Privacy Policy

Last updated: March 14, 2026

1. Introduction

theXEO ("we", "our", "us") operates the website the-xeo.com and the theXEO platform. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service.

2. Information We Collect

Account Information

When you sign up via Google OAuth, we receive your name, email address, and profile picture. We do not receive or store your Google password.

Site Data

When you connect a website, we access your Cloudflare account via the API token you provide. We use this to deploy and manage the theXEO Edge Worker on your infrastructure. We scan your site's HTML to generate SEO recommendations and health scores.

Payment Information

Payments are processed by Stripe. We do not store your credit card numbers, bank account details, or other financial information on our servers. Stripe's privacy policy governs the handling of your payment data.

Usage Data

We collect analytics data including page views, feature usage, error logs, and performance metrics to improve our service.

3. How We Use Your Information

  • To provide, maintain, and improve the theXEO platform
  • To deploy and manage Edge Workers on your Cloudflare account
  • To generate SEO analysis, AI-powered meta tags, and health scores
  • To process payments and manage subscriptions
  • To send service-related communications (not marketing)
  • To detect and prevent fraud or abuse

4. Data Storage and Security

Your data is stored on Cloudflare's global infrastructure (D1 database, Workers KV, R2 storage). Cloudflare API tokens are encrypted using AES-256-GCM with per-customer derived keys (HKDF). Sessions use httpOnly cookies with secure flags.

We implement industry-standard security measures, but no method of electronic transmission or storage is 100% secure.

5. Third-Party Services

We use the following third-party services:

  • Cloudflare — Infrastructure, CDN, Workers runtime
  • Google — OAuth authentication
  • Stripe — Payment processing
  • Sentry — Error monitoring
  • Google Gemini / Cloudflare Workers AI — AI-powered content generation

Each service has its own privacy policy governing data handling.

6. Your Cloudflare Account

theXEO deploys Edge Workers to your Cloudflare account using the API token you provide. You maintain full control of your Cloudflare account. You can revoke the API token at any time to disconnect theXEO. We only perform read and deploy operations necessary for the service.

7. Data Retention

We retain your account data for as long as your account is active. If you delete your account, we will delete your personal data within 30 days, except where required by law. Anonymized analytics data may be retained indefinitely.

8. Your Rights

You have the right to:

  • Access the personal data we hold about you
  • Request correction of inaccurate data
  • Request deletion of your data
  • Export your data in a portable format
  • Withdraw consent at any time

To exercise these rights, contact us at support@the-xeo.com.

9. Cookies

We use a single session cookie (sid) for authentication. It is httpOnly, secure, and scoped to the .the-xeo.com domain. We do not use tracking cookies or third-party advertising cookies.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by posting the new policy on this page and updating the "Last updated" date.

11. Contact

If you have questions about this Privacy Policy, contact us at support@the-xeo.com.