<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=470180026798630&amp;ev=PageView&amp;noscript=1">

Privacy Policy

XOR Inc. (hereinafter "Company", "us", "we" or "our") is committed to protecting the privacy of our Users. This page represents our Privacy Policy (hereinafter "Privacy Policy"), including our privacy practices under GDPR (Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the Protection of Natural Persons with Regard to the Processing of Personal Data and on the Free Movement of Such Data, and Repealing Directive 95/46/EC (General Data Protection Regulation). We take commercially reasonable measures to adhere to industry guidelines, and will continue to review and improve our Privacy Policy and procedures to ensure the safety and protection of consumer information. This Privacy Policy has been compiled to better serve those who are concerned with how their Personally Identifiable Information (hereinafter "PII") is being collected and used online, incl. how personal data under GDPR are being processed. PII is information that can be used on its own or with other information to identify, contact, or locate a single person, or to identify an individual in context. Our principles of data protection under GDPR apply to any information concerning an identified or identifiable natural person.

Please read our Privacy Policy carefully to get a clear understanding of how we collect, use, protect, process or otherwise handle your PII in connection with our Services (hereinafter "Services") and on our Website (hereinafter "Website").

The following terminology applies to this Privacy Policy: "Personal Information", "Personal Data" or "Data" are used interchangeably herein with (and to mean) PII. "User" refers to the individual using this Application, which must coincide with or be authorized by the legal or natural person, to whom the Personal Information refers. The "Application", "App" or "XORbot" refers to the Company's XORbot and Database, by which most of the Personal Information of the User is collected, however, Data is also collected through the Website and the Services. This Privacy Policy also uses the general definitions given in Terms & Conditions of Use.

We may refer to this Privacy Policy in notices and consent requests related to special purpose web pages, mobile applications, or other resources. Under such circumstances, this Privacy Policy applies to information collected by us through such resources, as modified in the particular notice or consent request (e.g., with respect to the types of Data collected or our uses or disclosures of such information).

This Privacy Policy is effective from May 24, 2018.

Changes to this Privacy Policy

We can change this Privacy Policy at any time by updating this page. If we make any material or substantive changes in the way that we use the PII collected through our Website and Services, we will post a clear and conspicuous notice of those changes in this Privacy Policy.

It is recommended to check this page from time to time, referring to the date of the last modification listed at the top, to ensure that you accept any changes.

If a User does not accept any of the changes to the Privacy Policy, the User must quit using our Application and Services and can request that we remove such User’s Personal Data from our Databases by sending us an e-mail request..

Unless stated otherwise, the then-current Privacy Policy applies to all Personal Information we currently collect, or previously collected and currently store and process.

Collection of Information

We collect information from you when, for example but without limitation, you install and use our App, perform search settings, place an order, respond to the XORbot's survey, open a support ticket, enter other information on chat with the XORbot, or otherwise use our Website or Service.

Generally, When when accessing or using the Service or Website you may be asked to enter, and we may collect, certain information, including PII, including but not limited to: your user name, password, first and last name, email address, telephone number (including mobile phone number), street address, gender, occupation, interests, and any other data included in your profile or resume, including but not limited to application materials and answers to XORbot questions or answers you give to any questions or questionnaires presented to you, which you answer, or Data and information you voluntarily provide in any chat feautrefeature. We may also collect payment information (e.g., credit card number and related verification information). By providing such information, you consent to our collection, storage and use of such information in the manner and for the purposes described in this Privacy Policy and the Company's Terms and Conditions of Use.

In addition, as part of the standard operation of the Website and App, we may automatically collect and analyze information from your computer or mobile device, including, but not limited to, your browser type, operating system, IP address and the domain name from which you accessed the Website, and if you are accessing our Website with your mobile device, the type of mobile device. In addition, we may automatically record and analyze actions taken on the Website or through the App, including, but not limited to, date and times of use, clicks, page views, the amount of time you spend on each page, and search queries. For operation and maintenance purposes, we may collect files that record interaction with the Website or Application (System Logs) or other Personal Data (such as IP Address). By using our Services or accessing the Website or App, you consent to our collection, storage and use of such information in the manner and for the purposes described in this Privacy Policy and the Company's Terms and Conditions of Use.

Failure or refusal to provide certain Personal Data may make it impossible for you to use our Services.

Users are responsible for any Personal Data of third parties obtained, published or shared through the Application and confirm that they have such third party's consent to provide such Data to the Company.

If you are an Employer, Company may request that you provide certain personal information in order to verify your account. This information includes, but is not limited to your Federal Employer Identification Number (EIN), Business Registration information, or a utility bill. This information will be used for internal purposes only, subject to any request by law enforcement or a court order.

An aspect of our Service permits communication between Company and job seekers (Applicants), Company and prospective employers (Clients), as well as communication directly between job seekers and prospective employers on the Website but also via third-party services and applications such as SMS, on Facebook Messenger, Viber, and Telegram. PLEASE NOTE THAT YOUR RELATIONSHIP WITH ANY OTHER THIRD-PARTY SERVICE, APPLICATION OR WEBSITE IS GOVERNED SOLELY BY YOUR AGREEMENT WITH SUCH THIRD-PARTY OR GDPR WHERE APPLICABLE.

Processing the Personal Data

We process the Data of Users in a proper manner and shall take appropriate security measures to prevent unauthorized access, disclosure, modification, or unauthorized destruction of the Data.

We process the Data of two categories of users of our Services: employers (business entities) and job applicants (natural persons). An employer has to create a profile in order to use our Service, while job applicants are not entitled to creating a profile and use or services by visiting a web address (URL) where they can apply for a job position.

The Data processing is carried out using computers and/or IT enabled tools, following organizational procedures and modes strictly related to the purposes indicated. In addition to the Company and its staff involved with the operation of the Website or Services (e.g., administration, sales, marketing, legal or system administration staff), in some cases, the Data may be accessible to third parties (such as technical service providers, mail carriers, hosting providers, IT companies or communications agencies) appointed by us, if necessary, as "Data Processors". Our data servers are located in the Netherlands, EU, however data may be  processed by Data Processors in any other country.

You acknowledge and agree that PII you provide to us may be transferred outside of the country in which you reside. Providing such Personal Information will constitute your consent to any such transfer. Any transfer of personal data which are undergoing processing or are intended for processing after transfer to a third country or to an international organization shall take place only if the conditions laid down in Chapter V of GDPR are complied with by the Company and the Data Processor, including for onward transfers of personal data from the third country or an international organization to another third country or to another international organization.

We may store Data indefinitely, however you may request that we suspend or remove your PII at anytime. Our Company is GDPR compliant and all data subjects’ requests are duly processed.

Use of your Personal Information

The information we collect from you when you use our Services, Website or App is collected and stored to allow us to better provide our Services, as well as for the following purposes:

  1. To personalize your experience and to allow us to contact you and to deliver the type of content and service offerings in which you are most interested;
  2. To improve our App and Website in order to better serve you;
  3. To access third party service providers' accounts;
  4. To administer a contest, promotion, survey or other Website or App feature;
  5. To process your transactions;
  6. To follow up with you after correspondence (live chat or email);
  7. To provide assistance through the Contact us link on the Website or Support feature in the Application.

Any Personal Information and other information shared by you with us may be shared with or transferred to any Company-affiliated entity (including those located outside the European Union or Switzerland), no matter where located, for the purpose of providing you Services and improving the Website. By using the Services, Website or App, you consent to this transfer and acknowledge that the Services provided to you and the functionality of the Website and App could not be provided without such a transfer. If you do not wish your Data to be transferred in this way you should not use our Services, Website or App. Special rules in this regard apply to data subjects under GDPR.

You give us explicit consent that iIn the event that another company acquires all or substantially all of the assets of our business through a consolidation, merger, asset purchase, or other transaction, we reserve the right to transfer all data (including any PII a User may have provided through the Website and Services) that is in our possession or under our control to such acquiring party.

Information Security

Our Website is scanned on a regular basis for security holes and known vulnerabilities in order to make your visit to our Website as safe as possible.

We do not use Malware Scanning.

Your Personal Information is contained behind secured networks and is only accessible by a limited number of persons who have special access rights to such systems, and are required to keep the information confidential. In addition, all sensitive/credit information you supply is encrypted via Secure Socket Layer (SSL) technology.

We follow generally accepted industry standards to protect against the unauthorized access to, retention of, and disclosure of Data. This includes undertaking necessary physical, electronic, and management activities required to protect data integrity, access, and use. Any Data that is stored on our servers is treated as confidential information.

Please keep in mind, however, that despite these reasonable efforts to protect Data on our servers, no method of transmission over the Internet is guaranteed to be 100% secure. Therefore, while we strive to protect your Data at all times, we cannot guarantee its absolute security and shall not be liable for any breach of security by an outside party.

Non-Personal Information Collected by our Service

We may collect non-personally identifiable information (hereinafter "Non-PII") regarding the User’s behavior on the Website to understand and save a User's preferences for future visits or to compile aggregate data about site traffic and site interactions in order to offer better site experiences and tools in the future. For tracking purposes, we may also use trusted third-party services that track this information on our behalf.

Non-PII we collect may include information such as the information related to the Website and web pages a User is viewing when specific information is shown on them. We collect Non-PII through the use of pixels. No PII is collected or used in this process. A pixel is a line of code that is used by a website or third party ad server to track a User's activity. The use of a pixel allows us to record that a User has visited a particular webpage along with additional Non-PII that we may choose to include with the pixel. Your Non-PII will not be linked with your PII.

Automatic Information / Digital Identifiers

We may automatically receive and store certain types of information about you through the data sources listed above.

You may be familiar with the term “cookies,” which are unique alphanumeric identifiers that store information on your computer. A cookie is placed on your computer when your web browser accesses our website. We use cookies for tracking transactions and the user characteristics explained in detail throughout this Privacy Policy. If you choose, there are utilities available for purchase from independent software providers to install on your computer as well as tools/preferences you can choose through most web browsers to make website visits anonymous. Of course, cookies let you have a more satisfying website experience, so we recommend that you leave them turned on.

We may also add third party cookies. Cookies contain anonymous, segmented data about a user’s demographics (like age, gender, and location), interests, lifestyle, household details, social media memberships, and online influences. The date in the cookies do not contain individual-level information, but rather general audience segments.

We also collect information through our web server applications. This information includes your Internet Protocol or “IP” address, date/time stamp, browser type, and referring URL.

If you turn cookies off, some features will be disabled. It may affect the User's experience that make your Website visit more efficient and may not function properly.

However, you will still be able to install and use our App.

Transfer or Disclosure of Information to Third Parties

Any PII and other information shared by you with us may be shared with or transferred to relevant, prospective employers that match your employment goals. GDPR data subjects give their consent for this purpose of processing of their personal data and they are informed of their right to request access, rectification, erasure (‘right to be forgotten’), restriction of processing, objection against processing and data portability.

In addition, we may use other companies, including affiliates and third parties, to help us perform the Services and to improve the Website, App, and any other products and services. These third parties may include, but are not limited to, service providers and vendors.

In the course of providing such services, those companies may have access to Personal Information, and such Personal Information may be transferred to other countries.

These companies (e.g., service providers and vendors) as well as potential employers using our Service, are contractually required to treat such Personal Information in accordance with this Privacy Policy. However, we will not be liable (to the fullest extent permitted by law) for any damages that may result from the misuse of any information, including Personal Information, by these companies.

In addition, we may disclose a User's information to third parties when we reasonably believe we are obligated to do so by law, and in order to investigate, prevent, or take action regarding suspected or actual prohibited activities, including, but not limited to, fraud and threats, including potential or perceived threats, to ours or others' rights, property or safety.

Non-PII may be provided to other parties for marketing, advertising, or other uses. We may disclose Non-PII collected through our Services, and information derived from it, to our customers. This information cannot be used to contact or identify any person individually. Further, all of our customers have warranted that they shall use any Non-PII they receive in compliance with applicable laws and regulations.

We do not include or offer third-party products or services on our Website.

The Rights of Users

Users have the right, at any time, to know whether their PII has been stored and can contact the Company regarding the contents and origin of such Data; to verify its accuracy; to request such Data be supplemented, cancelled, updated or corrected; or to transform such Data into an anonymous format. Such requests should be sent to the Company at the contact information set out below at the end of this page.

We honor Do Not Track ("DNT") signals on our Website and refrain from tracking, or using advertising when a DNT browser mechanism is in place. Note that our App allows third-party behavioral tracking. To determine whether any of the third party services used by our App honor the DNT requests, please read the privacy policies of such third party service provider.

Fair Information Practices

The Fair Information Practices Principles form the backbone of privacy law in the United States and the concepts they include have played a significant role in the development of data protection laws around the globe. Understanding the Fair Information Practice Principles and how they should be implemented is critical to comply with the various privacy laws that protect personal information.

In order to be in line with Fair Information Practices we will take the following responsive action, should a data breach occur: we will notify Users via email - within 7 business days, or we will notify the Users via in-site notification - within 7 business days.

We also agree to the Individual Redress Principle, which requires that individuals have the right to legally pursue enforceable rights against data collectors and processors who fail to adhere to the law. This principle requires not only that individuals have enforceable rights against data users, but also that individuals have recourse to courts or government agencies to investigate and/or prosecute non-compliance by data processors.

Personal Data for EU and Swiss Residents

The following section pertains to Users who are located in the European Union and Switzerland.

The Company complies with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union member countries and Switzerland to the United States. We have certified that we adhere to the Privacy Shield Principles of Notice, Choice, Accountability for Onward Transfer, Security, Data Integrity, and Purpose Limitation, Access, Recourse, Enforcement and Liability. If there is any conflict between the policies in this Privacy Policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov/.

In the context of an onward transfer of data to a third party, a Privacy Shield organization has responsibility for the processing of personal information it receives under the Privacy Shield and subsequently transfers to a third party acting as an agent on its behalf. Company shall remain liable under the Principles if its agent processes such personal information in a manner inconsistent with the Principles, unless Company proves that it is not responsible for the event giving rise to the damage.

In compliance with the US-EU and Swiss-US Privacy Shield Principles, Company commits to resolve complaints about your privacy and our collection or use of your Personal Information. European Union and Swiss individuals with inquiries or complaints regarding this privacy policy should first contact Company first contact Company at: 701 Brazos St., Suite 1600, Austin, TX United States  or by emailing privacy@xor.ai.

Company has further committed to refer unresolved privacy complaints under the EU-US and Swiss-US Privacy Shield Principles to the BBB EU PRIVACY SHIELD, a nonprofit alternative dispute resolution provider located in the United States and operated by the Council of Better Business Bureaus. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit http://www.bbb.org/EU-privacy-shield/for-eu-consumers for more information and to file a complaint. There may be a possibility, under certain limited conditions, for EU and Swiss individuals to invoke binding arbitration before the Privacy Shield Panel.

The Federal Trade Commission has jurisdiction over Company’s compliance with the Privacy Shield.


The CAN-SPAM Act is a law that sets the rules for commercial email, establishes requirements for commercial messages, gives recipients the right to have emails stopped from being sent to them, and spells out tough penalties for violations.

We collect your email address in order to:

  • Send information, respond to inquiries, and/or other requests or questions;
  • Process orders and to send information and updates pertaining to orders;
  • Send you additional information related to our product and/or service;
  • Market to our mailing list or continue to send emails to our clients after the original transaction has occurred.

To be in accordance with CAN SPAM, we agree to the following:

  • Not use false or misleading subjects or email addresses;
  • Identify the message as an advertisement in some reasonable way;
  • Include the physical address of our business or Website headquarters;
  • Monitor third-party email marketing services for compliance, if one is used;
  • Honor opt-out/unsubscribe requests quickly;
  • Allow Users to unsubscribe by using the link at the bottom of each email.

If at any time you would like to unsubscribe from receiving future emails, you can email us at privacy@xor.ai and we will promptly remove you from all future correspondence.

CalOPPA (California Online Privacy Protection Act)

California Online Privacy Protection Act (CalOPPA) is the first state law in the nation to require commercial websites and online services to post a privacy policy. The law's reach stretches well beyond California to require any person or company in the United States (and conceivably the world) that operates websites collecting PII from California consumers to post a conspicuous privacy policy on its website stating exactly the information being collected and those individuals or companies with whom it is being shared. 

See more at: http://consumercal.org/california-online-privacy-protection-act-caloppa/#sthash.0FdRbT51.dpuf

According to CalOPPA, we agree to the following: 

  • Users can visit our Website anonymously; 
  • Once this Privacy Policy is created, we will add a link to it on our home page or as a minimum, on the first significant page after entering our Website; 
  • Our Privacy Policy link includes the word 'Privacy' and can easily be found on the page specified above; 
  • Users will be notified of any Privacy Policy changes: on our Privacy Policy page; 
  • Users can change their personal information: (a) by logging into their account; or (b) by email or chatting with us via «Support» feature in our Application.

COPPA (Children Online Privacy Protection Act)

When it comes to the collection of Personal Information from children under the age of 13 years old, the Children's Online Privacy Protection Act (COPPA) puts parents in control. The Federal Trade Commission, United States' consumer protection agency, enforces the COPPA Rule, which spells out what operators of websites and online services must do to protect children's privacy and safety online.

We are sensitive to the issue of children’s privacy. Therefore, 
our Website, products, and Service are neither developed for, nor directed at, children under the age of 13 years old.

If you believe your child has provided us with PII, and you would like to have the data removed, please get in touch with us at the contact information set out below.

Personal Data Collection from Data Subjects Under GDPR

This section does not apply to companies (employers) but only to data subjects under GDPR (Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the Protection of Natural Persons with Regard to the Processing of Personal Data and on the Free Movement of Such Data, and Repealing Directive 95/46/EC (General Data Protection Regulation). In all circumstances when GDPR is applicable, in the event of contradiction between any provision in this Privacy Policy and a provisions from this section of the Privacy Policy, the provision form this section prevails, regardless of any provision to the contrary in any other part of the Privacy Policy.

We honor the following principles relating to processing of personal data, which data are:

  • Processed lawfully, fairly and in a transparent manner;
  • Collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes;
  • Adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed;
  • Accurate and, where necessary, kept up to date;
  • Kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed;
  • Processed in a manner that ensures appropriate security of the personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organizational measures.

For the purposes of this section “personal data” means any information relating to an identified or identifiable natural person (“data subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person and “processing” means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

Representative in EU and Data Protection Officer of the Company is Trifonov Law Offices LLC which can be contacted at gdpr@trifonov.info or 21, Mali Bogdan Str., Plovidv, Bulgaria.

The Company collects the following personal data:

  • When you use our Website:
    • Records of your interaction with the Website (system logs);
    • Actions taken on the Website, including date and time of use, clicks, page views, the amount of time you spend on each page, and search queries;
    • Data from your computer or mobile device, including, but not limited to, your browser type, operating system, IP address and the domain name from which you accessed the Website, and if you are accessing our Website with your mobile device, the type of mobile device;
    • Cookies, incl. third party cookies, that contain anonymous data for statistical use;
    • Any comments or other information you provide when you post opinions, queries or other information on the Website;
    • Identifying information such as your name, e-mail address, etc. when you send us a message or open a support ticket.
  • When you interact with XORbots (during an interview for a job position):
    • Any information which you voluntarily send to XORbot for the purpose of the job interview, incl. CV, diplomas, qualification data, etc.;
    • Any information which you are asked to and then you send to XORbot for the purpose of the job interview. You have the right not to send what you have been asked about by XORbot;
    • Sensitive information that you are not obligated to but you agree to send when asked by XORbot, incl. self-presentations, video interviews, etc.;
    • Any content that you generate, incl. questions that you ask and answers to questions you have been asked.

The Company processes personal data for the following purposes:

  • Providing XORbot services. XORbot is an AI software product provided by the Company which decreases manual labor for recruiters and the time of the hiring process by involving job applicants in an interactive conversation that both asks questions (predefined by the employer) to the candidates, while answering questions that the applicants may have. Personal data are processed and sent to the respective employer so that the recruiter at the employer’s company can focus on the candidates that make it through XORbot’s selection process, which saves time by allowing the HR specialist to personally get in touch with only the best candidates for any given position;
  • Communicating to candidates and improving the Services. If data subjects experience problems with the Service or have any questions to the use of the Services, they can send the Company a message which includes personal data such as name, e-mail address, etc.;
  • Statistical use and improving performance. The Company uses data for analytics and measurement to understand how the Services are used, for example reviewing information about system crashes experienced by users allows us to identify and fix problems and provide better user experience;
  • To prevent or investigate security breaches or any illegal activities related to our Services.

We have legitimate interests to process your personal data with the purpose of improving our Services to meet the needs of our users except where such interests are overridden by the interests or fundamental rights and freedoms of data subjects which require protection of personal data.

The Company may forward your personal data to third parties but we minimize the amount of personal data we disclose to what is relevant and necessary to accomplish the specified purpose. We do not send your personal data to third parties for their own marketing and advertising purposes without your consent. We may send personal data to the following recipients:

  • Clients of the Company (employers). The core function of our Service allows communication between employers and job seekers via XORbots. It is impossible for job seekers to apply for a job position unless they send their personal data to the respective employer.
  • Telecoms and third party messaging applications. XORbots can operate in two system environments - browsers or messaging applications. If a candidate chooses to use messaging applications, then his personal data are processed by these messaging applications (or telecommunication operators in case of SMS service) which provide internet connectivity required by the messaging applications. Presently, XORbots can be used with the following messaging applications:
    • Facebook Messenger
    • Telegram
    • Viber
    • SMS
  • Microsoft Azure. We use servers of Microsoft Azure located in the Netherlands and all data XORbots collect and process are stored on Azure Cloud server.
  • Hosting providers. Companies that provide space for and host our Website.
  • Google Analytics. When visitors come on our Website, some data are sent to Google Analytics - anonymized and aggregated to provide analytics and measurement reports to the Company.
  • Law enforcement agencies. We have the obligation to send personal data to official authorities upon verified request or legal process related to criminal investigations or alleged or suspected illegal activities.
  • Other companies which could get involved in M&A. If we are subject to a merger or acquisition with/by another company, your personal data may be processed by these companies. Should such an event occur, we will require that the new entity follow this Privacy Policy.

We do not intend to transfer personal data to a third country or international organization. If we transfer personal data to a third country, it shall take place only if, subject to the other provisions of GDPR, the conditions laid down in Chapter V of GDPR are complied with by the Company or other third parties in their capacity of processors, including for onward transfers of personal data from the third country or an international organization to another third country or to another international organization.

In the general case we store your personal information for as long as necessary to provide the Services but we have fixed storage duration for the cases in which data subjects manually provide personal data, incl. sensitive data. Personal data of candidates who explicitly provide it to XORbots for the purpose of job interviews (questions, answers, any other text information, documents, audio or video files, etc.) is kept for 3 months and then deleted. Candidates’ behavior is not tracked as part of their interaction with XORbots.

We care about the following rights of data subjects:

  • Right of access by data subjects. Upon request sent to our e-mail address, we send data subjects confirmation as to whether personal data concerning them are being processed, and if it is processed:
  1. the purposes of the processing;
  2. the categories of personal data concerned;
  3. the recipients or categories of recipient to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organizations;
  4. where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
  5. the existence of the right to request from us rectification or erasure of personal data or restriction of processing of personal data concerning any data subject or to object to such processing;
  6. the right to lodge a complaint with a supervisory authority;
  7. where the personal data are not collected from the data subject, any available information as to their source;
  8. the existence of automated decision-making, including profiling.

We can provide an electronic copy of the personal data undergoing processing free of charge to data subjects but for any further copies requested by data subjects we may charge a reasonable fee based on administrative costs.

  • Right to rectification. Data subjects can ask us to rectify inaccurate personal data concerning them by sending us an e-mail request. Data subjects have the right to have incomplete personal data completed, including by means of providing a supplementary statement sent by e-mail.
  • Right to erasure (‘right to be forgotten’). Data subjects can request erasure of their personal data. We take the obligation to erase personal data without undue delay where one of the following grounds applies:

(a) the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;

(b) a data subject withdraws his consent on which the processing is based and there is no other legal ground for processing;

(c) a data subject objects to the processing and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing.

(d) the personal data is proven to have been unlawfully processed;

(e) the personal data have to be erased for compliance with a legal obligation in EU or Member State law to which the Company is subject;

(f) the personal data have been collected in relation to the offer of information society services.

  • Right to restriction of processing. Data subjects can request restriction of processing in the following cases:

(a) the accuracy of personal data is contested by a data subject, for a period enabling us to verify the accuracy of the personal data;

(b) the processing is found to be unlawful and a data subject opposes the erasure of the personal data and requests the restriction of their use instead;

(c) we no longer need the personal data for the purposes of the processing, but they are required by a data subject for the establishment, exercise or defense of legal claims;

(d) a data subject has objected to processing, pending the verification whether the legitimate grounds of the Company override those of the data subject.

If we honor such request, personal data shall only be stored by us but not processed, unless with the data subject's consent or for the establishment, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest.

  • Right to data portability. Data subjects have the right to receive their personal data which they have provided to us. Data subjects use our Services without registration or creating a profile so they can receive the same data which they have sent during a XORbot interview.
  • Right to object. Data subjects have the following rights in this regard:

(a) right to object to processing of their personal data which processing is necessary for the performance of a task carried out in the public interest or is necessary for the purposes of the legitimate interests pursued by the Company or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data;

(b) if personal data are processed for direct marketing purposes, data subjects have the right to object at any time to processing of their personal data in which case the personal data shall no longer be processed for such purposes.

  • Right to withdraw consent. Data subjects have the right to withdraw their consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.
  • Right to lodge a complaint with a GDPR supervisory authority. Data subjects can send complaints to the Commission for Personal Data Protection, 2 Prof. Tsvetan Lazarov Blvd., Sofia, Bulgaria, kzld@cpdp.bg or contact our Data Protection Officer if they have any concerns regarding any personal data or privacy issues related to our Services: Trifonov Law Offices Ltd., 21, Mali Bogdan Str., Bulgaria, gdpr@trifonov.info.

The Company shall communicate any rectification or erasure of personal data or restriction of processing carried out in accordance with the rules in this Privacy Policy to each recipient to whom the personal data have been disclosed, unless this proves impossible or involves disproportionate effort. We will inform any data subject about those recipients upon request.

Data subjects agree that they have no obligation to provide personal data while using our Services. If no data is provided some aspects of our Services may be limited (for example in cases when cookies are not allowed by data subject’s browser) or useless (for example if a candidate does not provide personal data to XORbot, then the respective employer cannot contact the job applicant to hire him which is the main purpose of job interviews).

Data subjects agree that automated decision-making is a core function of our XORbot Service and will be used for the purpose of selecting and hiring staff by employers. XORbots involve job applicants in interactive conversations that both ask questions (predefined by employers) to candidates, while answering questions that applicants may have. In the end recruiters at employers’ companies can focus on candidates that make it through the XORbots’ selection process, which saves time by allowing HR specialists to personally get in touch with only the best candidates, selected by XORbots, for any given position, which hiring process includes profiling of candidates.

Data subjects have the right not to be subject to decisions based solely on automated processing, including profiling, which could lead to rejection of job applicants by employers. In this regard candidates are free to ask for human intervention if they are not happy with the results of the automated decision-making.

We do not intend to further process your personal data for any purpose other than that for which the personal data are collected. Should we decide to use your personal data for other purposes, we will ask for your consent prior to using it.

Additional Information about this Privacy Policy

More details concerning the collection or processing of Personal Data may be requested from XOR Inc. at any time. Please see the contact information below at the end of this page.

Contact Us

If there are any questions, concerns or complaints regarding this Privacy Policy, you can contact us using the information below.

XOR Inc.

(www.xor.ai) EIN:81-4126129

701 Brazos St.,

Suite 1600, 

Austin, TX 

United States 


Please also feel free to contact us if you have any questions, concerns or complaints about our data collection or processing practices of our Application or this Website, or if you want to report any security violations to us.