Privacy policy
Effective 04th September 2025
1. PURPOSE AND SCOPE
1.1 At Xakia, we respect your privacy and data protection rights and recognize the importance of protecting the personal data we collect and process. This Privacy Policy is designed to help you to understand what personal data we collect about you and how we use and share it.
1.2 When we refer to Xakia, we mean Xakia Technologies Pty Ltd (ACN 612 857 593), an Australian proprietary limited company with offices at Level 13, 664 Collins Street, Docklands, Victoria, 3008; Xakia Technologies (Aust) Pty Ltd (ACN 659 548 366), an Australian proprietary limited company with offices at Level 13, 664 Collins Street, Docklands, Victoria, 3008; Xakia Technologies, Inc. a Delaware corporation with offices at 4700 Belleview, Ste. 404, Kansas City, MO 64112, United States; Xakia Technologies (UK) Limited (Company No. 14081690), a private limited company registered in the United Kingdom with offices at 35 Ballards Lane, London N3 1XW; and Xakia's other group companies from time to time (Xakia, we, us, our).
1.3 This Privacy Policy applies to you if you:
- interact with any of Xakia's websites (including www.xakiatech.com) or our social media pages (collectively, the Sites) (website users);
- attend a Xakia event or an event which Xakia sponsors (event attendees);
- use Xakia's legal matter management service, applications, and our other software applications and services (collectively, the Services) (End Users);
- are a marketing prospect, who is anyone whose data Xakia processes for the purposes of assessing customer eligibility (marketing prospect); or
- receive marketing communications from Xakia.
The below Privacy Policy applies to you irrespective of where you are based. There are certain additional parts of the Privacy Policy that will apply to you where you are a resident of the EEA, UK, or California. These additional parts do not apply to everyone.
1.4 For the purposes of the General Data Protection Regulation (or any successor or equivalent legislation in the UK) (GDPR), either Xakia Technologies Pty Ltd, Xakia Technologies (Aust) Pty Ltd, Xakia Technologies, Inc., Xakia Technologies (UK) Limited, or any other Xakia group company from time to time, is the controller of your personal data.
2. PERSONAL DATA COLLECTED BY XAKIA
2.1 PERSONAL DATA WE COLLECT AND RECEIVE
The personal data that we collect about you broadly falls into the categories set out in in the Appendix. Some of this information you provide voluntarily when you interact with the Services and Sites, or when you attend an event. Other types of information may be collected automatically from your device, such as device data and service data. From time to time, we may also receive personal data about you from third party sources (as further described in the Appendix).
2.2 COOKIES AND TRACKING TECHNOLOGIES
We may use cookies and similar tracking technologies that help us track your website usage and remember your preferences. Cookies are small files that store information on your computer, mobile phone or other device. They enable us to recognise you across different websites, services, devices and/or browsing sessions. You can disable cookies through your internet browser but our Services and Sites may not work as intended for you if you do so.
3. END-USER NOTICE
The Services are provided to organizations rather than directly to End Users. The organization through whose account you access the Services (Customer) serves as the administrator of the Services and is responsible for the End User accounts and data under its control.
Important: Your use of the Services is subject to your organization's policies and procedures, not just this Privacy Policy. Your organization, not Xakia, controls most aspects of your account, including the legal matter data you handle.
3.1 DATA CONTROL RESPONSIBILITIES
Customer Data (Your Organization Controls): For legal matter information, contract information, documents, and other content that you or your colleagues enter into, upload to or create in the Service:
- your organization is the data controller and makes decisions about how this information is used;
- Xakia acts as a data processor, handling this information according to your organization's instructions; and
- your organization's privacy policies govern how this information is collected, used, and shared.
Service Data (Xakia Controls): For account setup information, usage analytics, support communications, and other operational data:
- Xakia is the data controller and this Privacy Policy governs our handling of this information;
- you can exercise privacy rights directly with us regarding this information.
3.2 WHAT YOUR ADMINISTRATOR CAN DO
Your organization’s administrator may be able to:
Account Management:
- Create, suspend, or terminate your access to the Services;
- Reset your account password or require password changes;
- Monitor your usage of the Services and generate activity reports;
- Access information in and about your account, including login history.
Data Access and Control:
- Access, export, modify, or delete Customer Data you've created or accessed;
- Configure which features you can use and how you can use them;
- Control integrations with third-party tools and systems;
- Manage sharing permissions for Customer Data.
Security and Compliance:
- Implement additional security requirements (two-factor authentication, IP restrictions, etc.);
- Configure audit logging and compliance reporting;
- Set confidentiality settings;
- Control external sharing and portal access.
3.3 HOW TO EXERCISE YOUR PRIVACY RIGHTS
For Customer Data:
- Contact your administrator first - they control Customer Data;
- Your organization's policies apply – follow your employer's procedures for data access, correction, or deletion requests;
- We cannot override organizational controls - Xakia cannot grant you access to or delete Customer Data without administrator approval.
For Service Data:
- Contact Xakia directly at legal@xakiatech.com for your personal account details, support history, or usage information;
- You can exercise standard privacy rights (access, correction, deletion) for this information;
- These rights may be limited if exercising them would interfere with your organization's legitimate interests.
3.4 USE OF THE XAKIA ADD-IN FOR GMAIL
This section applies if you use the Xakia add-in for Gmail. Notwithstanding any other section of this Privacy Policy, where you use the Xakia add-in for Gmail, the use and transfer of information received by the Xakia service from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements set out in that policy.
4. HOW AND WHY WE USE YOUR PERSONAL DATA
4.1 We collect and process your personal data for the following purposes and, if you are from the European Economic Area (EEA) or the UK, on the following legal bases:
- Providing and facilitating delivery of the Services and Sites: We process your personal data to perform our contract with you for use of our Services and Sites and to fulfill our obligations under applicable terms of service. Where we have not entered into a contract with you, we process your personal data in reliance on our legitimate interests to operate and administer the Services and Sites. For example, to create, administer and manage your account.
- Communicating with you about the Services and providing customer support: We may send you service, technical and other administrative messages in reliance on our legitimate interests in administering the Services. For example, we may send you messages about the availability or security of the Services. We also process your personal data to respond to your comments and questions and to provide customer care and support. When we have entered into an agreement with you, we process your personal data as necessary to meet our contractual obligations to you.
- Improving the Services and Sites: We process your personal data to improve and optimize the Services and Sites and to understand how you use the Services and Sites, including to monitor usage or traffic patterns and to analyze trends and develop new products, services, features and functionality in reliance on our legitimate interests or, where necessary, to the extent you have provided your consent.
- Sending marketing communications: We process your personal data to send you marketing communications via email, post or within the Services about our products, services and upcoming events that might interest you in reliance on our legitimate interests or where we seek your consent. Please see Section 9 below to learn how you can control your marketing preferences.
- Managing event registrations and attendance: We process your personal data to plan and host events for which you have registered or that you attend, including sending related communications to you. This processing is based on our legitimate interest in ensuring the successful organization of the event, as well as providing you with relevant information regarding your participation.
- Maintaining security of the Services and Sites: We process your personal data to control unauthorized use or abuse of the Services and Sites, or otherwise detect, investigate or prevent activities that may violate Xakia policies or applicable laws, in reliance on our legitimate interests to maintain and promote the safety and security of the Services and Sites.
- Displaying personalized advertisements: We process your personal data to advertise to you and to provide personalized information, including by serving and managing advertisements on our Sites and on third party sites, in reliance on our legitimate interests to support our marketing activities and advertise our products and services or, where necessary, to the extent you have provided your consent.
- Facilitating Customer third-party integrations: We process your personal data to enable integrations between the Services and third-party systems that your organization chooses to connect, such as document management systems, email systems, and other business applications, in reliance on our legitimate interests to provide you with comprehensive service functionality or to perform our contract with you.
- Carrying out other legitimate business purposes: including invoicing, audits, fraud monitoring and prevention. This processing is based on our legitimate interest in ensuring efficient business operations and on the necessity to comply with legal obligations.
- Complying with legal obligations: We process your personal data when cooperating or complying with public and government authorities, courts or regulators in accordance with our obligations under applicable laws and to protect against imminent harm to our rights, property or safety, or that of our Customers, End Users or the public, as required or permitted by law.
4.2 In certain circumstances, we may collect your personal data on a different legal basis. If we do, or if we use your personal data for purposes that are not compatible with, or are materially different than, the purposes described in this notice or the point of collection, we will explain how and why we use your personal data in a supplementary notice at or before the point of collection. Where we refer to legal bases in this section we mean the legal grounds on which organizations can rely when processing personal data.
4.3 Please note these legal bases only apply to you if you are resident in the EEA or the UK.
4.4 If you have any questions about our legal bases for processing your personal data, please contact us at legal@xakiatech.com
5. SHARING YOUR PERSONAL DATA
5.1 We may disclose some or all of the personal data we collect to the following third parties:
Xakia Group Companies:
|
Service Providers:
|
| Customer-Authorized Third Parties: Third party systems and applications that your organization chooses to integrate with the Services, including document management systems, email platforms, and other business applications. |
| Advertising Partners: Third party advertising companies may use cookies and similar technologies to collect information about your activity on the Services and other online services over time to serve you online targeted advertisements. |
| Professional Advisors: Professional advisors, such as lawyers, auditors and insurers, in the course of the professional services that they render to us. |
| Government Authorities and Law Enforcement: Government authorities including law enforcement authorities, regulators and courts in order to:
|
| Business Transfers: Parties to transactions or potential transactions (and their professional advisors) involving a corporate divestiture, merger, consolidation, acquisition, reorganization, sale or other disposition of all or any portion of the business, assets, or equity interests of Xakia Group Companies (including, as part of a bankruptcy or similar proceeding). |
5.2 Aggregated or anonymized information. We may also share aggregated or anonymized information with third parties for other purposes. Such information does not identify you individually, but may include usage, viewing and technical information such as the websites you generally use, the configuration of your computer, and performance metrics related to the use of websites which we collect through our technology, products and services. If we are required under applicable law to treat such information as personal data, then we will only disclose it as described above. Otherwise, we may disclose such information for any reason.
5.3 Third party websites. The Sites may also contain links to third party websites. This Privacy Policy applies solely to information processed by us. You should contact the relevant third party websites for more information about how your personal data is processed by them.
6. RETENTION OF YOUR PERSONAL DATA
6.1 We retain Customer Data in accordance with the agreements in place with our Customer and as required by applicable law. We retain your personal that is not Customer Data only for as long as necessary to fulfill the purposes set out in this Privacy Policy.
6.2 Note that content you post may remain on the Sites even if you cease using the Sites or we terminate access to the Sites.
7. TRANSFERS OF YOUR PERSONAL DATA
7.1 The Services and Sites are provided and hosted in multiple jurisdictions. When your organization creates a Xakia account, it will select a preferred data location from the following options: Australia, UK, United States, Netherlands, or Canada. Once selected, this data location preference cannot be changed. If you are located outside your organization’s selected data location, we transfer and process your personal data in your organization’s selected data location. In addition, we may transfer your personal data to other Xakia Group Companies and our service providers including to Australia and the United States. These countries may not have equivalent privacy and data protection laws (and, in some cases, may not be as protective) as those that apply in the country in which you are resident. We will protect your personal data in accordance with this Privacy Policy wherever it is processed.
7.2 Certain recipients (our service providers and other companies) who process your personal data on our behalf may also transfer personal data outside the country in which you are resident. Where such transfers occur, we will make sure that an appropriate transfer agreement is put in place to protect your personal data.
7.3 If you are a resident of the EEA or the UK, we will protect your personal data when it is transferred outside of the EEA or the UK by processing it in a territory which the European Commission has determined provides an adequate level of protection for personal data; or otherwise ensuring appropriate safeguards are in place to protect your personal data. For transfers of your personal data to Xakia Group Companies or other recipients based outside of the EEA or the UK, we rely on the EU Standard Contractual Clauses (SCCs) or the UK International Data Transfer Agreement (IDTA).
8. HOW WE STORE AND SAFEGUARD PERSONAL DATA
We care about protecting personal data. That is why we put in place appropriate measures that are designed to secure your personal data. You can find out more about our technical and organizational safeguards on our Trust page. However, the internet is not a completely secure environment, and we cannot guarantee the security of your personal data. By using our Services and Sites, you acknowledge and agree that we make no such guarantee, and that you use our Services and Sites at your own risk.
9. YOUR PRIVACY RIGHTS AND CHOICES
9.1 Depending on your location and subject to applicable laws, you may have certain data protection rights. If you are a resident of the EEA or the UK you have the following data protection rights:
- If you wish to access, correct, update or request deletion of your personal data, you can do so at any time.
- You can object to processing of your personal data, ask us to restrict processing of your personal data or request portability of your personal data.
- You have the right to opt-out of marketing communications we send you at any time. If you no longer wish to receive our newsletter and promotional communications, you may opt-out of receiving them by clicking on the "unsubscribe" or "opt-out" link in the communications we send you. Please note, however, that it may not be possible to opt-out of certain service-related communications. You can let us know at any time if you do not wish to receive marketing messages by contacting us using the contact details below.
- Similarly, if we have collected and processed your personal data with your consent, then you can withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your personal data conducted in reliance on lawful processing grounds other than consent.
- You have the right to complain to a data protection authority about our collection and use of your personal data. For more information, please contact your local data protection authority. Contact details for data protection authorities in the EEA and the UK are available here
9.2 You can exercise any of these rights by submitting a request to legal@xakiatech.com
9.3 If you are a California resident, you can find information about how we use your personal data and about your privacy rights in Section 12 of this policy.
10. CHILDREN'S PRIVACY
The Services and Sites are not intended for use by anyone under the age of 16. Xakia does not knowingly collect personal data from anyone under the age of 16. If you are under 16, you may not attempt to register for the Services or send any information about yourself to us, including your name, address, telephone number, or email address. If we become aware that we have collected personal data from someone under the age of 16 without verification of parental consent, we will delete that information promptly. If you are a parent or legal guardian of a child under 16 and believe that a child has provided us with their personal data, please contact us through at legal@xakiatech.com
11. CHANGES TO THIS POLICY AND QUESTIONS
11.1 We may amend this Privacy Policy from time to time in response to changing legal, technical or business developments. The new version will become effective on the date it is posted, which will be listed at the top of the page as the new Effective Date. When we update it, we will take appropriate measures to inform you, consistent with the significance of the changes we make. If we make material updates to this Privacy Policy we will update the effective date at the top of the Privacy Policy.
11.2 We have appointed a Data Protection Officer responsible for managing and addressing inquiries related to this Privacy Policy. If you have any questions, comments or concerns about this Privacy Policy or the way your personal data is being used or processed by Xakia, please contact the Data Protection Officer at legal@xakiatech.com.
12. COLLECTION AND USE OF PERSONAL DATA OF CALIFORNIA RESIDENTS
12.1 Scope
Except as otherwise provided, this Section 11 applies only if you are a California resident. For purposes of this section, Personal Information has the meaning given in the California Consumer Privacy Act (CCPA), the California Privacy Rights Act of 2020 (CPRA), and any regulations promulgated under either law, in each case, as amended from time to time.
This Section 11 does not apply to;
- information exempted from the scope of the CCPA;
- activities governed by a different privacy notice, such as notices we give to California personnel or job candidates; or
- Personal Information we collect, use, and share on behalf of our Customers as a service provider under the CCPA.
12.1 YOUR CALIFORNIA PRIVACY RIGHTS
- Right to Information/Know. You can request whether we have collected your Personal Information, and in certain cases, the following information about how we have collected and used your Personal Information during the past 12 months:
- The categories of Personal Information we have collected.
- The categories of sources from which we collected the Personal Information.
- The business or commercial purpose for collecting, sharing, and/or selling Personal Information.
- The categories of Personal Information that we sold or disclosed for a business purpose.
- The categories of third parties to whom Personal Information was sold, shared, or disclosed for a business purpose.
- Right to Access. You can request a copy of the Personal Information that we have collected about you during the past 12 months.
- Right to Access. You can request a copy of the Personal Information that we have collected about you during the past 12 months.
- Right to Correction. You can request that we correct inaccurate Personal Information that we have collected about you.
- Right to Deletion. You can ask us to delete the Personal Information that we have collected from you.
- Right to Opt-Out of Tracking for Targeted Advertising Purposes. While we do not sell Personal Information for money, like many companies, we use services that help deliver targeted ads (also known as interest-based ads) to you, as we have described in Section 3 above. The CCPA classifies our use of some of these services as "sharing" your Personal Information with the advertising partners that provide the services, from which you have the right to opt-out.
- Right to Nondiscrimination. You are entitled to exercise the rights described above free from discrimination prohibited by the CCPA.
12.3 HOW TO EXERCISE YOUR RIGHTS
- Right to Information/Know, Access, Correction, and Deletion. You can exercise any of these rights by submitting a request to legal@xakiatech.com.
- Right to Opt-Out of Tracking for Targeted Advertising Purposes. You can submit requests to opt-out of tracking for targeted advertising purposes by Contact Us. Your request to opt-out will apply only to the browser and the device from which you submit the request.
- Verification of Identity. We will need to verify your identity to process your information/know, access, correction, and deletion requests and reserve the right to confirm your California residency. To verify your identity, we may require you to provide government identification, give a declaration as to your identity under penalty of perjury, and/or provide additional information. These rights are not absolute, and in some instances, we may decline your request as permitted by law.
- Authorized Agents. Your authorized agent may make a request on your behalf upon our verification of the agent's identity and our receipt of a copy of the valid power of attorney given to your authorized agent pursuant to California Probate Code Sections 4000-4465. If you have not provided your agent with such a power of attorney, you must provide your agent with written and signed permission to exercise your CCPA rights on your behalf, provide the information we request to verify your identity and provide us with written confirmation that you have given the authorized agent permission to submit the request.
12.4 PERSONAL INFORMATION THAT WE COLLECT, USE AND DISCLOSE
Except as otherwise provided, this Section 11 applies only if you are a California resident. For purposes of this section, Personal Information has the meaning given in the California Consumer Privacy Act (CCPA), the California Privacy Rights Act of 2020 (CPRA), and any regulations promulgated under either law, in each case, as amended from time to time.
- We do not "sell" personal information as defined by the CCPA and have not sold Personal Information in the preceding 12 months.
- We do not use or disclose sensitive personal information for purposes that California residents have a right to limit under the CCPA.
| CCPA statutory category Personal Information (PI) we collect in this category | Business/commercial purpose for collection | Categories of third parties to whom we "disclose" PI for a business purpose | Categories of third parties with whom we "share" PI |
|---|---|---|---|
Identifiers
|
|
|
|
Professional or employment-related data
|
|
|
|
Financial information
|
|
|
|
Internet or network information
|
|
|
|
Audio, electronic, visual information
|
|
|
|
Inferences
|
|
|
|
Appendix: Personal Data we collect and receive
We may collect the following personal data about:
|
Registration, contact, and company information:
|
Payment information:
|
Device data:
|
Service data:
|
Third party source data:
|
The sources of this third party personal data may include:
|
Registration, contact and company information:
|
|
We may collect the following personal data about event attendees:
|
Event participation data:
|
Third party source data:
|
The sources of this third party personal data may include:
|
|
We may collect the following personal data about End Users:
|
Payment information:
|
Device data:
|
Service data:
|
Third party source data:
|
The sources of this third party personal data may include:
|