Select Page
View Categories

Safeguarding Your Data – February 5, 2025

1 min read

Effective Date: 01 February 2025

Applicable To: All clients, partners, licensees, and white-label operators under the Xdemór Infrastructure

1. Our Commitment to Data Protection #

At The Xdemór Group, we treat your data with the same level of integrity and protection as our own. Whether we’re generating strategic insights, powering client dashboards, or operating under white-label frameworks, all data is handled in accordance with the UK GDPR, Data Protection Act 2018, and applicable international safeguards.

We act as an independent Data Controller, which means we determine the purposes and means of processing business and operational data across our infrastructure. Our practices are aligned with those of global platforms such as Google, Meta, TikTok, and Shopify.

2. What Data We Use – And Why #

We use only data that is necessary to deliver actionable insights, improve service performance, and support your business strategy. This includes:

  • Aggregated product, sales, and revenue data

  • UTM parameters and traffic attribution

  • Behavioural analytics (clicks, scrolls, sessions, bounce)

  • Conversion funnels and landing page diagnostics

  • IP and device information for geo-segmentation

  • Platform-specific identifiers (e.g., GA4, TikTok Pixel)

No sensitive personal data (special category data under GDPR) is processed unless explicitly authorized and separately documented.

3. How We Protect It #

We implement a multi-layered data security protocol that includes:

  • Role-based access controls and user-level isolation

  • End-to-end encryption (TLS/SSL)

  • Enforced pseudonymization and aggregation

  • Limited data retention and lifecycle policies

  • Daily off-site backups and internal audit logging

  • ISO 27001-aligned subprocessors and secured APIs

  • Consent enforcement for identifiable submissions

Our systems and subprocessors are selected and audited based on compliance with SCCs, UK Addendum, and regional data protection rules.
See full list: https://policies.zone/docs/subprocessors-international-transfers

4. Who Can Access It #

  • Your team (via secure portals or dashboards)

  • Xdemór staff strictly on a need-to-know basis

  • Licensed brands or partners (only under contractual alignment)

  • Verified subprocessors (e.g., hosting, analytics, CRM), as published in our DPA

We do not sell your data. We do not profile individuals. We do not allow external use of your reports without your explicit permission.

5. Retention & Disposal #

  • Operational data: retained up to 26 months

  • Account records: up to 6 years (for tax/regulatory compliance)

  • Report exports: deleted automatically within 30 days unless agreed otherwise

  • Data used for benchmarking is anonymized and excluded from any identifiers

Upon request or contract termination, we will delete or return all client data, except where legally required to retain.

6. Legal References #

This safeguarding framework is enforced by the following official policies:

For audit rights, breach notifications, or subject access requests, please contact:
dpo@xdemor.com | privacy@xdemor.com

Related Docs