Privacy Policy

1. Introduction

Xairas ("we," "our," or "us") is a company based in the United Arab Emirates. We are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your data when you use our self-hosted server security platform and related services.

By using Xairas, you agree to the terms outlined in this Privacy Policy. If you do not agree with these terms, please do not use our services.

2. Information We Collect

2.1 Account Information

When you create an account, we collect:

• Full name
• Email address
• Company name
• Password (stored in hashed format only — we cannot see your actual password)

2.2 License Validation Data

Our self-hosted product performs minimal communication with our servers for the following purposes only:

• License verification: On system boot, our software contacts our servers to validate your license status.
• Server limit checks: When adding a new server to your panel, our system verifies whether your license permits additional servers.

These checks transmit only the information necessary for license validation — no server data, logs, security findings, or monitored information is ever sent to our servers.

2.3 Payment Information

We use third-party payment processors (Stripe and/or Paddle) to handle all payment transactions. We do not store your credit card numbers, bank account details, or other financial information on our servers. Please refer to Stripe's Privacy Policy and Paddle's Privacy Policy for information on how they handle your payment data.

2.4 Website Analytics

We may use Google Analytics to collect anonymous usage data about how visitors interact with our website. This helps us improve our services. You can opt out of Google Analytics by installing the Google Analytics Opt-out Browser Add-on.

3. What We Do NOT Collect

Xairas is a self-hosted solution designed with privacy as a core principle. We want to be explicitly clear about what we do not collect:

• Server monitoring data: All data collected by the Xairas agent (bash history, network traffic, system logs, security alerts) remains entirely on your infrastructure.
• Threat detection results: All AI threat detection, vulnerability reports, and security findings stay on your servers.
• Evidence vault contents: All captured logs and forensic evidence are stored locally on your systems.
• CVE report data: Our system fetches CVE data directly from the NIST National Vulnerability Database to your self-hosted panel — this data never passes through our servers.
• Custom rules and configurations: Your security rules and auto-response settings remain on your infrastructure.
• Telemetry or usage analytics from the agent: We do not collect any operational data from the self-hosted agent.

4. How We Use Your Information

We use the limited information we collect to:

• Create and manage your account
• Validate your software license
• Enforce license server limits
• Process payments through our third-party providers
• Communicate with you about your account, updates, and support requests
• Improve our website and services based on anonymous analytics
• Comply with legal obligations

5. Cookies

We use essential cookies to maintain your authenticated session after you sign up or log in. These cookies are strictly necessary for the platform to function and cannot be disabled.

We do not use third-party tracking cookies. If you have Google Analytics enabled, it may set its own cookies for anonymous analytics purposes.

6. Data Security

We implement appropriate technical and organizational measures to protect your personal information, including:

• Password hashing using industry-standard algorithms
• Encrypted data transmission (HTTPS/TLS)
• Secure server infrastructure
• Limited access to personal data on a need-to-know basis

Since Xairas is self-hosted, the security of your server data depends on your own infrastructure security practices. We provide the tools — you control the data.

7. Data Retention

We retain your account information for as long as your account is active or as needed to provide you services. If you wish to delete your account, please contact us at support@xairas.com, and we will delete your personal information within 30 days, unless we are required to retain it for legal purposes.

8. Third-Party Services

We use the following third-party services that may process your data:

• Stripe / Paddle: Payment processing
• Google Analytics: Anonymous website analytics (optional)

Each third-party service has its own privacy policy governing the use of your information. We encourage you to review their policies.

9. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

• Access: Request a copy of the personal data we hold about you
• Correction: Request correction of inaccurate personal data
• Deletion: Request deletion of your personal data
• Portability: Request a copy of your data in a portable format
• Objection: Object to certain processing of your personal data

To exercise any of these rights, please contact us at support@xairas.com.

10. Intended Use & Disclaimer

Xairas is developed for legitimate, ethical security monitoring purposes — to help organizations protect their infrastructure, detect threats, and respond to security incidents.

We are not responsible for how users choose to deploy or use this product. Users are solely responsible for ensuring their use of Xairas complies with all applicable laws, regulations, and ethical standards in their jurisdiction. Any misuse of this product for unauthorized surveillance, illegal activities, or unethical purposes is strictly prohibited and is the sole responsibility of the user.

11. Children's Privacy

Xairas is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any significant changes by posting the new policy on this page and updating the "Last updated" date. We encourage you to review this Privacy Policy periodically.