Privacy Policy

Welcome to XYRA AI ("we," "our," or "us"), an AI-powered accounting and bookkeeping platform operated by TVC (The Virtual Company). We are committed to protecting the privacy and security of your personal and financial information.

This Privacy Policy applies to all users of the XYRA AI platform, including our website, web application, mobile applications, APIs, and any related services (collectively, the "Service"). By accessing or using our Service, you acknowledge that you have read, understood, and agree to the practices described in this policy.

If you do not agree with any part of this policy, please discontinue use of our Service immediately.

We collect information necessary to provide, improve, and secure our accounting platform. The types of information we collect include:

2.1 Personal Information

• Full name, email address, and phone number
• Company or business name, address, and registration details
• Job title and role within your organization
• Profile photo and account preferences
• Government-issued identification numbers (e.g., TRN (Tax Registration Number), Trade License) as required for tax compliance

2.2 Financial Information

• Bank account details and payment method information
• Transaction records, invoices, bills, and receipts
• Income, expense, and tax-related data
• Payroll information (if applicable)
• Financial reports and statements generated through the platform

2.3 Usage Data

• Login timestamps and session duration
• Features accessed and actions performed within the platform
• Device type, operating system, and browser information
• IP address and approximate geographic location
• Referral URLs and pages visited

2.4 Cookies and Tracking Technologies

We use cookies, web beacons, pixels, and similar tracking technologies to enhance your experience, analyze usage patterns, and deliver relevant content. For detailed information on our use of cookies, please refer to Section 8: Cookies Policy.

We process your information for the following purposes:

• Service Delivery: To provide, operate, and maintain the XYRA AI platform, including account creation, data processing, and generating financial reports
• Transaction Processing: To process payments, generate invoices, manage bills, and facilitate financial transactions on your behalf
• Communication: To send you service updates, security alerts, support responses, and (with your consent) marketing communications about new features and offerings
• Service Improvement: To analyze usage patterns, conduct research, and develop new features that enhance the platform experience
• Legal Compliance: To comply with applicable laws and regulations, including VAT filing, tax reporting, and financial record-keeping requirements
• Fraud Prevention: To detect, investigate, and prevent fraudulent activities, unauthorized access, and other security threats to our platform and users

We may share your information in the following limited circumstances:

4.1 Third-Party Service Providers

We work with trusted partners who assist us in operating the platform, including:

• Payment processors and banking partners for transaction handling
• Cloud hosting and infrastructure providers for secure data storage
• Analytics services that help us understand and improve platform performance
• Customer support tools and communication platforms

All third-party providers are contractually bound to protect your data and may only use it for the specific services they provide to us.

4.2 Legal Requirements

• In response to valid legal processes, such as court orders, subpoenas, or government requests
• To comply with applicable laws, regulations, or mandatory government reporting (e.g., tax authorities)
• To protect the rights, property, or safety of XYRA AI, our users, or the public

4.3 Business Transfers

In the event of a merger, acquisition, reorganization, or sale of assets, your information may be transferred as part of the transaction. We will notify you of any such change and ensure that the receiving entity upholds the commitments in this Privacy Policy.

Protecting your data is a top priority. We employ industry-leading security measures, including:

• 256-bit SSL Encryption: All data transmitted between your device and our servers is encrypted using 256-bit SSL/TLS encryption
• SOC 2 Type II Compliance: Our systems and processes are audited to meet SOC 2 Type II standards for security, availability, and confidentiality
• Regular Security Audits: We conduct periodic penetration testing and vulnerability assessments performed by independent security experts
• Access Controls: Multi-factor authentication (MFA), role-based access controls (RBAC), and strict least-privilege policies govern access to data
• Data Backup & Disaster Recovery: Automated daily backups with geographically distributed redundancy ensure your data is protected against loss

We retain your information for as long as necessary to fulfill the purposes outlined in this policy:

• Active Accounts: Your data is retained for the duration of your active account and subscription with XYRA AI
• Account Termination: Upon account deletion or termination, we will delete or anonymize your personal data within 90 days, except where retention is required by law
• Legal Retention: Certain financial records and transaction data may be retained for up to 8 years (or as required by applicable tax and financial regulations) even after account closure
• Backup Systems: Residual copies in encrypted backups may persist for up to 180 days before being permanently purged

Depending on your jurisdiction, you have the following rights regarding your personal data:

• Right to Access: Request a copy of the personal data we hold about you, including how it is being processed
• Right to Correction: Request corrections to any inaccurate or incomplete personal data in your account
• Right to Deletion: Request the deletion of your personal data, subject to legal retention requirements
• Right to Data Portability: Receive your data in a structured, commonly used, machine-readable format (e.g., CSV, JSON) for transfer to another service
• Right to Withdraw Consent: Withdraw your consent to data processing at any time, where consent is the legal basis for processing
• Right to Object: Object to the processing of your data for direct marketing or other purposes based on legitimate interests

To exercise any of these rights, please contact us at info@thexyra.ai. We will respond to your request within 30 days.

XYRA AI uses cookies and similar technologies to provide a seamless user experience. Below is an overview of the cookies we use:

8.1 Essential Cookies

Required for the platform to function properly. These handle authentication, session management, security, and user preferences. They cannot be disabled.

8.2 Analytics Cookies

Help us understand how users interact with the platform, which features are most used, and where improvements are needed. These cookies collect anonymized, aggregated data.

8.3 Marketing Cookies

Used to deliver relevant advertisements and measure the effectiveness of marketing campaigns. These are only enabled with your explicit consent.

8.4 Managing Cookies

You can manage your cookie preferences through your browser settings or our cookie consent banner. Please note that disabling essential cookies may affect platform functionality.

8.5 Third-Party Cookies

Some cookies may be set by third-party services we integrate with, such as analytics providers and payment gateways. These cookies are governed by the respective third party's privacy policy.

XYRA AI is a business accounting platform and is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children.

If we become aware that we have inadvertently collected data from a minor, we will take immediate steps to delete such information from our systems. If you believe a child has provided us with personal data, please contact us at info@thexyra.ai.

Your data may be stored and processed in data centers located in the UAE and other countries where our cloud infrastructure providers operate. We take appropriate safeguards to ensure your data is protected in accordance with this Privacy Policy, regardless of where it is processed.

• Data transfers are conducted in compliance with applicable data protection laws
• We use Standard Contractual Clauses (SCCs) and other approved transfer mechanisms where required
• All data center partners maintain industry-standard security certifications (ISO 27001, SOC 2)

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. When we make material changes:

• We will update the "Last Updated" date at the top of this policy
• We will notify you via email and/or a prominent notice within the platform at least 30 days before the changes take effect
• For significant changes, we may request your renewed consent

We encourage you to review this policy periodically to stay informed about how we protect your information.

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please reach out to us: