Account & Access Policy

Effective Date: 22 June 2025
Issued by: The Xdemor Group Limited · Company No. 14456444
Registered Office: 86-90 Paul St., London, EC2A 4NE, United Kingdom
Jurisdiction: England and Wales

1. Purpose #

This policy governs the creation, usage, suspension, and termination of user accounts and system access across Xdemor’s infrastructure, services, and customer-facing platforms. It ensures secure access control, traceability, and protection of both client and platform data.

2. Scope #

Applies to:

• All clients, subcontractors, and partners with access to Xdemor-controlled systems (including paneldesk.zone, oneview.zone, yourweb.zone)
• Xdemor personnel with access to internal systems
• Any platform account managed or hosted by Xdemor infrastructure

3. Account Creation #

• User accounts are created only upon verified request from the Controller (client, partner, or authorized staff)
• All user accounts must be associated with a valid, monitored email address
• Multi-user accounts must have a designated Account Owner and defined access roles (Admin, Editor, Viewer, etc.)
• Default access is granted on a least privilege basis

4. Account Access & Roles #

• Role-based access is enforced to restrict users only to required data or tools
• Admin roles may manage team members, billing, projects, and sensitive settings
• User actions may be logged for audit purposes
• Shared credentials are strictly prohibited
• Two-factor authentication (2FA) is required for Admin-level roles

5. Access to Third-Party Accounts #

• Where Xdemor operates under delegated access (e.g., Google Ads, Meta, GA4), client must provide admin-level credentials via secure means
• Client acknowledges that such delegated access may be suspended or revoked upon contract termination or misuse
• Changes to third-party credentials must be reported within 24–48 hours to avoid service disruptions

6. Account Usage Guidelines #

Users must not:

• Share access credentials with unauthorized persons
• Use platform accounts for unlawful, abusive, or prohibited activities
• Attempt to bypass security protocols, interfere with system functionality, or access restricted areas
• Store or process Special Category Data unless explicitly agreed

Violation of these terms may lead to suspension or permanent deactivation of access.

7. Account Deactivation #

Accounts may be deactivated:

• Upon request by the Client or user
• Upon project completion, subscription expiry, or contract termination
• If inactive for more than 180 days (archival may apply)
• In case of detected abuse, breach, or compromise

Xdemor reserves the right to retain metadata for audit and legal compliance even after deactivation.

8. Access to Client Systems #

• All credentials must be delivered via secure channel (e.g., vault, encrypted email)
• Xdemor will not retain access beyond the agreed project scope unless otherwise specified
• Xdemor will store credentials securely and may use privileged access logging internally

9. Data Security & Logging #

• All access to production systems is logged and monitored
• Access logs may include IP address, timestamp, user ID, and actions
• Logs are retained in accordance with the [Data Retention Policy]

10. Incident Response & Breaches #

Suspected access breaches or policy violations must be reported via:

• Online Violation Request Form ↗
• Email: customer@services.support

Please include your full name, contact details, and a clear description of the issue. For verification, we may respond within 24–48 hours.

Xdemor will notify clients of any unauthorized access to their environments or accounts without undue delay, per our Data Breach Response Policy.

11. Changes to Policy #

Xdemor may update this Account & Access Policy to reflect changes in access protocols, security posture, or legal requirements. Material changes will be communicated in advance.

12. Contact #

If you have questions or concerns regarding this policy or wish to exercise any rights under data protection laws, contact us at:

The Xdemor Group Limited
Compliance & Legal
86-90 Paul St., London, EC2A 4NE, United Kingdom
Email: customer@services.support
Data Protection Officer: dpo@xdemor.com

Additional contact addresses:

• privacy@xdemor.com – For personal information requests (access, correction, deletion, objection)
• legal@xdemor.com – For formal legal correspondence

To submit a Data Subject Access Request (DSAR):

• Submit Online Data Request Form ↗
• Include full name, contact details, and clear description of your request