This Privacy Policy describes how GoXtra ("we", "us", or "our") collects, uses, and protects your information when you visit our website goxtra.app (the "Site"). It is intended to address users globally, with specific references to EU/UK data protection law and California privacy law where helpful.
Please note: This policy applies only to this website. If you use the GoXtra mobile application, that app has its own separate privacy policy available within the app.
1. Who We Are (Data Controller)
GoXtra operates this Site and acts as the data controller for the personal data processed here. For any privacy questions or requests, contact [email protected].
2. Information We Collect
We collect limited information when you use the Site or choose to interact with us. This includes:
- Waitlist and newsletter information: Contact details you submit via our Brevo (Sendinblue) forms (typically your email address and, in some cases, your name) so we can keep you updated about GoXtra.
- Contact form information: The name, email address, topic, and message you send us via the contact form on our Site, which is processed through EmailJS.
- Technical and security data: Our hosting/CDN and security tools (including Cloudflare and Google reCAPTCHA) may process IP addresses, device and browser information, request metadata, and security logs to deliver the Site, detect abuse (for example, spam and DDoS attacks), and maintain performance.
- Direct communications: Emails or other messages you send us directly and the metadata needed to deliver those messages.
- Analytics and marketing data (only if you accept cookies): When you accept our cookie banner, Google Analytics and Meta (Facebook) Pixel may collect data such as pages visited, approximate location (country/region), device type, and how you reached our Site. This helps us improve the Site and measure our campaigns and is processed as described in Section 6.
We do not intentionally collect sensitive categories of personal data via this Site. Please do not include sensitive information (such as health data or government ID numbers) in your messages to us.
3. How We Use Your Information
We use your information for the following purposes:
- Operating, securing, and improving the Site (including fraud and abuse prevention).
- Providing waitlist and newsletter communications that you request.
- Responding to contact form submissions and other inquiries you send us.
- Complying with legal obligations and enforcing our rights where necessary (for example, in relation to misuse of the Site).
Legal Bases (GDPR/UK): Where EU/UK data protection law applies, we rely on your consent for waitlist and newsletter emails; and our legitimate interests for website operation, security, fraud prevention, and performance. In some cases, we may also process information to comply with legal obligations.
California (CPRA): For California residents, the categories of personal information we collect and the purposes for which we use them are described above. We do not sell or share personal information for cross-context behavioral advertising.
We do not sell, rent, or trade personal information.
4. Service Providers (Processors)
We use trusted service providers to operate this Site and deliver communications:
- Brevo (Sendinblue): Email list management and email delivery for our waitlist and newsletter. See Brevo Privacy Policy.
- EmailJS: Processing contact form submissions and sending related email notifications. See the EmailJS privacy policy at emailjs.com.
- Cloudflare: Hosting, content delivery, and security services (for example, caching, DDoS protection, and firewalling). See Cloudflare Privacy Policy.
- Google reCAPTCHA: Protection of forms against spam and automated abuse. reCAPTCHA analyzes certain technical data (such as IP address and mouse movements) to determine whether a request comes from a human. See Google Privacy Policy.
- Google Analytics: When you accept our cookie banner, we use Google Analytics to understand how visitors use our Site (e.g. pages viewed, general traffic sources). Data is processed in accordance with our consent and with Google’s policies. See Google Privacy Policy and How Google uses data. Analytics run only after you consent.
- Meta Pixel: When you accept our cookie banner, we use Meta (Facebook) Pixel to measure visits and campaign effectiveness. Meta may receive data such as page views and device information in accordance with our consent and Meta’s Data Policy. The pixel does not run until you accept cookies.
These providers act as our processors under contractual terms and only process personal data to provide their services to us. We do not authorize them to use your personal information for their own marketing purposes.
5. International Transfers & Safeguards
Where our providers process data outside the EEA/UK, we use appropriate safeguards such as Standard Contractual Clauses and, where applicable, participation in the EU-U.S. Data Privacy Framework to protect your information.
6. Cookies and Similar Technologies
The Site uses:
- Essential / local storage: To remember your cookie banner choice and certain display preferences (for example, whether to show the preloader).
- Security: Google reCAPTCHA may set cookies or use similar identifiers strictly to detect spam and automated abuse.
- Analytics and marketing (only with your consent): If you click “Accept” on our cookie banner, we enable Google Analytics and Meta Pixel. They may set cookies and similar technologies to measure how visitors use the Site and to measure our campaigns (e.g. page views, traffic sources). You can decline cookies and we will not enable analytics or marketing tracking until you accept.
7. Your Rights
GDPR/UK: You have the right to access, rectify, erase, restrict, object to processing, and data portability, and to withdraw consent at any time (without affecting prior processing). You may also lodge a complaint with your local supervisory authority.
CPRA (California): You have the right to know the categories of personal information we collect, the purposes, and the categories of recipients; to access, delete, and correct personal information; and to limit the use of sensitive personal information (not collected on this Site). We do not sell or share personal information for cross-context behavioral advertising.
To exercise rights, contact [email protected]. We aim to respond within 30 days.
8. Data Retention
- Email addresses: Retained until you unsubscribe or for up to 24 months of inactivity.
- Technical logs: Retained according to our provider’s standard rotation and security practices.
- Support communications: Retained until resolved and for a reasonable administrative period.
9. Security
We implement appropriate technical and organizational measures, including TLS encryption in transit, access controls, and hardened hosting/CDN, to help protect your information. No system is perfectly secure, but we work to maintain the security and integrity of the Site.
10. Changes to This Policy
We may update this Privacy Policy to reflect changes to the Site or legal requirements. We will post updates on this page and revise the "Last Updated" date above.
11. Contact Us
If you have any questions about this Privacy Policy or wish to exercise your rights, contact us at [email protected].
