypt — never stored in plaintext)
• —Username (optional, chosen during registration)
• —Registration date and IP address

1.2 Usage Data

• —Prompts you send to the AI (stored for your History feature)
• —Generated content (code, text) to provide the History feature
• —Credits used and generation metadata (engine, mode, timestamp)
• —Session data and plugin sync activity
• —IP address and technical device data (browser, OS)

1.3 Payment Data

Payment information is processed exclusively by Stripe. XERON Labs does not store credit card numbers or banking details. We only receive a payment confirmation and subscription status from Stripe.

2. How We Use Your Data

• —To provide the XERON Engine service (contract fulfillment, Art. 6(1)(b) GDPR)
• —To authenticate you and manage your account
• —To send transactional emails (verification, password reset) via Resend
• —To prevent abuse and ensure platform security (legitimate interest, Art. 6(1)(f) GDPR)
• —To improve AI model quality through anonymized prompt analysis (with consent, Art. 6(1)(a) GDPR)
• —To send service announcements and security notices

3. Third-Party Services

Your data is shared with the following services to operate XERON Engine:

• —Anthropic — AI code generation — USA — Standard Contractual Clauses — anthropic.com/privacy
• —Supabase — Database hosting — EU servers available — supabase.com/privacy
• —Stripe — Payment processing — PCI-DSS certified — stripe.com/privacy
• —Resend — Transactional email — resend.com/privacy
• —fal.ai — Image generation (Phase 2) — fal.ai/privacy
• —ElevenLabs — Audio generation (Phase 3) — elevenlabs.io/privacy

No further sharing with third parties unless required by law or for legally relevant content (see Terms of Service §7.4).

4. Your Rights (GDPR)

• —Right of access to your stored data (Art. 15 GDPR)
• —Right to rectification of incorrect data (Art. 16 GDPR)
• —Right to erasure — "right to be forgotten" (Art. 17 GDPR)
• —Right to restriction of processing (Art. 18 GDPR)
• —Right to data portability (Art. 20 GDPR)
• —Right to object to processing (Art. 21 GDPR)
• —Right to withdraw consent at any time

To exercise your rights: privacy@xeron-labs.com

5. Cookies

XERON Engine uses only technically necessary cookies for authentication (session cookies). No advertising trackers or third-party analytics tools are used.

6. Data Retention

• —Account data: deleted immediately upon account deletion
• —Generated content (History): deleted immediately upon manual deletion or account deletion
• —Payment data: retained according to statutory retention periods (up to 10 years)
• —Logs and IP addresses: automatically deleted after 90 days (except during active investigations)

7. Data Security

• —All connections are TLS-encrypted (HTTPS)
• —Passwords are hashed with bcrypt
• —Regular security audits
• —Database access only via encrypted connections

8. Opt-Out for AI Training

By default, your prompts may be used in anonymized form to improve XERON's AI quality. You can opt out at any time in your Account settings or by contacting privacy@xeron-labs.com.

9. Supervisory Authority

You have the right to lodge a complaint with the relevant data protection authority. In Austria: Datenschutzbehörde (dsb.gv.at). In Germany: the competent state data protection authority.

10. Changes to This Policy

We will notify you by email of material changes to this Privacy Policy with 30 days advance notice.