Xrefer AI | Privacy Policy
Sign in →
Legal

Privacy Policy

Last updated: July 7, 2026

⚠ Important — Third-Party AI Processing

Code and text you submit to the Xrefer AI API is processed by OpenAI to generate AI responses. By using Xrefer AI, you acknowledge and agree that your submitted data is also subject to OpenAI's Privacy Policy and Usage Policies. Do not submit code containing sensitive personal data, trade secrets, or classified information.

1. Who We Are

Xrefer AI is an AI-powered reverse engineering assistance platform accessible at https://xrefer-ai.com. For privacy-related inquiries, contact us at hello@xrefer-ai.com.


2. Data We Collect

We collect the following categories of data:

Account Data

  • Email address
  • First and last name (optional)
  • Password (stored as a one-way hash — never in plaintext)
  • Google account ID and profile picture (if you sign in with Google)
  • Account creation date and last login

Usage Data

  • API endpoint called (analyze, rename, ask)
  • Token counts (input and output) per request
  • Credits used per request
  • Timestamp of each API request
  • API key prefix used (never the full key)

Payment Data

  • Credit purchase amount and timestamp
  • Stripe session ID (for reconciliation)
  • We do not store credit card numbers or payment details — these are handled exclusively by Stripe.

Technical Data

  • Session cookies (for authentication)
  • Server-side access logs (IP address, request path, timestamp)

3. How We Use Your Data

  • To authenticate you and manage your account
  • To process API requests and deduct credits accordingly
  • To display usage history in your dashboard
  • To process payments and maintain billing records
  • To detect and prevent abuse, fraud, and policy violations
  • To send transactional emails (e.g. payment confirmations) — we do not send marketing emails without consent

4. Code Submitted to the API

When you submit code to /api/analyze.php, /api/rename.php, or /api/ask.php:

  • The code is transmitted to OpenAI's API to generate the AI response.
  • We do not store the actual code content in our database.
  • Only metadata is stored: endpoint used, token counts, timestamp, credits used.
  • OpenAI may retain submitted data per their own retention policies. See OpenAI Privacy Policy.

You are responsible for ensuring that any code you submit does not contain personally identifiable information (PII), confidential business data, or any data that you are not authorized to process via third-party services.


5. Third-Party Services

OpenAI

Processes submitted code to generate AI analysis. Subject to OpenAI's Privacy Policy.

Stripe

Processes payments securely. We never see or store your card details. Subject to Stripe's Privacy Policy.

Google OAuth (optional)

If you choose to sign in with Google, we receive your name, email, and profile picture from Google. Subject to Google's Privacy Policy.


6. Data Retention

  • Account data is retained for as long as your account is active.
  • Usage logs are retained for up to 24 months for billing and abuse prevention.
  • Payment records are retained for up to 7 years for legal and tax compliance.
  • Upon account deletion, personal data is anonymized or deleted within 30 days, except where retention is required by law.

7. Data Security

  • Passwords are stored as bcrypt hashes — never in plaintext.
  • API keys are stored as SHA-256 hashes — the full key is shown only once at creation.
  • All data transmission is encrypted via HTTPS/TLS.
  • Access to the database is restricted to the application server.

8. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access — request a copy of your personal data
  • Rectification — correct inaccurate data
  • Erasure — request deletion of your account and data
  • Portability — receive your data in a structured format
  • Objection — object to certain processing activities

To exercise any of these rights, contact us at hello@xrefer-ai.com.


9. Cookies

We use a single session cookie (xrefer_sess) strictly for authentication. We do not use tracking cookies, analytics cookies, or advertising cookies.


10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify users via the dashboard or email before material changes take effect. Continued use of the Service after changes constitutes acceptance.


11. Contact

For privacy-related questions or requests, contact us at: hello@xrefer-ai.com

© 2026 Xrefer AI. All rights reserved.