XPERMIT® Privacy Policy

Effective: 21 July 2020
Updated: 28 August 2020


XPERMIT® is a great way of ensuring that Files, Photos and Notes (“Your Files”) are kept private to certain people that you decide.

Here we explain in simple language how we collect, use and handle your personal data when you use our websites, software and services (“Services”).


Contact for all privacy related issues/queries/concerns

Do you have questions or concerns about XPERMIT®, our Services and privacy? Contact our Data Protection Officer at My Account. If they can’t answer your question, you have the right to contact your data protection supervisory authority.

What personal data do we collect and what are our reasons for doing so?

We collect and use the following information to provide, improve, protect and promote our Services:

  • XPERMIT® Account information. We need to collect the minimum information from you to register your account and upgrade to a paid account (such as your name, email address). We store this information on our servers and associate it with your account.
  • Contacts. You can choose to give us access to your contacts to make it easy for you to do things like share Your Files and invite others to use the Services. We will rely on the fact that you have an existing business or personal association with the contacts you use, gained their consent and have implied permission, when we store or use this information.
  • The permissions for your created XPERMIT® files. When you create an XPERMIT® File (“Your Files”), you can decide which of your contacts to give permission to be able to open it (which you can change anytime you want). We need to collect and store this information on our servers so that our Services can work effectively.
  • Usage information. We collect information relating to how you use the Services, including actions you take in your account (such as viewing, creating XPERMIT® files and inviting your contacts to use XPERMIT®). We use this information to provide, improve and promote our Services.
  • Device information. We collect information from and about the devices you use to access the Services. This includes things like IP addresses, the type of browser and device you use and identifiers associated with your devices. Your devices (depending on their settings) may also transmit location information to the Services. We need to collect and store this information on our servers so that our Services can work effectively.
  • Cookies and similar technologies. We use these technologies to provide, improve, protect and promote our Services. For example, cookies help us with things like remembering your username for your next visit, understanding how you are interacting with our Services, and improving them based on that information. On the first occasion that you use our Website, we will ask whether you consent to our use of cookies. If you do not, cookies will not be used. You can find out further information about Cookies at www.aboutcookies.org or www.allaboutcookies.org.
  • Marketing. Our XPERMIT® Basic service is offered completely free of charge, because some users upgrade to our paid plan; XPERMIT® Pro. If you register for our XPERMIT® Basic service, we will periodically send you information about offers to upgrade to XPERMIT® Pro. Users who receive these marketing materials can opt out at any time by clicking the ‘unsubscribe’ link.
  • Monitoring and recording communications. We will monitor and record all communications between XPERMIT® and our users by use of our servers, contact form, email and telephone. For example; responding to queries and issues with our Services.

Our rationale for collecting and processing your personal data

We collect and use your personal data in order to provide you with the Services in a reliable and secure manner for legitimate business needs. We rely on the following as the lawful basis on which we collect and use your personal data.

  • Consent (you agree to our Terms of Service and Acceptable Use Policy) to use our Services.
  • Contract (by registering, to form a legal agreement between us).
  • Services (to enable our service to be useful to you).

If we process your personal data for any other purposes, we will always ask for your consent in advance.

Will your data be shared with anyone else?

We may share information as discussed below, but we won’t sell it to advertisers or other third parties.

  • Others working for and with XPERMIT®. From time to time we may employ certain trusted third parties (e.g. customer support and IT service providers) to help us provide, improve, protect and promote our Services. Whenever we allow any third party to access your information to perform tasks on our behalf, we’ll remain responsible for their handling of your information per our instructions.
  • Legal requests. We do not store any XPERMIT® File that has been created. These remain the exclusive property of the account holder. However, we do store certain personal information outlined above and will share this to comply with any applicable law, regulation, legal process or appropriate government request.

How long do we keep your personal data?

When you register an account with us, we’ll retain information you store on our Services for as long as your account exists. However, we may have to retain information, if necessary, to comply with our legal obligations, resolve disputes or enforce our agreements.

How secure is your personal data?

We store, process and transmit your personal data in the UK and other locations around the world, to ensure that our services work effectively.

We have appropriate security measures in place to prevent personal data from being accidentally lost, accessed or used in an unauthorised way. Examples of the measures we use include, AES 256 bit encryption, end to end encryption of all communication between users and our secure servers.

Your rights, control of and access to your personal data

XPERMIT® is owned by DBT Software Limited and ultimately acts as a controller of your personal data.

You have control over your personal data and how it’s collected, used and shared. For example, you can:

  • Delete who is able to open Your Files from your device or via your XPERMIT® account.
  • Change or correct personal data. You can manage your account and the content contained in it, as well as edit some of your personal data, through your My Account.
  • Ask us for a copy of personal data that we’ve collected from you.
  • Cancel your account and have us erase all personal data from our servers.
  • If you would like to submit a personal data access request, please contact us via My Account.

For full information on your rights, including the circumstances in which they apply, see the Guidance from the UK Information Commissioner’s Office (ICO) on individual’s rights under the General Data Protection Regulations

Changes to ownership

If we’re involved in a merger, acquisition or sale of our assets, your data may be transferred as part of that deal. We’ll notify you (for example, via a message to the email address associated with your account) of any such deal and outline your choices in that event.

We may revise this Privacy Policy from time to time and will post the most current version on our website. If a revision meaningfully reduces your rights, we will notify you via the email address we have on file for your account.