XORA Privacy Policy
Effective date: May 12, 2026. App: XORA. Privacy contact: privacy@appxora.xyz.
English is the authoritative public policy where legally permitted. Korean and Chinese are convenience translations to improve access and support clarity.
XORA is designed for private communication, invite-based growth, account protection, and privacy controls. This policy describes how XORA may collect, use, protect, and retain information when you use the app, website, support, waitlist, or account-deletion workflows.
Some privacy details depend on your app version, region, plan, role, settings, and permissions. When a feature is not offered or enabled, XORA does not collect data solely for that feature.
Information XORA may process
- Account, profile, login, device, session, support, waitlist, invite, billing, subscription, and abuse-prevention records where applicable.
- Message-related metadata required for delivery, sync, safety, abuse prevention, and operational integrity.
- Selected content only when you choose features that require it, such as AI-assisted features, support, reports, or media workflows.
On-device translation and AI features
XORA translation features are designed to process message text locally on your device after the message is decrypted on that device. XORA does not upload original message text or translated text to XORA servers for translation by default. Optional model-pack downloads may contact an app store, Google Play, or XORA asset delivery infrastructure, but those download requests must not include message content.
XORA may use privacy-safe technical telemetry such as language pair, model-pack installation state, coarse latency bucket, and success or failure code. XORA does not collect original message text or translated text for analytics, advertising, model training, or profiling.
Messaging and security
XORA is designed around encrypted delivery and privacy-preserving controls where available and enabled. Metadata may still be processed to operate, sync, protect, bill, support, and improve the service. Disappearing messages and capture-protection controls reduce risk but cannot prevent all external copying, photography, or platform-level capture.
Legal requests and encrypted message content
Where end-to-end encryption is active and XORA does not hold the keys, XORA is not able to decrypt protected message content. XORA may still be able to provide limited account, device, payment, subscription, abuse report, support, or operational metadata if lawfully required and retained. See Legal Requests / E2EE Policy.
Account deletion and privacy choices
You can request account deletion through the app when available or through the public deletion page if you cannot access the app. XORA may require verification before acting on requests. Accepted deletion requests have a 14-day grace period, and signing in again during that period cancels the request. XORA may retain limited records where required or permitted for security, fraud prevention, abuse prevention, legal compliance, billing disputes, or audit integrity.
Related pages: Account Deletion, Privacy Choices, Terms, and App Permissions.