XAIO
Legal

Privacy Policy

Updated16/06/2026

1. Controller

The controller responsible for data processing on this website is:

XAIO FlexCo
Liechtensteinstraße 22a / 4
1090 Vienna
Austria
Email: privacy@xaio.dev
Website: xaio.dev

2. General information

This privacy policy informs you about the nature, scope and purpose of the processing of personal data on our website. Processing is carried out in accordance with the General Data Protection Regulation (GDPR) and the Austrian Data Protection Act (DSG).

3. Collection and storage of personal data

3.1 When visiting the website

When you access our website xaio.dev, your internet browser automatically transmits information to our server. This information is temporarily stored in a log file:

  • IP address of the requesting device
  • Date and time of access
  • Name and URL of the retrieved file
  • Website from which access is made (referrer URL)
  • Browser used and, where applicable, the operating system of your device

Legal basis: Art. 6(1)(f) GDPR (legitimate interest in the technical provision and security of the website)

3.2 When using our AI service

When you use our AI software-generation service, we process the following data:

  • Your inputs and prompts
  • Generated software and code outputs
  • Usage statistics and interaction data
  • Technical metadata to improve the service

Legal basis: Art. 6(1)(b) GDPR (performance of a contract)

3.3 When registering and creating an account

To use certain features you can create an account. We collect:

  • Email address
  • Username
  • Password (stored encrypted)
  • Optional: further profile data

Legal basis: Art. 6(1)(b) GDPR (performance of a contract)

4. Cookies and similar technologies

Our website uses cookies. Cookies are small text files stored on your device. We use:

  • Necessary cookies: for the basic functions of the website (session management, security)
  • Functional cookies: for an improved user experience (language settings, preferences)
  • Analytics cookies: for statistical evaluation (only with your consent)

You can configure your browser settings to block or delete cookies. However, this may limit the functionality of the website.

Legal basis: Art. 6(1)(a) GDPR (consent) or Art. 6(1)(f) GDPR (legitimate interest) for technically necessary cookies

5. Disclosure of data

We disclose your personal data only if:

  • you have given your express consent (Art. 6(1)(a) GDPR)
  • it is necessary for the performance of a contract (Art. 6(1)(b) GDPR)
  • there is a legal obligation (Art. 6(1)(c) GDPR)
  • there is a legitimate interest (Art. 6(1)(f) GDPR)

5.1 Hosting and cloud services

We use external hosting providers to operate our website. These providers process your data on our behalf and are contractually bound pursuant to Art. 28 GDPR.

5.2 AI model providers

To provide our AI services we work with AI model providers. Your inputs are processed to generate software code. This processing is carried out under data processing agreements pursuant to Art. 28 GDPR.

6. Transfer of data to third countries

Where we process data in countries outside the EU/EEA, we ensure an adequate level of data protection through:

  • EU Standard Contractual Clauses
  • Adequacy decisions of the EU Commission
  • Certifications (e.g. Privacy Shield successor frameworks)

7. Storage period

We store personal data only for as long as necessary to fulfil the purposes or as required by statutory retention periods:

  • Server logs: 30 days
  • Account data: until the account is deleted
  • Contract data: 7 years (pursuant to § 132 BAO – Austrian Federal Fiscal Code)
  • Consents: until withdrawn

8. Your rights as a data subject

You have the following rights regarding your personal data:

  • Right of access (Art. 15 GDPR): you can request information about your stored data
  • Right to rectification (Art. 16 GDPR): you can request the correction of inaccurate data
  • Right to erasure (Art. 17 GDPR): you can request the deletion of your data
  • Restriction of processing (Art. 18 GDPR): you can request the restriction of processing
  • Data portability (Art. 20 GDPR): you can receive your data in a structured format
  • Right to object (Art. 21 GDPR): you can object to processing
  • Withdrawal of consent (Art. 7(3) GDPR): you can withdraw consents granted at any time

To exercise your rights, please contact us at: privacy@xaio.dev

9. Right to lodge a complaint with the supervisory authority

You have the right to lodge a complaint with the competent data protection authority:

Austrian Data Protection Authority (Österreichische Datenschutzbehörde)
Barichgasse 40-42
1030 Vienna
Austria
Phone: +43 1 52 152-0
Email: dsb@dsb.gv.at
Website: www.dsb.gv.at

10. Data security

We use technical and organisational security measures to protect your data against accidental or intentional manipulation, loss, destruction or access by unauthorised persons:

  • SSL/TLS encryption for data transmission
  • Encrypted storage of sensitive data
  • Regular security updates
  • Access controls and authentication
  • Regular backups

11. Automated decision-making and profiling

We do not use automated decision-making within the meaning of Art. 22 GDPR that produces legal effects concerning you or significantly affects you. AI-generated software creation is based on your explicit inputs and remains under your control at all times.

12. Changes to this privacy policy

We reserve the right to adapt this privacy policy to reflect changes in the legal situation or changes to our services. You can always find the current version on our website at xaio.dev/privacy.

13. Contact

If you have any questions about data protection or wish to exercise your rights, please contact us:

XAIO FlexCo
Data Protection Officer
Liechtensteinstraße 22a / 4
1090 Vienna, Austria
Email: privacy@xaio.dev
Website: xaio.dev