Privacy Policy

1. Overview

XChannel ("we," "us," "our") operates The Appraisal Wizard at xchannel.com (the "Service"). This Privacy Policy describes how we collect, use, store, share, and protect your personal information when you use our AI-powered item identification and valuation service.

By creating an account, uploading photos, or using any part of the Service, you consent to the practices described in this policy. If you do not agree with this policy, please do not use the Service.

This policy applies to all users of xchannel.com, including visitors, free-tier users, and paid subscribers.

2. Information We Collect

2.1 Information You Provide Directly

• Account Registration: Name, email address, and password.
• Photos & Images: Photos you upload for item appraisal, including any metadata embedded in the image files (EXIF data such as camera model, date taken, and GPS coordinates if present).
• Appraisal Interactions: Item names, categories, brands, conditions, feedback, and corrections you provide during the appraisal process.
• Payment Information: Billing details processed through our payment provider, Stripe. We do not directly store your full credit card number, CVV, or bank account details on our servers.
• Communications: Any emails, support requests, or messages you send to us.

2.2 Information Collected Automatically

• IP Address: Used for free-tier usage tracking, security, and fraud prevention.
• Device Information: Browser type, operating system, device type, screen resolution.
• Usage Data: Pages visited, features used, appraisal count, timestamps of activity.
• Cookies & Session Data: Authentication tokens, session identifiers, and CSRF protection tokens (see Section 9).
• Referral Data: The URL that directed you to our Service.

2.3 Information from Third Parties

• Stripe: Subscription status, payment confirmations, and billing history.
• AI Services: Item identification results and pricing analysis generated from your uploaded photos.
• Market Data: Real-time pricing information from publicly available online marketplaces.

3. How We Collect Information

4. How We Use Your Information

• Provide the Service: Identify items from photos, generate pricing estimates, and display your appraisal history.
• Process Payments: Manage subscriptions and billing through Stripe.
• Enforce Usage Limits: Track free-tier appraisal counts by user account or IP address.
• Improve Accuracy: Use feedback and correction data to understand where our AI identification or pricing may fall short.
• Security & Fraud Prevention: Detect and prevent unauthorized access, abuse, or fraudulent activity.
• Communications: Respond to support requests, send service-related notifications (account verification, subscription changes, security alerts).
• Legal Compliance: Meet legal obligations, respond to lawful requests, and enforce our Terms of Use.

5. AI & Automated Processing

The Appraisal Wizard uses artificial intelligence to identify items and estimate values. Understanding how your data flows through our AI systems is important:

5.1 AI Services We Use

We use industry-leading AI services to power our item identification and pricing features. These include:

• Computer Vision AI: Analyzes your uploaded photos to identify items.
• Language AI: Processes item details and market data to generate pricing estimates.
• Market Data Services: Retrieves real-time pricing from publicly available online marketplaces.
• Payment Processing: Stripe handles all billing and subscription management.

5.2 How AI Processing Works

1. You upload a photo. The photo is stored on our servers and sent to our AI services for identification.
2. The AI returns item details (name, brand, category, condition estimate).
3. We search publicly available online marketplaces for real-time pricing data on similar items.
4. Our AI analyzes the market data to generate a pricing estimate.
5. Results are displayed to you and stored in your appraisal history.

5.3 AI Data Retention by Third Parties

Photos and data sent to our AI service providers are used solely for generating your appraisal results and are not stored or used for training purposes by those providers. We select providers whose terms prohibit retention of customer data beyond what is needed to process each request.

5.4 Automated Decision-Making

Our AI makes automated decisions about item identification, categorization, and pricing. These are informational estimates only and do not have legal or financial binding effect. You may override or provide feedback on any AI-generated result.

5.5 Your Rights Regarding Automated Decision-Making

The Appraisal Wizard utilizes fully automated processing to analyze your uploaded photos and generate item identifications and valuations. You have the right to:

• Request Human Intervention: Contest the automated result and request a manual review by our team.
• Express Your Point of View: Provide context or additional information about the item that may affect the appraisal.
• Challenge the Decision: Notify us if you believe an automated decision is incorrect or inaccurate.

To exercise any of these rights, please contact us at support@xchannel.com. We will respond to your request within thirty (30) days.

6. Legal Basis for Processing

We process your personal information based on the following legal grounds:

• Consent: You consent to data processing when you create an account and agree to our Terms of Use and this Privacy Policy.
• Contractual Necessity: Processing is necessary to provide the Service you requested (appraisals, subscription management).
• Legitimate Interests: Security, fraud prevention, service improvement, and usage analytics.
• Legal Obligation: Compliance with applicable laws, regulations, or lawful government requests.

6.1 Legitimate Interests Assessment

Where we rely on our "legitimate interests" as the legal basis for processing your personal data (e.g., for service improvement, security, and analytics), we have conducted a balancing test to ensure our interests do not override your fundamental rights and freedoms. A summary of this assessment is available upon request by contacting support@xchannel.com.

7. Information Sharing & Third Parties

We do not sell, rent, or trade your personal information. We share information only in the following circumstances:

7.1 Service Providers

7.2 Legal Requirements

We may disclose your information if required to do so by law, court order, or government request, or if we believe disclosure is necessary to protect the rights, property, or safety of XChannel, our users, or the public.

7.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your personal information may be transferred as part of that transaction. We will notify you via email or prominent notice on our Service before your information becomes subject to a different privacy policy.

7.4 With Your Consent

We may share information for purposes not listed here only with your explicit consent.

8. Photo & Image Data

Photos are central to our Service. Here is how we handle them:

• Storage: Photos you upload are stored on our servers in a secure application storage directory.
• Processing: Photos are sent to our AI services for identification. They are processed in real-time and not retained by the AI provider.
• EXIF Data: Photos may contain embedded metadata (camera model, date, GPS location). We do not actively extract or use EXIF metadata, but it may be transmitted to AI services as part of the image file.
• Retention: Photos are retained as long as your account is active or as needed to provide your appraisal history. You may request deletion of your photos by contacting us.
• Access: Your photos are only accessible to you through your account. We do not publish, share, or display your photos publicly.
• Ownership: You retain full ownership of all photos you upload. By uploading photos, you grant XChannel a worldwide, non-exclusive, royalty-free license to use, store, process, and analyze those photos for the purpose of: (a) providing the appraisal Service to you; (b) improving the accuracy and quality of our AI identification and pricing systems; and (c) generating anonymized, aggregated data for service analytics. This license terminates when you delete your account or request deletion of your photos.

9. Cookies & Tracking Technologies

9.1 Cookies We Use

9.2 What We Do NOT Use

• No third-party advertising cookies
• No social media tracking pixels
• No Google Analytics or similar analytics platforms
• No cross-site tracking

9.3 Managing Cookies

You can control cookies through your browser settings. Disabling essential cookies may prevent you from logging in or using the Service. Since we only use essential and functional cookies, there is no cookie consent banner required.

9.4 Do Not Track Signals

Some browsers offer a "Do Not Track" (DNT) setting. Since we do not use third-party advertising trackers or cross-site tracking technologies, our Service behaves the same regardless of your DNT setting. We only use essential cookies required for the Service to function.

10. Data Retention & Deletion

After account deletion, we will remove your personal information within 30 days, except where retention is required by law (e.g., financial records for tax compliance). Backups containing your data may persist for up to 90 days before being overwritten.

11. Data Security

We implement appropriate technical and organizational measures to protect your personal information:

• Encryption in Transit: All data transmitted between your device and our servers is encrypted using TLS/HTTPS with industry-standard SSL certificates.
• Password Security: Passwords are cryptographically hashed and salted using industry-standard algorithms. We never store passwords in plain text.
• Access Controls: Server access is restricted to authorized personnel using key-based authentication and strict access controls.
• Firewall & Intrusion Prevention: We employ firewall rules, intrusion detection systems, and web server security configurations to block common attack vectors.
• Payment Security: All payment processing is handled by Stripe, which is PCI DSS Level 1 certified (the highest level of security certification).
• Database Security: Databases are bound to localhost, require authentication, and are backed up daily.

11.2 Breach Notification

In the event of a data breach that affects your personal information, we will:

• Notify affected users via email within 72 hours of becoming aware of the breach.
• Notify applicable regulatory authorities as required by law (e.g., GDPR, CCPA).
• Provide details about what information was affected, what steps we are taking, and what you can do to protect yourself.
• Document the breach internally, including its effects and remedial actions taken.

While we take reasonable measures to protect your data, no method of electronic storage or transmission is 100% secure. We cannot guarantee absolute security.

12. Your Privacy Rights

Depending on your location, you may have the following rights regarding your personal information:

• Access: Request a copy of the personal information we hold about you.
• Correction: Request correction of inaccurate or incomplete information.
• Deletion: Request deletion of your personal information (subject to legal retention requirements).
• Portability: Request your data in a structured, machine-readable format.
• Restriction: Request that we limit processing of your information in certain circumstances.
• Objection: Object to processing based on legitimate interests.
• Withdraw Consent: Withdraw consent at any time where processing is based on consent.

To exercise any of these rights, contact us at support@xchannel.com. We will respond within 30 days. You can also update or delete your account information directly through your Profile page.

13. California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA):

13.1 Your California Rights

• Right to Know: You may request that we disclose the categories and specific pieces of personal information we have collected about you, the sources of collection, the business purposes, and the third parties with whom we share it.
• Right to Delete: You may request deletion of personal information we have collected, subject to certain exceptions.
• Right to Correct: You may request correction of inaccurate personal information.
• Right to Opt-Out of Sale/Sharing: We do NOT sell or share your personal information as defined under the CCPA/CPRA. There is no need to opt out because we do not engage in these practices.
• Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights.

13.2 Categories of Personal Information Collected

13.3 How to Submit a Request

California residents may submit a verifiable consumer request by emailing support@xchannel.com with the subject line "CCPA Request." We will verify your identity using the email address associated with your account. You may make a request up to twice per 12-month period. We will respond within 45 days.

13.4 Do Not Sell My Personal Information

We do not sell personal information as defined by the CCPA. We have not sold personal information in the preceding 12 months.

14. International Data Transfers

Our servers are located in the United States. If you access the Service from outside the United States, your information will be transferred to and processed in the United States. By using the Service, you consent to this transfer.

14.1 Transfer Mechanisms

For transfers of personal data from the European Economic Area (EEA), United Kingdom, or Switzerland to the United States, we rely on Standard Contractual Clauses (SCCs) with our third-party processors and your explicit consent upon account creation.

14.2 Sub-Processors

All sub-processors are bound by data processing agreements requiring them to protect your data in accordance with applicable law.

14.3 Supplementary Safeguards

In addition to Standard Contractual Clauses, we implement the following supplementary measures to protect transferred data:

• Technical Measures: Encryption of data in transit (TLS 1.2+) and at rest, strict access controls, and pseudonymization of data where possible prior to transfer.
• Organizational Measures: Comprehensive vendor due diligence, contractual obligations requiring sub-processors to adhere to the same data protection standards, and internal policies limiting access on a strict need-to-know basis.

15. Children's Privacy

The Appraisal Wizard is not intended for use by children under the age of 13 (or 16 in the European Economic Area). We do not knowingly collect personal information from children under these ages. If we discover that we have collected information from a child under the applicable age, we will promptly delete it. If you believe a child has provided us with personal information, please contact us immediately at support@xchannel.com.

16. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. When we make material changes:

• We will update the "Last Updated" date at the top of this page.
• For significant changes, we will notify registered users via email.
• Continued use of the Service after changes constitutes acceptance of the updated policy.

We encourage you to review this policy periodically.

17. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or your personal data, contact us at:

We will respond to all privacy-related inquiries within 30 days.

18. Data Protection Officer

XChannel has designated a Data Protection Officer (DPO) to oversee compliance with data protection laws. If you have any questions about this Privacy Policy or our data practices, you may contact our DPO directly: