Legal & Compliance

Privacy Policy

Last Updated: June 19, 2026

Quick Navigation

1. Introduction 2. Information We Collect 3. How We Use Information 4. Sharing & Third Parties 5. Data Deletion Instructions (Meta) 6. Security & Storage 7. GDPR & CCPA Rights 8. Contact Information

01. Introduction

At Xeni (operated by PT PERSONA DIGITAL KREATIF, referred to as "we", "us", or "our"), we respect your privacy and are committed to protecting the personal data you share with us. This Privacy Policy describes how we collect, use, store, process, and protect your information when you access or use our website, application, platform, and content automation integrations (collectively, the "Services").

We strictly process personal data in compliance with the laws of the Republic of Indonesia, specifically Undang-Undang Nomor 27 Tahun 2022 tentang Pelindungan Data Pribadi (UU PDP), as well as international data protection regimes such as the European Union's General Data Protection Regulation (GDPR) where applicable.

By using our Services, you consent to the data practices described in this policy. If you do not agree with the terms outlined here, please do not access or use the Services.

02. Information We Collect

We collect personal information to provide, improve, and protect our Services. The types of personal information we collect include:

  • Account Registration Details: When you register an account, we collect your email address, name, password hash, and preferences.
  • Third-Party Integration Data (Meta/Facebook API, Google API): If you choose to connect your social media accounts (such as Facebook Pages, Instagram Business profiles, or Google Business channels) to utilize our autonomous post scheduling and publishing features, we request permissions via secure OAuth protocols. This allows us to retrieve:
    • Access tokens necessary to publish posts on your behalf.
    • Basic profile information (Account IDs, Page names, avatars, category types).
    • Page-specific analytics and comments data (required to provide comment monitoring and auto-reply features).
  • Usage and System Data: We collect details about how you interact with our platform, such as IP addresses, browser types, page views, AI prompt inputs, and system logs.
  • Billing Information: Payments are processed securely via our third-party provider (Stripe). We do not store credit card details directly on our servers.

03. How We Use Your Information

Xeni utilizes the collected data for the following specific business purposes:

  • To establish and maintain your user account.
  • To enable AI-driven automated generation of captions, images, and brand-aligned content.
  • To execute scheduled automated posting to your linked social media networks (such as Instagram or Facebook Pages) on your explicit instruction.
  • To monitor and execute comment replies using our intelligent automated inbox engine.
  • To analyze platform utilization, perform security audits, and prevent fraudulent activity.
  • To send transactional emails, system updates, billing notifications, and critical support alerts.

04. Sharing & Third Parties

We do not sell, rent, or trade your personal information to third parties. We share your data only with specific sub-processors crucial to delivering the Services, under strict confidentiality terms:

  • Infrastructure & Hosting: Cloud platforms (e.g., Vercel, AWS, Supabase) for hosting database and application code.
  • AI Models: External APIs (e.g., OpenAI, Anthropic) to process visual prompt generation and content planning. No user account credentials are shared with these models.
  • Payment Processing: Stripe for secure subscription payments.
  • Official Platforms APIs: Direct transmission of publication payloads to Meta (Facebook/Instagram), Google, and X APIs as authorized by you.

05. Meta/Facebook Data Deletion Instructions

Xeni fully complies with Meta Platform Terms regarding user data storage, access, and deletion. If you wish to revoke permissions, remove social account tokens, or request the complete deletion of your personal data collected via Meta APIs or directly on our platform, you have multiple direct options:

Option A: In-App Account Deletion (Recommended)

You can permanently purge all data by navigating to the platform:

  1. Log in to your Xeni dashboard.
  2. Go to the Account Settings page.
  3. Under the Danger Zone section, click on "Delete Account".
  4. Confirm your choice. This process is irreversible and instantly drops all connected credentials, OAuth tokens, generated posts, and account records from our live databases.

Option B: Manual Email Request

If you cannot access your account or prefer a manual process, you may request data deletion by emailing our compliance team:

  • Send an email to: contact@xenilabs.app
  • Subject Line: Meta Data Deletion Request
  • Include in the body: Your registered name and the email address used to log in.
  • Our support team will process the deletion within 7 business days and send you a formal confirmation email once all records are securely erased from our active databases and backup logs.

Option C: Revoking App Permissions in Meta Settings

To revoke Xeni's access to your Meta page tokens at any time directly through Facebook:

  1. Go to your Facebook account Settings & Privacy.
  2. Navigate to Settings, then click on Business Integrations.
  3. Locate Xeni in the active applications list.
  4. Click Remove to revoke all active page access tokens.

06. Security & Storage

We employ industry-standard administrative, physical, and electronic security measures designed to safeguard your credentials and credentials tokens from unauthorized access, accidental loss, alteration, or disclosure.

All data transmission between users, Xeni databases, and partner APIs (including Meta APIs) is encrypted using secure Transport Layer Security (TLS 1.3). Tokens are stored encrypted at rest using Advanced Encryption Standard (AES-256) keys.

07. UU PDP, GDPR & CCPA Rights

Under the Indonesian UU PDP, the EU GDPR, and the California CCPA, users are granted specific statutory rights regarding their personal data, which we fully respect and facilitate:

  • Right of Access: Request a digital copy of all personal records we hold about you.
  • Right to Rectification: Request correction of inaccurate or incomplete profile records.
  • Right to Portability: Request transmission of your records to alternative service providers in standardized formats.
  • Right to Erasure (Deletion): Request complete purging of your account database files.

08. Contact Information

For questions, clarifications, complaints, or manual data erasure demands, feel free to contact our dedicated privacy compliance desk:

Privacy & Compliance Operations

Email: contact@xenilabs.app

PT PERSONA DIGITAL KREATIF